Analysis Report Swift-Receipt222.pdf

Overview

General Information

Sample Name:	Swift-Receipt222.pdf
Analysis ID:	432799
MD5:	a67be3d1f4d7f321f58f068399f1fa11
SHA1:	f6872349a822b44ed2662e044995f376bec69fdd
SHA256:	575125b2fcad78ccfd6ac81b71077cfee9c24a92c8549b6185b8a5689c9f895f
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found potential malicious PDF (bad image similarity)

Yara detected HtmlPhish10

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Found iframes

HTML body contains low number of good links

IP address seen in connection with other malware

Invalid 'forgot password' link found

JA3 SSL client fingerprint seen in connection with other malware

No HTML title found

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Unusual large HTML page

Classification

Signatures

Phishing:

Yara detected HtmlPhish10

Source: Yara match

File source: 17087.pages.csv, type: HTML

Found iframes

Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1177225778&timestamp=1623377106846
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1177225778&timestamp=1623377106846
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: /_/bscframe

HTML body contains low number of good links

Source: https://ga-ine.net/go/home	HTTP Parser: Number of links: 0
Source: https://ga-ine.net/go/home	HTTP Parser: Number of links: 0

Invalid 'forgot password' link found

Source: https://ga-ine.net/go/home	HTTP Parser: Invalid link: Forgot my password
Source: https://ga-ine.net/go/home	HTTP Parser: Invalid link: Forgot my password

No HTML title found

Source: https://ga-ine.net/go/home	HTTP Parser: HTML title missing
Source: https://ga-ine.net/go/home	HTTP Parser: HTML title missing

Unusual large HTML page

Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin

HTTP Parser: Total size: 1706137

Source: https://ga-ine.net/go/home	HTTP Parser: No <meta name="author".. found
Source: https://ga-ine.net/go/home	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="author".. found

Source: https://ga-ine.net/go/home	HTTP Parser: No <meta name="copyright".. found
Source: https://ga-ine.net/go/home	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.5:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.5:49886 version: TLS 1.2

Software Vulnerabilities:

Potential document exploit detected (performs DNS queries)

Source: global traffic

DNS query: name: cliffskenya.com

Potential document exploit detected (performs HTTP gets)

Source: global traffic

TCP traffic: 192.168.2.5:49727 -> 20.150.208.6:443

Potential document exploit detected (unknown TCP traffic)

Source: global traffic

TCP traffic: 192.168.2.5:49718 -> 151.80.25.150:80

Networking:

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.18.10.207 104.18.10.207
Source: Joe Sandbox View	IP Address: 91.199.212.52 91.199.212.52

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveContent-Type: text/html; charset=UTF-8Content-Length: 167Content-Encoding: gzipVary: Accept-EncodingDate: Thu, 10 Jun 2021 17:04:30 GMTData Raw: 1f 8b 08 00 00 00 00 00 00 03 25 ce b1 0e c2 20 14 40 d1 dd af 20 0c 6e 82 16 1b 8d 29 35 c6 c1 a6 43 57 a3 1b a5 58 30 14 48 fb a4 f8 f7 26 76 bb 39 d3 2d 26 39 9a 00 08 be 41 71 84 41 25 a0 6f 11 c5 c2 b8 9c 8d eb fc 4c ac 97 02 8c 77 44 8f ea 85 38 c2 1a 20 4c 27 4a 7b b1 31 4e 11 a7 80 f6 9e 5a df 1b 47 c4 14 d2 d9 74 fc 59 d5 b1 bd a5 d0 ba e6 22 ab 3a 4a d6 58 39 68 fb b8 a7 ad b8 e6 51 0e 92 af c5 07 34 67 47 b6 cf 14 db b1 43 a6 58 ce b2 7f 1f 71 41 97 8d 72 f5 03 b4 00 65 3b a7 00 00 00 Data Ascii: % @ n)5CWX0H&v9-&9AqA%oLwD8 L'J{1NZGtY":JX9hQ4gGCXqAre;

Source: global traffic	HTTP traffic detected: GET /rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc= HTTP/1.1Host: drollins.cliffskenya.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ZeroSSLRSADomainSecureSiteCA.crt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: zerossl.crt.sectigo.com

Source: 2ce38f300ec8bea9_0.18.dr	String found in binary or memory: ://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav equals www.youtube.com (Youtube)
Source: 2ce38f300ec8bea9_0.18.dr	String found in binary or memory: www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: cliffskenya.com

Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0//1.0/V7k
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/1.0/
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 77EC63BDA74BD0D0E0426DC8F8008506.19.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: Current Session.18.dr	String found in binary or memory: http://drollins.cliffskenya.com
Source: Favicons-journal.18.dr, History.18.dr, History-journal.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=
Source: Swift-Receipt222.pdf	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=)
Source: History.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=/#
Source: AcroRd32.exe, 00000001.00000002.420388313.000000000CDEA000.00000004.00000001.sdmp, History Provider Cache.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=2
Source: History Provider Cache.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=2:
Source: AcroRd32.exe, 00000001.00000002.418935057.000000000B491000.00000004.00000001.sdmp	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=5
Source: Favicons-journal.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=B
Source: History-journal.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=E
Source: History-journal.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=FH
Source: AcroRd32.exe, 00000001.00000002.418209299.000000000B191000.00000004.00000001.sdmp	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=_8D
Source: AcroRd32.exe, 00000001.00000002.414465174.000000000A770000.00000004.00000001.sdmp	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=ontainerSize
Source: AcroRd32.exe, 00000001.00000002.418636294.000000000B332000.00000004.00000001.sdmp	String found in binary or memory: http://en.wikipedia
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/g
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: AcroRd32.exe, 00000001.00000002.420263672.000000000CD81000.00000004.00000001.sdmp	String found in binary or memory: http://www.adobe.
Source: AcroRd32.exe, 00000001.00000002.420263672.000000000CD81000.00000004.00000001.sdmp	String found in binary or memory: http://www.adobe.co
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/77
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#3
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#r
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/B5
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: 10BDC45B4A27319429BBC4F08A4E8A10.19.dr	String found in binary or memory: http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt
Source: AcroRd32.exe, 00000001.00000002.420813546.000000000CE6B000.00000004.00000001.sdmp	String found in binary or memory: https://.OKCancelEdit
Source: AcroRd32.exe, 00000001.00000002.418863963.000000000B42E000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/c
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i-
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/iW
Source: Reporting and NEL.19.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v2?s=tg%2FqX4LyDc8GF%2FiWUQV9RYkrHH4EYSSuDyGsvPKbbkcOEXtu0TRXBkF
Source: 000003.log5.18.dr	String found in binary or memory: https://about.google
Source: Network Action Predictor.18.dr, b8c3df9b5168fca9_0.18.dr, 346866bbe969e451_0.18.dr	String found in binary or memory: https://about.google/
Source: 1154c6710157da27_0.18.dr	String found in binary or memory: https://about.google/3
Source: ca5dd8c4d05c0b30_0.18.dr	String found in binary or memory: https://about.google/Y
Source: ca5dd8c4d05c0b30_0.18.dr	String found in binary or memory: https://about.google/assets-products/js/index.min.js?cache=627e25d
Source: Favicons.18.dr	String found in binary or memory: https://about.google/favicon.ico
Source: Favicons.18.dr	String found in binary or memory: https://about.google/favicon.ico0
Source: Favicons.18.dr	String found in binary or memory: https://about.google/intl/en/products
Source: Current Session.18.dr	String found in binary or memory: https://about.google/intl/en/products/
Source: Current Session.18.dr	String found in binary or memory: https://about.google/intl/en/products/3Browse
Source: History.18.dr	String found in binary or memory: https://about.google/intl/en/products/Browse
Source: History.18.dr	String found in binary or memory: https://about.google/intl/en/productsBrowse
Source: 000003.log5.18.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr, manifest.json0.18.dr	String found in binary or memory: https://accounts.google.com
Source: Current Session.18.dr	String found in binary or memory: https://accounts.google.com#
Source: d076b6fa748cc943_0.18.dr	String found in binary or memory: https://accounts.google.com/
Source: f2a8eb5d2b3ff76f_0.18.dr	String found in binary or memory: https://accounts.google.com//E
Source: Current Session.18.dr, History.18.dr	String found in binary or memory: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https://policies.google.com/privac
Source: Current Session.18.dr	String found in binary or memory: https://accounts.google.com/_/bscframe
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: History.18.dr	String found in binary or memory: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.goo
Source: fe0519b5b8b2b844_0.18.dr	String found in binary or memory: https://accounts.google.com/u
Source: Current Session.18.dr	String found in binary or memory: https://accounts.google.comh
Source: Current Session.18.dr	String found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1177
Source: Network Action Predictor.18.dr	String found in binary or memory: https://ajax.googleapis.com/
Source: 29b9e743bf6a96f6_0.18.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comgs
Source: 150501eb52c82ec4_0.18.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr, manifest.json0.18.dr	String found in binary or memory: https://apis.google.com
Source: 150501eb52c82ec4_0.18.dr, 5a55e44991ac8b2b_0.18.dr	String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.vQiXRrxCe40.O/m=gapi_iframes
Source: 33358dc9738a86ce_0.18.dr, a6f875b417e34ffa_0.18.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: Network Action Predictor.18.dr	String found in binary or memory: https://cdnjs.cloudflare.com/
Source: 6eaf70376a4c0fcb_0.18.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.18.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://clients6.google.com
Source: Network Action Predictor.18.dr	String found in binary or memory: https://code.jquery.com/
Source: 18a574279a460c61_0.18.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: 150501eb52c82ec4_0.18.dr, manifest.json0.18.dr	String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.19.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsDomainCookiesCheckConnectionHttp/external
Source: Reporting and NEL.19.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInSignUpUi/external
Source: Reporting and NEL.19.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityPoliciesUi/external
Source: Reporting and NEL.19.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityPoliciesUi/externalr
Source: Reporting and NEL.19.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/OneGoogleWidgetUi/external
Source: 120b86f3-b3c5-47f9-a252-a729121ab9fd.tmp.19.dr, d3f71dd8-af7e-4572-962d-7a741cc75787.tmp.19.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://dns.google
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: manifest.json0.18.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor.18.dr	String found in binary or memory: https://fonts.googleapis.com/
Source: manifest.json0.18.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://fonts.gstatic.com
Source: Network Action Predictor.18.dr	String found in binary or memory: https://fonts.gstatic.com/
Source: manifest.json0.18.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: 000003.log5.18.dr	String found in binary or memory: https://ga-ine.net
Source: 18a574279a460c61_0.18.dr, Network Action Predictor.18.dr, 29b9e743bf6a96f6_0.18.dr, 4e44c6b63048c53f_0.18.dr	String found in binary or memory: https://ga-ine.net/
Source: Favicons.18.dr	String found in binary or memory: https://ga-ine.net/favicon.ico
Source: Favicons-journal.18.dr	String found in binary or memory: https://ga-ine.net/favicon.icoB
Source: Current Session.18.dr	String found in binary or memory: https://ga-ine.net/go/home
Source: Favicons.18.dr	String found in binary or memory: https://ga-ine.net/go/home3
Source: History.18.dr	String found in binary or memory: https://ga-ine.net/go/homeSign
Source: Current Session.18.dr	String found in binary or memory: https://ga-ine.net/go/homeT
Source: Current Session.18.dr	String found in binary or memory: https://ga-ine.net/go/homefm
Source: Current Session.18.dr, Favicons.18.dr	String found in binary or memory: https://ga-ine.net/go/login.aspx?id=ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=&auth=38342e31372e35322e3138
Source: 5925aba0295ba9a2_0.18.dr	String found in binary or memory: https://ga-ine.net/o#
Source: Current Session.18.dr	String found in binary or memory: https://ga-ine.neth
Source: 1fc81d98e0bca5b5_0.18.dr, 901b648cd82f37e1_0.18.dr, 3dbe54b7c92541c6_0.18.dr, abd4f02146639bbf_0.18.dr	String found in binary or memory: https://google.com/
Source: 89976388d776040a_0.18.dr	String found in binary or memory: https://google.com/0q
Source: 70f3e0500aa4a1d7_0.18.dr	String found in binary or memory: https://google.com/3
Source: 0bd7a193caaa1084_0.18.dr	String found in binary or memory: https://google.com/5
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/:
Source: 031517cf987ed5ca_0.18.dr	String found in binary or memory: https://google.com/F
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/JF
Source: 2ef175f79a71fadd_0.18.dr	String found in binary or memory: https://google.com/L
Source: 5528c7caf4fa1401_0.18.dr	String found in binary or memory: https://google.com/L-m
Source: 68b3bfd079cc9fcd_0.18.dr	String found in binary or memory: https://google.com/Qr
Source: 0355d4a94b58528a_0.18.dr	String found in binary or memory: https://google.com/T
Source: 08d531cb4a36a419_0.18.dr	String found in binary or memory: https://google.com/V
Source: 1fde12061b590deb_0.18.dr	String found in binary or memory: https://google.com/Z
Source: 2a8215f3bb8c1a18_0.18.dr	String found in binary or memory: https://google.com/_;
Source: ed2289f19713d927_0.18.dr	String found in binary or memory: https://google.com/f
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/h
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/hA9=
Source: 6f8306580c7f29f4_0.18.dr	String found in binary or memory: https://google.com/k
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/l
Source: 07f049ed7c03b867_0.18.dr	String found in binary or memory: https://google.com/p
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/pF
Source: ec79fe2a6efd0153_0.18.dr	String found in binary or memory: https://google.com/r
Source: a45d7a7b5530ef14_0.18.dr	String found in binary or memory: https://google.com/x
Source: manifest.json0.18.dr	String found in binary or memory: https://hangouts.google.com/
