Windows
Analysis Report
Payroll Docs-Accounts-932334.pdf
Overview
General Information
Detection
Score: | 21 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64_ra
- Acrobat.exe (PID: 6700 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\P ayroll Doc s-Accounts -932334.pd f" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 7148 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 2136 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 60 --field -trial-han dle=1592,i ,130059820 6444028308 4,71589927 2606562229 7,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- chrome.exe (PID: 7044 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// t.ly/-GPuq MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6708 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2196 --fi eld-trial- handle=200 0,i,163319 4354311821 8011,19708 0356912993 6825,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Memory has grown: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Persistence and Installation Behavior |
---|
Source: | LLM: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Process information queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Browser Extensions | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Extra Window Memory Injection | 1 Extra Window Memory Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
4% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
a.nel.cloudflare.com | 35.190.80.1 | true | false |
| unknown |
s.pxltgr.com | 34.254.91.162 | true | false |
| unknown |
wayfair.map.fastly.net | 151.101.1.148 | true | false |
| unknown |
la.uctiogang.com | 104.21.39.63 | true | false |
| unknown |
localhost.crcldu.com | 104.18.1.150 | true | false |
| unknown |
cadmus2.script.ac | 104.18.22.145 | true | false |
| unknown |
www.wayfair.map.fastly.net | 151.101.1.252 | true | false |
| unknown |
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false |
| unknown |
t.ly | 104.20.7.133 | true | false |
| unknown |
code.jquery.com | 151.101.194.137 | true | false |
| unknown |
cdnjs.cloudflare.com | 104.17.25.14 | true | false |
| unknown |
challenges.cloudflare.com | 104.18.94.41 | true | false |
| unknown |
www.google.com | 216.58.206.36 | true | false |
| unknown |
crcldu.com | 104.18.0.150 | true | false |
| unknown |
azclmf22rtstbzadn80iqtugusduzrpdceemjb7nzeeeancdxpuok1l8n.entitashe.ru | 188.114.96.3 | true | false | unknown | |
x1.i.lencr.org | unknown | unknown | false |
| unknown |
www.wayfair.com | unknown | unknown | false |
| unknown |
client.perimeterx.net | unknown | unknown | false |
| unknown |
assets.wfcdn.com | unknown | unknown | false |
| unknown |
prx.wayfair.com | unknown | unknown | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.18.42.218 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
142.250.186.170 | unknown | United States | 15169 | GOOGLEUS | false | |
104.18.94.41 | challenges.cloudflare.com | United States | 13335 | CLOUDFLARENETUS | false | |
151.101.1.252 | www.wayfair.map.fastly.net | United States | 54113 | FASTLYUS | false | |
216.58.206.36 | www.google.com | United States | 15169 | GOOGLEUS | false | |
