Windows Analysis Report Next_Caller#U2019s_Fraud___COVID-19_Report_(Week_6-9).pdf

Overview

General Information

Sample Name: Next_Caller#U2019s_Fraud___COVID-19_Report_(Week_6-9).pdf
Analysis ID: 438190
MD5: 5cf5e5cf2ac5f1eba159d03842f9e7c9
SHA1: 80e72b48c3c441900152ce45fcec3bb552ef1734
SHA256: c8471fe72419ed8c0c39cc5750e77cb9df3a1b4532f5a3117441755eb55d52cf
Infos:

Most interesting Screenshot:

Detection

Score: 24
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Connects to many IPs within the same subnet mask (likely port scanning)
Connects to many different domains
HTML body contains low number of good links
HTML title does not match URL
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)

Classification

Phishing:

barindex
HTML body contains low number of good links
Source: https://api.autopilothq.com/anywhere/headsup/a226a61269bd46b49f99013b66ec690049378a691ede444f85200277cfa83809/nextcaller_proactive_headsup_message_1521830115721-ee10b790-2ec8-11e8-b337-816ab6656d34/1624378102853/https%3A%2F%2Fnextcaller.com%2F HTTP Parser: Number of links: 0
Source: https://api.autopilothq.com/anywhere/headsup/a226a61269bd46b49f99013b66ec690049378a691ede444f85200277cfa83809/nextcaller_proactive_headsup_message_1521830115721-ee10b790-2ec8-11e8-b337-816ab6656d34/1624378102853/https%3A%2F%2Fnextcaller.com%2F HTTP Parser: Number of links: 0
HTML title does not match URL
Source: https://api.autopilothq.com/anywhere/headsup/a226a61269bd46b49f99013b66ec690049378a691ede444f85200277cfa83809/nextcaller_proactive_headsup_message_1521830115721-ee10b790-2ec8-11e8-b337-816ab6656d34/1624378102853/https%3A%2F%2Fnextcaller.com%2F HTTP Parser: Title: Headsup does not match URL
Source: https://api.autopilothq.com/anywhere/headsup/a226a61269bd46b49f99013b66ec690049378a691ede444f85200277cfa83809/nextcaller_proactive_headsup_message_1521830115721-ee10b790-2ec8-11e8-b337-816ab6656d34/1624378102853/https%3A%2F%2Fnextcaller.com%2F HTTP Parser: Title: Headsup does not match URL
Source: https://api.autopilothq.com/anywhere/headsup/a226a61269bd46b49f99013b66ec690049378a691ede444f85200277cfa83809/nextcaller_proactive_headsup_message_1521830115721-ee10b790-2ec8-11e8-b337-816ab6656d34/1624378102853/https%3A%2F%2Fnextcaller.com%2F HTTP Parser: No <meta name="author".. found
Source: https://api.autopilothq.com/anywhere/headsup/a226a61269bd46b49f99013b66ec690049378a691ede444f85200277cfa83809/nextcaller_proactive_headsup_message_1521830115721-ee10b790-2ec8-11e8-b337-816ab6656d34/1624378102853/https%3A%2F%2Fnextcaller.com%2F HTTP Parser: No <meta name="author".. found
Source: https://api.autopilothq.com/anywhere/headsup/a226a61269bd46b49f99013b66ec690049378a691ede444f85200277cfa83809/nextcaller_proactive_headsup_message_1521830115721-ee10b790-2ec8-11e8-b337-816ab6656d34/1624378102853/https%3A%2F%2Fnextcaller.com%2F HTTP Parser: No <meta name="copyright".. found
Source: https://api.autopilothq.com/anywhere/headsup/a226a61269bd46b49f99013b66ec690049378a691ede444f85200277cfa83809/nextcaller_proactive_headsup_message_1521830115721-ee10b790-2ec8-11e8-b337-816ab6656d34/1624378102853/https%3A%2F%2Fnextcaller.com%2F HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49755 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49754 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.210.44.111:443 -> 192.168.2.3:49786 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49795 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49798 version: TLS 1.2
Source: unknown HTTPS traffic detected: 198.61.165.71:443 -> 192.168.2.3:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 3.94.218.138:443 -> 192.168.2.3:49799 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49805 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.174.68:443 -> 192.168.2.3:49809 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.3:49806 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.3:49807 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.210.44.111:443 -> 192.168.2.3:49808 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.16.7.188:443 -> 192.168.2.3:49801 version: TLS 1.2
Source: unknown HTTPS traffic detected: 198.61.165.71:443 -> 192.168.2.3:49804 version: TLS 1.2
Source: unknown HTTPS traffic detected: 143.204.98.23:443 -> 192.168.2.3:49814 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49820 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49821 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49823 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49824 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.215.95.219:443 -> 192.168.2.3:49825 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.85.240.191:443 -> 192.168.2.3:49826 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.211.164.153:443 -> 192.168.2.3:49827 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.114.208:443 -> 192.168.2.3:49828 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.210.44.111:443 -> 192.168.2.3:49928 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.212.91.150:443 -> 192.168.2.3:49939 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.245.244.116:443 -> 192.168.2.3:49944 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.245.244.116:443 -> 192.168.2.3:49943 version: TLS 1.2
Source: unknown HTTPS traffic detected: 37.252.173.62:443 -> 192.168.2.3:49956 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.158.179.12:443 -> 192.168.2.3:49960 version: TLS 1.2
Source: unknown HTTPS traffic detected: 162.222.177.102:443 -> 192.168.2.3:49952 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.30.7.71:443 -> 192.168.2.3:49966 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49968 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49970 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.215.95.219:443 -> 192.168.2.3:49981 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.85.240.191:443 -> 192.168.2.3:49982 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49984 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49985 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.0.73.2:443 -> 192.168.2.3:50005 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.0.77.2:443 -> 192.168.2.3:50008 version: TLS 1.2

Software Vulnerabilities:

barindex
Potential document exploit detected (performs DNS queries)
Source: global traffic DNS query: name: nextcaller.com
Potential document exploit detected (performs HTTP gets)
Source: global traffic TCP traffic: 192.168.2.3:49704 -> 131.253.33.200:443
Potential document exploit detected (unknown TCP traffic)
Source: global traffic TCP traffic: 192.168.2.3:49704 -> 131.253.33.200:443
Source: chrome.exe Memory has grown: Private usage: 0MB later: 25MB

