Windows Analysis Report New remittance Scif Shared Document (TGVL973NGZ2A).pdf

Overview

General Information

Sample Name: New remittance Scif Shared Document (TGVL973NGZ2A).pdf
Analysis ID: 533086
MD5: 443da430a468d140d6d3ce96af04682b
SHA1: 1de2a4d95a4b771452b316eaff7b118fc5db3f7b
SHA256: 96db3e46b5b3fe5b0e5d88ce317c2c317563ae2f766116def53c67492401bd38
Infos:

Most interesting Screenshot:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Potential malicious clickable URLs found in PDF
Potential document exploit detected (unknown TCP traffic)
No HTML title found
PDF has an OpenAction (likely to launch a dropper script)
Potential document exploit detected (performs DNS queries)
HTML body contains low number of good links
Potential document exploit detected (performs HTTP gets)
IP address seen in connection with other malware

Classification

AV Detection:

barindex
Antivirus detection for URL or domain
Source: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/#amJhY3VkQHNjaWYuY29t SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
No HTML title found
Source: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/#amJhY3VkQHNjaWYuY29t HTTP Parser: HTML title missing
Source: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/#amJhY3VkQHNjaWYuY29t HTTP Parser: HTML title missing
HTML body contains low number of good links
Source: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/#amJhY3VkQHNjaWYuY29t HTTP Parser: Number of links: 0
Source: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/#amJhY3VkQHNjaWYuY29t HTTP Parser: Number of links: 0
Source: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/#amJhY3VkQHNjaWYuY29t HTTP Parser: No <meta name="author".. found
Source: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/#amJhY3VkQHNjaWYuY29t HTTP Parser: No <meta name="author".. found
Source: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/#amJhY3VkQHNjaWYuY29t HTTP Parser: No <meta name="copyright".. found
Source: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/#amJhY3VkQHNjaWYuY29t HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior

Software Vulnerabilities:

barindex
Potential document exploit detected (unknown TCP traffic)
Source: global traffic TCP traffic: 192.168.2.5:49812 -> 67.199.248.10:443
Potential document exploit detected (performs DNS queries)
Source: global traffic DNS query: name: bit.ly
Potential document exploit detected (performs HTTP gets)
Source: global traffic TCP traffic: 192.168.2.5:49812 -> 67.199.248.10:443

Networking:

barindex
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 34.117.59.81 34.117.59.81
Source: Joe Sandbox View IP Address: 34.117.59.81 34.117.59.81
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundX-Backside-Transport: FAIL FAILConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=iso-8859-1Date: Fri, 03 Dec 2021 00:33:01 GMTServer: ApacheX-Global-Transaction-ID: 0d28ff5e61a965bd73751001
Source: angular.js.27.dr String found in binary or memory: http://angularjs.org
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/(15)M
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/(15)P
Source: angular.js.27.dr String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/p
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: mirroring_hangouts.js.27.dr String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: AcroRd32.exe, 00000001.00000000.386774189.000000000A59E000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp, New remittance Scif Shared Document (TGVL973NGZ2A).pdf String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp, New remittance Scif Shared Document (TGVL973NGZ2A).pdf String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/;
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/B
Source: AcroRd32.exe, 00000001.00000000.386774189.000000000A59E000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp, New remittance Scif Shared Document (TGVL973NGZ2A).pdf String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/property#F
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/property#P
Source: AcroRd32.exe, 00000001.00000000.386774189.000000000A59E000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp, New remittance Scif Shared Document (TGVL973NGZ2A).pdf String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#a
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/type#)
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfe/ns/id/A
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfe/ns/id/~
Source: mirroring_hangouts.js.27.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mirroring_hangouts.js.27.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.27.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000000.378625755.000000000B715000.00000004.00000001.sdmp String found in binary or memory: http://www.quicktime.com.Acrobat
Source: AcroRd32.exe, 00000001.00000000.363759790.000000000B420000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.377990355.000000000B459000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.390551953.000000000B459000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.386774189.000000000A59E000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.390460963.000000000B3A3000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.363806405.000000000B459000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.354200877.000000000B3A3000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.390513563.000000000B420000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.354339112.000000000B459000.00000004.00000001.sdmp, New remittance Scif Shared Document (TGVL973NGZ2A).pdf String found in binary or memory: http://www.tcpdf.org
Source: New remittance Scif Shared Document (TGVL973NGZ2A).pdf String found in binary or memory: http://www.tcpdf.org)
Source: AcroRd32.exe, 00000001.00000000.378396001.000000000B57E000.00000004.00000001.sdmp String found in binary or memory: http://www.tcpdf.org)#x-ns#
Source: AcroRd32.exe, 00000001.00000000.363759790.000000000B420000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.390513563.000000000B420000.00000004.00000001.sdmp String found in binary or memory: http://www.tcpdf.org.SJ2m
Source: Current Session.27.dr String found in binary or memory: https://373573-3847.glitch.me
Source: data_1.30.dr, data_2.30.dr String found in binary or memory: https://373573-3847.glitch.me/
Source: History.27.dr String found in binary or memory: https://373573-3847.glitch.me/#amJhY3VkQHNjaWYuY29t
Source: History Provider Cache.27.dr String found in binary or memory: https://373573-3847.glitch.me/#amJhY3VkQHNjaWYuY29t2
Source: History.27.dr String found in binary or memory: https://373573-3847.glitch.me/#amJhY3VkQHNjaWYuY29tLogin
Source: data_2.30.dr String found in binary or memory: https://373573-3847.glitch.me/Referrer-Policy:
Source: data_1.30.dr String found in binary or memory: https://373573-3847.glitch.me/T(
Source: data_1.30.dr String found in binary or memory: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/
Source: Current Session.27.dr, History.27.dr String found in binary or memory: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/#amJhY3VkQHNjaWYuY29t
Source: History Provider Cache.27.dr String found in binary or memory: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/#amJhY3VkQHNjaWYuY29t2
Source: History.27.dr String found in binary or memory: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/#amJhY3VkQHNjaWYuY29tLo
Source: data_1.30.dr String found in binary or memory: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/favicon.ico
Source: data_1.30.dr String found in binary or memory: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/favicon.icoChIKBw3njUAO
Source: data_1.30.dr String found in binary or memory: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/scriptx.js
Source: data_1.30.dr String found in binary or memory: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/style.css
Source: data_1.30.dr String found in binary or memory: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/style.cssM
Source: AcroRd32.exe, 00000001.00000000.363882547.000000000B508000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000000.364070317.000000000B555000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.354512478.000000000B555000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000000.364070317.000000000B555000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.354512478.000000000B555000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/&
Source: AcroRd32.exe, 00000001.00000000.364070317.000000000B555000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.354512478.000000000B555000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i
Source: 5366f801-f723-45e0-a8ad-f42070d0c0a8.tmp.30.dr, manifest.json1.27.dr, 2bb34554-9280-4816-8aa9-ae221fa99fdf.tmp.30.dr String found in binary or memory: https://accounts.google.com
Source: craw_window.js.27.dr String found in binary or memory: https://accounts.google.com/MergeSession