Source: AcroRd32.exe, 00000001.00000002.407681471.000000000943F000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: Network Action Predictor.18.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/
Source: 4e44c6b63048c53f_0.18.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: Current Session.18.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://ogs.google.com
Source: Current Session.18.dr	String found in binary or memory: https://ogs.google.com#
Source: Current Session.18.dr	String found in binary or memory: https://ogs.google.com/widget/app/so?bc=1&origin=https%3A%2F%2Fpolicies.google.com&cn=app&pid=269&sp
Source: 2ce38f300ec8bea9_0.18.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/osd.js
Source: manifest.json.18.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://plus.google.com
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://plus.googleapis.com
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com#
Source: Network Action Predictor.18.dr, Current Session.18.dr	String found in binary or memory: https://policies.google.com/
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/?hl=en-
Source: History.18.dr	String found in binary or memory: https://policies.google.com/?hl=enPrivacy
Source: History.18.dr	String found in binary or memory: https://policies.google.com/Privacy
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/Zq
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/faq?hl=en
Source: History.18.dr	String found in binary or memory: https://policies.google.com/faq?hl=enFAQ
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/faq?hl=ena
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/archive?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/archive?hl=en2Updates:
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/archive?hl=en81
Source: History.18.dr	String found in binary or memory: https://policies.google.com/privacy/archive?hl=enUpdates:
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/frameworks?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/frameworks?hl=en3
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/frameworks?hl=en3Data
Source: History.18.dr	String found in binary or memory: https://policies.google.com/privacy/frameworks?hl=enData
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners?hl=en5Who
Source: History.18.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners?hl=enWho
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/key-terms?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/key-terms?hl=en$Key
Source: History.18.dr	String found in binary or memory: https://policies.google.com/privacy/key-terms?hl=enKey
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/key-terms?hl=enc
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy?hl=en)Privacy
Source: History.18.dr	String found in binary or memory: https://policies.google.com/privacy?hl=enPrivacy
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy?hl=enm
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/technologies?hl=en
Source: History.18.dr	String found in binary or memory: https://policies.google.com/technologies?hl=enTechnologies
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/terms?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/terms?hl=en2Google
Source: History.18.dr	String found in binary or memory: https://policies.google.com/terms?hl=enGoogle
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.comh
Source: manifest.json.18.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://ssl.gstatic.com
Source: 55eb0dad66b87c70_0.18.dr, f2a8eb5d2b3ff76f_0.18.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en.QMyOJliEoZQ.O/am=B2CcYUEBEAAAGAAA
Source: Favicons.18.dr	String found in binary or memory: https://ssl.gstatic.com/policies/favicon.ico
Source: Network Action Predictor.18.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/
Source: 5925aba0295ba9a2_0.18.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: messages.json62.18.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json62.18.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: 33358dc9738a86ce_0.18.dr, a6f875b417e34ffa_0.18.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: 1154c6710157da27_0.18.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: Current Session.18.dr, History.18.dr	String found in binary or memory: https://www.google.ch/intl/en/about/products
Source: History.18.dr	String found in binary or memory: https://www.google.ch/intl/en/about/productsBrowse
Source: 000003.log5.18.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr, manifest.json0.18.dr	String found in binary or memory: https://www.google.com
Source: QuotaManager.18.dr	String found in binary or memory: https://www.google.com/
Source: QuotaManager.18.dr	String found in binary or memory: https://www.google.com//#
Source: Current Session.18.dr	String found in binary or memory: https://www.google.com/?hl=en
Source: History.18.dr	String found in binary or memory: https://www.google.com/?hl=enGoogle
Source: History.18.dr	String found in binary or memory: https://www.google.com/?hl=enGoogle/#
Source: Current Session.18.dr	String found in binary or memory: https://www.google.com/?hl=enf
Source: Favicons.18.dr	String found in binary or memory: https://www.google.com/favicon.ico
Source: Favicons.18.dr	String found in binary or memory: https://www.google.com/favicon.ico$
Source: Current Session.18.dr	String found in binary or memory: https://www.google.com/intl/en/policies/privacy/
Source: History.18.dr	String found in binary or memory: https://www.google.com/intl/en/policies/privacy/Privacy
Source: Current Session.18.dr	String found in binary or memory: https://www.google.com/intl/en/policies/terms/
Source: History.18.dr	String found in binary or memory: https://www.google.com/intl/en/policies/terms/Google
Source: 9c4b2fb8ecb85057_0.18.dr	String found in binary or memory: https://www.google.com/js/th/ilh13uZaZ2e13-dsRc8a4GH2CkfJCUgscyiMqTv_Gc4.js
Source: 9c4b2fb8ecb85057_0.18.dr	String found in binary or memory: https://www.google.com/js/th/ilh13uZaZ2e13-dsRc8a4GH2CkfJCUgscyiMqTv_Gc4.jsaD
Source: cab3f1698d3d2ebb_0.18.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: Current Session.18.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LegzyQbAAAAAG96AXv-vMSRmT9EpT6Do0YVnzG4&co=aHR0
Source: manifest.json0.18.dr	String found in binary or memory: https://www.google.com;
Source: Current Session.18.dr	String found in binary or memory: https://www.google.comh
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.18.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.18.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.18.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.18.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.18.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 588e6311b9075013_0.18.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-WQZB4J
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://www.gstatic.com
Source: Network Action Predictor.18.dr	String found in binary or memory: https://www.gstatic.com/
Source: ef04e44c72581d82_0.18.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5
Source: a2c2b9d9a8196f25_0.18.dr, ed2289f19713d927_0.18.dr, 70f3e0500aa4a1d7_0.18.dr, dcc9f0651f3eb1d5_0.18.dr, 0bd7a193caaa1084_0.18.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en_US.pWi_f_o0gHU.
Source: a0f00e9291262984_0.18.dr, c261bc509fbe0d4a_0.18.dr, abd4f02146639bbf_0.18.dr, 2f41af10b56fa754_0.18.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.Y7LEhkj7g0U.
Source: 1d9307e50ef6b7b0_0.18.dr	String found in binary or memory: https://www.gstatic.com/brandstudio/kato/cookie_choice_component/cookie_consent_bar.v3.js
Source: ef573254f07aabf4_0.18.dr	String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: ef573254f07aabf4_0.18.dr	String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.jsaD
Source: 4739ef39d3645e5f_0.18.dr	String found in binary or memory: https://www.gstatic.com/external_hosted/hammerjs/v2_0_2/hammer.min.js
Source: b8c3df9b5168fca9_0.18.dr	String found in binary or memory: https://www.gstatic.com/external_hosted/picturefill/picturefill.min.js
Source: 346866bbe969e451_0.18.dr	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: eaea161a7305b18c_0.18.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: eaea161a7305b18c_0.18.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: eaea161a7305b18c_0.18.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: c6406bd93370392e_0.18.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.cTIKiXxS_RM.O/rt=j/m=q_d
Source: eaea161a7305b18c_0.18.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.cTIKiXxS_RM.O/rt=j/m=q_dnp
Source: 07f049ed7c03b867_0.18.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.cTIKiXxS_RM.O/rt=j/m=qabr
Source: 44f60fe7ed35ed6d_0.18.dr, 5278677776ece701_0.18.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/recaptcha__en.js
Source: manifest.json0.18.dr	String found in binary or memory: https://www.gstatic.com;
Source: 000003.log5.18.dr	String found in binary or memory: https://www.youtube-nocookie.com
Source: Current Session.18.dr	String found in binary or memory: https://www.youtube-nocookie.com#
Source: 000003.log0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/
Source: Current Session.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/ZdEIZNg3epQ?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/ggoJFaE71W8?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: 2b9380256e0a7a8e_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/fetch-polyfill.vflset/fetch-polyfill.js
Source: 2b9380256e0a7a8e_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/fetch-polyfill.vflset/fetch-polyfill.jsaD
Source: 0626ecbe5215288e_0.18.dr, 2ce38f300ec8bea9_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/base.js
Source: 2ce38f300ec8bea9_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/base.jsaD
Source: a68c1a61e9e21efe_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/embed.js
Source: a68c1a61e9e21efe_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/embed.jsaD
Source: d5509dd7f30867b1_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/remote.js
Source: 2561f356ea6372ae_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/remote.jsa
Source: 2561f356ea6372ae_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/remote.jsaD
Source: 47711346e1444dcc_0.18.dr, ac0c226a3fc548ab_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/www-embed-player.vflset/www-embed-player.js
Source: 47711346e1444dcc_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/www-embed-player.vflset/www-embed-player.jsaD
Source: 0626ecbe5215288e_0.18.dr	String found in binary or memory: https://youtube-nocookie.com/
Source: 9c4b2fb8ecb85057_0.18.dr	String found in binary or memory: https://youtube-nocookie.com//
Source: a68c1a61e9e21efe_0.18.dr	String found in binary or memory: https://youtube-nocookie.com/EE
Source: ef573254f07aabf4_0.18.dr	String found in binary or memory: https://youtube-nocookie.com/S
Source: ac0c226a3fc548ab_0.18.dr	String found in binary or memory: https://youtube-nocookie.com/j

