Edit tour
Windows
Analysis Report
Fw INVOICE TEST-4 - INTUIT QUICKBOOKS - 399.00 USD.zip
Overview
General Information
| Sample name: | Fw INVOICE TEST-4 - INTUIT QUICKBOOKS - 399.00 USD.zip |
| Analysis ID: | 1484921 |
| MD5: | ae7cfab4b1dd7bd43c954abf9c202ee0 |
| SHA1: | b996b9c0de51017f56118d42e7b3b793fc648ea3 |
| SHA256: | 4d6a89ed07b16b0345d2ec78fe9c8f3a59416cb4d942e03194726891007ca574 |
| Infos: |  |
 | |
Detection
| Score: | 48 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
AI detected phishing page
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory
Classification
- System is w10x64_ra
rundll32.exe (PID: 1824 cmdline: C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
OUTLOOK.EXE (PID: 5408 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /f "C:\Users \user\AppD ata\Local\ Temp\Temp1 _Fw INVOIC E TEST-4 - INTUIT QU ICKBOOKS - 399.00 US D.zip\Fw I NVOICE TES T-4 - INTU IT QUICKBO OKS - 399. 00 USD.msg " MD5: 91A5292942864110ED734005B7E005C0) 
ai.exe (PID: 5204 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "106 CC214-4CDC -4F43-A7CF -4B979FECD B8F" "4CC7 A8D2-B3F7- 4F41-BAFD- 3B5439DA98 B8" "5408" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) 
Acrobat.exe (PID: 5768 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \AppData\L ocal\Micro soft\Windo ws\INetCac he\Content .Outlook\X SG1MZTQ\In voice TEST -4 - INTUI T QUICKBOO KS - 399.0 0 USD.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 6228 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 3840 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 60 --field -trial-han dle=1596,i ,113478216 3595859276 0,33816700 1462248909 1,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) 
chrome.exe (PID: 6936 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// secure.zer vant.com/r ecipient-p ortal/?acc essToken=z 5YY1SAZlE9 ODNw4Ec%2F HXLTwpvEg1 Bkp%2BBzy% 2BqYzP7jv7 qsKrjqjCEE 7sClXZPwhD tT9x9IrjRr FzBtcRZ5Hb %2BmiLgQDN u2NFopbyYe 2AQ7MdzoDr 8RXBuK3W9Z uNOBbCfbjs iXNOaeKBny zLe4zFCg%2 FYmJ%2BIAM Dy8YNQyXVS %2FGeMlrd5 znKWRXmIqR nIe3zlnpDz VayuVk8k1N %2FnOlrQgs uLatQoETDG D6BmLyZSlw wYXDP84erK 7dpVTk01QY p MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7108 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2004 --fi eld-trial- handle=194 8,i,526155 4049205928 031,315324 5880327705 366,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No yara matches
| Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): | ||
| Source: | Author: frack113: | ||
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
Phishing |   |
|---|
| Source: | LLM: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | HTTP Parser: | ||
| Source: | Memory has grown: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Classification label: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File read: | ||
| Source: | Key opened: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Key value queried: | ||
| Source: | Window found: | ||
| Source: | Window detected: | ||
| Source: | Key opened: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | File created: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | File Volume queried: | ||
| Source: | Process information queried: | ||
| Source: | Queries volume information: | ||
| Source: | Key value queried: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Rundll32 | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 1 Process Injection | Security Account Manager | 14 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 Extra Window Memory Injection | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Extra Window Memory Injection | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| secure.zervant.com | 3.161.119.28 | true | false | unknown | |
| edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | 217.20.57.20 | true | false | unknown | |
| test-translations.zerv.me | 13.32.121.12 | true | false | unknown | |
| m.stripe.com | 44.236.136.3 | true | false | unknown | |
| dexeqbeb7giwr.cloudfront.net | 18.66.122.50 | true | false | unknown | |
| stripe.com | 198.137.150.81 | true | false | unknown | |
| www.google.com | 142.250.185.68 | true | false | unknown | |
| stripecdn.map.fastly.net | 151.101.0.176 | true | false | unknown | |
| use.typekit.net | unknown | unknown | false | unknown | |
| p.typekit.net | unknown | unknown | false | unknown | |
| m.stripe.network | unknown | unknown | false | unknown | |
| js.stripe.com | unknown | unknown | false | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | unknown | ||
| false | unknown | ||
| false | unknown | ||
| true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 13.32.27.95 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
| 3.161.119.28 | secure.zervant.com | United States | 16509 | AMAZON-02US | false | |
| 217.20.57.20 | edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | Denmark | 15516 | DK-DANSKKABELTVDK | false | |
| 151.101.0.176 | stripecdn.map.fastly.net | United States | 54113 | FASTLYUS | false | |
| 184.28.88.176 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
| 18.165.122.85 | unknown | United States | 3 | MIT-GATEWAYSUS | false | |
| 13.32.121.129 | unknown | United States | 16509 | AMAZON-02US | false | |
| 216.58.206.72 | unknown | United States | 15169 | GOOGLEUS | false | |
| 2.19.126.206 | unknown | European Union | 16625 | AKAMAI-ASUS | false | |
| 142.250.185.202 | unknown | United States | 15169 | GOOGLEUS | false | |
| 20.189.173.17 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 64.233.166.84 | unknown | United States | 15169 | GOOGLEUS | false | |
| 198.137.150.81 | stripe.com | United States | 3356 | LEVEL3US | false | |
| 52.6.155.20 | unknown | United States | 14618 | AMAZON-AESUS | false | |
| 142.250.186.110 | unknown | United States | 15169 | GOOGLEUS | false | |
| 172.217.18.99 | unknown | United States | 15169 | GOOGLEUS | false | |
| 2.16.202.91 | unknown | European Union | 16625 | AKAMAI-ASUS | false | |
| 44.236.136.3 | m.stripe.com | United States | 16509 | AMAZON-02US | false | |
| 172.64.41.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
| 52.113.194.132 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 35.162.151.58 | unknown | United States | 16509 | AMAZON-02US | false | |
| 18.66.122.50 | dexeqbeb7giwr.cloudfront.net | United States | 3 | MIT-GATEWAYSUS | false | |
| 142.250.185.68 | www.google.com | United States | 15169 | GOOGLEUS | false | |
| 1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
| 52.109.68.130 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 2.16.241.15 | unknown | European Union | 20940 | AKAMAI-ASN1EU | false | |
| 13.32.121.12 | test-translations.zerv.me | United States | 16509 | AMAZON-02US | false | |
| 239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
| 52.109.28.46 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 172.217.16.195 | unknown | United States | 15169 | GOOGLEUS | false | |
| 151.101.192.176 | unknown | United States | 54113 | FASTLYUS | false |
| IP |
|---|
| 192.168.2.16 |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1484921 |
| Start date and time: | 2024-07-30 19:59:39 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 23 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | stream |
| Analysis stop reason: | Timeout |
| Sample name: | Fw INVOICE TEST-4 - INTUIT QUICKBOOKS - 399.00 USD.zip |
| Detection: | MAL |
| Classification: | mal48.phis.winZIP@38/84@30/120 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132
- Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetValueKey calls found.
