Windows Analysis Report
osGcfBvGVu.pdf

Overview

General Information

Sample Name:	osGcfBvGVu.pdf
Analysis ID:	778227
MD5:	63672c42600627b14529533173ea7bba
SHA1:	df1d0775e3a8bbb589cce7cf13477d03363775f2
SHA256:	8f0a22d21e75b4980311b759feedb88e338a777d9aba56ee85ef462482520272
Tags:	pdf
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Found potential malicious PDF (bad image similarity)

IP address seen in connection with other malware

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: osGcfBvGVu.pdf

Avira: detected

Multi AV Scanner detection for submitted file

Source: osGcfBvGVu.pdf	ReversingLabs: Detection: 26%
Source: osGcfBvGVu.pdf	Virustotal: Detection: 15%			Perma Link

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: unknown

DNS traffic detected: queries for: traffmen.ru

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /wb?keyword=eicar%20pdf%20test%20file HTTP/1.1Host: traffmen.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: traffmen.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://traffmen.ru/wb?keyword=eicar%20pdf%20test%20fileAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Jan 2023 07:47:24 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sOH7aKZQs7HUmJ%2B%2BIpDazDd8U6kSBoRWr90OOINUwzQ6PDO6tOTlpT7hsiU%2F%2Flm7Mmoc82w9xaFVb7ORgr2CRA3wz2daEIcWiZsz1tp8VaBD76du9kWQg%2FV6l5uNug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 784a9b0aef819207-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 05 Jan 2023 07:47:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gMx5mUmwuq9TlZ9qKTp9%2F2xmk7yZ0efWtwpnhfwBZoaG8au4PoBBTHLZ%2FcCZtNwexk2p%2FndcEsHZuVXcqa45OLsm%2BSaJvf4C3J0D%2FZtJclcfBsADf5ZEGlU9o6IrXA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 784a9b0f99879bdd-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Source: osGcfBvGVu.pdf	String found in binary or memory: https://cdn-cms.f-static.net/uploads/4365599/normal_5f9abc7d2f1a4.pdf)
Source: osGcfBvGVu.pdf	String found in binary or memory: https://cdn-cms.f-static.net/uploads/4376874/normal_5fa0c5cb1b909.pdf)
Source: osGcfBvGVu.pdf	String found in binary or memory: https://cdn-cms.f-static.net/uploads/4381737/normal_5f9c867fda2cc.pdf)
Source: osGcfBvGVu.pdf	String found in binary or memory: https://cdn-cms.f-static.net/uploads/4498392/normal_5faf04625de48.pdf)
Source: osGcfBvGVu.pdf	String found in binary or memory: https://daviwoza.weebly.com/uploads/1/3/4/6/134670821/rudaruzarafaw-nobokujiduv-nalegeji-regoresusa.
Source: osGcfBvGVu.pdf	String found in binary or memory: https://denasigetul.weebly.com/uploads/1/3/4/3/134332190/3aadf349f71.pdf)
Source: osGcfBvGVu.pdf	String found in binary or memory: https://jatorogerujew.weebly.com/uploads/1/3/2/7/132710569/5650151.pdf)
Source: osGcfBvGVu.pdf	String found in binary or memory: https://static.s123-cdn-static.com/uploads/4451565/normal_5fc4be3b76a1c.pdf)
Source: osGcfBvGVu.pdf	String found in binary or memory: https://static.s123-cdn-static.com/uploads/4479223/normal_5fc8ecf96736d.pdf)
Source: osGcfBvGVu.pdf	String found in binary or memory: https://static.s123-cdn-static.com/uploads/4489441/normal_5fc8b59e7613e.pdf)
Source: osGcfBvGVu.pdf	String found in binary or memory: https://static1.squarespace.com/static/5fc2d06c1452f90b7ff1a516/t/5fc81fa34b97230d050097b8/160695082
Source: osGcfBvGVu.pdf	String found in binary or memory: https://static1.squarespace.com/static/5fc59785d49dd12447543100/t/5fc892132dd5737571b7b636/160698011
Source: osGcfBvGVu.pdf	String found in binary or memory: https://traffmen.ru/wb?keyword=eicar%20pdf%20test%20file)
Source: osGcfBvGVu.pdf	String found in binary or memory: https://vesumuzuvof.weebly.com/uploads/1/3/4/6/134685641/gewof.pdf)
Source: osGcfBvGVu.pdf	String found in binary or memory: https://voxonevixes.weebly.com/uploads/1/3/4/3/134383310/3212069.pdf)
Source: osGcfBvGVu.pdf	String found in binary or memory: https://xuzufudoroxibu.weebly.com/uploads/1/3/4/7/134755415/fewonuviwinulewipa.pdf)
Source: osGcfBvGVu.pdf	String found in binary or memory: https://zawasofolebu.weebly.com/uploads/1/3/4/9/134902788/6a0ec8.pdf)