216.58.206.35 | unknown | United States | 15169 | GOOGLEUS | false | |
162.159.61.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
34.249.112.122 | unknown | United States | 16509 | AMAZON-02US | false | |
199.232.214.172 | unknown | United States | 54113 | FASTLYUS | false | |
104.20.7.133 | t.ly | United States | 13335 | CLOUDFLARENETUS | false | |
142.250.186.110 | unknown | United States | 15169 | GOOGLEUS | false | |
151.101.194.137 | code.jquery.com | United States | 54113 | FASTLYUS | false | |
35.190.80.1 | a.nel.cloudflare.com | United States | 15169 | GOOGLEUS | false | |
104.76.201.34 | unknown | United States | 3462 | HINETDataCommunicationBusinessGroupTW | false | |
104.18.22.145 | cadmus2.script.ac | United States | 13335 | CLOUDFLARENETUS | false | |
104.21.39.63 | la.uctiogang.com | United States | 13335 | CLOUDFLARENETUS | false | |
151.101.1.148 | wayfair.map.fastly.net | United States | 54113 | FASTLYUS | false | |
104.18.0.150 | crcldu.com | United States | 13335 | CLOUDFLARENETUS | false | |
104.18.95.41 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
142.250.185.238 | unknown | United States | 15169 | GOOGLEUS | false | |
151.101.2.137 | unknown | United States | 54113 | FASTLYUS | false | |
23.215.23.211 | unknown | United States | 20940 | AKAMAI-ASN1EU | false | |
34.254.91.162 | s.pxltgr.com | United States | 16509 | AMAZON-02US | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
188.114.97.3 | unknown | European Union | 13335 | CLOUDFLARENETUS | false | |
104.18.39.111 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
52.5.13.197 | unknown | United States | 14618 | AMAZON-AESUS | false | |
188.114.96.3 | azclmf22rtstbzadn80iqtugusduzrpdceemjb7nzeeeancdxpuok1l8n.entitashe.ru | European Union | 13335 | CLOUDFLARENETUS | false | |
104.18.1.150 | localhost.crcldu.com | United States | 13335 | CLOUDFLARENETUS | false | |
64.233.184.84 | unknown | United States | 15169 | GOOGLEUS | false | |
104.126.112.182 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
23.50.111.239 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
104.17.25.14 | cdnjs.cloudflare.com | United States | 13335 | CLOUDFLARENETUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1530687 |
Start date and time: | 2024-10-10 11:37:22 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | Payroll Docs-Accounts-932334.pdf |
Detection: | SUS |
Classification: | sus21.winPDF@35/46@57/72 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 216.58.206.35, 142.250.186.110, 64.233.184.84, 23.215.23.211, 34.104.35.123, 52.5.13.197, 52.202.204.11, 23.22.254.206, 54.227.187.23, 162.159.61.3, 172.64.41.3
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, clientservices.googleapis.com, clients.l.google.com, p13n.adobe.io, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
Input | Output |
---|---|
URL: https://la.uctiogang.com/MBz3mBy/ Model: jbxai | { "brand":["Cloudflare"], "contains_trigger_text":true, "trigger_text":"Verifying... Security validation on your browsing software.", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Verifying... Security validation on your browsing software.", "has_visible_qrcode":false} |