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.5:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.5:49886 version: TLS 1.2

System Summary:

Found potential malicious PDF (bad image similarity)

Source: Swift-Receipt222.pdf

Static PDF information: Image stream: 26

Source: AcroRd32.exe, 00000001.00000002.418729441.000000000B3A2000.00000004.00000001.sdmp	Binary or memory string: dlng(.slngV.Arab, Armn, Cyrl, Geok, Geor, Grek, Hebr, LatnArab, Armn, Cyrl, Geok, Geor, Grek, Hebr, Latn
Source: AcroRd32.exe, 00000001.00000002.418729441.000000000B3A2000.00000004.00000001.sdmp	Binary or memory string: .slng

Source: classification engine

Classification label: mal56.phis.winPDF@71/339@19/17

Source: Swift-Receipt222.pdf	Initial sample: mailto:saguero@landaumpierre.com
Source: Swift-Receipt222.pdf	Initial sample: http://drollins.cliffskenya.com/rdr/zhjvbgxpbnnachjvc3nlcmhlywx0ac5vcmc=
Source: Swift-Receipt222.pdf	Initial sample: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.6528

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: QuotaManager-journal.18.dr

Binary or memory string: CREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Swift-Receipt222.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Swift-Receipt222.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4210813165074894668 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4210813165074894668 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=1429679197753697552 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8998359058420623262 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8998359058420623262 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10020858510568826130 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10020858510568826130 --renderer-client-id=5 --mojo-platform-channel-handle=2156 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc='
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1868 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5112 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=4716 /prefetch:8
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Swift-Receipt222.pdf'	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc='	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4210813165074894668 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4210813165074894668 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=1429679197753697552 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8998359058420623262 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8998359058420623262 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10020858510568826130 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10020858510568826130 --renderer-client-id=5 --mojo-platform-channel-handle=2156 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1868 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5112 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=4716 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: Swift-Receipt222.pdf	Initial sample: PDF keyword /JS count = 0
Source: Swift-Receipt222.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Swift-Receipt222.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: AcroRd32.exe, 00000001.00000002.419896764.000000000CBD0000.00000004.00000001.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging:

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 1_2_00B62490 LdrInitializeThunk,