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

System Summary

Found potential malicious PDF (bad image similarity)

Source: osGcfBvGVu.pdf

Static PDF information: Image stream: 21

Source: osGcfBvGVu.pdf	ReversingLabs: Detection: 26%
Source: osGcfBvGVu.pdf	Virustotal: Detection: 15%

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R1hjz50v_1yb0nti_4io.tmp

Jump to behavior

Source: osGcfBvGVu.pdf	Initial sample: https://zawasofolebu.weebly.com/uploads/1/3/4/9/134902788/6a0ec8.pdf
Source: osGcfBvGVu.pdf	Initial sample: https://vesumuzuvof.weebly.com/uploads/1/3/4/6/134685641/gewof.pdf
Source: osGcfBvGVu.pdf	Initial sample: https://static.s123-cdn-static.com/uploads/4451565/normal_5fc4be3b76a1c.pdf
Source: osGcfBvGVu.pdf	Initial sample: https://static.s123-cdn-static.com/uploads/4489441/normal_5fc8b59e7613e.pdf
Source: osGcfBvGVu.pdf	Initial sample: https://static1.squarespace.com/static/5fc2d06c1452f90b7ff1a516/t/5fc81fa34b97230d050097b8/1606950820137/dibowemofareg.pdf
Source: osGcfBvGVu.pdf	Initial sample: https://jatorogerujew.weebly.com/uploads/1/3/2/7/132710569/5650151.pdf
Source: osGcfBvGVu.pdf	Initial sample: https://xuzufudoroxibu.weebly.com/uploads/1/3/4/7/134755415/fewonuviwinulewipa.pdf
Source: osGcfBvGVu.pdf	Initial sample: https://traffmen.ru/wb?keyword=eicar%20pdf%20test%20file
Source: osGcfBvGVu.pdf	Initial sample: https://voxonevixes.weebly.com/uploads/1/3/4/3/134383310/3212069.pdf
Source: osGcfBvGVu.pdf	Initial sample: https://cdn-cms.f-static.net/uploads/4381737/normal_5f9c867fda2cc.pdf
Source: osGcfBvGVu.pdf	Initial sample: https://cdn-cms.f-static.net/uploads/4498392/normal_5faf04625de48.pdf
Source: osGcfBvGVu.pdf	Initial sample: https://denasigetul.weebly.com/uploads/1/3/4/3/134332190/3aadf349f71.pdf
Source: osGcfBvGVu.pdf	Initial sample: https://daviwoza.weebly.com/uploads/1/3/4/6/134670821/rudaruzarafaw-nobokujiduv-nalegeji-regoresusa.pdf
Source: osGcfBvGVu.pdf	Initial sample: https://static1.squarespace.com/static/5fc59785d49dd12447543100/t/5fc892132dd5737571b7b636/1606980115485/nojexuvuvuxebowefisep.pdf
Source: osGcfBvGVu.pdf	Initial sample: https://static.s123-cdn-static.com/uploads/4479223/normal_5fc8ecf96736d.pdf
Source: osGcfBvGVu.pdf	Initial sample: https://cdn-cms.f-static.net/uploads/4365599/normal_5f9abc7d2f1a4.pdf
Source: osGcfBvGVu.pdf	Initial sample: https://cdn-cms.f-static.net/uploads/4376874/normal_5fa0c5cb1b909.pdf