URL: https://la.uctiogang.com/MBz3mBy/ Model: jbxai | { "brand":["Cloudflare"], "contains_trigger_text":true, "trigger_text":"Verifying... Security validation on your browsing software.", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Verifying... Security validation on your browsing software.", "has_visible_qrcode":false} |
URL: PDF document Model: jbxai | { "brand":["Premium Floors"], "contains_trigger_text":true, "trigger_text":"Scan the QR code below with your smartphone camera for easy access to the document review.", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Enhanced Bonus Distribution Strategy Your attention to the document provided by the Human Resources/Payroll Department is requested. Date: Wednesday October 2024 Scan the QR code below with your smartphone camera for easy access to the document review. Please refrain from sharing this email, as it includes a secure link to our SharePoint platform. We appreciate your cooperation in maintaining security and confidentiality by not disclosing this link or its access code to others. Your email: accounts@premiumfloors.com.au", "has_visible_qrcode":true} |
URL: https://la.uctiogang.com/MBz3mBy/ Model: jbxai | { "brand":["Cloudflare"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Success! Conducting security validation on your browsing software.", "has_visible_qrcode":false} |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 5.190633175042397 |
Encrypted: | false |
SSDEEP: | |
MD5: | 43E3DF8E95DC5374B899D3CFA170FAC2 |
SHA1: | 8DF0BA8ECCFE7708A09DB71C7172A4FD1BCAD6CB |
SHA-256: | BC445A36B06D65BFBEE522FF82403AF818712019BFC3D795E50B4985BCDC4FE2 |
SHA-512: | 4C6449B0B48EEE21DDE1C5D502AB664B423EAA42FD943C5E72B7349DCAD9ABE0E9F53AA974ED81111D5F923AD264E02A0160ECD8B4499DCD31F23DABF8526F98 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 334 |
Entropy (8bit): | 5.221747323764819 |
Encrypted: | false |
SSDEEP: | |
MD5: | C903A34A4AC432CC7B701494A6EF8DC7 |
SHA1: | 253F145052DBF9E22EDBADB99174F8FC67CFF30E |
SHA-256: | 097760E4325E3BBA38A81A94F6733FE5433D78F210DD3FA6E816C7AAF18E84DC |
SHA-512: | 896A907D1D4A54B8F7213FBECEDF16A6D67D99B434C18F3664B715CFEBD8EC7B5BF019418DB4DF07941E8FC0A32D61C15B673531CF8A21C814432E794416EFB7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\81e3677c-c26b-40fe-96d3-e8814e7a1be4.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4099 |
Entropy (8bit): | 5.232558302706113 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1990323B960DCA604518B500489C7AC7 |
SHA1: | E7A62C395E9D86D387B3FC645230BE28ED17A391 |
SHA-256: | EA034C327B1420F5E721A48D283B893517303890BCDD7D1F3B1821E382068E8E |
SHA-512: | E9A0F86083AC26FAC9681DDC8863FBD4EE3A11B86047DC7087B503B7D267AAE1CFC6B9AB3E1411084400A2FECCDDC7D802690D7149D7108B060EACCA2FBF03E7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 322 |
Entropy (8bit): | 5.223203019106065 |
Encrypted: | false |
SSDEEP: | |
MD5: | 29FF03372F20C79665084EE02812E0E5 |
SHA1: | C0E491912EA18C254C7E8481FE8EAEC2BA54809D |
SHA-256: | 3C7D64F89E8CA2533698D38C00DFF38E4D6E5CE961375844C2DE333BE0C64F97 |
SHA-512: | F1EAD37E92503F3D86E18AE23143D497EF4AF75C8AB6A2AF2619814955126D49E755555A6BB908B44F17CAD2A416AD420E1F35DB0A451C0882C9131E38F7DCC8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241010093756Z-158.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.2496573846970265 |
Encrypted: | false |
SSDEEP: | |
MD5: | EF78A60908C2DAF0AE575E5688E01EEA |
SHA1: | 999FB1B21039D377BA609E8F9DCC218F0F37D8F2 |
SHA-256: | CF9103CE9B196BF1AEEFF1E7D02130A0F09789F3AC62225FE8C4B5D805747DDB |
SHA-512: | 39F8546FAE302E7134CED3ADEECE285A84857F2020F75AF0777487B168E7C880BD76CC2EABDE85680E4C47FB7E9B091C3CD6E02964C2493C4D4C5995D57C4B51 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.215452504747139 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5C16866D379120907F9CC65158AA72C1 |
SHA1: | 99C2FF124BE1D616DB4178AA7EF645A38F3F2A1E |
SHA-256: | 1DD5CCF42EBB6C7039BAA3F6F485315E77EE061139A19F2790DE421653AD295E |
SHA-512: | 172076F9F3C903B00D42EE8F9DEC798D0C1BE7F4E3884B41D46E46727742E7435E0E86FFB3243757A55342EBC16A341DF48C11A7177CE4B48A41CA8B7A6F72B4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7895108629891827 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9B4503F86245CAB105005154017BD297 |
SHA1: | 072BF79B2130A9003C3FEC7CFE9C2E040A5BF9F9 |
SHA-256: | B918490D1CCA31D6893859DD4B899A43BA994A526C5172D019B8ED00F0B8DEAE |
SHA-512: | 870618825D613A04A198EB71FCC8F65F2D670A53B912597B905917CE1FF725B0FA83DAAA45E14AB13E8920FBA2C05DBCB68A2F31C0B0834844717CFDE0F37908 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.2539954282295116 |
Encrypted: | false |
SSDEEP: | |
MD5: | 895F09E120C67F6D70FB20DAEE5B26FF |
SHA1: | 4B999FC68A2D2952B3A8B91AE8084BD816D1F125 |
SHA-256: | ADFACFDD5B687C424900C74B9935D79A6364D7428DB1180103FFB9E2056F847D |
SHA-512: | F65DD09AA96ABEA94D7860AC0537AC3B892D6283442CB6CAF3BF705BF579B06BED330899CD77BC4621D59C7DF680BD585E47864152524B789333E3F47F8D0644 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.373107522673965 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9C039AADB1A91B93AEFD345F9A7F47DF |
SHA1: | C4381E6EB9A9757BC353D12212C22E4B8EF8934F |
SHA-256: | 0EBA81E3F631C78B6C0FD4FD292C32C19EA4D42F0C8BDBF04B440EB05B330747 |
SHA-512: | 56F32AB4B91FA8B0D8C12B1DCD309945264EE9157E1265759564C7AD490FADA6BC22BC498B0FB625423FEF1B61859E2A560CDBD601A961568E5DF8007D8561AD |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.3226219571427675 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3DCF60EA839BFB9522D1598B57081314 |
SHA1: | 608D7333BE801BB03CC3930DE2FC374F7151EEED |
SHA-256: | 2B9CC610C802452619522FB13949BED6C52FA53DCA46001C03B35440D65FD6E5 |
SHA-512: | E307FA82A91AF3147EFB6046FA8F50BE598BA732CA48F8DD42330B4861E2D30785295955A2F1EAA0839814B5CDA25FCD395EB2A174D5C2530A0A5E715C79336B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.300574557142127 |
Encrypted: | false |
SSDEEP: | |
MD5: | EDF7C17CC1D7E70A35E1C53F88196BB1 |
SHA1: | 5FB771806BFAC06C039D388D01F8A11948E5180F |
SHA-256: | F9E09555D6A017ECE448B678574C9B9ED872570164E1642595CD92E29C69B065 |