Networking:

barindex
Connects to many IPs within the same subnet mask (likely port scanning)
Source: global traffic TCP traffic: Count: 10 IPs: 143.204.98.18,143.204.98.119,143.204.98.9,143.204.98.70,143.204.98.23,143.204.98.104,143.204.98.76,143.204.98.32,143.204.98.2,143.204.98.59
Connects to many different domains
Source: unknown Network traffic detected: DNS query count 52
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 50.16.7.188 50.16.7.188
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: b32309a26951912be7dba376398abc3b
Source: Joe Sandbox View JA3 fingerprint: 74ad8ec6876e2e3366bfd566581ca7e8
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.6.115
Source: unknown DNS traffic detected: queries for: nextcaller.com
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000000.414000269.000000000ADEB000.00000004.00000001.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000000.414000269.000000000ADEB000.00000004.00000001.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/15)
Source: EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D0.30.dr String found in binary or memory: http://crl.godaddy.com/repository/0
Source: 223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B17710.30.dr String found in binary or memory: http://crl.godaddy.com/repository/gdroot-g2.crl0J
Source: EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D0.30.dr String found in binary or memory: http://crl.godaddy.com/repository/gdroot.crl0J
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 77EC63BDA74BD0D0E0426DC8F8008506.30.dr String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: AcroRd32.exe, 00000001.00000000.420556576.000000000C766000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000000.420556576.000000000C766000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/S;
Source: AcroRd32.exe, 00000001.00000000.420556576.000000000C766000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/h
Source: AcroRd32.exe, 00000001.00000000.420556576.000000000C766000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000000.420556576.000000000C766000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/O;
Source: AcroRd32.exe, 00000001.00000000.420556576.000000000C766000.00000004.00000001.sdmp String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0O
Source: 223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771.30.dr String found in binary or memory: http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLb
Source: EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D.30.dr String found in binary or memory: http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2H
Source: AcroRd32.exe, 00000001.00000000.413337963.000000000AD33000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.413367493.000000000AD39000.00000004.00000001.sdmp String found in binary or memory: http://scripts.sil.org/OFL
Source: AcroRd32.exe, 00000001.00000000.413185306.000000000AD1F000.00000004.00000001.sdmp String found in binary or memory: http://scripts.sil.org/OFLAleoRegularWebfont
Source: AcroRd32.exe, 00000001.00000000.413367493.000000000AD39000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.419741063.000000000C49C000.00000004.00000001.sdmp String found in binary or memory: http://scripts.sil.org/OFLCopyright
Source: AcroRd32.exe, 00000001.00000000.413337963.000000000AD33000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.413367493.000000000AD39000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.413311019.000000000AD2F000.00000004.00000001.sdmp String found in binary or memory: http://scripts.sil.org/OFLWebfont
Source: AcroRd32.exe, 00000001.00000000.425125521.000000000D167000.00000004.00000001.sdmp String found in binary or memory: http://www.adobe.c
Source: AcroRd32.exe, 00000001.00000000.420556576.000000000C766000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000000.420556576.000000000C766000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000000.414000269.000000000ADEB000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000000.414000269.000000000ADEB000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/C
Source: AcroRd32.exe, 00000001.00000000.420556576.000000000C766000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000000.420556576.000000000C766000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000000.420556576.000000000C766000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000000.420556576.000000000C766000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/type#;
Source: AcroRd32.exe, 00000001.00000000.414000269.000000000ADEB000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AcroRd32.exe, 00000001.00000000.414000269.000000000ADEB000.00000004.00000001.sdmp String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000000.414000269.000000000ADEB000.00000004.00000001.sdmp String found in binary or memory: http://www.npes.org/pdfx/ns/id/k
Source: AcroRd32.exe, 00000001.00000000.393454888.0000000007390000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000000.393454888.0000000007390000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000000.393454888.0000000007390000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000000.393454888.0000000007390000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000000.393454888.0000000007390000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000000.393454888.0000000007390000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000000.393454888.0000000007390000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000000.416032293.000000000B0F1000.00000004.00000001.sdmp String found in binary or memory: http://www.quicktime.com.Acrobat
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr String found in binary or memory: https://212mq33wcw14cr2kt2zmunq1-wpengine.netdna-ssl.com
Source: 9d795bc8034426f7_0.29.dr String found in binary or memory: https://212mq33wcw14cr2kt2zmunq1-wpengine.netdna-ssl.com/wp-content/cache/autoptimize/js/autoptimize
Source: Favicons.29.dr, Favicons-journal.29.dr String found in binary or memory: https://212mq33wcw14cr2kt2zmunq1-wpengine.netdna-ssl.com/wp-content/themes/nextcaller/img/favicon.ic
Source: cb60d8455f36298b_0.29.dr String found in binary or memory: https://212mq33wcw14cr2kt2zmunq1-wpengine.netdna-ssl.com/wp-includes/js/dist/dom-ready.min.js?ver=eb
Source: d1d99a9703927b9c_0.29.dr String found in binary or memory: https://212mq33wcw14cr2kt2zmunq1-wpengine.netdna-ssl.com/wp-includes/js/dist/vendor/wp-polyfill.min.
Source: 6b46c7fe392a56be_0.29.dr String found in binary or memory: https://212mq33wcw14cr2kt2zmunq1-wpengine.netdna-ssl.com/wp-includes/js/jquery/jquery.min.js?ver=3.5
Source: AcroRd32.exe, 00000001.00000000.420988872.000000000C88A000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000000.420988872.000000000C88A000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/?
Source: AcroRd32.exe, 00000001.00000000.414723600.000000000AEF8000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000000.414723600.000000000AEF8000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/#/
Source: AcroRd32.exe, 00000001.00000000.414723600.000000000AEF8000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/I/z
Source: AcroRd32.exe, 00000001.00000000.414723600.000000000AEF8000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/g/
Source: manifest.json0.29.dr, b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr, 6dd32692-62bd-4678-8335-172bea349745.tmp.30.dr String found in binary or memory: https://accounts.google.com
Source: 41710f54b7373a18_0.29.dr String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: 41710f54b7373a18_0.29.dr String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: dfb3173ed0346a09_0.29.dr, 4e9f9b0d0faf688a_0.29.dr, 9d513a68010d511b_0.29.dr String found in binary or memory: https://api.autopilothq.com/anywhere/a226a61269bd46b49f99013b66ec690049378a691ede444f85200277cfa8380
Source: AcroRd32.exe, 00000001.00000000.419905574.000000000C521000.00000004.00000001.sdmp String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000000.419905574.000000000C521000.00000004.00000001.sdmp String found in binary or memory: https://api.echosign.comRL
Source: AcroRd32.exe, 00000001.00000000.414138752.000000000AE68000.00000004.00000001.sdmp String found in binary or memory: https://api.echosign.comew
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://api.giphy.com/v1/gifs
Source: f8193b0994748ee3_0.29.dr String found in binary or memory: https://api.soundcloud.com
Source: manifest.json0.29.dr, b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr, 6dd32692-62bd-4678-8335-172bea349745.tmp.30.dr, 41710f54b7373a18_0.29.dr String found in binary or memory: https://apis.google.com
Source: 5791574709173403_0.29.dr String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.7yBiF1UUXzY.O/m=gapi_iframes
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://attachments.drift-files.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://attachments.driftqa-files.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://bootstrap.api.drift.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://bootstrap.api.driftqa.com
Source: 8e890e81dad2faf5_0.29.dr String found in binary or memory: https://cdn.livechatinc.com/tracking.js
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr, 6dd32692-62bd-4678-8335-172bea349745.tmp.30.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json0.29.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr, 6dd32692-62bd-4678-8335-172bea349745.tmp.30.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: 41710f54b7373a18_0.29.dr String found in binary or memory: https://clients6.google.com
Source: cfc0e1bc0c828203_0.29.dr String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: 0315260b8fd07132_0.29.dr String found in binary or memory: https://connect.facebook.net/signals/config/520441704996187?v=2.9.41&r=stable
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr String found in binary or memory: https://connect.livechatinc.com
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr String found in binary or memory: https://connect.soundcloud.com
Source: f8193b0994748ee3_0.29.dr String found in binary or memory: https://connect.soundcloud.com/sdk/flashAudio.swf
Source: d9ae9ed8fa72c151_0.29.dr String found in binary or memory: https://connect.soundcloud.com/sdk/sdk-3.1.2.js?ver=4bd0e6787e54cb84dd2083ee390e2aae
Source: f8193b0994748ee3_0.29.dr String found in binary or memory: https://connect.soundcloud.com/sdk/sdk-3.1.2.js?ver=4bd0e6787e54cb84dd2083ee390e2aaea
Source: f8193b0994748ee3_0.29.dr String found in binary or memory: https://connect.soundcloud.com/sdk/sdk-3.1.2.js?ver=4bd0e6787e54cb84dd2083ee390e2aaeaD
Source: manifest.json0.29.dr, 41710f54b7373a18_0.29.dr String found in binary or memory: https://content.googleapis.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://conversation.api.drift.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://conversation2.api.driftqa.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://customer.api.drift.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://customer2.api.driftqa.com
Source: 819d56ff031ca342_0.29.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: bfced5395e481eec_0.29.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: d3a2cd00-fbf7-46bc-be9f-b1548b06942a.tmp.30.dr, b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr, 5cdb3703-442e-47bf-8959-73e9064c1719.tmp.30.dr, 6dd32692-62bd-4678-8335-172bea349745.tmp.30.dr String found in binary or memory: https://dns.google
Source: 41710f54b7373a18_0.29.dr String found in binary or memory: https://domains.google.com/suggest/flow
Source: c0906301109aecac_0.29.dr, 87981fc228aa69dd_0.29.dr, e44316dbbd15a442_0.29.dr, 49b640555bea3ff8_0.29.dr String found in binary or memory: https://driftt.com/
Source: 4222ed98887eebda_0.29.dr String found in binary or memory: https://driftt.com/5
Source: a6864e076f152ec3_0.29.dr String found in binary or memory: https://driftt.com/9Z
Source: f0c7ff82879866cc_0.29.dr String found in binary or memory: https://driftt.com/;
Source: 484a67f8e93657dc_0.29.dr String found in binary or memory: https://driftt.com/B
Source: 1c5861241d6b406d_0.29.dr String found in binary or memory: https://driftt.com/C
Source: 5cacab30938835de_0.29.dr String found in binary or memory: https://driftt.com/G
Source: 4975958deb0979e3_0.29.dr String found in binary or memory: https://driftt.com/S
Source: 189065a0ece5b287_0.29.dr String found in binary or memory: https://driftt.com/e
Source: 886ac28e565c7b00_0.29.dr String found in binary or memory: https://driftt.com/o
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://embeds.driftcdn.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://embeds.driftcdnqa.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://enrichment.api.drift.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://enrichment.api.driftqa.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://event.api.drift.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://event2.api.driftqa.com
Source: 5a50d7ed089c3a43_0.29.dr String found in binary or memory: https://fb.me/react-polyfills
Source: manifest.json0.29.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://flow.api.drift.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://flow.api.driftqa.com
Source: 6dd32692-62bd-4678-8335-172bea349745.tmp.30.dr String found in binary or memory: https://fonts.googleapis.com
Source: 886ac28e565c7b00_0.29.dr String found in binary or memory: https://fonts.googleapis.com/css?family=
Source: manifest.json0.29.dr String found in binary or memory: https://fonts.googleapis.com;
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr, 6dd32692-62bd-4678-8335-172bea349745.tmp.30.dr String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.29.dr String found in binary or memory: https://fonts.gstatic.com;
Source: e7b36d17443efe2e_0.29.dr, 60f428732ff62a33_0.29.dr String found in binary or memory: https://google.com/
Source: a3b4ac9bea4ccaf2_0.29.dr String found in binary or memory: https://google.com/J
Source: 8c25d680eeb054d7_0.29.dr String found in binary or memory: https://google.com/t
Source: manifest.json0.29.dr String found in binary or memory: https://hangouts.google.com/
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://identify.api.drift.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://identify.api.driftqa.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://iframe.ly/api
Source: AcroRd32.exe, 00000001.00000000.400974468.0000000008CA0000.00000004.00000001.sdmp String found in binary or memory: https://ims-na1.adobelogin.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://integration.drift.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://integration.driftqa.com
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr String found in binary or memory: https://js.driftt.com
Source: f7267d924f102f30_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/0.45eb4005.chunk.js
Source: f7267d924f102f30_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/0.45eb4005.chunk.jsa
Source: f7267d924f102f30_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/0.45eb4005.chunk.jsaD
Source: 484a67f8e93657dc_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/1.0af467a5.chunk.js
Source: 768b4fc9f109b2f3_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/1.0af467a5.chunk.jsa
Source: 768b4fc9f109b2f3_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/1.0af467a5.chunk.jsaD
Source: 87981fc228aa69dd_0.29.dr, 30a537e7f6051f90_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/11.a0a8230e.chunk.js
Source: 30a537e7f6051f90_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/11.a0a8230e.chunk.jsaD
Source: e44316dbbd15a442_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/15.9b6202df.chunk.js
Source: e44316dbbd15a442_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/15.9b6202df.chunk.jsaD
Source: 94ab0843fa5fae8c_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/16.afbd9978.chunk.js
Source: af3a8260b6950e33_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/16.afbd9978.chunk.jsaD
Source: a6e58b716f74af57_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/19.1e509716.chunk.js
Source: a6e58b716f74af57_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/19.1e509716.chunk.jsaD
Source: 886ac28e565c7b00_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/2.6571b24d.chunk.js
Source: 886ac28e565c7b00_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/2.6571b24d.chunk.jsa
Source: 886ac28e565c7b00_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/2.6571b24d.chunk.jsaD
Source: a90504e3ce3eb13d_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/21.d75548a7.chunk.js
Source: a90504e3ce3eb13d_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/21.d75548a7.chunk.jsaD
Source: 1c5861241d6b406d_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/22.c3832689.chunk.js
Source: 1c5861241d6b406d_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/22.c3832689.chunk.jsaD
Source: 109af07f8465e4da_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/23.dbd7bb7d.chunk.js
Source: 109af07f8465e4da_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/23.dbd7bb7d.chunk.jsaD
Source: c0906301109aecac_0.29.dr, 0cf5cd0fd4e0555b_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/24.6165b45c.chunk.js
Source: 0cf5cd0fd4e0555b_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/24.6165b45c.chunk.jsaD
Source: f0c7ff82879866cc_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/26.5c399b92.chunk.js
Source: f0c7ff82879866cc_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/26.5c399b92.chunk.jsaD
Source: 5a50d7ed089c3a43_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/27.fca79052.chunk.js
Source: 5a50d7ed089c3a43_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/27.fca79052.chunk.jsaD
Source: 03cf3aa0642e3d9a_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/29.69384517.chunk.js
Source: 03cf3aa0642e3d9a_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/29.69384517.chunk.jsaD
Source: c7aad59374123fb1_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/3.374cb795.chunk.js
Source: c7aad59374123fb1_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/3.374cb795.chunk.jsa
Source: c7aad59374123fb1_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/3.374cb795.chunk.jsaD
Source: 335eb1734ce2fe09_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/30.d4e3e0f6.chunk.js
Source: 335eb1734ce2fe09_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/30.d4e3e0f6.chunk.jsaD
Source: 450142fd365c02e7_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/31.8006e8ac.chunk.js
Source: 450142fd365c02e7_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/31.8006e8ac.chunk.jsaD
Source: a6864e076f152ec3_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/33.6dcbce8f.chunk.js
Source: a6864e076f152ec3_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/33.6dcbce8f.chunk.jsaD
Source: 5cacab30938835de_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/34.b38589b0.chunk.js
Source: 5cacab30938835de_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/34.b38589b0.chunk.jsaD
Source: b0b2f92320627180_0.29.dr, 1bcffcab8003e961_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/35.cfdb5c47.chunk.js
Source: b0b2f92320627180_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/35.cfdb5c47.chunk.jsaD
Source: 49b640555bea3ff8_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/37.9400e58c.chunk.js
Source: 49b640555bea3ff8_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/37.9400e58c.chunk.jsaD
Source: 11b0a09e6e5e70bf_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/4.0b443ee6.chunk.js
Source: d04765b19316cd78_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/4.0b443ee6.chunk.jsa
Source: d04765b19316cd78_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/4.0b443ee6.chunk.jsaD
Source: 74016fb4d5d79091_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/42.d35f7449.chunk.js
Source: 74016fb4d5d79091_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/42.d35f7449.chunk.jsaD
Source: 380a997560e7a532_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/43.a7bcbb00.chunk.js
Source: 380a997560e7a532_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/43.a7bcbb00.chunk.jsaD
Source: 4975958deb0979e3_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/45.bdf61037.chunk.js
Source: 4975958deb0979e3_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/45.bdf61037.chunk.jsaD
Source: 4222ed98887eebda_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/5.67a119b2.chunk.js
Source: 4222ed98887eebda_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/5.67a119b2.chunk.jsa
Source: 4222ed98887eebda_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/5.67a119b2.chunk.jsaD
Source: c9cb8d622e71f663_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/50.5d1b6a53.chunk.js
Source: c9cb8d622e71f663_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/50.5d1b6a53.chunk.jsaD
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/main~493df0b3.f350a89f.chunk.js
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/main~493df0b3.f350a89f.chunk.jsa
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/main~493df0b3.f350a89f.chunk.jsaD
Source: 189065a0ece5b287_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/main~53ca99a6.c734c4e2.chunk.js
Source: 189065a0ece5b287_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/main~53ca99a6.c734c4e2.chunk.jsa
Source: 189065a0ece5b287_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/main~53ca99a6.c734c4e2.chunk.jsaD
Source: 8965e7580925652d_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/main~89e24786.1b59bcf0.chunk.js
Source: 8965e7580925652d_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/main~89e24786.1b59bcf0.chunk.jsa
Source: 8965e7580925652d_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/main~89e24786.1b59bcf0.chunk.jsaD
Source: 21965fb85a2acd6d_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/main~970f9218.7999e723.chunk.js
Source: 21965fb85a2acd6d_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/main~970f9218.7999e723.chunk.jsa
Source: 21965fb85a2acd6d_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/main~970f9218.7999e723.chunk.jsaD
Source: 108db05aa3f3ea38_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/runtime~main.888ff9b8.js
Source: 108db05aa3f3ea38_0.29.dr String found in binary or memory: https://js.driftt.com/core/assets/js/runtime~main.888ff9b8.jsaD
Source: Current Session.29.dr String found in binary or memory: https://js.driftt.com/core/chat
Source: Current Session.29.dr String found in binary or memory: https://js.driftt.com/core?embedId=2eznhvmm4vg9&forceShow=false&skipCampaigns=false&sessionId=88786e
Source: 4e784ccbc3fc9dfd_0.29.dr String found in binary or memory: https://js.driftt.com/include/1624378200000/2eznhvmm4vg9.js
Source: f5c10d6dc79ba0e6_0.29.dr String found in binary or memory: https://js.driftt.com/include/1624378200000/c3szwxvv8vau.js
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr String found in binary or memory: https://lh6.googleusercontent.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://meetings.api.drift.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://meetings.api.driftqa.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://messaging.api.drift.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://messaging.api.driftqa.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://metrics.api.drift.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://metrics.api.driftqa.com
Source: 000003.log3.29.dr String found in binary or memory: https://nextcaller.com
Source: 000003.log0.29.dr String found in binary or memory: https://nextcaller.com/
Source: AcroRd32.exe, 00000001.00000000.401155911.0000000008D6D000.00000004.00000001.sdmp, Next_Caller#U2019s_Fraud___COVID-19_Report_(Week_6-9).pdf String found in binary or memory: https://nextcaller.com/)
Source: a3b7d4175bed7821_0.29.dr String found in binary or memory: https://nextcaller.com//z
Source: dfb3173ed0346a09_0.29.dr String found in binary or memory: https://nextcaller.com/B
Source: f5c10d6dc79ba0e6_0.29.dr String found in binary or memory: https://nextcaller.com/I/
Source: 78b84fd8be92a58c_0.29.dr String found in binary or memory: https://nextcaller.com/M