1_2_00B62490

Source: AcroRd32.exe, 00000001.00000002.399860176.0000000005A40000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000002.399860176.0000000005A40000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000002.399860176.0000000005A40000.00000002.00000001.sdmp	Binary or memory string: SProgram Managerl
Source: AcroRd32.exe, 00000001.00000002.399860176.0000000005A40000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd,
Source: AcroRd32.exe, 00000001.00000002.399860176.0000000005A40000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.80.25.150	cliffskenya.com	Italy	16276	OVHFR	false
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
142.250.180.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
91.199.212.52	crt.sectigo.com	United Kingdom	48447	SECTIGOGB	false
20.150.208.6	ga-ine.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.13.157	stats.l.doubleclick.net	United States	15169	GOOGLEUS	false
142.250.180.243	ghs-svc-https-sni.ghs-ssl.googlehosted.com	United States	15169	GOOGLEUS	false
80.0.0.0	unknown	United Kingdom	5089	NTLGB	false
104.16.18.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
216.239.32.29	about.google	United States	15169	GOOGLEUS	false
142.250.180.214	i.ytimg.com	United States	15169	GOOGLEUS	false
216.58.214.225	photos-ugc.l.googleusercontent.com	United States	15169	GOOGLEUS	false
104.18.11.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.20.3	www.google.ch	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
stackpath.bootstrapcdn.com	104.18.11.207	true
ga-ine.net	20.150.208.6	true
stats.l.doubleclick.net	142.250.13.157	true
i.ytimg.com	142.250.180.214	true
cliffskenya.com	151.80.25.150	true
maxcdn.bootstrapcdn.com	104.18.10.207	true
about.google	216.239.32.29	true
cdnjs.cloudflare.com	104.16.18.94	true
photos-ugc.l.googleusercontent.com	216.58.214.225	true
ghs-svc-https-sni.ghs-ssl.googlehosted.com	142.250.180.243	true
crt.sectigo.com	91.199.212.52	true
www.google.ch	172.217.20.3	true
googlehosted.l.googleusercontent.com	142.250.180.225	true
drollins.cliffskenya.com	151.80.25.150	true
yt3.ggpht.com	unknown	unknown
www.blog.google	unknown	unknown
zerossl.crt.sectigo.com	unknown	unknown
lh3.googleusercontent.com	unknown	unknown
stats.g.doubleclick.net	unknown	unknown
clients2.googleusercontent.com	unknown	unknown
code.jquery.com	unknown	unknown
accounts.youtube.com	unknown	unknown
www.youtube-nocookie.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt	false	Avira URL Cloud: safe	unknown
https://ga-ine.net/go/home	true		unknown
https://www.youtube-nocookie.com/embed/ZdEIZNg3epQ?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1	false		high
https://about.google/intl/en/products/	true	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.youtube-nocookie.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1	false		high
https://www.youtube-nocookie.com/embed/ggoJFaE71W8?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1	false		high
https://www.youtube-nocookie.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1	false		high

Phishing:

Yara detected HtmlPhish10

Source: Yara match

File source: 17087.pages.csv, type: HTML

Found iframes

Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1177225778&timestamp=1623377106846
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1177225778&timestamp=1623377106846
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: /_/bscframe

HTML body contains low number of good links

Source: https://ga-ine.net/go/home	HTTP Parser: Number of links: 0
Source: https://ga-ine.net/go/home	HTTP Parser: Number of links: 0

Invalid 'forgot password' link found

Source: https://ga-ine.net/go/home	HTTP Parser: Invalid link: Forgot my password
Source: https://ga-ine.net/go/home	HTTP Parser: Invalid link: Forgot my password

No HTML title found

Source: https://ga-ine.net/go/home	HTTP Parser: HTML title missing
Source: https://ga-ine.net/go/home	HTTP Parser: HTML title missing

Unusual large HTML page

HTTP Parser: Total size: 1706137

Source: https://ga-ine.net/go/home	HTTP Parser: No <meta name="author".. found
Source: https://ga-ine.net/go/home	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="author".. found

Source: https://ga-ine.net/go/home	HTTP Parser: No <meta name="copyright".. found
Source: https://ga-ine.net/go/home	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.5:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.5:49886 version: TLS 1.2

Software Vulnerabilities:

Potential document exploit detected (performs DNS queries)

Source: global traffic

DNS query: name: cliffskenya.com

Potential document exploit detected (performs HTTP gets)

Source: global traffic

TCP traffic: 192.168.2.5:49727 -> 20.150.208.6:443

Potential document exploit detected (unknown TCP traffic)

Source: global traffic

TCP traffic: 192.168.2.5:49718 -> 151.80.25.150:80

Networking:

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.18.10.207 104.18.10.207
Source: Joe Sandbox View	IP Address: 91.199.212.52 91.199.212.52

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic

Source: global traffic	HTTP traffic detected: GET /rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc= HTTP/1.1Host: drollins.cliffskenya.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ZeroSSLRSADomainSecureSiteCA.crt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: zerossl.crt.sectigo.com

Source: 2ce38f300ec8bea9_0.18.dr	String found in binary or memory: ://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav equals www.youtube.com (Youtube)
Source: 2ce38f300ec8bea9_0.18.dr	String found in binary or memory: www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: cliffskenya.com

Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0//1.0/V7k
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/1.0/
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 77EC63BDA74BD0D0E0426DC8F8008506.19.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: Current Session.18.dr	String found in binary or memory: http://drollins.cliffskenya.com
Source: Favicons-journal.18.dr, History.18.dr, History-journal.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=
Source: Swift-Receipt222.pdf	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=)
Source: History.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=/#
Source: AcroRd32.exe, 00000001.00000002.420388313.000000000CDEA000.00000004.00000001.sdmp, History Provider Cache.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=2
Source: History Provider Cache.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=2:
Source: AcroRd32.exe, 00000001.00000002.418935057.000000000B491000.00000004.00000001.sdmp	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=5
Source: Favicons-journal.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=B
Source: History-journal.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=E
Source: History-journal.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=FH
Source: AcroRd32.exe, 00000001.00000002.418209299.000000000B191000.00000004.00000001.sdmp	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=_8D
Source: AcroRd32.exe, 00000001.00000002.414465174.000000000A770000.00000004.00000001.sdmp	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=ontainerSize
Source: AcroRd32.exe, 00000001.00000002.418636294.000000000B332000.00000004.00000001.sdmp	String found in binary or memory: http://en.wikipedia
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/g
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: AcroRd32.exe, 00000001.00000002.420263672.000000000CD81000.00000004.00000001.sdmp	String found in binary or memory: http://www.adobe.
Source: AcroRd32.exe, 00000001.00000002.420263672.000000000CD81000.00000004.00000001.sdmp	String found in binary or memory: http://www.adobe.co
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/77
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#3
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#r
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/B5
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: 10BDC45B4A27319429BBC4F08A4E8A10.19.dr	String found in binary or memory: http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt
Source: AcroRd32.exe, 00000001.00000002.420813546.000000000CE6B000.00000004.00000001.sdmp	String found in binary or memory: https://.OKCancelEdit
Source: AcroRd32.exe, 00000001.00000002.418863963.000000000B42E000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/c
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i-
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/iW
Source: Reporting and NEL.19.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v2?s=tg%2FqX4LyDc8GF%2FiWUQV9RYkrHH4EYSSuDyGsvPKbbkcOEXtu0TRXBkF
Source: 000003.log5.18.dr	String found in binary or memory: https://about.google
Source: Network Action Predictor.18.dr, b8c3df9b5168fca9_0.18.dr, 346866bbe969e451_0.18.dr	String found in binary or memory: https://about.google/
Source: 1154c6710157da27_0.18.dr	String found in binary or memory: https://about.google/3
Source: ca5dd8c4d05c0b30_0.18.dr	String found in binary or memory: https://about.google/Y
Source: ca5dd8c4d05c0b30_0.18.dr	String found in binary or memory: https://about.google/assets-products/js/index.min.js?cache=627e25d
Source: Favicons.18.dr	String found in binary or memory: https://about.google/favicon.ico
Source: Favicons.18.dr	String found in binary or memory: https://about.google/favicon.ico0
Source: Favicons.18.dr	String found in binary or memory: https://about.google/intl/en/products
Source: Current Session.18.dr	String found in binary or memory: https://about.google/intl/en/products/
Source: Current Session.18.dr	String found in binary or memory: https://about.google/intl/en/products/3Browse
Source: History.18.dr	String found in binary or memory: https://about.google/intl/en/products/Browse
Source: History.18.dr	String found in binary or memory: https://about.google/intl/en/productsBrowse
Source: 000003.log5.18.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr, manifest.json0.18.dr	String found in binary or memory: https://accounts.google.com
Source: Current Session.18.dr	String found in binary or memory: https://accounts.google.com#
Source: d076b6fa748cc943_0.18.dr	String found in binary or memory: https://accounts.google.com/
Source: f2a8eb5d2b3ff76f_0.18.dr	String found in binary or memory: https://accounts.google.com//E
Source: Current Session.18.dr, History.18.dr	String found in binary or memory: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https://policies.google.com/privac
Source: Current Session.18.dr	String found in binary or memory: https://accounts.google.com/_/bscframe
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: History.18.dr	String found in binary or memory: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.goo
Source: fe0519b5b8b2b844_0.18.dr	String found in binary or memory: https://accounts.google.com/u
Source: Current Session.18.dr	String found in binary or memory: https://accounts.google.comh
Source: Current Session.18.dr	String found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1177
Source: Network Action Predictor.18.dr	String found in binary or memory: https://ajax.googleapis.com/
Source: 29b9e743bf6a96f6_0.18.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comgs
Source: 150501eb52c82ec4_0.18.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr, manifest.json0.18.dr	String found in binary or memory: https://apis.google.com
Source: 150501eb52c82ec4_0.18.dr, 5a55e44991ac8b2b_0.18.dr	String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.vQiXRrxCe40.O/m=gapi_iframes
Source: 33358dc9738a86ce_0.18.dr, a6f875b417e34ffa_0.18.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: Network Action Predictor.18.dr	String found in binary or memory: https://cdnjs.cloudflare.com/
Source: 6eaf70376a4c0fcb_0.18.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.18.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://clients6.google.com
Source: Network Action Predictor.18.dr	String found in binary or memory: https://code.jquery.com/
Source: 18a574279a460c61_0.18.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: 150501eb52c82ec4_0.18.dr, manifest.json0.18.dr	String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.19.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsDomainCookiesCheckConnectionHttp/external
Source: Reporting and NEL.19.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInSignUpUi/external
Source: Reporting and NEL.19.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityPoliciesUi/external
Source: Reporting and NEL.19.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityPoliciesUi/externalr
Source: Reporting and NEL.19.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/OneGoogleWidgetUi/external
Source: 120b86f3-b3c5-47f9-a252-a729121ab9fd.tmp.19.dr, d3f71dd8-af7e-4572-962d-7a741cc75787.tmp.19.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://dns.google
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: manifest.json0.18.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor.18.dr	String found in binary or memory: https://fonts.googleapis.com/
Source: manifest.json0.18.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://fonts.gstatic.com
Source: Network Action Predictor.18.dr	String found in binary or memory: https://fonts.gstatic.com/
Source: manifest.json0.18.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: 000003.log5.18.dr	String found in binary or memory: https://ga-ine.net
Source: 18a574279a460c61_0.18.dr, Network Action Predictor.18.dr, 29b9e743bf6a96f6_0.18.dr, 4e44c6b63048c53f_0.18.dr	String found in binary or memory: https://ga-ine.net/
Source: Favicons.18.dr	String found in binary or memory: https://ga-ine.net/favicon.ico
Source: Favicons-journal.18.dr	String found in binary or memory: https://ga-ine.net/favicon.icoB
Source: Current Session.18.dr	String found in binary or memory: https://ga-ine.net/go/home
Source: Favicons.18.dr	String found in binary or memory: https://ga-ine.net/go/home3
Source: History.18.dr	String found in binary or memory: https://ga-ine.net/go/homeSign
Source: Current Session.18.dr	String found in binary or memory: https://ga-ine.net/go/homeT
Source: Current Session.18.dr	String found in binary or memory: https://ga-ine.net/go/homefm
Source: Current Session.18.dr, Favicons.18.dr	String found in binary or memory: https://ga-ine.net/go/login.aspx?id=ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=&auth=38342e31372e35322e3138
Source: 5925aba0295ba9a2_0.18.dr	String found in binary or memory: https://ga-ine.net/o#
Source: Current Session.18.dr	String found in binary or memory: https://ga-ine.neth
Source: 1fc81d98e0bca5b5_0.18.dr, 901b648cd82f37e1_0.18.dr, 3dbe54b7c92541c6_0.18.dr, abd4f02146639bbf_0.18.dr	String found in binary or memory: https://google.com/
Source: 89976388d776040a_0.18.dr	String found in binary or memory: https://google.com/0q
Source: 70f3e0500aa4a1d7_0.18.dr	String found in binary or memory: https://google.com/3
Source: 0bd7a193caaa1084_0.18.dr	String found in binary or memory: https://google.com/5
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/:
Source: 031517cf987ed5ca_0.18.dr	String found in binary or memory: https://google.com/F
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/JF
Source: 2ef175f79a71fadd_0.18.dr	String found in binary or memory: https://google.com/L
Source: 5528c7caf4fa1401_0.18.dr	String found in binary or memory: https://google.com/L-m
Source: 68b3bfd079cc9fcd_0.18.dr	String found in binary or memory: https://google.com/Qr
Source: 0355d4a94b58528a_0.18.dr	String found in binary or memory: https://google.com/T
Source: 08d531cb4a36a419_0.18.dr	String found in binary or memory: https://google.com/V
Source: 1fde12061b590deb_0.18.dr	String found in binary or memory: https://google.com/Z
Source: 2a8215f3bb8c1a18_0.18.dr	String found in binary or memory: https://google.com/_;
Source: ed2289f19713d927_0.18.dr	String found in binary or memory: https://google.com/f
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/h
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/hA9=
Source: 6f8306580c7f29f4_0.18.dr	String found in binary or memory: https://google.com/k
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/l
Source: 07f049ed7c03b867_0.18.dr	String found in binary or memory: https://google.com/p
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/pF
Source: ec79fe2a6efd0153_0.18.dr	String found in binary or memory: https://google.com/r
Source: a45d7a7b5530ef14_0.18.dr	String found in binary or memory: https://google.com/x
Source: manifest.json0.18.dr	String found in binary or memory: https://hangouts.google.com/