SHA-512: | DDE6BCEEABAD85A169E37C1B2F3DCD63075B6B7D501E87788A144166CD13EBD591AECB27077B384389086A7D7053C9DB5A7857694DF92B4EEC928E428989A16B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.36182961093625 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3D717F69B3F16F275222C750923607C3 |
SHA1: | C4028CCD37BFBB5E8F063EC887C2D47919907965 |
SHA-256: | C0F73677C06CE1AA5228319B502641907319CF259CFBE18B813115E1A20195EB |
SHA-512: | 5EC17D872894934A08270A5716AD89B911D2449FC26A0AE91B918940C26CBD825E64A6A66DEBED1B42C42E04FD57CDB4CFDC63D21D659FB32490AB93555AE80D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1083 |
Entropy (8bit): | 5.682240844210185 |
Encrypted: | false |
SSDEEP: | |
MD5: | CA68FD989CD897E42AAE181BAD5AEAC0 |
SHA1: | CB36A81C6DD657158A6B49741A6822F4F8FBF9D9 |
SHA-256: | 8D11D3FDEDA3C1325136B652D410F8406C33E5DF0961D945B16BC37377654013 |
SHA-512: | D3ABD66DBD8163A740D2C257CF8956311E3BDA73C2BE405B436C9B2E4644CB69631886AD108765C135CFEC154EDAD3DD96E66426C7F90F751628830BC674C552 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.655047758227053 |
Encrypted: | false |
SSDEEP: | |
MD5: | E2C33426C1D007FA7B31D9DD9E1706F1 |
SHA1: | 2DA690B13CA76F10842BE5205F71E9807E834231 |
SHA-256: | 33D92E5C011CC59AF29CF5AEA9767E38F8BBF004555AF38C1A46F769CB01B85C |
SHA-512: | CB3D5365E400E3C0E95AE7A1CFF8043288174AF1C8DFF77751AD490C6C8074B603635799A66808AA0C3CB5893E7B716450BDDF837AF42E059510F90C38B30161 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.313297951428304 |
Encrypted: | false |
SSDEEP: | |
MD5: | D0FEF47C6607A64E2B8222D7767292C3 |
SHA1: | 48DCC02CE00AF9AC3FD3C29F3DE64C6B14B31CE1 |
SHA-256: | A8B2BE5B061BFA9A54AF9268D00E8A2660AF167AFE7CA73D912D636B69667071 |
SHA-512: | 25DBAB6FF312172223814A1D5686DB23AB5BFF631FE91DC52E87665A5204880E27FF5D51697AFF2CBBABE0B608CE58B087B5618683CC4A93C50A632CD5AF1893 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1062 |
Entropy (8bit): | 5.688581850137944 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2E3B4448889744DAD244E5BB0910E9E3 |
SHA1: | E7BFF1393C55381F94D973D2D38543956B7548B2 |
SHA-256: | DB8BBBE52604AFA200FC679B6BF62B61B45C406C33A5CB7005BAFA0A9D7B2464 |
SHA-512: | 39EDE247903675315E8E7B5975FD7DB639282E5459A452A326406839C5951F8689953B0D746DF84694EF637A92D861B6C988285CE77BD19679BD38BC9C8A948D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.699435406663673 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7D373D3BE53BC1E370AC7C0EFF7E253C |
SHA1: | 29EA6DC8173BAC55217E714922C857F3D48F36B6 |
SHA-256: | 991F9FCD208057278DEC963F7F84F2279E098A28BA5A97E922EBF94B9C76CA1F |
SHA-512: | 154615DAE1BFDF2BA6832192236468627CCDAA73C76470EED4C21018AC0C4E3E68362C99595BA241B6DA33AD4F4662E31AF38EF127F09A5B33B581F4FF59683A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.316475593549122 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3C5F269143F17BCEDBB1BEC7DF28268B |
SHA1: | 7E41169C24F24661086333AAA058797AEB953D3A |
SHA-256: | 75B667B746BFDED2FD7E7D93B97C546B238657531BBC7BD27652B830981D6034 |
SHA-512: | 909995A2706653A9DBA91A9C0DCF2368BC4C22AB453FE04002385DE55702914B16299E6D7E7B44B8A9750E2AA59BD5825017827DDC423CE88D64739442E8324B |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.776626905958944 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3E9EB2ADB393B628EDD6410E5EAA1106 |
SHA1: | 0154E7FAC9E37F981AE70E4735607EB4F0B32F0D |
SHA-256: | E8D0C15F3FBE3ABA6992E6A60647C26697AC76A8740BAF7D87C32574859ED376 |
SHA-512: | 6847CDA8327A33A0BAE4A9641C15FD484949507F8AC10CD0562F512F5A9B3579DE72EC1FFAE43BBDCCAEFCA35BCFE8839A4B83A768B9F86467CA69351E816345 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.29990945690306 |
Encrypted: | false |
SSDEEP: | |
MD5: | CE4A2AEC202B49371B8052BD6E38B384 |
SHA1: | 36D979063EB3201C46701B4CA13AEDB1D81D0550 |
SHA-256: | 023C27D335E52AB34F9E6D967A1EADCBADE4AB5D819FFCD533011F4FF0E18CAB |
SHA-512: | 89A001818D62F79E53B129E5D5F50CA81BC0FDB1E42257DE9C2A97A3B6F8D00846537011521EC446723EA2B17EAF7BD21D626441D584B149C91503736F2E7755 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.304094100788509 |
Encrypted: | false |
SSDEEP: | |
MD5: | B7C1A2D4DAE737378AEFCD651388FA4F |
SHA1: | C825C1D7525643920C32086A1D32C9B068EE3790 |
SHA-256: | 186A2651EA9D227BD9B6A8802E9AE6DC21270FBDFD7C85FC58D336EC3F4A7364 |
SHA-512: | EA610CED3C4C0F059CB576980C9A3616606BEFC21B642C026E966FA053BC3A98BE7F67F62938C946C1C23FFF4CD588637F4BD64566EB9BAC0342A3398F43781A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1082 |
Entropy (8bit): | 5.688121008903974 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2F1B9785350766314EC904E8F9201FE7 |
SHA1: | FC92F4372375AA72B23FC1DF8587CBE33B4B97AD |
SHA-256: | 23FE18E5D04B853F114656AA6ABD1C11715F1CA59DAE8589C0FFCF4B2851F2D3 |
SHA-512: | DCC97DDB83515FA18F0E1572974C263908E0607445DE92367F682FAD8D4E883D59032F8D66E9BDB9B1EEDBB9A70DCE9DE5E572A420491B90802504C0D89C2980 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.278601357480342 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1AA2EE4F7575E9AEDE824B9A64F52292 |
SHA1: | 3ED81AE93AA4568F938E913FF1502F45B6A0A696 |
SHA-256: | 4D898E03318761FBBE951E1E2D77506C97131FE0647933D7440FF4C8E330DE94 |
SHA-512: | D5C0F38C1F884E0CB40383DB16657863A553347799DCF9CBB4237369629BEAA454B84416BCE46F70909917DEC2FF2CAA733E3B4B617FEA4B34D8789BD41EC1BD |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.367714613268458 |
Encrypted: | false |
SSDEEP: | |
MD5: | D78E5A916A2F64EDA925F25279B3DA9A |
SHA1: | 16D5DBEDDFA1C0102E8127C77BB2E252F3442CF6 |
SHA-256: | 28D7F6BFB6DBDCF3B74FAAEC8BCC813830E99D6B631AD0F3D3565CFDC2F64122 |
SHA-512: | 14ED196CE84C4E88EEDB663D11B05FF6E8AA93FCD5FCBFC1F6419482819F846F899924831DE32FA2F71A7517783456C240C56BB093F79A4B1E60B61DCA01EFD9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.139343048176054 |
Encrypted: | false |
SSDEEP: | |
MD5: | C530B5A517186CA71D320ECF675D17B1 |
SHA1: | 7F6538DB3F4936F5FB1618611C338E169AA68F2D |
SHA-256: | 1343922084D7B6CCE88EBFA757449CCBAED75383989F6C574C149D724DB7A122 |
SHA-512: | AD9D3907F03E68BCA44A245080BFC30214BF8F6FDABDB2F76513E6E51F20381F3FD9B657AD87CE37580046D2C50EE656A5057202A0CBEB82518F034B94282A16 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9874978542012216 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3D4EB5898E1B90FDFE33FF873348A785 |
SHA1: | 8F05862D48F3DACF17740C28B81F1A42668B68F2 |
SHA-256: | 651315392095BCF4EF7BCEE608795ACF41266CEACFB1CA8664E7B06F001C2257 |
SHA-512: | B67E898295B91377F510E7BD444F6E47615A6919652BE7A5D2C162F23DD35838B4C3B7A1DCFF5B68E513E7502B1DCD9B7DDDFE55BE12AB70F4AF4C3F8F6A0A05 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3418445638974243 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5072EB908FC2C41E1B905528B569AD44 |
SHA1: | 3AF8B8E61DC060BA6A6F0421CC42304360B287FD |
SHA-256: | 6A9E40C584FA9A3FF3D6794F4AD7640EC13EB7DD6DED586D2CF9B3604D0D49E3 |
SHA-512: | 9E97ABC33B586EC88D9710FBF99CC2BE10FF51B746A258F364006FBDAFFAA409DD6305E00550FA909F6B376226CCF322F0E10A5F16CF913A4E3A4BA249AC7934 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5309417490522437 |
Encrypted: | false |
SSDEEP: | |
MD5: | 51D2B64BC108AC47769A477F46CDB363 |
SHA1: | A2920D78B43E4B127FF5055C1FAAE686208A44F4 |
SHA-256: | 23B73BF6D0503FFBBE39012257960FA95D24DAED0DBD6853218156D6B97698D5 |
SHA-512: | E4CAA3E3CA14F7D90B0E909DEE43DA1F488B769BC0357EB18FFA086E2218AEA74B9ABA6224B95226ADA67D419EA22732CA40B209ED952D44C467085ABFFEA2D4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-10 05-37-54-910.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15113 |
Entropy (8bit): | 5.367878436097709 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9153DE15F60E8C33DF3DD86EA31B69D8 |
SHA1: | D6C6D93E2D2C6B6B1FFCEDFBF8E5D2AE62A12472 |
SHA-256: | AEA02DAF2406C4D4EA34555B70644A7EA96517A408CA7FA1096E0C898C44A7E1 |
SHA-512: | 512F7D852A72D3270B23BF143C7607254C96D231304AD9C6E25589D8AEB9794063DF2EC6328D24D049E261F639046FABD6B92110F09208D2F488CA5239B457FF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.421107256035999 |
Encrypted: | false |
SSDEEP: | |
MD5: | FD86258A2B2D59C75614CE0E5241240F |
SHA1: | 0668F038112F73C7BC21DCADEC0A256BFD39403C |
SHA-256: | CF91B5C81BA5A45D4B5BD668265F202ECB577A98539EC03E54C26C7223AEB9C3 |
SHA-512: | C6D32B4E2DE0EDD8FD63C1580652D42986FF686E800C9C46AB2ECE82EB7427062FCC271C8CC16BF76EE906AA89FA2F1379F1A15057A03CBA00BAFD5E21487A9E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | |
MD5: | 59EE5E2FB56A099CAA8EDFD7AF821ED6 |
SHA1: | F5DC4F876768D57B69EC894ADE0A66E813BFED92 |
SHA-256: | E100AAAA4FB2B3D78E3B6475C3B48BE189C5A39F73CFC2D22423F2CE928D3E75 |
SHA-512: | 77A45C89F6019F92576D88AE67B59F9D6D36BA6FDC020419DAB55DBD8492BA97B3DAC18278EB0210F90758B3D643EA8DCF8EC2BD1481930A59B8BB515E7440FE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.9819670330987966 |
Encrypted: | false |
SSDEEP: | |
MD5: | F94914BB8EF3863874A155E973552F2F |
SHA1: | 57B5DE5CE531EAD1B314D6CA66A49700823E2375 |
SHA-256: | 294912E3D851F06BECFA83DAF047219F94F0ABF19242FB9C11D9B46FCDCEB6CA |
SHA-512: | 7D322D4232CC09567CDD697CB49B3E903BE5731E507399986A373711A07D20DF12C993F99879453E12B1A022009AEBFFEB5CA1734280E84C36A2D45CA68DD24A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 3.997076076120167 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6000E00F7F0BE419B5F38B95827D83EE |
SHA1: | 57FB3CE7AE106536C69C159BE7A14DF0E14AD19E |
SHA-256: | A50DB9B9BFD3E302189CF737980F04332851CFB5DA8DAAB68DC22CEC90355EF1 |
SHA-512: | 3C7F58E326661FBFD6465E77158CB96333F9F77AB9658EB0DB4AE3BE07FA2F3C7EF54952F8F7950D905427D2E82D2EE304910016AB2713DECDCE69FEC98513BA |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.006335372250611 |