- VT rate limit hit for: Fw INVOICE TEST-4 - INTUIT QUICKBOOKS - 399.00 USD.zip
| Input | Output |
|---|---|
| URL: about:srcdoc Model: Perplexity: mixtral-8x7b-instruct | {"loginform": false,"urgency": true,"captcha": false,"reasons": ["The webpage contains text that creates a sense of urgency, such as 'Download PDF Of P Au toebic d, dispute Lhis & you .2ZE3Z7E. oate it Tet* I ussng.'","The text also includes phrases like 'Total amount due us 53gg_oo Pa ymer t terms: Buyer's referentey INTUIT QUICKBOOKS zervant' which may prompt the user to take immediate action."]} |
Title: Invoice Created with Zervant OCR: Sent INVOICE - TEST-4 quickbooks 2017.2024 INTUITOUlCK300KS 2813.2024 $399.00 quiek Beaks INTUIT guvwecoxs 2702 :WuIiLir' Oue in 29 days (29_oa 20241 Download PDF Of P Au toebic d, dispute Lhis & you .2ZE3Z7E. oate it Tet* I ussng.ao Toea' MAT uss3g9DD Total amount due us 53gg_oo Pa ymer t terms: Buyer's referentey INTUIT QUICKBOOKS zervant Created using Zervant Professional invoicing software | |
| URL: about:srcdoc Model: gpt-4o | ```json
{
"phishing_score": 7,
"brands": "Intuit QuickBooks",
"phishing": true,
"suspicious_domain": true,
"has_prominent_loginform": false,
"has_captcha": false,
"setechniques": true,
"has_suspicious_link": true,
"legitmate_domain": "quickbooks.intuit.com",
"reasons": "The URL 'about:srcdoc' is highly suspicious as it is not a valid domain and is typically used in phishing attacks to display content without a proper web address. The image shows an invoice from 'Intuit QuickBooks', a legitimate brand, but the presence of a 'Download PDF' link without a clear and trustworthy URL is a common phishing tactic. Additionally, the use of 'about:srcdoc' suggests an attempt to obscure the true source of the content. There is no prominent login form or captcha, but the social engineering technique of presenting an urgent invoice is evident. Therefore, this site is likely a phishing site."
} |
 |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.172027217160768 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 55E0E595ACD85F8DF4D5B05657A037C5 |
| SHA1: | 451FC804E0EB92E4956F3102144A4AD8AE0DFD79 |
| SHA-256: | 42BB05D0223DC6563256D703A4E64C9A67A6F4FBAFD339EB8C9B8F40B2D7672C |
| SHA-512: | D49AA76FDAFABE43B1C8C3165FB5C77F6A8E13C52DF4A84C1B8A0781E6885704EF6100ACCE8BA0D4A060E542513CC73755CF283322CF44E36C936FF455321A9C |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 331 |
| Entropy (8bit): | 5.1888632402128945 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | D93F9735AA43E85884729C5A264209C5 |
| SHA1: | 59BE8B2F9962D6A18D701A69E44A9DFBF6691A25 |
| SHA-256: | 9A0E404DB064E93AAD40F0E74C0EA538E9F11B0DC1F94FF82E760D0BECFD49F2 |
| SHA-512: | 3AFC1948B17D55D19C1D26ED63D88A2AA752F4147048A1B1665A076BBA0E64D1D3AA0AEB648836DAC8477F34B3DF0FA7AA0C0AACC0F00AE56879A829D8BF114F |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4099 |
| Entropy (8bit): | 5.225283715554595 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 86CA3F4E7AB9138D2D7BBDE9985954A7 |
| SHA1: | 50CC2F86481516711E21E5ADA977E5834B033A4F |
| SHA-256: | 1A7309BEB7731567E9FE7A0455318B1C620881A316D87804849FF193B1FA8CDC |
| SHA-512: | F38A9B180E256AB8C83F7440AAC1EF4EF183C313C185472358E73CE2C008A3A4A494317DC4E2EAEA6C23FE0237385D50B74D42F826056A3B90FA24A1C70718B9 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 319 |
| Entropy (8bit): | 5.217873733598778 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 8CC22F10DD9D9E3DA8ADFF9E6B57DD7B |
| SHA1: | 421DC7EF3ED60FD6622BDE9F3B2D12C000AEE8D5 |
| SHA-256: | CAD7A2717D5EA1B4CCB9EF55462230694D51CC1851AE0E5BBD02D4C7444A5549 |
| SHA-512: | 156A13F32E565865831FF447E73183F1F3523A7D2A8E2B788FEF7F50F3FB7CE46E978A98EEE1145F0CBB0BF4FFE8D9BD0E5E666F1FE3EE67EA4FDAC2E7DBEF0F |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240730180117Z-158.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65110 |
| Entropy (8bit): | 0.9511211438848483 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 8BA8359F2C78C2897F4B6A41BEC17ED8 |
| SHA1: | 27ADD97B14AD09E774CCCC792BC3CABC2677A36E |
| SHA-256: | 48469D5B1EE7A2BBF5D551FD488F47B52A2C054176E8C9A596E5A50483B79154 |
| SHA-512: | 3D8F52C999BA21DAC3A9187E99B9CCD550D08AD1024B9350FE0E8A8D005508A235EBECB5D7183D640B1DBE5552024937303DF30229183E7368957BC9D79419FF |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 57344 |
| Entropy (8bit): | 3.291927920232006 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
| SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
| SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
| SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16928 |
| Entropy (8bit): | 1.2160291275063095 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 26A1A5B25A439F41E9ACAA0241608E7A |
| SHA1: | BDD2EDF0CF4742033BF9A024BBCE2BB2C341F691 |
| SHA-256: | D2B83B5E6B2B1BCBA52B541BFCEA3CBB476110D792636B654A995560CCD6D3C8 |
| SHA-512: | 113180EC7349ABFA07E872627A89B06B6F96AEF6B154C737CEE1A329A4EE6B301DAFB371ED9F61F76DA70620D61E2E8B423F19E465E5638F7D20C7CDC278A154 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71954 |
| Entropy (8bit): | 7.996617769952133 |
| Encrypted: | true |
| SSDEEP: | |
| MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
| SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
| SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
| SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 893 |
| Entropy (8bit): | 7.366016576663508 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
| SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
| SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
| SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 328 |
| Entropy (8bit): | 3.144086598890895 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | C4D13069329F4E9210E2DD53581C2F3E |