Source: AcroRd32.exe, 00000001.00000000.361307048.00000000091BC000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.390776736.000000000B5CC000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.378438264.000000000B5CC000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.354614136.000000000B5CC000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.364284337.000000000B5CC000.00000004.00000001.sdmp String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000000.390776736.000000000B5CC000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.378438264.000000000B5CC000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.354614136.000000000B5CC000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.364284337.000000000B5CC000.00000004.00000001.sdmp String found in binary or memory: https://api.echosign.comHei
Source: 5366f801-f723-45e0-a8ad-f42070d0c0a8.tmp.30.dr, manifest.json1.27.dr, 2bb34554-9280-4816-8aa9-ae221fa99fdf.tmp.30.dr String found in binary or memory: https://apis.google.com
Source: mirroring_common.js.27.dr String found in binary or memory: https://apis.google.com/js/client.js
Source: data_1.30.dr String found in binary or memory: https://bit.ly/3rhxy13
Source: AcroRd32.exe, 00000001.00000000.374158763.000000000A6E4000.00000004.00000001.sdmp, History.27.dr String found in binary or memory: https://bit.ly/3rhxy13#amJhY3VkQHNjaWYuY29t
Source: AcroRd32.exe, 00000001.00000000.386774189.000000000A59E000.00000004.00000001.sdmp, New remittance Scif Shared Document (TGVL973NGZ2A).pdf String found in binary or memory: https://bit.ly/3rhxy13#amJhY3VkQHNjaWYuY29t)
Source: History Provider Cache.27.dr String found in binary or memory: https://bit.ly/3rhxy13#amJhY3VkQHNjaWYuY29t2
Source: History.27.dr String found in binary or memory: https://bit.ly/3rhxy13#amJhY3VkQHNjaWYuY29tLogin
Source: mirroring_common.js.27.dr String found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: 5366f801-f723-45e0-a8ad-f42070d0c0a8.tmp.30.dr, 2bb34554-9280-4816-8aa9-ae221fa99fdf.tmp.30.dr String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.27.dr String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json1.27.dr, manifest.json3.27.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 5366f801-f723-45e0-a8ad-f42070d0c0a8.tmp.30.dr, 2bb34554-9280-4816-8aa9-ae221fa99fdf.tmp.30.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.27.dr String found in binary or memory: https://clients6.google.com
Source: 5366f801-f723-45e0-a8ad-f42070d0c0a8.tmp.30.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: data_1.30.dr String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCWzWHrmkyLAREgk
Source: manifest.json1.27.dr String found in binary or memory: https://content.googleapis.com
Source: mirroring_cast_streaming.js.27.dr, common.js.27.dr String found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: mirroring_hangouts.js.27.dr String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: data_2.30.dr String found in binary or memory: https://csp.withgoogle.com/csp/apps-themes
Source: data_2.30.dr String found in binary or memory: https://csp.withgoogle.com/csp/apps-themesCross-Origin-Resource-Policy:
Source: Reporting and NEL.30.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: data_2.30.dr, Reporting and NEL.30.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: 5366f801-f723-45e0-a8ad-f42070d0c0a8.tmp.30.dr, d9beffc0-e998-41a0-811f-a6c36bacefb3.tmp.30.dr, 4d1721d2-2366-4b7b-8bfc-2d0441010c72.tmp.30.dr, 2bb34554-9280-4816-8aa9-ae221fa99fdf.tmp.30.dr String found in binary or memory: https://dns.google
Source: mirroring_common.js.27.dr String found in binary or memory: https://docs.google.com
Source: manifest.json1.27.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: 5366f801-f723-45e0-a8ad-f42070d0c0a8.tmp.30.dr, 2bb34554-9280-4816-8aa9-ae221fa99fdf.tmp.30.dr String found in binary or memory: https://fonts.googleapis.com
Source: data_1.30.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:300
Source: manifest.json1.27.dr String found in binary or memory: https://fonts.googleapis.com;
Source: data_3.30.dr, 5366f801-f723-45e0-a8ad-f42070d0c0a8.tmp.30.dr, 2bb34554-9280-4816-8aa9-ae221fa99fdf.tmp.30.dr String found in binary or memory: https://fonts.gstatic.com
Source: data_2.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: data_1.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Source: data_2.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: data_2.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: data_2.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: data_2.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: data_2.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: data_2.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: data_2.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: data_1.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Source: data_2.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: data_1.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2O
Source: data_2.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: data_2.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: data_2.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: data_2.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: data_2.30.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: manifest.json1.27.dr String found in binary or memory: https://fonts.gstatic.com;
Source: angular.js.27.dr, material_css_min.css.27.dr String found in binary or memory: https://github.com/angular/material
Source: craw_window.js.27.dr, craw_background.js.27.dr String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.27.dr String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.27.dr String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json1.27.dr String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.27.dr String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: AcroRd32.exe, 00000001.00000000.350654883.00000000091E3000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.372486489.00000000091E3000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.386226935.00000000091E3000.00000004.00000001.sdmp String found in binary or memory: https://ims-na1.adobelogin.com
Source: data_1.30.dr String found in binary or memory: https://ipinfo.io/json?token=ae2ec3372db6ec
Source: mirroring_common.js.27.dr String found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.27.dr String found in binary or memory: https://meetings.clients6.google.com
Source: mirroring_common.js.27.dr String found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: 5366f801-f723-45e0-a8ad-f42070d0c0a8.tmp.30.dr, 2bb34554-9280-4816-8aa9-ae221fa99fdf.tmp.30.dr String found in binary or memory: https://ogs.google.com
Source: craw_window.js.27.dr, manifest.json3.27.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: mirroring_hangouts.js.27.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.27.dr String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: 5366f801-f723-45e0-a8ad-f42070d0c0a8.tmp.30.dr String found in binary or memory: https://r4---sn-4g5lznle.gvt1.com