Encrypted: | false |
SSDEEP: | |
MD5: | BE0AC2ADBE3504BA8CECC85A262B53D4 |
SHA1: | ED30721AEA741AED21C998D61ABF6AF33F787037 |
SHA-256: | 48F5D6F1FCBDACD1AC52DE92F1676A9C64F2EBF3848E80599E9A3E525B2654F2 |
SHA-512: | 0A5B61FB4B2200D9EB18176914E55B7D5D29F4F9E2182C0A2BCFAF4BE826418E3A355BA487AA6330B22D3D07BAFA3516D062A534EF6F9A8DC218E51EBDDED844 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.996145702839842 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3853F12498C31939BE66BED6977B3918 |
SHA1: | 27376BDE0051AF6F5576DF04C95749ACE71C1477 |
SHA-256: | 21331C6910EA6764270FE3FB499138C771BEEDC241E4B5FE67C4C69B90DBA425 |
SHA-512: | A51DF26BE850B3BA8ABC7DF388CA6CF0835D46FE379D426A66374AF2E19D14FC0F4757D4ED91C5D6B93DCC3F763837CB37B6215FE413FCF4F9621804E86DF0D9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.983444807753396 |
Encrypted: | false |
SSDEEP: | |
MD5: | 16602FCCECDDA52C196EFDB50A1A1A0C |
SHA1: | 4603EEDB3762BE3EB72374002C331B3B4D368A32 |
SHA-256: | D2C5D6A8C6A10DC4ADEE25151064B9888F0DE133BCE4E647DC63889A35B8DDA3 |
SHA-512: | 0F2C8A04DE76A8E2CFA7ADA5F14DA36850652F70ADC44CE330EB1ABFED4CEA8B64748E024839B35264129C0DACE8F6C72432F4A6C64E24C095DA73F5DF53B1B7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9928641511549072 |
Encrypted: | false |
SSDEEP: | |
MD5: | F1950F67C1DACD4A0488962114F89EC7 |
SHA1: | EC1F93B3B900938F65D6377AB1DB163785BB1BCB |
SHA-256: | 1539660BACDBC0B279FC35FA8005C0AC10BC777234FE01A75F8536D51C6A1F6E |
SHA-512: | DD8A36C078EC8F4E0B9298612A6860D649DAC1F35AB8321E8DE908BF69E945BE646C78CAECA7678DD2EEF26BCA2339748BD834DBD22212D94A5C356E956E6A8A |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.818003123392359 |
TrID: |
|
File name: | Payroll Docs-Accounts-932334.pdf |
File size: | 58'410 bytes |
MD5: | 3a3f909a47ce465ee1c106ca9986d51f |
SHA1: | 856cb60e27c408699cf05fe6cec203462a9050cd |
SHA256: | 2094645560cf33bb78cf9ada54fe37cb0ce96897a1c369eb67f1007791d6abc1 |
SHA512: | 876379ca4fbf400eb80ca5ec8a286c5cf035ac1ffe058ed51ffb7075830824b88c2efc88ad6829b388222895c9c70353c62a2bdd0d8f5eebf4261953edff468c |
SSDEEP: | 768:jp/PmGUp5z3nLVJTrdfoAAoZFFgTWmDYjNswa4pAEbO2bXHHfHu4A8aJQM2Td+vZ:jJI7bZfwob+j/AKopcV6voz |
TLSH: | 5243BFB4FDAE8C4CF911D716C5BE34A6AE1DF017A2CD6CC4003D0D65A186AA5A7233DB |
File Content Preview: | %PDF-1.4.%.....1 0 obj.<</Title (Email Template)./Creator (Chromium)./Producer (Skia/PDF m127)./CreationDate (D:20241009213223+00'00')./ModDate (D:20241009213223+00'00')>>.endobj.3 0 obj.<</ca 1./BM /Normal>>.endobj.6 0 obj.<</N 3./Filter /FlateDecode./Le |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.818003 |
Total Bytes: | 58410 |
Stream Entropy: | 7.990071 |
Stream Bytes: | 46763 |
Entropy outside Streams: | 5.130718 |
Bytes outside Streams: | 11647 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 69 |
endobj | 69 |
stream | 12 |
endstream | 12 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 3 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
5 | 0000000000000000 | f1bbd18c3bafb162bb32d5640c7c7481 | |
8 | 0000000000000000 | f169fded67bb26b36b065ec5e9e8f0f0 |