Source: AcroRd32.exe, 00000001.00000002.407681471.000000000943F000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: Network Action Predictor.18.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/
Source: 4e44c6b63048c53f_0.18.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: Current Session.18.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://ogs.google.com
Source: Current Session.18.dr	String found in binary or memory: https://ogs.google.com#
Source: Current Session.18.dr	String found in binary or memory: https://ogs.google.com/widget/app/so?bc=1&origin=https%3A%2F%2Fpolicies.google.com&cn=app&pid=269&sp
Source: 2ce38f300ec8bea9_0.18.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/osd.js
Source: manifest.json.18.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://plus.google.com
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://plus.googleapis.com
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com#
Source: Network Action Predictor.18.dr, Current Session.18.dr	String found in binary or memory: https://policies.google.com/
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/?hl=en-
Source: History.18.dr	String found in binary or memory: https://policies.google.com/?hl=enPrivacy
Source: History.18.dr	String found in binary or memory: https://policies.google.com/Privacy
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/Zq
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/faq?hl=en
Source: History.18.dr	String found in binary or memory: https://policies.google.com/faq?hl=enFAQ
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/faq?hl=ena
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/archive?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/archive?hl=en2Updates:
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/archive?hl=en81
Source: History.18.dr	String found in binary or memory: https://policies.google.com/privacy/archive?hl=enUpdates:
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/frameworks?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/frameworks?hl=en3
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/frameworks?hl=en3Data
Source: History.18.dr	String found in binary or memory: https://policies.google.com/privacy/frameworks?hl=enData
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners?hl=en5Who
Source: History.18.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners?hl=enWho
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/key-terms?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/key-terms?hl=en$Key
Source: History.18.dr	String found in binary or memory: https://policies.google.com/privacy/key-terms?hl=enKey
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/key-terms?hl=enc
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy?hl=en)Privacy
Source: History.18.dr	String found in binary or memory: https://policies.google.com/privacy?hl=enPrivacy
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy?hl=enm
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/technologies?hl=en
Source: History.18.dr	String found in binary or memory: https://policies.google.com/technologies?hl=enTechnologies
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/terms?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/terms?hl=en2Google
Source: History.18.dr	String found in binary or memory: https://policies.google.com/terms?hl=enGoogle
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.comh
Source: manifest.json.18.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://ssl.gstatic.com
Source: 55eb0dad66b87c70_0.18.dr, f2a8eb5d2b3ff76f_0.18.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en.QMyOJliEoZQ.O/am=B2CcYUEBEAAAGAAA
Source: Favicons.18.dr	String found in binary or memory: https://ssl.gstatic.com/policies/favicon.ico
Source: Network Action Predictor.18.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/
Source: 5925aba0295ba9a2_0.18.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: messages.json62.18.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json62.18.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: 33358dc9738a86ce_0.18.dr, a6f875b417e34ffa_0.18.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: 1154c6710157da27_0.18.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: Current Session.18.dr, History.18.dr	String found in binary or memory: https://www.google.ch/intl/en/about/products
Source: History.18.dr	String found in binary or memory: https://www.google.ch/intl/en/about/productsBrowse
Source: 000003.log5.18.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr, manifest.json0.18.dr	String found in binary or memory: https://www.google.com
Source: QuotaManager.18.dr	String found in binary or memory: https://www.google.com/
Source: QuotaManager.18.dr	String found in binary or memory: https://www.google.com//#
Source: Current Session.18.dr	String found in binary or memory: https://www.google.com/?hl=en
Source: History.18.dr	String found in binary or memory: https://www.google.com/?hl=enGoogle
Source: History.18.dr	String found in binary or memory: https://www.google.com/?hl=enGoogle/#
Source: Current Session.18.dr	String found in binary or memory: https://www.google.com/?hl=enf
Source: Favicons.18.dr	String found in binary or memory: https://www.google.com/favicon.ico
Source: Favicons.18.dr	String found in binary or memory: https://www.google.com/favicon.ico$
Source: Current Session.18.dr	String found in binary or memory: https://www.google.com/intl/en/policies/privacy/
Source: History.18.dr	String found in binary or memory: https://www.google.com/intl/en/policies/privacy/Privacy
Source: Current Session.18.dr	String found in binary or memory: https://www.google.com/intl/en/policies/terms/
Source: History.18.dr	String found in binary or memory: https://www.google.com/intl/en/policies/terms/Google
Source: 9c4b2fb8ecb85057_0.18.dr	String found in binary or memory: https://www.google.com/js/th/ilh13uZaZ2e13-dsRc8a4GH2CkfJCUgscyiMqTv_Gc4.js
Source: 9c4b2fb8ecb85057_0.18.dr	String found in binary or memory: https://www.google.com/js/th/ilh13uZaZ2e13-dsRc8a4GH2CkfJCUgscyiMqTv_Gc4.jsaD
Source: cab3f1698d3d2ebb_0.18.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: Current Session.18.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LegzyQbAAAAAG96AXv-vMSRmT9EpT6Do0YVnzG4&co=aHR0
Source: manifest.json0.18.dr	String found in binary or memory: https://www.google.com;
Source: Current Session.18.dr	String found in binary or memory: https://www.google.comh
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.18.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.18.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.18.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.18.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.18.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 588e6311b9075013_0.18.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-WQZB4J
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://www.gstatic.com
Source: Network Action Predictor.18.dr	String found in binary or memory: https://www.gstatic.com/
Source: ef04e44c72581d82_0.18.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5
Source: a2c2b9d9a8196f25_0.18.dr, ed2289f19713d927_0.18.dr, 70f3e0500aa4a1d7_0.18.dr, dcc9f0651f3eb1d5_0.18.dr, 0bd7a193caaa1084_0.18.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en_US.pWi_f_o0gHU.
Source: a0f00e9291262984_0.18.dr, c261bc509fbe0d4a_0.18.dr, abd4f02146639bbf_0.18.dr, 2f41af10b56fa754_0.18.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.Y7LEhkj7g0U.
Source: 1d9307e50ef6b7b0_0.18.dr	String found in binary or memory: https://www.gstatic.com/brandstudio/kato/cookie_choice_component/cookie_consent_bar.v3.js
Source: ef573254f07aabf4_0.18.dr	String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: ef573254f07aabf4_0.18.dr	String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.jsaD
Source: 4739ef39d3645e5f_0.18.dr	String found in binary or memory: https://www.gstatic.com/external_hosted/hammerjs/v2_0_2/hammer.min.js
Source: b8c3df9b5168fca9_0.18.dr	String found in binary or memory: https://www.gstatic.com/external_hosted/picturefill/picturefill.min.js
Source: 346866bbe969e451_0.18.dr	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: eaea161a7305b18c_0.18.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: eaea161a7305b18c_0.18.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: eaea161a7305b18c_0.18.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: c6406bd93370392e_0.18.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.cTIKiXxS_RM.O/rt=j/m=q_d
Source: eaea161a7305b18c_0.18.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.cTIKiXxS_RM.O/rt=j/m=q_dnp
Source: 07f049ed7c03b867_0.18.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.cTIKiXxS_RM.O/rt=j/m=qabr
Source: 44f60fe7ed35ed6d_0.18.dr, 5278677776ece701_0.18.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/recaptcha__en.js
Source: manifest.json0.18.dr	String found in binary or memory: https://www.gstatic.com;
Source: 000003.log5.18.dr	String found in binary or memory: https://www.youtube-nocookie.com
Source: Current Session.18.dr	String found in binary or memory: https://www.youtube-nocookie.com#
Source: 000003.log0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/
Source: Current Session.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/ZdEIZNg3epQ?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/ggoJFaE71W8?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: 2b9380256e0a7a8e_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/fetch-polyfill.vflset/fetch-polyfill.js
Source: 2b9380256e0a7a8e_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/fetch-polyfill.vflset/fetch-polyfill.jsaD
Source: 0626ecbe5215288e_0.18.dr, 2ce38f300ec8bea9_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/base.js
Source: 2ce38f300ec8bea9_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/base.jsaD
Source: a68c1a61e9e21efe_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/embed.js
Source: a68c1a61e9e21efe_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/embed.jsaD
Source: d5509dd7f30867b1_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/remote.js
Source: 2561f356ea6372ae_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/remote.jsa
Source: 2561f356ea6372ae_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/remote.jsaD
Source: 47711346e1444dcc_0.18.dr, ac0c226a3fc548ab_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/www-embed-player.vflset/www-embed-player.js
Source: 47711346e1444dcc_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/www-embed-player.vflset/www-embed-player.jsaD
Source: 0626ecbe5215288e_0.18.dr	String found in binary or memory: https://youtube-nocookie.com/
Source: 9c4b2fb8ecb85057_0.18.dr	String found in binary or memory: https://youtube-nocookie.com//
Source: a68c1a61e9e21efe_0.18.dr	String found in binary or memory: https://youtube-nocookie.com/EE
Source: ef573254f07aabf4_0.18.dr	String found in binary or memory: https://youtube-nocookie.com/S
Source: ac0c226a3fc548ab_0.18.dr	String found in binary or memory: https://youtube-nocookie.com/j