| SHA1: | B19CCEFD75E68EDF51D273E0E3FCEA37BFA7C963 |
| SHA-256: | 074A6A3B710AC6AABF8299C15E1A32B1E2D99E1EECC5D0B792EEAE2D59511F7E |
| SHA-512: | 3460423BB6EF5EB9CEC77298EF6C4B1B688525889D994B3DB5BB1E6C2308B6730EFE0122AF1E429FDC5F9975F9699589F9F884310062D2B4802EB352DCFD42DF |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 252 |
| Entropy (8bit): | 3.0264678871426307 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F775A9075E74532710C6E57EB5BB13DA |
| SHA1: | F8E3DCE69F51C296ED7DDFF8AD0A89B1D33094D7 |
| SHA-256: | 7AF32FA67E9733992087F9774AE33C168109B95EB769AB927ED11960FAB42500 |
| SHA-512: | CABE3105C5E9A69AE963F813A687923A38BF106A044FFE1C66FF8BBA1C49FB968502B7AD6F437AEE4FF30A61D3F1B4E6FDEBABD0C147E56326BA5CDD95F3B5BE |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 0 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.371757948895893 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 668258A6D9164D1D2E7139C386E87EC4 |
| SHA1: | C317306A0035E28B98DA69EA060516A7863AC8BB |
| SHA-256: | 3092223FA15E73D96677B817B817DCC6B508D672EC4B57C73A67476C1F926640 |
| SHA-512: | 7860230EBCE8B6A518BC6DEFDA20755A636D8D0A53E49A8D848524C46C835EF41884CA6B912F389A2820FB2E12B75DF344665EFBDF52D4B363835A37807EB650 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.3218635095043405 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | FD7870E5AD1B450E6E6F9C4C4ED20A44 |
| SHA1: | 96A7CE48A1EC67C91A01F25193EE83FEE74F664F |
| SHA-256: | 1AFC100D4D9C5701ECD19BAF3506E331260A7FF4E542CFE0DA2631D00A7B9A5D |
| SHA-512: | 9E2D476F62D5D575A44AFF8489AF6AB22CA043170D2BCE9BA9B084742C6829080D8A0CA759CD523973FC47243ED91E6922F17EB18335549D1F790AC523C847AF |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.2998161095037 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 9ADE6EE00FA0EAB0EF3712D3BA578BA0 |
| SHA1: | F10E6B3689501AEC3C94F86120BFA1E1DCF08B0C |
| SHA-256: | 00D8F66CE7C32FF0B55AFE8F134E30EB8F9112D3195BB5836EF1A6E21F37E82E |
| SHA-512: | 007F1E1094FD2B7C46BACEC97CF0D827E622D2C5CC3DCC3979AA3277F37ECC305D4EE796AA3766CC2504443698E1766FEB16D7AAF14AC686AD2A21C86A1B91EB |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.360432683692281 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | E6CEEFD488B04FE4FAACFD5C50513444 |
| SHA1: | 92ED11C14486CEDDA9725860094C232F1603DF7F |
| SHA-256: | 61566750B85CFAF98E52FD5ABFAB814CE2BC810FEE00A3F90B9455A7FBCA7D5B |
| SHA-512: | A4660C22180F21A7211156C625037CD8F015DE4D5F6A390F48A16CB4AF926604F63C919F120BEE504CE19C5CAD59A512583607A1F453E1D8625B2B1F205C3A27 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1063 |
| Entropy (8bit): | 5.668288062944746 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 371B6040C3A8016F2C2500766A0AFD1A |
| SHA1: | C47F9AA8CF2D96FE6159AC50F1213D3ACBC4E37A |
| SHA-256: | E772F5D3E7E57B28369AFA3943DF4282EBA8AE25E081F4F6D551E291CEDC2A98 |
| SHA-512: | 6AEA1AAE470803A69C8B1B25CEE632467F2132EC8BA771CA7FAC1DBB906121B160AFF8F80D61B05918960E4909443E51550D28DFD2FC72A34F5156EA8CA6CF7D |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1050 |
| Entropy (8bit): | 5.655533314731801 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 12B001E6853E20A559E590C1FEDA7798 |
| SHA1: | 8AC5BB1040E50E8106CA8713708B15F4BE342557 |
| SHA-256: | C6728C518C13C7388D3CD9E1EE97D8A17CEB8C9D3028C6691CBC6138EFC07784 |
| SHA-512: | 5B004CD32DEAF3A21D989A2D6A0064DC4440AD310348BB83C71FB4D0525A4CB82FF97F6BCCB7F4461EB6C2DEC1795B16467ECAD7E47EFCC143335BD7534663A9 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.311539466287375 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F3442EAF4F05BD1B24CDBE3E88E5F9F0 |
| SHA1: | 4E3F5502A08542FC48359C6ABE8C82E7186CD447 |
| SHA-256: | D0FA89EC08B10EBCEE4ED61CD5A50DB2909FCFC5BEE23DCC12068C640B3CDB4F |
| SHA-512: | 1836157E647755ABED3DBF5C8A382615B921B20698ECB5869C63A0D2D9C8AADC3D42F4A53236736E2DB21BEE6F4A5F0F931444307238CB6411BA3CA4C3BB3774 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1038 |
| Entropy (8bit): | 5.64884790840229 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 36FD41A63D6A5600E57F88000BAC62EC |
| SHA1: | 4D60A7FCC9A5903C153985EB1D18F5C31B695CEA |
| SHA-256: | 04A0684688B96B65DBF1F91AC61AA104EC12AE1954A7F5E1321FC69E14CDB170 |
| SHA-512: | 30B4EABD8FAB8B01C0FF18A263A0C9DB9B1DFB83B65C37CD8C210976C2DA87B331278CBC44FACE90A405300F899FD63C4F706A1C1DAC8C85B227A7856C57380F |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1164 |
| Entropy (8bit): | 5.7026264203260935 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 81DA4BBB2B91515BE26128A29D26912C |
| SHA1: | 5A5E0E88EE4830BB85C7228E4D9A8D7709EEED1D |
| SHA-256: | 24AEDB58CCC3D2577DCEB1AEBC40A2B40B549C28BA8CD457AC3FA47D18337233 |
| SHA-512: | 98F06F72046914E059CD3DB3623E4B5791385D1A23B9663D394419DCD864FBE4ED3A245191A228DCE6A0BD660B4FF9ED05F611E4312F3C7C8EC0F7678A1072FA |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.315270149836527 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 04535CE7ED42BCD4F3A02386C0A5FA50 |
| SHA1: | C16A434A210046DB5E748EAE57AFFA587433561D |
| SHA-256: | D18D58F3873F1693BC7B7138F0148F8400D28953B7F2AEC34579B6535A0A3A09 |
| SHA-512: | 4AB4637F14959B4C5609DFA0F0C06AF0887366EFEDE515F089AAEDE2621464B73F73FEBB7C136D5A01A3F432AFDA7F4482FE4432970E9D7AEBD64A3FB5F019D0 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.776688029606016 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 26F141ADEE165F4B374D4777C191A225 |
| SHA1: | 7AA49959F80A95FDC9739B3025169F5A3F3BCEA8 |
| SHA-256: | E0AAB14C97D2C010D385189CD8403386C2BC9D3624387F5E41EC7F7006C862C1 |
| SHA-512: | 8C45285488624E3951227B0C805CD0E9D36A4282EBD533FFC3081787AF2CACECA1120ED2CF8C629FC4632CB4FBD2329E852DE16BC88CA4D5521B687A1377CE51 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.298712298026977 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F1BC2A8087E45A49788739CBDA2D91FE |
| SHA1: | E1E40190084B98A2FBEA419771A30FD951233C96 |
| SHA-256: | A0439C0D48B5D849034203A744368BEA3543B0302E68965AA5D71716CF0A45B7 |
| SHA-512: | 67498F7C4FB321B167F2BF1D9B931B5413501FFB3152945086BE837A42BB62D9C520E71E3823D300953F315C182BE6DE52114EB75B2FFF2D101A036DE77794EC |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.302304980017948 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | B966A6B9B6CC1652A6D82628387C7F97 |
| SHA1: | 0A80F2F3D7CDE8825A31427A6F8B3247859DAF6B |
| SHA-256: | B1118DFEF2B40372DB7D42F1EF635F6042CFCE4345F186278C70937950D2C7F0 |
| SHA-512: | F289527288B2909983ABF06102CB840CC8ADEEAD6FE98C7DC624B2C0127AFB5A111DE435FD0D137B69C65B76D6F28559A86D84CF9A5B7160ED4713531F0031EB |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1058 |
| Entropy (8bit): | 5.656975315484793 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 97A4DC199962991E3819ABCA1CDC2AC4 |
| SHA1: | 96BF46446DD87828355920744EF23A389C19DD04 |
| SHA-256: | 8C20FF89E006D1C26B1F0AE78764307E8C664BD1628B4AFE5AA8843411868535 |
| SHA-512: | 978E06E8EBE3E7DC4C8BD55CFF31079566C5785FB7E84EF82A382F8487CA8C216295145616E5DF63707F856E7DDDF08E6DE557B63F2432E96B391CBCBA1C089E |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.27653860170018 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | FD67AD9AD4AD6B1EE8CE5BC7DBA14454 |
| SHA1: | 89FF5E4559CFFFDB536BD4535933D63508EEDD93 |
| SHA-256: | F99477E13A428736EC72373DA2F1ABF8276B672F274B01831590D2A1B0623E2B |
| SHA-512: | 651DE6109838ECA8209104938F2FF2A9C170F13431F5194BB4C31A21F600979787EB08952C7BA888452E423C6A3340B05A42EE8C59B82D4EF6898CCD4B7A8527 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.369335029885633 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 0270C192F186F37C7365B0A4B1946DFF |
| SHA1: | E99214DA270ECBAB846971B8DBD7A4CE3AA56B86 |
| SHA-256: | F543938F2E1B88C444B0A07DF89B47B8AE8CCE21969CFFD259A221222F3AFF7D |
| SHA-512: | D78E00E4C9100AE93E7DA6D748AA1A9020C6D106761D77F4AC6444F6D0CE5145560CA3458866026D440833E24B729F6B082B9BB0F9F5DCD12AD17C8113213535 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2818 |
| Entropy (8bit): | 5.136866345520302 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 0EF3AFF3950402A35D07B93D6E4C791E |
| SHA1: | 0AF0ACCECA1668ED71F6DEB0FEC4A301081D2722 |
| SHA-256: | 3576099205D1FBF74F611049A38767ACC04D55A3A9E8ABA7447FB592967C7BE5 |
| SHA-512: | F7CC12F16591952F0C85EA0A4BE7CEA80FB3501D0B59D2FEF95B5DCCE9EFC7E529EF47B5A5532A8C224D8FC4ECB8768294AC03F6D773E2FE04225BE3BC2FCCE0 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 0.9891021753528279 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F0B1A76F7327406ACD3CC499EE54B650 |
| SHA1: | A79E6C9CC99B63E9AC24F316E92050B3543913AF |
| SHA-256: | 3FA3D0689121678007815986E8762C11CE19C068D188D39155F3756C4608F9DB |
| SHA-512: | E9B88B2B43C8DB2AFD1FA012AE25319D145974E8FFC9567E337FC39BFB1D4F8AF975ABB490D6B3D5E05EDD6126C3DE975943A9AFA6200CD742301A713A258924 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.342879487285626 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F5B0A42CCAB5DDA0A152ADDC235B24EB |
| SHA1: | FE8579BBEC396D4B01011C846A1BE1E39D6B5A08 |
| SHA-256: | 4533ECE13D44E35535D21AE2ED2B80264F4294B6752A746DF58FC59D7BF778E9 |
| SHA-512: | 034793431D52F5D638F0723EF6C22839C47F88B970302ECB153223081C47A76D6D6DF93B78874A4E50174C7CA8B04B4F892E270C3CE9D896A18F9BB03CF12121 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 231348 |
| Entropy (8bit): | 4.387290220820706 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 6301FC9C10C5D055F52D5E7936B3FB19 |
| SHA1: | 062F0B72E1B2A55EEC69F87146C9A1DAC6784FCD |
| SHA-256: | 927B5945840BBED10796B5259508DF7A800B9147D0A1AC9E0F22A832ECE1B310 |
| SHA-512: | 23ED9C0B3FD0674D197B46164BDF76F30354E64A1E418E55A0A2830EF5DB56405AC86B5B391AB0B178D578043ACA7B46A27976D9ACE3BC693D53AB6A4A6DB155 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\CA49F142-856B-4F73-92C1-F781D73EBD83
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 175399 |
| Entropy (8bit): | 5.288142706212429 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F6260F68E1E6A2ED03E2BFDA7DEC5660 |
| SHA1: | A7082F6B10E213D3EA285898E74370CC4EEB4F8D |
| SHA-256: | 92AA1A62E272211A723660B2E16BB2CE3350422754CA6F0376B69ADF256FAA39 |
| SHA-512: | 8CE9F65A76F7466A0DEE5A4F4BEB8A9DAD11D6AF08E280F9DB8E5936802DAFA76A47FC2563D653192F8A7D41C190465ACB59AC4D9B7FCBAAE96094F4153F46F9 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 32768 |
| Entropy (8bit): | 0.04604146709717531 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 2806BD1EAB441310C5926EECCA1F09CF |
| SHA1: | 33706B230BF0AE43625630E62A0413C2B506DBC6 |
| SHA-256: | 0508274886A536B482CEAD2F2365F3F9C2AB6730C382E110E38A1536F2EFAB1C |
| SHA-512: | 9484D13C4293212DF8C042132449493946C0D9045FC0EF437EEAEB1FE91DF323361F0A299E871C156DAD84510653F7DDD42FD5875940EFDC895E96BE3EEFE329 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 49472 |
| Entropy (8bit): | 0.4822265807296381 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | D20ABE52F59EA0CBAC4B2C4EB269510A |
| SHA1: | F62C429B1F204F1C5E6F81B1F9569B012356B651 |
| SHA-256: | 56816E2B8EA784F1452C24628246165C1DBA927048AC20BB7DCD9C46C0A20F02 |
| SHA-512: | 5852FFA6AFF69DC36B8720FACE8049616DD7131062384767493AEC121D5DECE542F174D2370D9619C0169E0157D0C4C479452ACC13E44E3109073DA31AA5BE7C |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\XSG1MZTQ\Invoice TEST-4 - INTUIT QUICKBOOKS - 399.00 USD (002).pdf
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 163074 |
| Entropy (8bit): | 7.5184884822206675 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 06895825B338A72D3699D8DCC6CF8304 |
| SHA1: | B882DD130B464566D312F6606A03FEE6796873B5 |
| SHA-256: | 6240BCC2A27EF265B799EB05770FF50E9A6B69038384D66AD254A55A4F1ABA2F |