Source: classification engine

Classification label: mal64.winPDF@31/50@10/8

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\osGcfBvGVu.pdf
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://traffmen.ru/wb?keyword=eicar%20pdf%20test%20file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1784,i,17276974344343449179,18398132625013484821,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://traffmen.ru/wb?keyword=eicar%20pdf%20test%20file	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1784,i,17276974344343449179,18398132625013484821,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: osGcfBvGVu.pdf	Initial sample: PDF keyword /JS count = 0
Source: osGcfBvGVu.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: osGcfBvGVu.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.19.149	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.184.78	clients.l.google.com	United States	15169	GOOGLEUS	false
142.251.209.13	accounts.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.184.36	www.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
a.nel.cloudflare.com	35.190.80.1	true
accounts.google.com	142.251.209.13	true
traffmen.ru	172.67.186.133	true
www.google.com	142.250.184.36	true
clients.l.google.com	142.250.184.78	true
clients2.google.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://traffmen.ru/wb?keyword=eicar%20pdf%20test%20file	false		unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://traffmen.ru/wb?keyword=eicar%20pdf%20test%20file	false		unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://traffmen.ru/favicon.ico	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v3?s=gMx5mUmwuq9TlZ9qKTp9%2F2xmk7yZ0efWtwpnhfwBZoaG8au4PoBBTHLZ%2FcCZtNwexk2p%2FndcEsHZuVXcqa45OLsm%2BSaJvf4C3J0D%2FZtJclcfBsADf5ZEGlU9o6IrXA%3D%3D	false		high
https://a.nel.cloudflare.com/report/v3?s=sOH7aKZQs7HUmJ%2B%2BIpDazDd8U6kSBoRWr90OOINUwzQ6PDO6tOTlpT7hsiU%2F%2Flm7Mmoc82w9xaFVb7ORgr2CRA3wz2daEIcWiZsz1tp8VaBD76du9kWQg%2FV6l5uNug%3D%3D	false		high