Source: Current Session.29.dr, History-journal.29.dr String found in binary or memory: https://nextcaller.com/blog/next-callers-fraud-covid-19-report-week-4-5/
Source: Next_Caller#U2019s_Fraud___COVID-19_Report_(Week_6-9).pdf String found in binary or memory: https://nextcaller.com/blog/next-callers-fraud-covid-19-report-week-4-5/)
Source: History Provider Cache.29.dr String found in binary or memory: https://nextcaller.com/blog/next-callers-fraud-covid-19-report-week-4-5/2BNext
Source: AcroRd32.exe, 00000001.00000000.401451080.0000000008E87000.00000004.00000001.sdmp String found in binary or memory: https://nextcaller.com/blog/next-callers-fraud-covid-19-report-week-4-5/C
Source: Favicons-journal.29.dr String found in binary or memory: https://nextcaller.com/blog/next-callers-fraud-covid-19-report-week-4-5/D/
Source: History-journal.29.dr String found in binary or memory: https://nextcaller.com/blog/next-callers-fraud-covid-19-report-week-4-5/Next
Source: History-journal.29.dr String found in binary or memory: https://nextcaller.com/blog/next-callers-fraud-covid-19-report-week-4-5/W
Source: Current Session.29.dr String found in binary or memory: https://nextcaller.com/blog/next-callers-fraud-covid-19-report-week-4-5/l
Source: 82a46ec2d15b42fd_0.29.dr String found in binary or memory: https://nextcaller.com/c
Source: a3b7d4175bed7821_0.29.dr String found in binary or memory: https://nextcaller.com/d
Source: a3b7d4175bed7821_0.29.dr String found in binary or memory: https://nextcaller.com/d7M
Source: 339aa4ac6ae7d1a2_0.29.dr String found in binary or memory: https://nextcaller.com/k
Source: e97738287447d8e0_0.29.dr String found in binary or memory: https://nextcaller.com/t
Source: 78b84fd8be92a58c_0.29.dr String found in binary or memory: https://nextcaller.com/wp-includes/js/wp-emoji-release.min.js?ver=4bd0e6787e54cb84dd2083ee390e2aae
Source: 78b84fd8be92a58c_0.29.dr String found in binary or memory: https://nextcaller.com/wp-includes/js/wp-emoji-release.min.js?ver=4bd0e6787e54cb84dd2083ee390e2aaeaD
Source: Current Session.29.dr String found in binary or memory: https://nextcaller.comh
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr, 6dd32692-62bd-4678-8335-172bea349745.tmp.30.dr String found in binary or memory: https://ogs.google.com
Source: manifest.json.29.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr, 6dd32692-62bd-4678-8335-172bea349745.tmp.30.dr String found in binary or memory: https://play.google.com
Source: 819d56ff031ca342_0.29.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: 41710f54b7373a18_0.29.dr String found in binary or memory: https://plus.google.com
Source: 41710f54b7373a18_0.29.dr String found in binary or memory: https://plus.googleapis.com
Source: Current Session.29.dr String found in binary or memory: https://policies.google.com
Source: Current Session.29.dr String found in binary or memory: https://policies.google.com#
Source: Current Session.29.dr String found in binary or memory: https://policies.google.com/
Source: Current Session.29.dr String found in binary or memory: https://policies.google.com/privacy?hl=en
Source: Current Session.29.dr String found in binary or memory: https://policies.google.com/privacy?hl=en)Privacy
Source: History-journal.29.dr String found in binary or memory: https://policies.google.com/privacy?hl=enPrivacy
Source: Current Session.29.dr String found in binary or memory: https://policies.google.com/terms?hl=en
Source: Current Session.29.dr String found in binary or memory: https://policies.google.com/terms?hl=en2Google
Source: History-journal.29.dr String found in binary or memory: https://policies.google.com/terms?hl=enGoogle
Source: Current Session.29.dr String found in binary or memory: https://policies.google.comh
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr String found in binary or memory: https://r4---sn-2gb7sn7z.gvt1.com
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr String found in binary or memory: https://redirector.gvt1.com
Source: 339aa4ac6ae7d1a2_0.29.dr String found in binary or memory: https://s.adroll.com/j/roundtrip.js
Source: 82a46ec2d15b42fd_0.29.dr String found in binary or memory: https://s.adroll.com/pixel/3EMAQOKZ55ANJCJP3WV5SU/56SXJ6QRXRCDNKBYZBE26A/FKEEP7HYF5FM5HSOXR4D7G.js
Source: manifest.json.29.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: b8bca3de1bdad28a_0.29.dr String found in binary or memory: https://script.hotjar.com/modules.9f99649151c1e38c217a.js
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr, 6dd32692-62bd-4678-8335-172bea349745.tmp.30.dr String found in binary or memory: https://ssl.gstatic.com
Source: Favicons.29.dr String found in binary or memory: https://ssl.gstatic.com/policies/favicon.ico
Source: Favicons.29.dr String found in binary or memory: https://ssl.gstatic.com/policies/favicon.icoj
Source: f2f87d847dea4c79_0.29.dr String found in binary or memory: https://static.hotjar.com/c/hotjar-741444.js?sv=7
Source: messages.json55.29.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json55.29.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: bfced5395e481eec_0.29.dr String found in binary or memory: https://support.google.com/recaptcha
Source: 819d56ff031ca342_0.29.dr String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: bfced5395e481eec_0.29.dr String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: 819d56ff031ca342_0.29.dr String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr String found in binary or memory: https://tag.demandbase.com
Source: a3b7d4175bed7821_0.29.dr String found in binary or memory: https://tag.demandbase.com/0b89409e7860f117.min.js
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://targeting.api.drift.com
Source: 016c4df03233eaa9_0.29.dr String found in binary or memory: https://targeting.api.driftqa.com
Source: 78b84fd8be92a58c_0.29.dr String found in binary or memory: https://twemoji.maxcdn.com/v/13.0.1/
Source: Current Session.29.dr String found in binary or memory: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Source: 41710f54b7373a18_0.29.dr String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: AcroRd32.exe, 00000001.00000000.400379098.000000000824D000.00000002.00000001.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: d0d34b0c6c2998c9_0.29.dr String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: 000003.log3.29.dr, 6dd32692-62bd-4678-8335-172bea349745.tmp.30.dr String found in binary or memory: https://www.google.com
Source: 000003.log0.29.dr String found in binary or memory: https://www.google.com/
Source: Current Session.29.dr String found in binary or memory: https://www.google.com/intl/en/policies/privacy/
Source: Current Session.29.dr String found in binary or memory: https://www.google.com/intl/en/policies/privacy/02
Source: History-journal.29.dr String found in binary or memory: https://www.google.com/intl/en/policies/privacy/Privacy
Source: Current Session.29.dr String found in binary or memory: https://www.google.com/intl/en/policies/terms/
Source: History-journal.29.dr String found in binary or memory: https://www.google.com/intl/en/policies/terms/Google
Source: Current Session.29.dr String found in binary or memory: https://www.google.com/intl/en/policies/terms/o
Source: a5fb281d28d187f7_0.29.dr String found in binary or memory: https://www.google.com/js/th/as_dk2Ge-lO6OLRJW7mVFRXiqxKp3Lnjm_ZQtr0s0_o.js
Source: 819d56ff031ca342_0.29.dr String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: 819d56ff031ca342_0.29.dr String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: Current Session.29.dr String found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcbW-QUAAAAAF6l43NqgT0iMhXVkzHeyi2Ulz8h&co=aHR0
Source: manifest.json0.29.dr String found in binary or memory: https://www.google.com;
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr, 6dd32692-62bd-4678-8335-172bea349745.tmp.30.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.29.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.29.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.29.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.29.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.29.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.29.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.29.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.29.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.29.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: 41710f54b7373a18_0.29.dr String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: 41710f54b7373a18_0.29.dr String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: manifest.json0.29.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.29.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.29.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.29.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr String found in binary or memory: https://www.googletagmanager.com
Source: bfc56fe5b99ef815_0.29.dr String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-NSC9C2Q
Source: b6f7b7e1-9065-4902-9f99-d861a305b0d6.tmp.30.dr, 6dd32692-62bd-4678-8335-172bea349745.tmp.30.dr String found in binary or memory: https://www.gstatic.com
Source: f51b096245cc0e38_0.29.dr String found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en._YipQ-m5f34.es5
Source: ef573254f07aabf4_0.29.dr String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: 60f428732ff62a33_0.29.dr String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.UKfh4Jard14.O/rt=j/m=q_d
Source: 86bbf3edabec7fb8_0.29.dr String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.UKfh4Jard14.O/rt=j/m=q_dnp
Source: e97738287447d8e0_0.29.dr String found in binary or memory: https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en.js
Source: bfced5395e481eec_0.29.dr String found in binary or memory: https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en.jsa
Source: bfced5395e481eec_0.29.dr String found in binary or memory: https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en.jsaD
Source: manifest.json0.29.dr String found in binary or memory: https://www.gstatic.com;
Source: 000003.log3.29.dr String found in binary or memory: https://www.youtube-nocookie.com
Source: Current Session.29.dr String found in binary or memory: https://www.youtube-nocookie.com#
Source: 000003.log0.29.dr String found in binary or memory: https://www.youtube-nocookie.com/
Source: Current Session.29.dr String found in binary or memory: https://www.youtube-nocookie.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.29.dr String found in binary or memory: https://www.youtube-nocookie.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.29.dr String found in binary or memory: https://www.youtube-nocookie.com/embed/ZdEIZNg3epQ?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.29.dr String found in binary or memory: https://www.youtube-nocookie.com/embed/ggoJFaE71W8?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: ac36549247412c64_0.29.dr String found in binary or memory: https://www.youtube-nocookie.com/s/player/da9443d1/fetch-polyfill.vflset/fetch-polyfill.js
Source: 6f88a2757bb8952f_0.29.dr String found in binary or memory: https://www.youtube-nocookie.com/s/player/da9443d1/player_ias.vflset/en_US/base.js
Source: b1d07056e83c5a83_0.29.dr String found in binary or memory: https://www.youtube-nocookie.com/s/player/da9443d1/player_ias.vflset/en_US/embed.js
Source: 3ad14847f45a16b8_0.29.dr String found in binary or memory: https://www.youtube-nocookie.com/s/player/da9443d1/player_ias.vflset/en_US/remote.js
Source: 114677e6c36ebcbb_0.29.dr String found in binary or memory: https://www.youtube-nocookie.com/s/player/da9443d1/www-embed-player.vflset/www-embed-player.js
Source: 3ad14847f45a16b8_0.29.dr, 6f88a2757bb8952f_0.29.dr String found in binary or memory: https://youtube-nocookie.com/
Source: 114677e6c36ebcbb_0.29.dr String found in binary or memory: https://youtube-nocookie.com/g
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49686 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49686
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49755 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49754 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.210.44.111:443 -> 192.168.2.3:49786 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49795 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49798 version: TLS 1.2
Source: unknown HTTPS traffic detected: 198.61.165.71:443 -> 192.168.2.3:49800 version: TLS 1.2
Source: unknown HTTPS traffic detected: 3.94.218.138:443 -> 192.168.2.3:49799 version: TLS 1.2
Source: unknown HTTPS traffic detected: 94.31.29.64:443 -> 192.168.2.3:49805 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.244.174.68:443 -> 192.168.2.3:49809 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.3:49806 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.161:443 -> 192.168.2.3:49807 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.210.44.111:443 -> 192.168.2.3:49808 version: TLS 1.2
Source: unknown HTTPS traffic detected: 50.16.7.188:443 -> 192.168.2.3:49801 version: TLS 1.2
Source: unknown HTTPS traffic detected: 198.61.165.71:443 -> 192.168.2.3:49804 version: TLS 1.2
Source: unknown HTTPS traffic detected: 143.204.98.23:443 -> 192.168.2.3:49814 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49820 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49821 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49823 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49824 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.215.95.219:443 -> 192.168.2.3:49825 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.85.240.191:443 -> 192.168.2.3:49826 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.211.164.153:443 -> 192.168.2.3:49827 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.114.208:443 -> 192.168.2.3:49828 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.210.44.111:443 -> 192.168.2.3:49928 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.212.91.150:443 -> 192.168.2.3:49939 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.245.244.116:443 -> 192.168.2.3:49944 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.245.244.116:443 -> 192.168.2.3:49943 version: TLS 1.2
Source: unknown HTTPS traffic detected: 37.252.173.62:443 -> 192.168.2.3:49956 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.158.179.12:443 -> 192.168.2.3:49960 version: TLS 1.2
Source: unknown HTTPS traffic detected: 162.222.177.102:443 -> 192.168.2.3:49952 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.30.7.71:443 -> 192.168.2.3:49966 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49968 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49970 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.215.95.219:443 -> 192.168.2.3:49981 version: TLS 1.2
Source: unknown HTTPS traffic detected: 54.85.240.191:443 -> 192.168.2.3:49982 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49984 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.253.41.115:443 -> 192.168.2.3:49985 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.0.73.2:443 -> 192.168.2.3:50005 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.0.77.2:443 -> 192.168.2.3:50008 version: TLS 1.2
Source: classification engine Classification label: sus24.troj.winPDF@55/313@73/28
Source: Next_Caller#U2019s_Fraud___COVID-19_Report_(Week_6-9).pdf Initial sample: https://nextcaller.com/blog/next-callers-fraud-covid-19-report-week-4-5/
Source: Next_Caller#U2019s_Fraud___COVID-19_Report_(Week_6-9).pdf Initial sample: https://nextcaller.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9Riagosc_1t8l4rh_4h4.tmp Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File read: C:\Program Files (x86)\desktop.ini Jump to behavior
Source: QuotaManager.29.dr Binary or memory string: CREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));
