Windows
Analysis Report
payment copy1.msg
Overview
General Information
Detection
Score: | 3 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
Analysis Advice
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
- System is w10x64_ra
- OUTLOOK.EXE (PID: 4360 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /f "C:\Users \user\Desk top\paymen t copy1.ms g" MD5: 91A5292942864110ED734005B7E005C0) - ai.exe (PID: 2372 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "B5F C4A70-8B3B -49C0-A4ED -0EADF65A9 607" "181E 969C-7A51- 4646-90AA- 5AF9567181 DC" "4360" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) - Acrobat.exe (PID: 1444 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \AppData\L ocal\Micro soft\Windo ws\INetCac he\Content .Outlook\W 8J1AZEM\Pr oof of pay ment1.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 1300 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 3316 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 60 --field -trial-han dle=1572,i ,150984737 1956111732 9,76311208 2443903669 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: frack113: |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | File deleted: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | File read: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Window found: |
Source: | Window detected: |
Source: | Key opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | File Volume queried: | ||
Source: | File Volume queried: |
Source: | Process information queried: |
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Replication Through Removable Media | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 11 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 11 Peripheral Device Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 File Deletion | NTDS | 14 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.113.194.132 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
51.11.192.50 | unknown | United Kingdom | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.111.227.28 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
23.56.8.145 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
3.233.129.217 | unknown | United States | 14618 | AMAZON-AESUS | false | |
23.62.172.142 | unknown | United States | 3257 | GTT-BACKBONEGTTDE | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1416965 |
Start date and time: | 2024-03-28 11:14:20 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 23 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | payment copy1.msg |
Detection: | CLEAN |
Classification: | clean3.winMSG@22/52@0/19 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 52.113.194.132, 51.11.192.50
- Excluded domains from analysis (whitelisted): ecs.office.com, onedscolprdfrc04.francecentral.cloudapp.azure.com, slscr.update.microsoft.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, s-0005-office.config.skype.com, mobile.events.data.microsoft.com, mobile.events.data.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetValueKey calls found.
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.221259811364196 |
Encrypted: | false |
SSDEEP: | |
MD5: | B5FF743C45B6686823937B397FA7F5F4 |
SHA1: | 0C3742B2C4B9F2834279D0B6E5EDF1DDFEB3F726 |
SHA-256: | D76FE8BCA5347D07A66C7BF5AD297A042C169C7B5788A13D65E2555138968327 |
SHA-512: | 7A8A015664F8CEC6E48677EA960DBF087B2E82E5483C552F32788ECDD2B1637FBDB108D39082B3040D19A4A15D62C94EF7DBE74413471556AB596B1C388DB00D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.145937043357883 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0933BD475DC779B9CF06FDF52BC251A8 |
SHA1: | D0C13B3F36CBE4723633D1429993828AD29AF690 |
SHA-256: | EF1E8510E3A278FCCAAA5263A5C43C448084945DE9547E39003E2FB10996122C |
SHA-512: | 7FC15EDA94A34CC8EEF28A9D6A2E5A54AAA039ED9258A1F892AC92785711C5544BC9A25951CF57D7F6D0C520D00F30BED89DCA7EC4790D758C6171EAA15191DE |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6391 |
Entropy (8bit): | 5.249849976452304 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0C0FF9D37586D2C475E754C8649160F7 |
SHA1: | D525468969DCD8B677AFBBC15C337DBAC66CA570 |
SHA-256: | 0EA2CE3BA12BA4B66BA895468A339DC6280F379FC6FAB5B090416B82C2C8B36D |
SHA-512: | 6D72AF43BC7262D1B5F2A7A0162FEAA289372C5A5B66FD27FA05B0553C0BAA90CEAFB062FA145C81BB32380FB3C406C0D5F360F154EF177B33BAE6E855454C26 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.137127399801408 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9083093FC6A4201BF5A848C186740ADF |
SHA1: | 7A5E6F5A4AF7B05A65391C9BD05A33BB72B12934 |
SHA-256: | 1C7FBB9A01B55B9D55C1F0238960D6901F0D14940482FE9ECFD9CDB74A21DF17 |
SHA-512: | 2C55BCFC7750B2254737A4701A9C045DFD1C676D4867C8E9FEA3539A9E9796056EF152B61F0671CD0D5FB585587D4B3E55FAE60EBD5ADF894539FB0E80890B93 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240328101619Z-180.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 2.6537361959239814 |
Encrypted: | false |
SSDEEP: | |
MD5: | CB0705B8324245C29ED09369E5EC9C4F |
SHA1: | 3470985267FC42D6DDA427832AA427DEBEB4ACB5 |
SHA-256: | EAD7E2CEAB10A2744CA72F806A38B8C9D9723FB27A792246A32821C6748ACF38 |
SHA-512: | 74678060D33EBBAFBE3F4CFBC77BC89654F92A2E2C2CCD8ABA1504B40291891F399E7CF30A749AB23987A938423AAA2AE218B721052A56A29D6ED4B2647A6896 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86016 |
Entropy (8bit): | 4.444890668612129 |
Encrypted: | false |
SSDEEP: | |
MD5: | 05439F1EA5433167C1824D89E3242F33 |
SHA1: | 9EBD9E2059CE3004B796FF7A604B8733465FA0EB |
SHA-256: | 580909450A22038B0E52DB4A69F7EAB2DCEAD973762F6A3F9D0890C303F47AFE |
SHA-512: | 6AF548E26E28019F2B70C5549900F5DB5E34317C3D897F3E36BF9FDDB7029B37C3A153C74F94EB238C4C3F808CC012A69AFCFDD2CA5B801C88AF49F1F5460F39 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.7679129268336506 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9110A96BBD6D82709E0AD95120196369 |
SHA1: | 3419F7DEE08DA8A15B89331369C56F5F982BB801 |
SHA-256: | 9209F5E929A6E28F362EC1FEAA7EDC5B6B48419FD5783DB2EB554DDD108B486D |
SHA-512: | E77271C8A71FB4A8FC5C9A31BA7B38DCBBCC9F0292245BC522CCBA1958DDE7C08F8B7198C0631C87AA4CD1D82624FEBA4EF265D2E79D54535A17EC49A510909E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1233 |
Entropy (8bit): | 5.233980037532449 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10880 |
Entropy (8bit): | 5.214360287289079 |
Encrypted: | false |
SSDEEP: | |
MD5: | B60EE534029885BD6DECA42D1263BDC0 |
SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.35217356241872 |
Encrypted: | false |
SSDEEP: | |
MD5: | 44944E242DA82AC2F6C8CE24EE8C4B5E |
SHA1: | 0A29203A97339329C501F52F20A26972DAB046A2 |
SHA-256: | BFFE4348C736773E7AD673780A08A8FDDE941EC27D633B55A41F228C9DE10635 |
SHA-512: | 083D55A07B85F1B56CDED4AA0D30FE46243281B80C3D090170911262DF7258A4B05B64BFD09512980D8502D5A48D5EFD501DE142333B001655BBA0FB870CDBBD |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.2993504249443495 |
Encrypted: | false |
SSDEEP: | |
MD5: | 762EEC27EF45285EBADEE154C8316AA0 |
SHA1: | BA3500C0D717DDA4D5B1EF2585E13F0CD6ED2085 |
SHA-256: | A607448AD4FC45A0C4BE4ACD8C4B8C383A7561D0F8D657CE8D550A49943EC76A |
SHA-512: | 3A5EEE1D6B5AE1BE31C90A3BE00EE2CD7BD679B5F44EB58B2965BDBD490A20EBEA28D60C13FE2EDCC81EC6AC5A967F1BA5D5A039D771AEFEC26433D90ECA23BB |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.277200518521419 |
Encrypted: | false |
SSDEEP: | |
MD5: | EB5A78FF250E89FD5C2E1648BFC6606C |
SHA1: | 1E43FE30DFE722BD29F979D0C14C6782B50DFEBF |
SHA-256: | F1DA6D22D1B6F722CB1879414C31E20A6056FE30B14BD27164448C87D58D3780 |
SHA-512: | C3BFBC66E8CEC7225024A8ADBDCB7717D1AE5A4BF69A7D0CF89BA62DE0BB1EC8CD68F93DEC552855857421144B97B397DE254F66D4066170534720E8459A5FA1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.337877420782277 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5722744F00EC24D0954F9864F8FF3440 |
SHA1: | C7E07423194DA2A0C8F23813BA23975A85631AFA |
SHA-256: | E41F7D4E7EBC81BF3E7104674C1AD6571769BE3ED9C3A3722C6110FA3BD4E137 |
SHA-512: | F55A2C6A5673025693F84B12E1D3691B59B62E6F25793856224B1608711D97A7F0A89275C8A8134796C1F8553AE215137BB1F32E3A08D9BC338F054957F4E888 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.3036733747399545 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3DB4B08E137A33DB16C84D9CCC433030 |
SHA1: | 13E7BB2BD077CFA11E43E423E2EECDB315A7DD4A |
SHA-256: | 291B43DEEFD770FBF7F7A5860265F61E2C27B5FA6D44F9D0AFF28CB77F7A6BA4 |
SHA-512: | D43A7D457291830197FC92B24E0FA9D3581CFB121F75069D0D80670407614D667AA5E8AA3C36BE56F5C436D3933E49E38CAE89774C6B653E92D02653480140AE |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.289120220783608 |
Encrypted: | false |
SSDEEP: | |
MD5: | 57A9D6E2A8749D7CFCA59064138ED4C7 |
SHA1: | 9500C7A42BB6554290F2F3B4DFCB2CF42D5FA2EE |
SHA-256: | 39C276A9DB6644874204F701A1E7C65213B75A1817E15B5DAC4DCC00B59BE7B9 |
SHA-512: | 2191DA38E7C51FD08F1F13D3EFC6A991810B3230F19C6703014DAFE35C7C45CCED790E95B36350E0EB0D2E57729DE5CF8DBA862EA3B495D5DDC92BE573984B9B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.290496198150498 |
Encrypted: | false |
SSDEEP: | |
MD5: | DD210595E206A1864F364EFEC4F5F257 |
SHA1: | 67A084E43EA50B31CF2CEBC4082A9E02173DD3FA |
SHA-256: | 4CF535C01275ECF24830EA9C8D7F300F2EA7671E34FDC9ECDA7C319027C10693 |
SHA-512: | 655BC8DCDE5B86833997C9F1D7BBC14E2766A24DEE36C3436F0F094A4C3995652E9025A12F3D4A47E94D00449C5EB097613C0F5911CBCDBF8D53E0A541C14C61 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.300508560447747 |
Encrypted: | false |
SSDEEP: | |
MD5: | B9DEBAF4669F8EE75738A560DCFF5E35 |
SHA1: | 9A79C43D4C51A0132AC5ED6C91BD1CCE7426E2E7 |
SHA-256: | 48BC5D40FF58C0A87709EB210DDBC4CE50AD3CC90A5C060A135808EFECC9EBB2 |
SHA-512: | FAEDF9A4E12F715A10D58988DEBF2CF42015FD99D457573C6A8F67910E3ABCBBE4EA67B012CD47BBF59A79CFC6DAF5D8144ADF1DC6123B660C3E56EE6E89B93A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.31620660637718 |
Encrypted: | false |
SSDEEP: | |
MD5: | 857E91E7028F9BD7DFD7671E8FCA1784 |
SHA1: | 03EB381123F46EC6A261501626F56D4AF59167D1 |
SHA-256: | 15352BE8853AAA068FBCD101B38EA75CA29A7739C035DA68A7F811B821968740 |
SHA-512: | FF4F62EE8D5803E0CCD2DE8EFFC34B27ADA29CDD5C4B52F28443666F1DC047C7BAC8212340C92F347B4ED1181193F71175887CD7B1310845B460E3EB658C617D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.296784805596374 |
Encrypted: | false |
SSDEEP: | |
MD5: | 312CB948DE3C39AB5275D31FA80DB3B1 |
SHA1: | 45BA4921653EE475BC55CC823EC18A036CEAAAEB |
SHA-256: | BE10F24565E18B19FFE5D426CC00FFBCECEC0659CFDED2DA13367F70DB845437 |
SHA-512: | FE42A1F6DA9B7CE0AF485B5210A26AF214A36D13D03E228AEB3EABAFF07720B93EA4FA1BAEE412643A984BB8BB8474E135EB5EFA6D7E9E38C96C4F8B188CB033 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.7747044796359175 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9C5ADB1E077B9FDA48CB5104E2E2C96F |
SHA1: | 4025DED3F351A3430376B39FCDE0B3D82614F633 |
SHA-256: | 04FDA196D77344C4EAA930FF6D2F28B6092B005F44A9E179362A9ADE44088568 |
SHA-512: | 48B89101A3FCE0D0696B1771B2319FD6DA4B30AF27DADDF03A85E2F9A1187E68D3A63F5E6BDB6D0159AD77295D3010BA354B7D34FCED0E89C5CEBA2AD1AD5C15 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.280354000826276 |
Encrypted: | false |
SSDEEP: | |
MD5: | 02D62DBE5FFB44C7A79393CDC5C2E7B3 |
SHA1: | 54EEC6E2FEEC7DC572FBA1DD31F6581AA800FA76 |
SHA-256: | E68495553163335111E4E44436E7BC0043FE584999FB5FD6D33CACB48F4E7E1C |
SHA-512: | 4A56448EC0A6C0F08BE212BD1C78A54644C0CCD72496718F98CFEDC9E97B5A2861D7E3341C0948D59534C0836C0145CF3E1D98285CF6F6CAB2A4E23B0EB34EA4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.28198271701768 |
Encrypted: | false |
SSDEEP: | |
MD5: | CFD9F9C514DFB39DBDED005ABDE97194 |
SHA1: | 15120E4D9FD9114A4C7650C675B54BA271FC0810 |
SHA-256: | C001AE3D40CFFD9783A78F9EC9D04E72F675EE48DFBA13C747B64DECCDE69EF6 |
SHA-512: | 3C92CB6B5FD33FCC607421A9065BC59D84505E06B6FC6198FC25573B3F218818C9F0E7C9470E7A0FBE16D08D5860B0FBE111EAF00E21CA07DF3D39E0EAE39090 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.3033261162803 |
Encrypted: | false |
SSDEEP: | |
MD5: | D85E3198C9C3225D4F1EAE093DEC1663 |
SHA1: | 394F6466A98A03EA0E99A6B58401632EDD53FAD9 |
SHA-256: | 8E5D9E70B81808082B40F85679DDFA5603F5B9A2BCB1CAE565EB2AFDECEB05C0 |
SHA-512: | 93237EDBEC4C061CF65E458BE838AD3DF99FF72DC401583406E61598649976AB2147F6BC76E604269705AA13104AC71335AA72B778A5EE4F7EB4B2C0E6716243 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.258321142713977 |
Encrypted: | false |
SSDEEP: | |
MD5: | E7E71DA7B5569092883FEAC586F33ABD |
SHA1: | 7C454929B77EE009A1F979A427587F63E06B3C17 |
SHA-256: | E6083CF47B70934F5350A7440DD9317C1FF78D24F5D674B51701342B38F12C25 |
SHA-512: | 160270F2A7D460C497F14B2D50815F19DC8F981E12C0E5B3BD00E7596C6C8062DAE12C291B05A6452C7224A69D6F2A50F3F3708D54E087F7549E92F308AA6DD8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.365256493908195 |
Encrypted: | false |
SSDEEP: | |
MD5: | F6F2D3CEFCBA6946DE58580A18C3D770 |
SHA1: | 87D01800668B9AA81870FD193BFD50F962F3F550 |
SHA-256: | C17A2E814DCF626D08DE2C972B40A11DC20842E7EB3C522013CD0F8F24A9FC5F |
SHA-512: | 8C8BBBFEEB285439DF0AE1D60FE0E1749E2034AA2BC96369B445E772CFE2ABAF1BC22CDA7861036E8522556065795D26D23BB5D67F0BEE0BEF39D3F87E5831CF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2813 |
Entropy (8bit): | 5.117795620962445 |
Encrypted: | false |
SSDEEP: | |
MD5: | D04B66BA5CB51035B38C9E52507A823A |
SHA1: | 53C46203C98C4236D2EF720600393C43E83F9D09 |
SHA-256: | 7106698E88E4E89E62AB290E86FD37F37E6E4EB5FFD1870C0DD28C6909F09288 |
SHA-512: | 222F4355DCD13BAC0D646E680309DC346E9790D84E962DA0841CC2360C6D537742E20B8E3CE3CD1DA2DD57DADAC1DC69EBAFFE4DBA880423CF8BB0387625D3EC |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.3567835044543257 |
Encrypted: | false |
SSDEEP: | |
MD5: | DDA90ABD7A12F54979081C045C1D8140 |
SHA1: | CD7DAD1134EF114114EA7681494918E12750B1B6 |
SHA-256: | 59D0C529B52ACCAECB50FBA23B3505DEAFEAD82E281AEF43D9DBB49075400383 |
SHA-512: | 6606614E6A158F74BBB2CAB13748E9B1ECA217C806B90835560F03D1858551DAA5D4ABD17939649E4D2410124A43B2005DF63654E95AF498FBE583AAFA0286CB |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.8316213608837069 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4D843FC8F9155A4BFC1DA16A8F19AE58 |
SHA1: | 1EB5AD161BEC8064D84F392DA910523B449D406C |
SHA-256: | FC0043C2C96F5CF0DEE06937EC31FE7B1B1CDF4A09CEF079FD6BEF01D5454CEF |
SHA-512: | 27547D6F6629D723DFB49B056A91B663E7B9BB23310C07DB9422EBF9D940EB1605BE6A5892D7210B6829B582DCB2A09BD718774BB6BBA1D47EF62C557BABF436 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66726 |
Entropy (8bit): | 5.392739213842091 |
Encrypted: | false |
SSDEEP: | |
MD5: | 89263432F17285883382331937B5C832 |
SHA1: | E7AFB98BA1DEF23E50BB174DB7D53D7B1D95A875 |
SHA-256: | B6E8D5337702BD18336F3454431A60D485EE5B96AA1EBC41583F4008AF7AC0A3 |
SHA-512: | 67325423D9B5AFF543A56C1C008ED4665DA68F8B9110903935CC567FB2F445CD8EAFBC6D882BBBB01AF8DE3376B657D60B71A12340E5A83D12BFF3EC47C4434D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 231348 |
Entropy (8bit): | 4.37388171864284 |
Encrypted: | false |
SSDEEP: | |
MD5: | 023AFBA09E21DCD8DEAEDD669DC0F21D |
SHA1: | C10F92BB5143317AC75D105384A71D4DD31291F6 |
SHA-256: | E7EBFD1B8575D22A8FD8689BDFB8DDFF197E46429CF330FAB0C82DCA4C65DA92 |
SHA-512: | 4033DF74FB41AB614F55AE7F53D5EE9E52548883336CFCF506E5C41D0A7036BF034B84378EC14D20E7916E8F67470B459EF78E7F3197DFA37F470DD795F5381C |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.04599539242052959 |
Encrypted: | false |
SSDEEP: | |
MD5: | 870D06C926EDFED682251396A048E237 |
SHA1: | 13148B3C268F996F9D44914AC5F4869017D1A4EE |
SHA-256: | 8AB3EDDE7B9075E983F8D3E4DDBBE672E0D094C46D78155DABAF0B0133412C73 |
SHA-512: | 079E8F5829B0A0D3FF04F9B545C898A34463E80E0ABFE948B60DEE4AC6B57DA2F4EE367A3041A0A7F84CF8AC30ECB64F8BCE6D6BA0926E70828B4B3EF0CEA8CB |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 49472 |
Entropy (8bit): | 0.48374519358674806 |
Encrypted: | false |
SSDEEP: | |
MD5: | F419BB7CD4689DF501B8E0F93D8DBB45 |
SHA1: | E0FF9415FB542B32A186ED2CE85FED344C045FA2 |
SHA-256: | 2F010BDC77A29FC904252710E173F6EDB3E3F33BE51559788635ED74DB5C73AC |
SHA-512: | 297B0AE908DC5992E612F688B16328D478943BE43667721EDAF3629A71F8396668DC01F59743C3112DF99C3CF9166D074E67E57D712EA57D5B20456E3361A219 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W8J1AZEM\Proof of payment1 (002).pdf
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 684738 |
Entropy (8bit): | 7.9996303139448734 |
Encrypted: | true |
SSDEEP: | |
MD5: | 93BC0A018C0A3D0AE5A9D5F3FC2DC008 |
SHA1: | 313F766252B878126070DBDD40C236B87EDF358D |
SHA-256: | BAF013BC55FDEDC2A79ED9663F5FDA08D0D3C52DC652EF0C7CE993A2C8DA5928 |
SHA-512: | 37809FAD1743BA52956C6BD7BE8DDA4028710F01C89C02E4E074ED3199B9E0354CCCBCC1B30307ABC9066DD41A588CE902B3B919B8D2272D8DC428D8A547BF3A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W8J1AZEM\Proof of payment1 (002).pdf:Zone.Identifier
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | |
MD5: | FBCCF14D504B7B2DBCB5A5BDA75BD93B |
SHA1: | D59FC84CDD5217C6CF74785703655F78DA6B582B |
SHA-256: | EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
SHA-512: | AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1711620897227920200_D839103C-D2DB-47D4-B619-71C7268623DD.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.1598185003547992 |
Encrypted: | false |
SSDEEP: | |
MD5: | 07A5DC05EBD6AB635455A74182D08F6D |
SHA1: | 8567DF72574CBB674A8144C55B40BE8CA3715691 |
SHA-256: | 068A09BA9C9AAA661575E37230E2B94344FCFD9248F57CA9824CDBAEE657B0DE |
SHA-512: | 05626F0FD6334D44C33E4E85A0691F2AA552645FB47B408AAC0370DD0D0E8848BCBD0B760F83D9BE53079F47A56663AEDA1DEB2D414977F3D588480BD22C879D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1711620897228608400_D839103C-D2DB-47D4-B619-71C7268623DD.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5209238895127717 |
Encrypted: | false |
SSDEEP: | |
MD5: | 61ED037F878DC35628ACCEFC3A691FB5 |
SHA1: | 0DA910B99E0CF5AAB2B0C2D722DFA3DF43634841 |
SHA-256: | 158750D782D57F8266D672770B74E7DD6F01D0BF41EC4358527E801CAE16D6A6 |
SHA-512: | 48230857DB8E8D05E3BF65D57DA3F5532A6486F2E87C9E305868A4FDE8E4A9529B6E64068EBA7FE75D190EE70560095C7B73665565F41F8D7742AF5528A3BA03 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240328T1114560643-4360.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 94208 |
Entropy (8bit): | 4.482750161874205 |
Encrypted: | false |
SSDEEP: | |
MD5: | 95E0223D36DFC613283CEF0F2B068132 |
SHA1: | ECF5DB770C2B9900101153C14EE7DF024C781204 |
SHA-256: | EDB33A8E668D0D48ACE14D8F2D3CC0DA51CE75D0B8ED84AF53DE90F3AE55C0E5 |
SHA-512: | 08CD557CF334F0C4D422AE1DF9396AFDDF26DB3103A67687615307CE869C7A15A97933AB460199093544E86CB3B2806789CD1C92646FBCDE019C08A8BC5EB78C |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-28 11-16-18-322.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.359827924713262 |
Encrypted: | false |
SSDEEP: | |
MD5: | 06DEAEDB81D09FD8FB5FF668D8E09CB2 |
SHA1: | 28A02BCBD5975117B97A08AFB049F2C94F334726 |
SHA-256: | D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64 |
SHA-512: | 948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15111 |
Entropy (8bit): | 5.370313203458317 |
Encrypted: | false |
SSDEEP: | |
MD5: | 578F36711D5F79C728C89DBAFA22187D |
SHA1: | 84991D3CB4DA4B169997449A7BB87CC67C94A5E0 |
SHA-256: | 4ACED40C29453513303DE3051382557787B0886E1662AD886732662B5619FF6B |
SHA-512: | D89D70A5508A4CD67B3E3B551B5FE3A5FBBF65BE89EB09753EFB4A552C6FFD231E0F017FAC2FFCBDB5AA99EB79FD9E7C6A9995C5CC8D38755180C6CF28E11006 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35721 |
Entropy (8bit): | 5.4248638526234165 |
Encrypted: | false |
SSDEEP: | |
MD5: | FA75B7F80A048C8D6DDEB141CC8F406A |
SHA1: | 34FAE7BE838018FE3A22D7CFF5702A4291DD0D82 |
SHA-256: | 02DD718931A5728F357A877419E8B0CC6832DC1ABC02E1A5E4D9C5B2241C9476 |
SHA-512: | F3B9ECD0A90729E180EA237B97508F99D502D75778974E814094A775014BC2504E465B720EDDC4E527601678F556BA0575172BBF9263225199731E7E7DC281A6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 543911 |
Entropy (8bit): | 7.977303608379539 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5B21A6981E55EF9576D169BBED44BCDB |
SHA1: | B3A14100B7E7C2C01D61B010A54937952D111E20 |
SHA-256: | 9555E661370D1DC26605DAE88BDBC1ABA68038C769BF6E354A256B1A1C4C110E |
SHA-512: | FCA72A5131D8780A17DF65BBFF37FBA88DBEA3B7AE991C3D893B21B9E6C1EED44DC12945C8DA39DE471FAC5013BE71D43E5BBB892994742BC33EF5934469B1B1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | |
MD5: | 959551B2D2C128135D015E3C76ED2474 |
SHA1: | E40DEC35C10D5642AE54673E32FE0ABC250767FD |
SHA-256: | C86FB54AFC2BF0B60A9AB2E83AF033AEC25893004E5E72CA54F8D74DA5DCFA99 |
SHA-512: | D10BC060B64AF49575044A29FB3CB5A7E0F3C2451F748881C96296DD2AC5E35CEE9CFEE41B394F4E81FC24B102F140D1A6F0602B7512DF87C958421E439DFC63 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | |
MD5: | 774036904FF86EB19FCE18B796528E1E |
SHA1: | 2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16 |
SHA-256: | D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD |
SHA-512: | 9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 163840 |
Entropy (8bit): | 0.3605242704148536 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1831D364CF5EB13009E0968D8DE55AE2 |
SHA1: | BD3E8DA639DC79315F97B3F6D12B0B45F7AE2C56 |
SHA-256: | 775188444EE262A17F6177EA1360A64DD4E1C479F28889715BA9596B2D6C16B8 |
SHA-512: | 5B5B7A64F32A4BDDE1877568F4FF8467B49E00644A48B78079449C5E690D3E6BF162331E127261BA3D0FED29468151618F9A505592C68EFAAF5FE6F3868B3522 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | |
MD5: | 462AAB6727EBAC030C55B0E742BED3C1 |
SHA1: | 8A92B30C5B84CD6BECDC56E56E4D9F176B5D9A04 |
SHA-256: | D2FBD75259EFCAC8568B27B0F219E63E7B23CC9C5BD9F05B90358795B6A517D4 |
SHA-512: | A722350FD924E0073D61C7E54EFF800FFB68AB01E0EEADBC4C6CF1B0F351F4E5989234AE1C977CD442877B25C8ED830BE61C0FA960C4314EDD186B6ADFF74542 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 1.330903668971165 |
Encrypted: | false |
SSDEEP: | |
MD5: | F2F7D1B51E64AB84446F869C7A9F7BE4 |
SHA1: | 14F6F561EFDA44A94073BAD17E8165C1BF1FCCCC |
SHA-256: | E1DFF924965255DAAF6AEB3C638DFD1D344A500EC7D65AD9CD79D9CE326CE062 |
SHA-512: | F0B74F9C7D5D4F0E6B1681C9C440CB6FBD3CF3513769753C06303B005CD3683E56264A0B3182663B8DC9A9FF7D6116279CAB596DA24DF944274EF7A8136A0977 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 1.1269322161114932 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6646643DF4EF8A3CF96242BD9247177C |
SHA1: | D1E4213573BDF0A8F038608C2EB0A781BD891BCA |
SHA-256: | F108B9D27F5DAC0C0831E866A3C6873F57780D21651BD5FE30261666EA294665 |
SHA-512: | 37377E87AC57FBB34BD851FAE47B9B228A2C7F30A02E56D839D9E10C0580AE338A78FF261384A01720479418D9E247C40D95F48072300C2E9902728BE63E1643 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Windows\System32\msiexec.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403156 |
Entropy (8bit): | 5.359661884149977 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6980CD549D888E1605DB286B8423D7E1 |
SHA1: | 0A9BAA961706E9AD9B8D90330AC9E021E5E2C034 |
SHA-256: | 5744AB6D2BD67963190BC672562CB8D7077DFCBE330A78F0294552CF28A9DC76 |
SHA-512: | BDDB9FCE22E1D4B123639FC124B91C7E962ABFBC31C5D6FF84FA62DBB36D66EB9C647DFDC7EE69C47CCFE4CF62B6FD813BBB8BCFECDD7F44082A2A52365CAFD4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.8939388357975915 |
TrID: |
|
File name: | payment copy1.msg |
File size: | 735'744 bytes |
MD5: | 306d43c45f56e82c50e88c8f143eff94 |
SHA1: | c1a3c2600dce514e693cf15926648a0a74d26103 |
SHA256: | a97bd6db02f1a4f0ff8ac78f03e6c014baf6c2c0804e2c9b725691b3d1779834 |
SHA512: | 6b05bd7099fc96088d154a57155127c851d6ccf4e861239b40a75bafb05af013d2cd2559d3d5357982b27a8b8cc9b9337dfcc790e173a4679d7d95d11916a244 |
SSDEEP: | 12288:afHcjt9DibvFYe7lA7Z/ZJV2k/za8+HPCy4q7IVLLPQFu9moPedQvfW:csyvioA7BV2krapHPCy4q7yLjzmMeCW |
TLSH: | BEF41252B1DA0B06F177AF3558E2D0939926BC42AF39C15F2286730F05B2B91D9F1B1E |
File Content Preview: | ........................>.......................................................S...T...U...V...W...X...Y...Z...[...\...]...................................................................................................................................... |
Subject: | payment copy1 |
From: | "info" <cs@ubakanma.com> |
To: | Recipients <cs@ubakanma.com> |
Cc: | |
BCC: | |
Date: | Thu, 28 Mar 2024 06:22:01 +0100 |
Communications: |
|
Attachments: |
|
Key | Value |
---|---|
Received | from mail.ubakanma.com ([185.196.10.184]) |
15.1.2507.37 via Mailbox Transport; Thu, 28 Mar 2024 10 | 03:38 +0200 |
15.1.2507.37; Thu, 28 Mar 2024 10 | 03:36 +0200 |
15.1.2507.37 via Frontend Transport; Thu, 28 Mar 2024 10 | 03:36 +0200 |
by mx300.antispamcloud.com with esmtps (TLSv1.3 | TLS_AES_256_GCM_SHA384:256) |
for batie@slmlaw.co.za; Thu, 28 Mar 2024 09 | 03:33 +0100 |
DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; s=dkim; d=ubakanma.com; |
h=Content-Type | MIME-Version:Subject:To:From:Date; i=cs@ubakanma.com; |
Content-Type | multipart/mixed; boundary="===============0073245868==" |
MIME-Version | 1.0 |
Subject | payment copy1 |
To | Recipients <cs@ubakanma.com> |
From | "info" <cs@ubakanma.com> |
Date | Wed, 27 Mar 2024 22:22:01 -0700 |
Authentication-Results | antispamcloud.com; dkim=pass header.i=ubakanma.com; dkim=pass header.i=cs@ubakanma.com |
X-Spampanel-Class | unsure |
X-Spampanel-Evidence | Combined (0.20) |
X-Recommended-Action | accept |
X-Filter-ID | 8G1aH+8yearZuN6N5+X5bm6KuAmzEgFjeXz34jnHp0woGjNPtzbdf+7GR8HTYQGN7U9QAI9zNavG |
X-Report-Abuse-To | spam@quarantine16.antispamcloud.com |
Message-ID | <11407959-7a85-4a1e-9c17-919f816ca86f@DCEXCCAS02.cloudcontrl.com> |
Return-Path | cs@ubakanma.com |
X-MS-Exchange-Organization-Network-Message-Id | edc1d381-58f7-46cf-e1a4-08dc4efd9215 |
X-MS-Exchange-Organization-AVStamp-Enterprise | 1.0 |
X-C2ProcessedOrg | b871e11f-2424-4379-a75e-a1a8bfbe8592 |
X-MS-Exchange-Organization-AuthSource | DCEXCCAS02.cloudcontrl.com |
X-MS-Exchange-Organization-AuthAs | Anonymous |
X-MS-Exchange-Transport-EndToEndLatency | 00:00:02.5574624 |
X-MS-Exchange-Processed-By-BccFoldering | 15.01.2507.037 |
date | Thu, 28 Mar 2024 06:22:01 +0100 |
Icon Hash: | c4e1928eacb280a2 |