ID:	778227
Product:	CloudBasic
Start time:	08:45:10
Start date:	05.01.2023
Sample:	osGcfBvGVu.pdf
Cookbook:	defaultwindowspdfcookbook.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	63672c42600627b14529533173ea7bba
SHA1:	df1d0775e3a8bbb589cce7cf13477d03363775f2
SHA256:	8f0a22d21e75b4980311b759feedb88e338a777d9aba56ee85ef462482520272
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0	data	5A146E81C1283D99CEBE393330065EDB	81D9087C4929126311BF2DB688A73ADBA038B140	B42EF6028D554A61DAB9C108F76AB48313A8DD39E93139C08FDE1731068A4C50
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0	data	FFF4BF122F668487E96379B42697CB11	54B981DE152D91189409DBF3C6A8820A0EEE18EF	7C901F3DD63F94F40C715DECB607665D57B850124465B1DBC4A165BA5A2E399B
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0	data	084040282D49E396F84728EAFFC71032	41305D731BB115869F108FD22E7A2CC6077D3E7E	17C984321CB3A4A93B8A734ECBDFE05A36B842D3D47D3AD71C6625FCE361EB2D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0	data	35B82D319C5E038C75EF213244B46022	6F52F7207AA421A9374BA8CF4936C57357102CDF	4967273216E89903C6E0776838F8F1663253A5CFDCAB284A923554349441C8BE
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0	data	984EB0BE2BFBF345EFBF73964AA4EDAE	02A10BA62015C897940A6BAD2700890200EEEFD8	1BB565CF93B744883D626339C95CF40844D47458654C92429CA1E140172182C0
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0	data	AC00BCEA5C23F5E5BCB29ED09FF84D73	7ADE26F5385A5F877F3F66EB5A159E113E246D11	D875DCE9B2FF28106F499B2A1712F055352898F753B4C6907F8E8CF628447054
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0	data	174CBFA2BEC041F61B82439D5779C755	547C61A8437B191A39E41CA539D199213BCAB830	9B372E5A21433D36F2B8D42DC4DCEFB811D5B9F44BB12EE192FCE694EA899394
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0	data	85F5FF6EB806E206D0466D629F837026	1EE8B6B9550568E485A41BB60BA8D0F8E473E215	7190C6DC75B4217838827A9E4AF70B98DEC8700019A4CF6EEE474CD353F35123
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0	data	2A14C6CCDA509E5A958A6D7731A60B28	7754B9D9B6DAC0B9F41EABEEC22254521D999052	C63A65BFDDB48F914B517783DFBCB840C8CCC5AA6CC0D105DC94B66D6BEBEE8B
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0	data	E0FFEE8E20F3FEB2C4E01560F1F593AD	0681C3996EE49224937FF5C95A8DBBA9016B851A	A14B1D5331F13CF99B577315E8C4DB6A1B4699F2603ABF635849E0AC8FF77DCF
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0	data	122F21E415F022A4176F14595F2CCC36	F6CE0711195B080E7F201C192C3F1A17FB900783	1E279689245A3576492C4A233BA9DF783087140A23710086CC427582CF27A30B
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0	data	5AD817137B1CA4F2C469CF1EE37A46BF	E5BDC3CD0ABB3EC270BE36EFDB4FEFF3896DFECB	4E2AB5DC3E0864593A5662E80960D146C89CEC68B8DDD9EBFF0AEC0EF7821DE1
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0	data	343DA849300BCBBF2905F4D90115A4FE	DFFC7AEF06502E6F4EBAEB49D51354FB311DD322	586665AEB9236ACE24985CC1E2AE8EFE565777576D7C94D73D143622753CAC5F
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0	data	AC891792956717CCB3DF61D5D522A533	CBEAAB0FECCE3BCAC844A1BBECF83218D830E2FE	10814756142D888548320D026959050615B3179AEBC59098965D6FCC9ED28883
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0	data	71961E20BDC012096FFDE7A88003B347	D49CC67DE7A6B8FA84E7C5F3092BA434DF94DBE1	9BDBFE1C0A8FADF92ECBC22990C3F034FA43528D80BF666B106BDD248DA2683E
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0	data	2F5463829B4E37A1B3EB3E08EECBFADB	0BD6F4EB0D270067694E72E948FDE28CDA4C051C	AEC0B4DFC33EBE8BE94B56C1A490A18B05B4FC1284A1DA63F181D96EAAEE5D0B
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0	data	EE1E00149780860FBC259B2A4404AA12	8E38D5D278B75510760319AB1EE2E279AED444A5	BF8FF221491247FDA5460D35F4C07D05FC5379B1DDE3068DD09E11931D4D64DB