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.5:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.5:49886 version: TLS 1.2

System Summary:

Found potential malicious PDF (bad image similarity)

Source: Swift-Receipt222.pdf

Static PDF information: Image stream: 26

Source: AcroRd32.exe, 00000001.00000002.418729441.000000000B3A2000.00000004.00000001.sdmp	Binary or memory string: dlng(.slngV.Arab, Armn, Cyrl, Geok, Geor, Grek, Hebr, LatnArab, Armn, Cyrl, Geok, Geor, Grek, Hebr, Latn
Source: AcroRd32.exe, 00000001.00000002.418729441.000000000B3A2000.00000004.00000001.sdmp	Binary or memory string: .slng

Source: classification engine

Classification label: mal56.phis.winPDF@71/339@19/17

Source: Swift-Receipt222.pdf	Initial sample: mailto:saguero@landaumpierre.com
Source: Swift-Receipt222.pdf	Initial sample: http://drollins.cliffskenya.com/rdr/zhjvbgxpbnnachjvc3nlcmhlywx0ac5vcmc=
Source: Swift-Receipt222.pdf	Initial sample: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.6528

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: QuotaManager-journal.18.dr

Binary or memory string: CREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Swift-Receipt222.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Swift-Receipt222.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4210813165074894668 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4210813165074894668 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=1429679197753697552 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8998359058420623262 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8998359058420623262 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10020858510568826130 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10020858510568826130 --renderer-client-id=5 --mojo-platform-channel-handle=2156 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc='
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1868 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5112 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=4716 /prefetch:8
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Swift-Receipt222.pdf'	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc='	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4210813165074894668 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4210813165074894668 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=1429679197753697552 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8998359058420623262 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8998359058420623262 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10020858510568826130 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10020858510568826130 --renderer-client-id=5 --mojo-platform-channel-handle=2156 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1868 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5112 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=4716 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: Swift-Receipt222.pdf	Initial sample: PDF keyword /JS count = 0
Source: Swift-Receipt222.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Swift-Receipt222.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: AcroRd32.exe, 00000001.00000002.419896764.000000000CBD0000.00000004.00000001.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging:

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 1_2_00B62490 LdrInitializeThunk,

1_2_00B62490

Source: AcroRd32.exe, 00000001.00000002.399860176.0000000005A40000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000002.399860176.0000000005A40000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000002.399860176.0000000005A40000.00000002.00000001.sdmp	Binary or memory string: SProgram Managerl
Source: AcroRd32.exe, 00000001.00000002.399860176.0000000005A40000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd,
Source: AcroRd32.exe, 00000001.00000002.399860176.0000000005A40000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

ID:	432799
Product:	CloudBasic
Start time:	19:02:25
Start date:	10.06.2021
Sample:	Swift-Receipt222.pdf
Cookbook:	defaultwindowspdfcookbook.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	a67be3d1f4d7f321f58f068399f1fa11
SHA1:	f6872349a822b44ed2662e044995f376bec69fdd
SHA256:	575125b2fcad78ccfd6ac81b71077cfee9c24a92c8549b6185b8a5689c9f895f
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Analysis Report Swift-Receipt222.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing:

Compliance:

Software Vulnerabilities:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs