Loading ...

Play interactive tourEdit tour

Windows Analysis Report Denver Water COVID-19 Response _ City of Denver.pdf

Overview

General Information

Sample Name:Denver Water COVID-19 Response _ City of Denver.pdf
Analysis ID:449950
MD5:a7bcca2fdf7e02497eea284f085340d9
SHA1:ecd2f0ba7b1e5f99a3fd7310e2c12c07f68fbe69
SHA256:3495047623e0f3271699945ab0018b8b83c55128afb028ee3a07f8f6dfaa6f88
Infos:

Most interesting Screenshot:

Detection

Score:5
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Connects to many different domains
Found iframes
HTML body contains low number of good links
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
No HTML title found
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Unable to load, office file is protected or invalid

Classification

Analysis Advice

No malicious behavior found, analyze the document also on other version of Office / Acrobat
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64
  • AcroRd32.exe (PID: 4532 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Denver Water COVID-19 Response _ City of Denver.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)
    • AcroRd32.exe (PID: 4440 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Denver Water COVID-19 Response _ City of Denver.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)
    • RdrCEF.exe (PID: 6132 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 3488 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1716,18340769791588095283,14740429863509864490,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=12047842394824068586 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12047842394824068586 --renderer-client-id=2 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 6048 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1716,18340769791588095283,14740429863509864490,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=16938848815433914037 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 5316 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1716,18340769791588095283,14740429863509864490,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=787724751391022994 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=787724751391022994 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
      • RdrCEF.exe (PID: 5884 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1716,18340769791588095283,14740429863509864490,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=16674541699487182290 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16674541699487182290 --renderer-client-id=5 --mojo-platform-channel-handle=2128 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)
    • chrome.exe (PID: 6268 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'https://milehighunitedway.lightning.force.com/lightning/r/Account/0014T000004o6JxQAI/view' MD5: C139654B5C1438A95B321BB01AD63EF6)
      • chrome.exe (PID: 6812 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,8292458995521785639,16987803382321267150,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1736 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://test.salesforce.com/HTTP Parser: Iframe src: https://c.salesforce.com/login-messages/promos.html
Source: https://test.salesforce.com/HTTP Parser: Iframe src: https://test.salesforce.com/login/sessionserver212.html
Source: https://test.salesforce.com/HTTP Parser: Iframe src: https://c.salesforce.com/login-messages/promos.html
Source: https://test.salesforce.com/HTTP Parser: Iframe src: https://test.salesforce.com/login/sessionserver212.html
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252FviewHTTP Parser: Iframe src: https://c.salesforce.com/login-messages/promos.html
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252FviewHTTP Parser: Iframe src: https://login.salesforce.com/login/sessionserver212.html
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252FviewHTTP Parser: Iframe src: https://c.salesforce.com/login-messages/promos.html
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252FviewHTTP Parser: Iframe src: https://login.salesforce.com/login/sessionserver212.html
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#mainHTTP Parser: Iframe src: javascript:void(0)
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#mainHTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-WRXS6TH
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#mainHTTP Parser: Iframe src: https://service.force.com/embeddedservice/5.0/esw.html?parent=https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#mainHTTP Parser: Iframe src: https://a10681260716.cdn.optimizely.com/client_storage/a10681260716.html
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#mainHTTP Parser: Iframe src: javascript:void(0)
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#mainHTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-WRXS6TH
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#mainHTTP Parser: Iframe src: https://service.force.com/embeddedservice/5.0/esw.html?parent=https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#main
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#mainHTTP Parser: Iframe src: https://a10681260716.cdn.optimizely.com/client_storage/a10681260716.html
Source: https://test.salesforce.com/HTTP Parser: Number of links: 1
Source: https://test.salesforce.com/HTTP Parser: Number of links: 1
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252FviewHTTP Parser: Number of links: 1
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252FviewHTTP Parser: Number of links: 1
Source: https://milehighunitedway.my.salesforce.com/secur/forgotpassword.jsp?locale=us&lqs=startURL%3D%252Fvisualforce%252Fsession%253Furl%253Dhttps%25253A%25252F%25252Fmilehighunitedway.lightning.force.com%25252Flightning%25252Fr%25252FAccount%25252F0014T000004o6JxQAI%25252Fview%26ec%3D302HTTP Parser: Number of links: 0
Source: https://milehighunitedway.my.salesforce.com/secur/forgotpassword.jsp?locale=us&lqs=startURL%3D%252Fvisualforce%252Fsession%253Furl%253Dhttps%25253A%25252F%25252Fmilehighunitedway.lightning.force.com%25252Flightning%25252Fr%25252FAccount%25252F0014T000004o6JxQAI%25252Fview%26ec%3D302HTTP Parser: Number of links: 0
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#mainHTTP Parser: HTML title missing
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#mainHTTP Parser: HTML title missing
Source: https://test.salesforce.com/HTTP Parser: No <meta name="author".. found
Source: https://test.salesforce.com/HTTP Parser: No <meta name="author".. found
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252FviewHTTP Parser: No <meta name="author".. found
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252FviewHTTP Parser: No <meta name="author".. found
Source: https://milehighunitedway.my.salesforce.com/secur/forgotpassword.jsp?locale=us&lqs=startURL%3D%252Fvisualforce%252Fsession%253Furl%253Dhttps%25253A%25252F%25252Fmilehighunitedway.lightning.force.com%25252Flightning%25252Fr%25252FAccount%25252F0014T000004o6JxQAI%25252Fview%26ec%3D302HTTP Parser: No <meta name="author".. found
Source: https://milehighunitedway.my.salesforce.com/secur/forgotpassword.jsp?locale=us&lqs=startURL%3D%252Fvisualforce%252Fsession%253Furl%253Dhttps%25253A%25252F%25252Fmilehighunitedway.lightning.force.com%25252Flightning%25252Fr%25252FAccount%25252F0014T000004o6JxQAI%25252Fview%26ec%3D302HTTP Parser: No <meta name="author".. found
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#mainHTTP Parser: No <meta name="author".. found
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#mainHTTP Parser: No <meta name="author".. found
Source: https://test.salesforce.com/HTTP Parser: No <meta name="copyright".. found
Source: https://test.salesforce.com/HTTP Parser: No <meta name="copyright".. found
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252FviewHTTP Parser: No <meta name="copyright".. found
Source: https://milehighunitedway.my.salesforce.com/?ec=302&startURL=%2Fvisualforce%2Fsession%3Furl%3Dhttps%253A%252F%252Fmilehighunitedway.lightning.force.com%252Flightning%252Fr%252FAccount%252F0014T000004o6JxQAI%252FviewHTTP Parser: No <meta name="copyright".. found
Source: https://milehighunitedway.my.salesforce.com/secur/forgotpassword.jsp?locale=us&lqs=startURL%3D%252Fvisualforce%252Fsession%253Furl%253Dhttps%25253A%25252F%25252Fmilehighunitedway.lightning.force.com%25252Flightning%25252Fr%25252FAccount%25252F0014T000004o6JxQAI%25252Fview%26ec%3D302HTTP Parser: No <meta name="copyright".. found
Source: https://milehighunitedway.my.salesforce.com/secur/forgotpassword.jsp?locale=us&lqs=startURL%3D%252Fvisualforce%252Fsession%253Furl%253Dhttps%25253A%25252F%25252Fmilehighunitedway.lightning.force.com%25252Flightning%25252Fr%25252FAccount%25252F0014T000004o6JxQAI%25252Fview%26ec%3D302HTTP Parser: No <meta name="copyright".. found
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#mainHTTP Parser: No <meta name="copyright".. found
Source: https://www.salesforce.com/form/signup/freetrial-elf-v2/?d=cta-li-promo-147#mainHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: unknownHTTPS traffic detected: 13.110.37.182:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.37.182:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.37.182:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 85.222.155.195:443 -> 192.168.2.5:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.0.114:443 -> 192.168.2.5:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.192.141.216:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.39.181:443 -> 192.168.2.5:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.211.113.33:443 -> 192.168.2.5:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.76.54.153:443 -> 192.168.2.5:49791 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.192.114:443 -> 192.168.2.5:49828 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.1.220.4:443 -> 192.168.2.5:49830 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.46.75:443 -> 192.168.2.5:49835 version: TLS 1.2
Source: unknownHTTPS traffic detected: 161.71.8.169:443 -> 192.168.2.5:49837 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.0.114:443 -> 192.168.2.5:49839 version: TLS 1.2
Source: unknownHTTPS traffic detected: 161.71.8.169:443 -> 192.168.2.5:49848 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.1.220.4:443 -> 192.168.2.5:49844 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.1.220.4:443 -> 192.168.2.5:49846 version: TLS 1.2
Source: unknownHTTPS traffic detected: 161.71.8.169:443 -> 192.168.2.5:49851 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:49867 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:49868 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:49869 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:49877 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:49878 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.225.136.92:443 -> 192.168.2.5:49876 version: TLS 1.2
Source: unknownHTTPS traffic detected: 65.9.66.106:443 -> 192.168.2.5:49883 version: TLS 1.2
Source: unknownHTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49896 version: TLS 1.2
Source: unknownHTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknownHTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49898 version: TLS 1.2
Source: unknownHTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49899 version: TLS 1.2
Source: unknownHTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49900 version: TLS 1.2
Source: unknownHTTPS traffic detected: 85.222.152.194:443 -> 192.168.2.5:49901 version: TLS 1.2
Source: unknownHTTPS traffic detected: 85.222.153.66:443 -> 192.168.2.5:49905 version: TLS 1.2
Source: unknownHTTPS traffic detected: 85.222.153.66:443 -> 192.168.2.5:49904 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.205.5.87:443 -> 192.168.2.5:49942 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.227.80.201:443 -> 192.168.2.5:49947 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.227.80.201:443 -> 192.168.2.5:49948 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.227.80.201:443 -> 192.168.2.5:49949 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.227.80.201:443 -> 192.168.2.5:49950 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.69.75:443 -> 192.168.2.5:49974 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:49978 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:49979 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.225.136.92:443 -> 192.168.2.5:49976 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:49985 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:49987 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.248.156.174:443 -> 192.168.2.5:49994 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:50001 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.109.191.111:443 -> 192.168.2.5:50002 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:50003 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:50004 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.110.41.111:443 -> 192.168.2.5:50038 version: TLS 1.2
Source: global trafficDNS query: name: force.com
Source: global trafficTCP traffic: 192.168.2.5:49693 -> 20.190.159.133:443
Source: global trafficTCP traffic: 192.168.2.5:49693 -> 20.190.159.133:443
Source: unknownNetwork traffic detected: DNS query count 43
Source: Joe Sandbox ViewIP Address: 104.20.184.68 104.20.184.68
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: b32309a26951912be7dba376398abc3b
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.133
Source: unknownTCP traffic detected wi