| SHA-512: | 6EF79CC51BB36E1A4C39364E9ACA3CEFA6F4A7ECA17470D21C6F04E53329DD17B4B7F98338B937F339B9143815CA24582CF358EFA870541F67BF8169AE1496A2 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\XSG1MZTQ\Invoice TEST-4 - INTUIT QUICKBOOKS - 399.00 USD (002).pdf:Zone.Identifier
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | modified |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | FBCCF14D504B7B2DBCB5A5BDA75BD93B |
| SHA1: | D59FC84CDD5217C6CF74785703655F78DA6B582B |
| SHA-256: | EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
| SHA-512: | AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{1425A131-E30E-47D0-B6A6-5B36A954DFD6}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 7840 |
| Entropy (8bit): | 3.7613237692806845 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | AA0AF27AE7FD4E6B5E4ACBF9FB41B6DB |
| SHA1: | 9DD52AFB6D6076D8A38A615EBCF0785D5D43FB67 |
| SHA-256: | A905E613D6D826E1F410B848310B0A490D8494D7FA4C710A75CFD3B444669157 |
| SHA-512: | 8D191B0A22F16698A9FF1CF2E6604DC4142F02A3F8830970C9E9CD31864F46671FB46FA9BF56B1FE605A0F9A98A7ECBED5D891507FE8ADBB645FE493DE35A188 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1722362463199577800_E991E843-7AC7-48CC-AE5A-588EC7B4B23E.log
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20971520 |
| Entropy (8bit): | 0.1594378505968789 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 7548216E4FA6EC38793C8E0C6DD37ECB |
| SHA1: | C0774D914C81FDCC135D67428262FAA811F2A62A |
| SHA-256: | 3246CA853FC42F0D61145A4D695C97FCEBF52E7348CEA6B09222351DD41E6ED5 |
| SHA-512: | E0151FE243F7106F396085F1E61638D70DC0CA495ABCF2BE03D4B3F564D4A234F20CB14335A0517BE9A968EAAA943640DD051C210E3CCD694B44B3474DBD5D0C |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1722362463200452100_E991E843-7AC7-48CC-AE5A-588EC7B4B23E.log
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20971520 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
| SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
| SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
| SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5030768995714583 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 93E9861100ADFA70C76AC04615E5B66A |
| SHA1: | 1362F448ADA61E34D64CB7C760BCC230831CDE02 |
| SHA-256: | 4525CD99BDA9C6829C37D43688C3C9B5A1AE7D9A31D698C8F3CA080083A172FF |
| SHA-512: | AFB437586E62F3F00E33B003B0D1D40C546EBE748F5F63C16E29AD1B1115006E8681FD118674D786EF91D3CDBF3060EB21C42FB02975362303C5013EF9D77CF8 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240730T1401020998-5408.etl
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | modified |
| Size (bytes): | 90112 |
| Entropy (8bit): | 4.447153250225758 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | C8D166537F57F81E3E7167DC820180CD |
| SHA1: | 9E49DB20CC2B07E063BD0A9B9CCB1DBF223E99DA |
| SHA-256: | 49EE5958B22816E50722E9AE8754CE2126B6E84F2B54C25D56E81A60A0EE0223 |
| SHA-512: | 8662C0B1EAF57FB5FD658A163D3E8353ECE8A183D2DD01EACDCBD2A34EBF9049AD848A3031F7F6BE8E07F09D673A213097598D49F0CAE9228188C5F06425ACFA |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-30 14-01-15-408.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.353642815103214 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
| SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
| SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
| SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15113 |
| Entropy (8bit): | 5.334889219340283 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 07851AA39AE58FB206E4F31BB0CF5FBA |
| SHA1: | EB61366E628C327A20953D6E765BBF194D151151 |
| SHA-256: | 610A352E60595DFB974F2EC67C6DCAAE9CFF0AF8D4AE36972B507C0C6280EF18 |
| SHA-512: | C84EE44FA757A10F7F84E2EAF84EEE4867FD4D865B0848A9FAF9351CB8C3ECC001A54E357980388FAD0849D9858B42F97D802FDF3043E42D6082AA47A91494C8 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.415711449637227 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 9E0B4D34411B467228E402308AB713E8 |
| SHA1: | 639140FD9083B93BFFBB88C72B13864783860FDE |
| SHA-256: | AAEE1BE84033C30941F56C2D052C9EABB6CB18383B95AB4F2DE235E7F47B81A3 |
| SHA-512: | FAF289CB7D0EEA45F22F813CCC26B622FEC16E97506F98B745A8B8B72300D1C0E23F81930B925CB0CFF55206C4FB7CFDCB2FA27D7EAC03BBC8724CC07E250C4F |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 1A39CAAE4C5F8AD2A98F0756FFCBA562 |
| SHA1: | 279F2B503A0B10E257674D31532B01EA7DE0473F |
| SHA-256: | 57D198C7BDB9B002B8C9C1E1CCFABFE81C00FE0A1E30A237196A7C133237AA95 |
| SHA-512: | 73D083E92FB59C92049AF8DC31A0AA2F38755453FFB161D18A1C4244747EE88B7A850F7951FC10F842AE65F6CC8F6164231DB6261777EC5379B337CB379BEF99 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 262144 |
| Entropy (8bit): | 6.644437966171274 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 8F23075E483E179608358FE1172FA61C |
| SHA1: | 7D959230ACA53BE0D11A9C114AB9E9C3FD82DA9C |
| SHA-256: | 06B839AA99F338D57C5FF83E5BB96AA1F2DA6B4AE51C0DC82A0DD10CEE4C8552 |
| SHA-512: | CB4E68017AF6AFC5917571DC950FCB59885B7E238017C3BECEA30884E7A4A043DC457079DB5FEFF29A80F774F4DE32D01C7AFBC8DC998A427347726FFAC07C96 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 30 |
| Entropy (8bit): | 1.2389205950315936 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 5F089038E57C0BA537EE1BDD3979CF36 |
| SHA1: | BB41E4404BE27C5CDC9D0D1E5760A70A78495C84 |
| SHA-256: | 7F1E4A422C5B6F1B11E717A9B8330357F9DEAAEE00E136D7895A278D810B8A3D |
| SHA-512: | C2A776F3EDDDF95BD3317D57981EC7A7BA254B524E2F79010EC0C7E823C7BA6FFD1A2E4B8FE6149CFD8A8A4EEB035C2D9B106DA76394C9F42AA7F10AC9FB58B1 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2673 |
| Entropy (8bit): | 3.9916430798478273 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | F73C432A025F1BD635A597BD00FBCF81 |
| SHA1: | 262BC67E38524065B92C4700873083E413D78FB0 |
| SHA-256: | 77585BA5EBB3AC6A502BF9A5462EC39DD252840F267D283CC079DDD18CBD270A |