Source: unknown Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Next_Caller#U2019s_Fraud___COVID-19_Report_(Week_6-9).pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Next_Caller#U2019s_Fraud___COVID-19_Report_(Week_6-9).pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16295595289360813689,5938817010962337207,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4566866485235901199 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4566866485235901199 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1724,16295595289360813689,5938817010962337207,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=4840204308889134431 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16295595289360813689,5938817010962337207,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1176352946696311653 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1176352946696311653 --renderer-client-id=4 --mojo-platform-channel-handle=1840 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16295595289360813689,5938817010962337207,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12598703654215652762 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12598703654215652762 --renderer-client-id=5 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16295595289360813689,5938817010962337207,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1641267038983245055 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1641267038983245055 --renderer-client-id=6 --mojo-platform-channel-handle=2020 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'https://nextcaller.com/blog/next-callers-fraud-covid-19-report-week-4-5/'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,4170625765879668992,9549381529543342162,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1796 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1548,4170625765879668992,9549381529543342162,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=6240 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1548,4170625765879668992,9549381529543342162,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=4768 /prefetch:8
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Next_Caller#U2019s_Fraud___COVID-19_Report_(Week_6-9).pdf' Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'https://nextcaller.com/blog/next-callers-fraud-covid-19-report-week-4-5/' Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16295595289360813689,5938817010962337207,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4566866485235901199 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4566866485235901199 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1724,16295595289360813689,5938817010962337207,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=4840204308889134431 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16295595289360813689,5938817010962337207,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1176352946696311653 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1176352946696311653 --renderer-client-id=4 --mojo-platform-channel-handle=1840 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16295595289360813689,5938817010962337207,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12598703654215652762 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12598703654215652762 --renderer-client-id=5 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1724,16295595289360813689,5938817010962337207,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1641267038983245055 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1641267038983245055 --renderer-client-id=6 --mojo-platform-channel-handle=2020 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,4170625765879668992,9549381529543342162,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1796 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1548,4170625765879668992,9549381529543342162,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=6240 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1548,4170625765879668992,9549381529543342162,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=4768 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File opened: C:\Windows\SysWOW64\Msftedit.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: Next_Caller#U2019s_Fraud___COVID-19_Report_(Week_6-9).pdf Initial sample: PDF keyword /JS count = 0
Source: Next_Caller#U2019s_Fraud___COVID-19_Report_(Week_6-9).pdf Initial sample: PDF keyword /JavaScript count = 0
Source: Next_Caller#U2019s_Fraud___COVID-19_Report_(Week_6-9).pdf Initial sample: PDF keyword stream count = 26
Source: Next_Caller#U2019s_Fraud___COVID-19_Report_(Week_6-9).pdf Initial sample: PDF keyword /EmbeddedFile count = 0
Source: Next_Caller#U2019s_Fraud___COVID-19_Report_(Week_6-9).pdf Initial sample: PDF keyword obj count = 53
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: AcroRd32.exe, 00000001.00000000.420849522.000000000C812000.00000004.00000001.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: AcroRd32.exe, 00000001.00000000.392946295.0000000005380000.00000002.00000001.sdmp Binary or memory string: Program Manager
Source: AcroRd32.exe, 00000001.00000000.392946295.0000000005380000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000000.392946295.0000000005380000.00000002.00000001.sdmp Binary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000000.392946295.0000000005380000.00000002.00000001.sdmp Binary or memory string: Progmanlock
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 438190 Sample: Next_Caller#U2019s_Fraud___... Startdate: 22/06/2021 Architecture: WINDOWS Score: 24 38 segments.company-target.com 2->38 40 x.bidswitch.net 2->40 42 40 other IPs or domains 2->42 50 Connects to many IPs within the same subnet mask (likely port scanning) 2->50 8 AcroRd32.exe 15 43 2->8         started        signatures3 process4 process5 10 chrome.exe 14 485 8->10         started        13 RdrCEF.exe 70 8->13         started        15 AcroRd32.exe 10 7 8->15         started        dnsIp6 44 239.255.255.250 unknown Reserved 10->44 17 chrome.exe 10->17         started        20 chrome.exe 10->20         started        22 chrome.exe 10->22         started        46 192.168.2.1 unknown unknown 13->46 24 RdrCEF.exe 13->24         started        26 RdrCEF.exe 13->26         started        28 RdrCEF.exe 13->28         started        30 2 other processes 13->30 48 nextcaller.com 15->48 process7 dnsIp8 32 segments.company-target.com 143.204.98.18, 443, 49789 AMAZON-02US United States 17->32 34 api.company-target.com 143.204.98.59, 443, 49785 AMAZON-02US United States 17->34 36 49 other IPs or domains 17->36
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
143.204.98.119
 dqre9twuee0sw.cloudfront.net United States
16509 AMAZON-02US false
50.16.7.188
 unknown United States
14618 AMAZON-AESUS false
18.211.164.153
 alb-event-1454785217.us-east-1.elb.amazonaws.com United States
14618 AMAZON-AESUS false
216.58.212.150
 i.ytimg.com United States
15169 GOOGLEUS false
23.253.41.115
 api.autopilothq.com United States
19994 RACKSPACEUS false
143.204.98.59
 api.company-target.com United States
16509 AMAZON-02US true
143.204.98.18
 segments.company-target.com United States
16509 AMAZON-02US true
151.101.114.208
 dualstack.com.imgix.map.fastly.net United States
54113 FASTLYUS false
74.125.140.157
 stats.l.doubleclick.net United States
15169 GOOGLEUS false
162.222.177.102
 nextcaller.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
216.58.212.161
 unknown United States
15169 GOOGLEUS false
35.244.174.68
 idsync.rlcdn.com United States
15169 GOOGLEUS false
94.31.29.64
 212mq33wcw14cr2kt2zmunq1-wpengine.netdna-ssl.com United Kingdom
33438 HIGHWINDS2US false
143.204.98.9
 embeds.driftcdn.com United States
16509 AMAZON-02US true
143.204.98.70
 dl7g9llrghqi1.cloudfront.net United States
16509 AMAZON-02US false
143.204.98.76
 static-cdn.hotjar.com United States
16509 AMAZON-02US false
142.250.186.161
 photos-ugc.l.googleusercontent.com United States
15169 GOOGLEUS false
54.85.240.191
 a2f905133e04e4d35ade9cd4751dd35b-4fd69d4b6621dbbd.elb.us-east-1.amazonaws.com United States
14618 AMAZON-AESUS false
52.210.44.111
 match.prod.bidr.io United States
16509 AMAZON-02US false
3.94.218.138
 afe79c04fd8464db69f453355c110684-6aa967fe209738b1.elb.us-east-1.amazonaws.com United States
14618 AMAZON-AESUS false
18.215.95.219
 ee15ba61-wschat-wschatalb-6fcf-2062696737.us-east-1.elb.amazonaws.com United States
14618 AMAZON-AESUS false
143.204.98.2
 tag.demandbase.com United States
16509 AMAZON-02US false
198.61.165.71
 fasttiger.io United States
19994 RACKSPACEUS false