Source: data_3.30.dr, data_1.30.dr String found in binary or memory: https://r4---sn-4g5lznle.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=84.17
Source: 5366f801-f723-45e0-a8ad-f42070d0c0a8.tmp.30.dr String found in binary or memory: https://redirector.gvt1.com
Source: data_1.30.dr String found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
Source: data_1.30.dr String found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic1
Source: craw_window.js.27.dr, manifest.json3.27.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 5366f801-f723-45e0-a8ad-f42070d0c0a8.tmp.30.dr, 2bb34554-9280-4816-8aa9-ae221fa99fdf.tmp.30.dr String found in binary or memory: https://ssl.gstatic.com
Source: messages.json49.27.dr, messages.json63.27.dr, messages.json48.27.dr, messages.json43.27.dr, messages.json66.27.dr, messages.json33.27.dr, messages.json75.27.dr, messages.json64.27.dr, messages.json69.27.dr, messages.json73.27.dr, messages.json51.27.dr, messages.json41.27.dr, messages.json62.27.dr, messages.json.27.dr, messages.json0.27.dr, messages.json30.27.dr, feedback.html.27.dr, messages.json53.27.dr, messages.json29.27.dr, messages.json58.27.dr, messages.json36.27.dr, messages.json39.27.dr, messages.json71.27.dr, messages.json54.27.dr, messages.json67.27.dr, messages.json57.27.dr, messages.json65.27.dr, messages.json35.27.dr, messages.json44.27.dr, messages.json42.27.dr, messages.json31.27.dr, messages.json72.27.dr, messages.json32.27.dr, messages.json38.27.dr, messages.json45.27.dr, messages.json52.27.dr, messages.json40.27.dr, messages.json60.27.dr, messages.json34.27.dr, messages.json56.27.dr, messages.json37.27.dr, messages.json28.27.dr, messages.json46.27.dr, messages.json68.27.dr, messages.json74.27.dr, messages.json59.27.dr, messages.json61.27.dr, messages.json70.27.dr, messages.json55.27.dr, messages.json47.27.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json49.27.dr, messages.json63.27.dr, messages.json48.27.dr, messages.json43.27.dr, messages.json66.27.dr, messages.json33.27.dr, messages.json75.27.dr, messages.json64.27.dr, messages.json69.27.dr, messages.json73.27.dr, messages.json51.27.dr, messages.json41.27.dr, messages.json62.27.dr, messages.json.27.dr, messages.json0.27.dr, messages.json30.27.dr, feedback.html.27.dr, messages.json53.27.dr, messages.json29.27.dr, messages.json58.27.dr, messages.json36.27.dr, messages.json39.27.dr, messages.json71.27.dr, messages.json54.27.dr, messages.json67.27.dr, messages.json57.27.dr, messages.json65.27.dr, messages.json35.27.dr, messages.json44.27.dr, messages.json42.27.dr, messages.json31.27.dr, messages.json72.27.dr, messages.json32.27.dr, messages.json38.27.dr, messages.json45.27.dr, messages.json52.27.dr, messages.json40.27.dr, messages.json60.27.dr, messages.json34.27.dr, messages.json56.27.dr, messages.json37.27.dr, messages.json28.27.dr, messages.json46.27.dr, messages.json68.27.dr, messages.json74.27.dr, messages.json59.27.dr, messages.json61.27.dr, messages.json70.27.dr, messages.json55.27.dr, messages.json47.27.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: craw_window.js.27.dr, craw_background.js.27.dr String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 5366f801-f723-45e0-a8ad-f42070d0c0a8.tmp.30.dr, manifest.json1.27.dr, 2bb34554-9280-4816-8aa9-ae221fa99fdf.tmp.30.dr String found in binary or memory: https://www.google.com
Source: manifest.json3.27.dr String found in binary or memory: https://www.google.com/
Source: craw_window.js.27.dr String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.27.dr String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.27.dr String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.27.dr String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.27.dr String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.27.dr String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: feedback_script.js.27.dr String found in binary or memory: https://www.google.com/tools/feedback
Source: manifest.json1.27.dr String found in binary or memory: https://www.google.com;
Source: 5366f801-f723-45e0-a8ad-f42070d0c0a8.tmp.30.dr, craw_window.js.27.dr, 2bb34554-9280-4816-8aa9-ae221fa99fdf.tmp.30.dr, craw_background.js.27.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json3.27.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json1.27.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json1.27.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json3.27.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json3.27.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json1.27.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json1.27.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json1.27.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json1.27.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json1.27.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json3.27.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json3.27.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json1.27.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.27.dr String found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.27.dr String found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: 5366f801-f723-45e0-a8ad-f42070d0c0a8.tmp.30.dr, 2bb34554-9280-4816-8aa9-ae221fa99fdf.tmp.30.dr String found in binary or memory: https://www.gstatic.com
Source: common.js.27.dr String found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: manifest.json1.27.dr String found in binary or memory: https://www.gstatic.com;
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknown DNS traffic detected: queries for: bit.ly
Source: global traffic HTTP traffic detected: GET /3rhxy13 HTTP/1.1Host: bit.lyConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 373573-3847.glitch.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloudConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://373573-3847.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /style.css HTTP/1.1Host: 889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /scriptx.js HTTP/1.1Host: 889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /json?token=ae2ec3372db6ec HTTP/1.1Host: ipinfo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Origin: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloudSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1Host: fonts.gstatic.comConnection: keep-aliveOrigin: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloudUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fonts.googleapis.com/css?family=Roboto:300,400,600Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1Host: fonts.gstatic.comConnection: keep-aliveOrigin: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloudUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fonts.googleapis.com/css?family=Roboto:300,400,600Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

System Summary:

barindex
Potential malicious clickable URLs found in PDF
Source: New remittance Scif Shared Document (TGVL973NGZ2A).pdf URL: https://bit.ly/3rhxy13#amJhY3VkQHNjaWYuY29t
Source: New remittance Scif Shared Document (TGVL973NGZ2A).pdf URL: https://bit.ly/3rhxy13#amjhy3vkqhnjawyuy29t
Source: New remittance Scif Shared Document (TGVL973NGZ2A).pdf Initial sample: http://www.tcpdf.org
Source: New remittance Scif Shared Document (TGVL973NGZ2A).pdf Initial sample: https://bit.ly/3rhxy13#amJhY3VkQHNjaWYuY29t
Source: New remittance Scif Shared Document (TGVL973NGZ2A).pdf Initial sample: https://bit.ly/3rhxy13#amjhy3vkqhnjawyuy29t
Source: unknown Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\New remittance Scif Shared Document (TGVL973NGZ2A).pdf
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /prefetch:1 "C:\Users\user\Desktop\New remittance Scif Shared Document (TGVL973NGZ2A).pdf
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1720,8702195072095390061,15627106000912345319,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=18286048802128574136 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18286048802128574136 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1720,8702195072095390061,15627106000912345319,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=3768187353521161873 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1720,8702195072095390061,15627106000912345319,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9415886863657161447 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9415886863657161447 --renderer-client-id=4 --mojo-platform-channel-handle=1980 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1720,8702195072095390061,15627106000912345319,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4224506441275931073 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4224506441275931073 --renderer-client-id=5 --mojo-platform-channel-handle=1784 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation -- "https://bit.ly/3rhxy13#amJhY3VkQHNjaWYuY29t
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1576,3536686131890549724,3331413522711221589,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1924 /prefetch:8
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /prefetch:1 "C:\Users\user\Desktop\New remittance Scif Shared Document (TGVL973NGZ2A).pdf Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation -- "https://bit.ly/3rhxy13#amJhY3VkQHNjaWYuY29t Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1720,8702195072095390061,15627106000912345319,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=18286048802128574136 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18286048802128574136 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1720,8702195072095390061,15627106000912345319,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=3768187353521161873 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1720,8702195072095390061,15627106000912345319,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9415886863657161447 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9415886863657161447 --renderer-client-id=4 --mojo-platform-channel-handle=1980 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1720,8702195072095390061,15627106000912345319,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4224506441275931073 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4224506441275931073 --renderer-client-id=5 --mojo-platform-channel-handle=1784 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1576,3536686131890549724,3331413522711221589,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1924 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx Jump to behavior
Source: classification engine Classification label: mal52.winPDF@48/299@8/11
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File opened: C:\Windows\SysWOW64\Msftedit.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: New remittance Scif Shared Document (TGVL973NGZ2A).pdf Initial sample: PDF keyword /JS count = 0
Source: New remittance Scif Shared Document (TGVL973NGZ2A).pdf Initial sample: PDF keyword /JavaScript count = 0
Source: New remittance Scif Shared Document (TGVL973NGZ2A).pdf Initial sample: PDF keyword /EmbeddedFile count = 0