| SHA-512: | 0B0C371D018F63534EB2018311C4009798E9D56A4A66E55E7233ABD6FD2E0FA73352C8E01AA7DDAE223D263686DEAC6858589025FE3B54BBEB02082886513C73 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2675 |
| Entropy (8bit): | 4.006729235198171 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 67EF7C039679E10449B3E083DC6CDC6C |
| SHA1: | 38A434B9A4C13FF6D10642B6884E62C862E348C9 |
| SHA-256: | 2399668D5A51BF8AC812F69442938E1EC563074C7D8558C2CAFD5414586A9474 |
| SHA-512: | 74BFA7E0FE9E26AE58B5F0026CC5425A9FD3687E8CB20FB5FD45533FCD414CD8CF805BD9D539B312B282E0FF7BA6B20F91B681C623E6245BF2ECEEC1F80A0E7F |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2689 |
| Entropy (8bit): | 4.0144914960678575 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 305EFC26EE8F46CDFF097EBC2C17199C |
| SHA1: | 74B903518B3F07A6614C37D468691DDA35D1FED4 |
| SHA-256: | 936733F49F9B9E774C3E774EB4460A05AB198D52B281C203734DB5D44FAA8238 |
| SHA-512: | D3C8FE321E003D5FD3584E3B28A4FDF0EC6295D7236BED511C9A054BD623E07C58FF681B64FAFEDE69F6473F5057ADF31CB005B8EB6D03C58F041A9D8852636C |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2677 |
| Entropy (8bit): | 4.005030198522504 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 7AFC851E1447958886CD2353F2475201 |
| SHA1: | 7C4647E7A4AD84D8AE2289E6BFED117B31D50BCA |
| SHA-256: | E62C4180D82DF63D583370AB8B41229238B6B2A18FB8A3D5CC0489089B8010FE |
| SHA-512: | F9808A4D3D2E7B8D9DC0D7BE318A3EE0FF0F2216786BDDF78EBAEF786FF424FCF6C6097C072244A826EAD50DF8257A439F0E6809AC75B6BB7D6A72D4B93EB4F2 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2677 |
| Entropy (8bit): | 3.994709422358504 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 5A4637144CB28DFB5B2679FF00AFA417 |
| SHA1: | 40E99EEAA53076B8BE20EF4A9A22EE4FB76E35FF |
| SHA-256: | CD8FB1C8C168A3EDEB1968058C3852141A0704E1F829CA08E0F735D50845A510 |
| SHA-512: | 16318BD156CEE18BEB0215F942E8711A4AB74C8276ADE1F48035BD6C3ADF1A045D497F8B9094259B5925ED0D32E0C21B7741A1DA272760A5C778AF56C8C2BC0A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2679 |
| Entropy (8bit): | 4.004215928574908 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | C40D088E319F722D8FC9F61847FB79FE |
| SHA1: | 5C8FEFA9E08DB8FBA69A2E642D8FC1F3368FA183 |
| SHA-256: | C4753268AD8301A9106A192147D7B4C9BC0E53D1AA1EE82DEE45E52E971D721B |
| SHA-512: | A1115D56BDE2B66E5143A52CA192AE57848C9CBDA8D52AB8F4F04A77A51F33661D84E72FE1563E8D1376C1E5524633759800EFA471B1BD8C07522726952B927A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 271360 |
| Entropy (8bit): | 1.2422950105672002 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 9702DB37DC18F0D5789B88E8C6519F58 |
| SHA1: | C4EACB7AC1B5D378A4883B368D462759CEFAA01B |
| SHA-256: | 4773A77A5A09C276D97A1EB67849618C0D2BE4693C9B26F6C1691E5E0D80D8EF |
| SHA-512: | 110FE1243007F21D9C858DAD59F9869830B23AB8F215EA5DD0444F819934F24ACCA183E50F8BF471C707F20A1FA0278A24C48909049CB7A35AB8AAEF25D246F5 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 131072 |
| Entropy (8bit): | 0.9439500621065762 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 609F6FEB38C77D2944361BE64FCAC998 |
| SHA1: | 27B0EA7C0F97FA53AD1CCEB8546150E139DB4A58 |
| SHA-256: | 4785657EDB580A4A6777C792FC5DCE65B709187D82798607DA7C63B355D03F9D |
| SHA-512: | 356FCC5DC2DA00C0FB729C49597C63F9133951265467AF6A721C50701599DF4CE35D52C2E342CC3518E68B27257C5FFA1A0F830BC28202C9DF2EFA1AC40F0E26 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 318651 |
| Entropy (8bit): | 4.91285766486163 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | FB71025BD9F8B5DD8EFAEBC3A23F3466 |
| SHA1: | CC101C17DE59F12D9579409CD8393C58C0DD0D10 |
| SHA-256: | 7C7044446383F6FBB4C920A81521223E88D38D665A004140D10AD99CC7D41A56 |
| SHA-512: | 292BE44F49854928CA0E3CFB73B54CD7E98E35A2B0160C0CB2CDADF43E213540444B729495B63517A53E64AF465C6FB96ED4E6338DE9D9261B13BBBE40677DDE |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://secure.zervant.com/rest-invoice/api/v1/recipient-portal/document?accessToken=z5YY1SAZlE9ODNw4Ec%2FHXLTwpvEg1Bkp%2BBzy%2BqYzP7jv7qsKrjqjCEE7sClXZPwhDtT9x9IrjRrFzBtcRZ5Hb%2BmiLgQDNu2NFopbyYe2AQ7MdzoDr8RXBuK3W9ZuNOBbCfbjsiXNOaeKBnyzLe4zFCg%2FYmJ%2BIAMDy8YNQyXVS%2FGeMlrd5znKWRXmIqRnIe3zlnpDzVayuVk8k1N%2FnOlrQgsuLatQoETDGD6BmLyZSlwwYXDP84erK7dpVTk01QYp |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 652524 |
| Entropy (8bit): | 4.907486187477889 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | E231980E3480CD0B81F7F239CB951080 |
| SHA1: | AECC3B30827E32EA39705D8DCAB167D341C7A776 |
| SHA-256: | D91EDCF04481076912A2469405A1979B47F775657D2477DA1F28B90728051310 |
| SHA-512: | 8020D14DAF9364DFB319A65CC09C9C95AE1479803A00A137143BAF303A80DA215758100E3A38FF6FA9B1ECB7B90AD5B5421EABAF119925BEBC84E2B4E83E9035 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 66580 |
| Entropy (8bit): | 6.093295223335156 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 16EF892BEF02B03D4647E4BE72A82779 |
| SHA1: | 352AA4E816A18D1CF93D2E11543AA9F1BD2FDF19 |
| SHA-256: | 8EDC8BAEF386E6B0B74633547F0325456AC8109B5B7E78DACE4D65825A538BC9 |
| SHA-512: | B670A24B9792483075A560B8D58DAD8124ED9CE115288D3282ED12EC94CE34814E76AD935334E789D156075D019A63201489ADB382AE002CF236889A5DF46FBB |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://secure.zervant.com/recipient-portal/static/css/main.50451c92.chunk.css |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 526 |
| Entropy (8bit): | 4.844995662196588 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | D96C709017743C0759CF3853D1806BA5 |
| SHA1: | 72E21587610C49C8305A55E71F73FA88ED618205 |
| SHA-256: | BA2338AA6670580269C762F51C4291DAEF913201AA8F4D4FD166C1A878262652 |
| SHA-512: | 974E260ED8BD1D99628FC3248F07179F6EA228E37A6B9D3EF906DBA57571F2DF54D73F93D1F3460902D28A90BD4793BCA35477B2EF8FBF424B9112147F04BCCF |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 30 |