Private
IP
192.168.2.1
192.168.2.3
192.168.2.5
127.0.0.1

Contacted Domains

Name IP Active
alb-event-1454785217.us-east-1.elb.amazonaws.com 18.211.164.153 true
secure.gravatar.com 192.0.73.2 true
api.autopilothq.com 23.253.41.115 true
dqre9twuee0sw.cloudfront.net 143.204.98.119 true
afe79c04fd8464db69f453355c110684-6aa967fe209738b1.elb.us-east-1.amazonaws.com 3.94.218.138 true
i.ytimg.com 216.58.212.150 true
segments.company-target.com 143.204.98.18 true
ee15ba61-wschat-wschatalb-6fcf-2062696737.us-east-1.elb.amazonaws.com 18.215.95.219 true
alb-aws-fr-bswx-3-1125904451.eu-central-1.elb.amazonaws.com 35.158.179.12 true
adserver-vpc-alb-2-1264451658.eu-west-1.elb.amazonaws.com 34.245.244.116 true
dl7g9llrghqi1.cloudfront.net 143.204.98.70 true
tag.demandbase.com 143.204.98.2 true
a2f905133e04e4d35ade9cd4751dd35b-4fd69d4b6621dbbd.elb.us-east-1.amazonaws.com 54.85.240.191 true
scontent.xx.fbcdn.net 157.240.17.15 true
idsync.rlcdn.com 35.244.174.68 true
script.hotjar.com 143.204.98.104 true
photos-ugc.l.googleusercontent.com 142.250.186.161 true
cm.g.doubleclick.net 216.58.212.130 true
dualstack.com.imgix.map.fastly.net 151.101.114.208 true
id.rlcdn.com 35.244.174.68 true
nextcaller.com 162.222.177.102 true
static-cdn.hotjar.com 143.204.98.76 true
star-mini.c10r.facebook.com 157.240.17.35 true
match.prod.bidr.io 52.210.44.111 true
us-u.openx.net 35.244.159.8 true
stats.l.doubleclick.net 74.125.140.157 true
212mq33wcw14cr2kt2zmunq1-wpengine.netdna-ssl.com 94.31.29.64 true
i0.wp.com 192.0.77.2 true
embeds.driftcdn.com 143.204.98.9 true
vars.hotjar.com 143.204.98.32 true
in-live.live.eks.hotjar.com 52.30.7.71 true
api.company-target.com 143.204.98.59 true
fasttiger.io 198.61.165.71 true
www.google.ch 172.217.16.131 true
ib.anycast.adnxs.com 37.252.173.62 true
s.w.org 192.0.77.48 true
googlehosted.l.googleusercontent.com 142.250.186.161 true
edge.gycpi.b.yahoodns.net 87.248.118.23 true
adserver-vpc-alb-0-1578609942.eu-west-1.elb.amazonaws.com 52.212.91.150 true
a9a6de4f8e5bae57304f-147f75b36ca8e198378094412a8c909e.ssl.cf2.rackcdn.com unknown unknown
presence.api.drift.com unknown unknown
connect.livechatinc.com unknown unknown
metrics.api.drift.com unknown unknown
d.adroll.com unknown unknown
stats.g.doubleclick.net unknown unknown
clients2.googleusercontent.com unknown unknown
js.driftt.com unknown unknown
static.hotjar.com unknown unknown
flow.api.drift.com unknown unknown
conversation.api.drift.com unknown unknown
lh6.googleusercontent.com unknown unknown
connect.facebook.net unknown unknown
connect.soundcloud.com unknown unknown
bootstrap.api.drift.com unknown unknown
f6d8b2eeb23e2fe14a6a-2d01bb8c606da8c715207a3eb162b3e6.ssl.cf2.rackcdn.com unknown unknown
www.youtube-nocookie.com unknown unknown
driftt.imgix.net unknown unknown
d.adroll.mgr.consensu.org unknown unknown
yt3.ggpht.com unknown unknown
1501707-7.chat.api.drift.com unknown unknown
in.hotjar.com unknown unknown
ads.yahoo.com unknown unknown
customer.api.drift.com unknown unknown
event.api.drift.com unknown unknown
x.bidswitch.net unknown unknown
www.facebook.com unknown unknown
targeting.api.drift.com unknown unknown
api.livechatinc.com unknown unknown
s.adroll.com unknown unknown
cdn.livechatinc.com unknown unknown
ib.adnxs.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://js.driftt.com/core/chat false
    		high
    https://js.driftt.com/core?embedId=2eznhvmm4vg9&forceShow=false&skipCampaigns=false&sessionId=88786eb6-cf57-469c-bfdd-803c6977338b&sessionStarted=1624378066&campaignRefreshToken=ec607e3c-19fd-4a1a-880a-da692e84e4ca&hideController=false&pageLoadStartTime=1624384185679&mode=CHAT false
      		high
      https://www.youtube-nocookie.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1 false
        		high
        https://js.driftt.com/core?embedId=2eznhvmm4vg9&forceShow=false&skipCampaigns=false&sessionId=27409da5-0e60-4908-ac1b-7fbda07ce800&sessionStarted=1624378101&campaignRefreshToken=ec607e3c-19fd-4a1a-880a-da692e84e4ca&hideController=false&pageLoadStartTime=1624384308570&mode=CHAT false
          		high
          https://www.youtube-nocookie.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1 false
            		high