Data Obfuscation:

barindex
PDF has an OpenAction (likely to launch a dropper script)
Source: New remittance Scif Shared Document (TGVL973NGZ2A).pdf Initial sample: PDF keyword /OpenAction
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: AcroRd32.exe, 00000001.00000000.390737900.000000000B5A4000.00000004.00000001.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllC9z
Source: AcroRd32.exe, 00000001.00000000.371317155.0000000005840000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.360800951.0000000005840000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.350393114.0000000005840000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.385318952.0000000005840000.00000002.00020000.sdmp Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000000.371317155.0000000005840000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.360800951.0000000005840000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.350393114.0000000005840000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.385318952.0000000005840000.00000002.00020000.sdmp Binary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000000.371317155.0000000005840000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.360800951.0000000005840000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.350393114.0000000005840000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.385318952.0000000005840000.00000002.00020000.sdmp Binary or memory string: SProgram Managerl
Source: AcroRd32.exe, 00000001.00000000.371317155.0000000005840000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.360800951.0000000005840000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.350393114.0000000005840000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.385318952.0000000005840000.00000002.00020000.sdmp Binary or memory string: Shell_TrayWnd,
Source: AcroRd32.exe, 00000001.00000000.371317155.0000000005840000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.360800951.0000000005840000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.350393114.0000000005840000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.385318952.0000000005840000.00000002.00020000.sdmp Binary or memory string: Progmanlock
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 533086 Sample: New remittance Scif Shared ... Startdate: 03/12/2021 Architecture: WINDOWS Score: 52 39 Antivirus detection for URL or domain 2->39 41 Potential malicious clickable URLs found in PDF 2->41 7 AcroRd32.exe 15 45 2->7         started        process3 process4 9 RdrCEF.exe 64 7->9         started        12 chrome.exe 16 412 7->12         started        14 AcroRd32.exe 10 7 7->14         started        dnsIp5 33 192.168.2.1 unknown unknown 9->33 16 RdrCEF.exe 9->16         started        18 RdrCEF.exe 9->18         started        20 RdrCEF.exe 9->20         started        22 RdrCEF.exe 9->22         started        35 239.255.255.250 unknown Reserved 12->35 24 chrome.exe 16 12->24         started        37 bit.ly 14->37 process6 dnsIp7 27 889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud 169.46.89.154, 443, 49820, 49821 SOFTLAYERUS United States 24->27 29 clients.l.google.com 142.250.203.110, 443, 49815, 57174 GOOGLEUS United States 24->29 31 9 other IPs or domains 24->31
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
34.117.59.81
 ipinfo.io United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG false
142.250.203.110
 clients.l.google.com United States
15169 GOOGLEUS false
169.46.89.154
 889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud United States
36351 SOFTLAYERUS false
172.217.168.45
 accounts.google.com United States
15169 GOOGLEUS false
142.250.203.97
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
172.217.168.3
 gstaticadssl.l.google.com United States
15169 GOOGLEUS false
52.55.94.26
 373573-3847.glitch.me United States
14618 AMAZON-AESUS false
67.199.248.10
 bit.ly United States
396982 GOOGLE-PRIVATE-CLOUDUS false

Private
IP
192.168.2.1
127.0.0.1

Contacted Domains

Name IP Active
gstaticadssl.l.google.com 172.217.168.3 true
889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud 169.46.89.154 true
accounts.google.com 172.217.168.45 true
bit.ly 67.199.248.10 true
373573-3847.glitch.me 52.55.94.26 true
ipinfo.io 34.117.59.81 true
clients.l.google.com 142.250.203.110 true
googlehosted.l.googleusercontent.com 142.250.203.97 true
clients2.googleusercontent.com unknown unknown
clients2.google.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://373573-3847.glitch.me/ false
    		high
    https://ipinfo.io/json?token=ae2ec3372db6ec false
      		high
      https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
        		high
        https://bit.ly/3rhxy13 false
          		high
          https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/style.css false
          • Avira URL Cloud: safe
          		 unknown
          https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/favicon.ico false
          • Avira URL Cloud: safe
          		 unknown
          https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/#amJhY3VkQHNjaWYuY29t true
          • SlashNext: Fake Login Page type: Phishing & Social Engineering
          		 unknown
          https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx false
            		high
            https://889ftr-https-redirrectcase-dynamic-forms.us-south.cf.appdomain.cloud/ false
            • Avira URL Cloud: safe
            		 unknown
            https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
              		high