| Entropy (8bit): | 4.281727678869736 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 12E6585FFC501538E8F6FFDF441EB6CE |
| SHA1: | 754BF5DF5308A668DE033428BC1D3964105AD050 |
| SHA-256: | 7B370D15EB06AEBE988D9E73CEAD8880F66A69B1294D5C925B8E07BD6C4E91F8 |
| SHA-512: | 90FE18ABD73697CD732D76771C2FE3C06B6CA6D6D5203DE08EA6C175DEFA8588A5485D3584D21E5111448C849CC629EB44BD8A70EC0B6AD21BC149229A4CDF01 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 200 |
| Entropy (8bit): | 4.942373347667344 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 3437AADDCDF6922D623E172C2D6F9278 |
| SHA1: | F69066CF20141AC93418102D3EEE7C0225B8A623 |
| SHA-256: | 35DCC382EB69D00369D708708CDC545F3968B68FA5BBE3E728D11FEDD04F93BB |
| SHA-512: | 2DAE5C5C30C6A0E763D8128F2CE1D467EAD432E582AB4EBB68E23991DB08F57490ABC0EED805FD33FAB5503C1737D9D47D4CC1090AE15D7391593FBB295D66E7 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2226788 |
| Entropy (8bit): | 5.1214164260458315 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 71150343271DE080D748B527355828EB |
| SHA1: | 88A5FDAF4A38EFBC7E2567CFAD3F856A657A3152 |
| SHA-256: | 54527393882FEE059D5B98A0F086650C20D0667E24A8517D940CD7F005FB0C0B |
| SHA-512: | BEC1B5AE5D322F2C156A4A2DDFF075009FB95B92C6E3DF96F9FCCE1412C00477E81ACBB71133E59F9172C565F922DAA57788000F81D99889CE127D8E745A3CA6 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 289 |
| Entropy (8bit): | 4.522217389805571 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 4B5D3A7A5727D6EB7341EE8D7CC43B9E |
| SHA1: | 8FA9F3F5FA9E569F4047D4279C267CD3815BCC74 |
| SHA-256: | 1C6CF69CF698922229EABCE6BD5D84CFDBF53DD0E945D7F5114885D78F046625 |
| SHA-512: | B2B6DFE1B02C80077E98CBC322D9AF84DE0A507C0C255904B44FA59936347C66613606CD1D4A692D207CCDE313EE331C5E65C70704D3E47F13679A4D0FE5A7C6 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://secure.zervant.com/recipient-portal/manifest.json |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 22548 |
| Entropy (8bit): | 7.992369769095068 |
| Encrypted: | true |
| SSDEEP: | |
| MD5: | 0A3EEFB4ED1F0667DEFE6F54FDA26AD7 |
| SHA1: | 3541BC529C6F982ED8EB7C74E9A8910B59B909D0 |
| SHA-256: | 7C4956F42048068D8363BC2A449D26F605B79357350F6E94DF3DE02A2075ED38 |
| SHA-512: | 42CCFF9DB627D67F19932206AD0CBD494595D152AA079B6F5AB62566D66C43CA830AE0116A1FB048FDE8AADE2EA4FB28F1FCD3A2A1A203A6BFB1B7CB5EB9A672 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://use.typekit.net/af/a28b50/00000000000000000000e803/27/l?subset_id=1&fvd=n5&v=3 |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 930 |
| Entropy (8bit): | 5.12292712843304 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 06BFCD88AF438673A8BF9B845A11AA6E |
| SHA1: | D024A745032CBE115526ABE648D9FA0F0A10A681 |
| SHA-256: | 947AC0903521F5ECEEFC90637C066306A8CA67466CCC188BB0107FB7CFB532D1 |
| SHA-512: | 6A37EA27F3AD16DE6BCB4C386D9F09962902AE2F2FDF76B6723CFF8155CD0B9D4504D1EA6ED3C4D5C9D49BE9C636EB9386BB13C9A787A71F02640A8EC939D180 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://m.stripe.network/inner.html |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 5 |
| Entropy (8bit): | 1.5219280948873621 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 83D24D4B43CC7EEF2B61E66C95F3D158 |
| SHA1: | F0CAFC285EE23BB6C28C5166F305493C4331C84D |
| SHA-256: | 1C0FF118A4290C99F39C90ABB38703A866E47251B23CCA20266C69C812CCAFEB |
| SHA-512: | E6E84563D3A55767F8E5F36C4E217A0768120D6E15CE4D01AA63D36AF7EC8D20B600CE96DCC56DE91EC7E55E83A8267BADDD68B61447069B82ABDB2E92C6ACB6 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://p.typekit.net/p.css?s=1&k=ngm0uky&ht=tk&f=2003.2005.2007.2009.2011.17400.17406&a=1007786&app=typekit&e=css |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 44614 |
| Entropy (8bit): | 5.230628933046943 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 86B5F46F7BE0D0E24E9E36A3802DECEF |
| SHA1: | 2AF96A6B8C00513F08404DD321E26D202CBC903A |
| SHA-256: | 11397630646C144588EFD0FA386D91D9C28D3F7B7DC553D1CBDFF4BC82A7D3A4 |
| SHA-512: | FA95CAA3F533B60319F1918D78094209161E25E04BCD1DC1AD3293A07309E650116080BB7C36605D31E6F42B2087A41AEC1987AA36CECC89E0669C55F55748AD |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 22748 |
| Entropy (8bit): | 7.990010201445278 |
| Encrypted: | true |
| SSDEEP: | |
| MD5: | A78BAF52372804691C879A3A53F1D72E |
| SHA1: | 2BB68B88FAB5998D25DEA7FBA1DA14E3499C4953 |
| SHA-256: | 3EBDD41D3BDA29CD4CA1B173B91BD49139C14F3152F708839FF4EAF43DCEEDC7 |
| SHA-512: | B4AE25AB0273C7EA7FB38C6C56EFFC635B3E041546F7DF36125E7A3AF9E192D93636E6C09B39EBD84669408B87C599131F1CCF20204C99A0300E9880793FC840 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://use.typekit.net/af/e3ca36/00000000000000000000e805/27/l?subset_id=1&fvd=n7&v=3 |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 103517 |
| Entropy (8bit): | 6.128975313931577 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 233BCB2565766180775CD799AE2133FF |
| SHA1: | 669FEF39D899C3D21E2AA054967647EC03138CD7 |
| SHA-256: | F8057ED5E858715DE914410D3C7A83076BC41B999725FB6AF831CB673019FDAC |
| SHA-512: | 9C53ADFE6F85430FDE0048AFB8D817B1EA95682EEF53C69973F44E2A7B75782E560550E3D87901DF3681AEB87F66AAAC2207387A34662442AF7FE07918B6450C |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://secure.zervant.com/rest-invoice/api/v1/recipient-portal/document/html?accessToken=z5YY1SAZlE9ODNw4Ec%2FHXLTwpvEg1Bkp%2BBzy%2BqYzP7jv7qsKrjqjCEE7sClXZPwhDtT9x9IrjRrFzBtcRZ5Hb%2BmiLgQDNu2NFopbyYe2AQ7MdzoDr8RXBuK3W9ZuNOBbCfbjsiXNOaeKBnyzLe4zFCg%2FYmJ%2BIAMDy8YNQyXVS%2FGeMlrd5znKWRXmIqRnIe3zlnpDzVayuVk8k1N%2FnOlrQgsuLatQoETDGD6BmLyZSlwwYXDP84erK7dpVTk01QYp |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 4261 |
| Entropy (8bit): | 5.058138855660549 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 76C93DD9D45FF7BD1E06CA68BD892DAD |
| SHA1: | FE920BFCED34EB9AF31A774469D543E5F29377FC |
| SHA-256: | D4C11E10DC5AB0DEBFF8B453B0B967BD5170744FFA2FEF81DAFF13F859A99463 |
| SHA-512: | 2D2206C3F08BF9BD0923061134A3EBD7022E34ED2909D18B54C565F5AE29253DECCB03D5632859C8CCB637482180864662F8D18DA3F8DE942D8532BB45E1733A |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://use.typekit.net/ngm0uky.css |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 48236 |
| Entropy (8bit): | 7.994912604882335 |
| Encrypted: | true |
| SSDEEP: | |
| MD5: | 015C126A3520C9A8F6A27979D0266E96 |
| SHA1: | 2ACF956561D44434A6D84204670CF849D3215D5F |
| SHA-256: | 3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA |
| SHA-512: | 02A20F2788BB1C3B2C7D3142C664CDEC306B6BA5366E57E33C008EDB3EB78638B98DC03CDF932A9DC440DED7827956F99117E7A3A4D55ACADD29B006032D9C5C |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 50296 |
| Entropy (8bit): | 7.996029729235154 |
| Encrypted: | true |
| SSDEEP: | |
| MD5: | B02AB8B0D683A0457568340DBA20309E |
| SHA1: | E18C3B8737970D37BE1BB85B0F588303A89E63BB |
| SHA-256: | 0D8601A776B7DC777CD23BC42392D05A43DF0D6402328E8913B58811083B513D |
| SHA-512: | 509792D83FE043CC84C560548A6AF42E43C7D94EEC0CE7B9C4B6C28FCA70C49EC77E65320D063A91209EEE7D363E03C7526CB2C2AA807766C5D213D3FC3174F3 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 279570 |
| Entropy (8bit): | 5.3561096165647495 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 33B85A2C0E601A2AA7F15A60D0658261 |
| SHA1: | 378FCCB6B74136C706124E12B11B9F8BB7A901A7 |
| SHA-256: | 9EBE242696F71B654B7BAB3A7F965808004B78BB81CD5EF3E090D3AAD0BCF3E6 |
| SHA-512: | 993A02A9FB3EB5CD490283DE49373E0BE07096F93817B07A7C386F4E92F1B539438906C645876BEFBEE4979C51477D94A64EF56CC8E3DD3B7CD3792A2157B951 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://secure.zervant.com/recipient-portal/static/js/2.78a22ecc.chunk.js |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 56115 |
| Entropy (8bit): | 5.347323537885137 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 3C89B4E5563F4BA0410A1D7D4F3AD23E |
| SHA1: | 6455000459BF2AD68625B8B554A652CC84145261 |
| SHA-256: | B17609553B24140FC01409B78FA834FE878DE6410FE9E8996B0A5F6A984DDD6D |
| SHA-512: | F85D5BA57633E85A9A3DC826A33DE76FF22725DE7398FC0049E1395CD46603F0B1F2E1BB47422BCF0D2D71FC2BA497322CFC40EF5101A3FF25E89757E4F6CA56 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | "https://fonts.googleapis.com/css?family=Open+Sans:800,700italic,700,600italic,600,400italic,400,300italic,300,800italic" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 648030 |
| Entropy (8bit): | 5.360461977214888 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 927CFD3A34ABCBFEC2F3A7FB22667ED5 |
| SHA1: | 71D749BA3EFA626701252ED9E8092A443EE9515B |
| SHA-256: | 96BE664461D3BF79B3BBDDF7FF9AB6CCACCAD31FAD305EC80DAD1C6CBD1FA80B |
| SHA-512: | 29FD1B7D15760368453BC399AEFDC866C80207DB412899B32DC8D2E381AEA7A8A8835D2E35A958EBD2641603599851DAA2D257BE05C6D3F11A6206FE2146B071 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 88751 |
| Entropy (8bit): | 5.414296471740167 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 69CB7809B5011312E716F29B3D19DCE6 |
| SHA1: | 833DABFB546D57065AEBA7190B5EE5A2428DFA47 |
| SHA-256: | E039E607C78306C7E029A7FD0ECDB14F86456F16E1A5CE65AA26B4FDF1D38A3C |
| SHA-512: | 4259C8F940CFE4B7EC384E5ABD855713DA7792A955A7B737B75E45E6559A90292ADE59D7CCAB381EA4C2D0FA5109B4ABD9BFA0887C05C9FB1A27469D5E198A69 |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://m.stripe.network/out-4.5.43.js |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 894 |
| Entropy (8bit): | 2.5292234637093394 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 17E1EB6D7D43411A8A037FA197177287 |
| SHA1: | C536612C90360FFD73D0B06264C2BC79428221FA |
| SHA-256: | C2F7FF59E2A3070CFC7C3787F8239E5E00F01732E35DCF1404FBFBCE919B6D65 |
| SHA-512: | 740FDCB172E9E349A0513DFA2FB924A702156A51FE1CAD32AF9E18BF119CED309E0A5F35F3ECE18CB002C34D51690FB492E55763B01875FD0EE023713B74CA71 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 2252 |
| Entropy (8bit): | 5.232154617965286 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 97DCC66FF5F5429CBDF8090D82A54654 |
| SHA1: | B8A02CF715B0088CFF0B89C38C05FFE504858E7D |
| SHA-256: | F8F115BAE4CDBEB48795E548ECD0DAE20401F4D3EF5291BD98495B9CB988462E |
| SHA-512: | 319190ADA7E6B7BB959B4ECFC13207D8F1AB4641CE3C9F73C97321683CCCE58477402E8E62C0C714C8BCEEB94C6EB9AC77CA6D0AEA579BE86D329956B781AEAA |
| Malicious: | false |
| Reputation: | unknown |
| URL: | https://secure.zervant.com/recipient-portal/?accessToken=z5YY1SAZlE9ODNw4Ec%2FHXLTwpvEg1Bkp%2BBzy%2BqYzP7jv7qsKrjqjCEE7sClXZPwhDtT9x9IrjRrFzBtcRZ5Hb%2BmiLgQDNu2NFopbyYe2AQ7MdzoDr8RXBuK3W9ZuNOBbCfbjsiXNOaeKBnyzLe4zFCg%2FYmJ%2BIAMDy8YNQyXVS%2FGeMlrd5znKWRXmIqRnIe3zlnpDzVayuVk8k1N%2FnOlrQgsuLatQoETDGD6BmLyZSlwwYXDP84erK7dpVTk01QYp |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.995216399549904 |
| TrID: |
|
| File name: | Fw INVOICE TEST-4 - INTUIT QUICKBOOKS - 399.00 USD.zip |
| File size: | 135'434 bytes |
| MD5: | ae7cfab4b1dd7bd43c954abf9c202ee0 |
| SHA1: | b996b9c0de51017f56118d42e7b3b793fc648ea3 |
| SHA256: | 4d6a89ed07b16b0345d2ec78fe9c8f3a59416cb4d942e03194726891007ca574 |
| SHA512: | 05cbc16528cc13a4feb6c5d061efaf4917f30add46de315c191c966768d7456e3b45413347f03b454c9bc01a17654f98206e5d85442252de0803d1a1394c1733 |
| SSDEEP: | 3072:PMWsTInVQRwo7HGCG84hg7l8lb0MksM3w8+l5U:U5OVQRwU684e7AQMksM3FYU |
| TLSH: | 95D3125159A76682A31D0FB1E8B23ED4BD302F2A3C3BFC26D14835D745CCA4C552EA66 |
| File Content Preview: | PK........Xo.X....<.......6...Fw INVOICE TEST-4 - INTUIT QUICKBOOKS - 399.00 USD.msg....e.U.wz..fdI#K.-,..-.Rw....iM....U.W....1n...}...d'$80.......8.e..e.......f....&.v......'.P......uuW.[.3.l...v.........Y.K......'..9;..........kk.{......0{..y...../|... |
 | |
| Icon Hash: | 1c1c1e4e4ececedc |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node