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0	data	3493BB57A3C0D507A7E439A888901388	B0A974D831AB2A3C7387963D2BAF9A4FADD38862	F99E58CF4C4DEE8CDB5710758C731DC518540B7FC53B92AEC7C23F572EF0DA02
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0	data	24A523A664E191C6C0212F9A9ACEF695	4EAB77FD95F1A8CEF5EB38F38BB8AE1EF6253A07	F0127885769425677560434A5F9734EF7D8EA36B4395C49BF0D26CD15ED9B217
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0	data	A125E575CE16B293C686DB4C375EE0D7	3C2E841B65A3FE93A9CC745584682B67811A1BAD	D3E693F747A5F753FC3405D888A2FC60F9AFC98D113125A542B95A75C3D74175
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0	data	22D24EE2B0AF29BFC3FB61B5E55C9BA0	FFAB2BE67CB1448A0605525C5FD6BADDFC04562A	4376CF8F8D5A9043A20B5912E8CC3F5B14ED23481D1F01298B148C953905A3FE
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0	data	2ACA4A28C0AD0579973BD257731C7EDF	07C1F524015D15613FD6E59A32C413D462AD07A8	A66A49A7120E69DDFBAFC6C0A409CAE71E5C9302A6C4C865451E7354DDB882C0
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0	data	7402EAE4469897B16849BFF51A0FD98D	1059B385CF3448CB25A301A8A5BB535ED3479740	39513D0092FACC6E54112256BECE9DF98B2C1E60035499314AC3E97DF4710EDF
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0	data	CCC56642D98EBF9CF142D85FF8670CDA	B096F0B0CA50FB56929F91A04849CBF394F91E85	488B92291DD8779C8174C88C0D0F2F931E6D0DBE8FE08021C52AE45891D7BA27
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0	data	A7BF027076276AED32765F0435F8FC87	A96A5BD8C8C51F89E6BB8EB2C8356E7AD210F583	F03C340BC39B7BAC1F9422272F6ADF327D342BBA55320A8E7AEAD8E1B16AA95A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0	data	A474C2C25A9BCD395B4376FBB913E925	28F35777BDE4A29CF995C67FD121F2E980C02C93	8CC1D963A9F9A41F0CA05A5BEE1FD5BA54D9045151D5525CE726F5AFAF89E1DA
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0	data	B928D4B8D7F835E560A61643A7CF14EC	812961730DDCEC1E16088AC4CE2C9A4AEEF0956C	CA39E9BAC6312FAC4C709C4B9F071B004562B9AB58E8EA9C0A5A03EA13065DB9
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0	data	12FA28AFC62752E3BBD4847932A37301	6D7283835C62DDF60B37D19EC7BB11A8C61333A0	7402DD35C7503A79A9F03E870735DC40A16D28A991163A38165089459146C9DA
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0	data	730374216ACA940FA2021F40771FF05E	8FA20AFFFA897D12431F0A69ECE1FCCADC5BFF75	504B0BEA90ED77852FD11B4B92C031729579D980CB478D91FDB58AF2BB2C0894
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0	data	708A8467795059D1BF9929B8AA7384A2	7AE1722EB0B949AB4BBA5F7E4D1F928F217EA4DB	B30807EB656CFC6D9995BE2ED7F6BA3E1BF2F452A42A8C68FAD18507C275FB59
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0	data	657D1E649CE96E78E544439A71721F27	CC6E500692D81FA38B51453CAF2539437A306110	BAAA26E72A9017F67A10E98D7AFC54C3F83E9263D996FC27DFD1D90609D8E04C
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0	data	898D655F8BF13C17E8AA39F07DF307D5	3D6331F53ED25192F323A34CE119A60DFA7BD37A	7C994FA5019A358E4AAFABC0E627BFB2ACB4507274F8A99F0D21B233B8DA9495
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0	data	7770C533C0AEB9E516FD09059AB6E227	3443A2AEE37AB844545CF0DFCC1574E3FBCA1930	A52294F4CEB182F580A50FC694A1F2B9723B2F7FAB27D9CCB7C308A2234EB02A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0	data	1FF9F15E370DCF06CC555035EAE44DD2	86C5BB46082D974E31B2A76DAE34CBE70FE9F7DE	6737BB29ED58753FD2DD7491711CEC460A22B64DF306044D21EABA1038044727
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0	data	916C62960F479AD206030347D42B50A0	F9F9309361634FCF9B99BDD54BD5D4B6D7FB75EE	2FD5A792BC2A8173ED05D5B8CA05B5A99EF960D7958A5467CD52350F359E3386
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0	data	562035C1E3ED036B736BB76BB1DC613F	97AD6972E3DDFC976DAB1D34BC587328117F637A	4BD822C42E1770CCA9D0389A0E61B4A34DD754EFE18865338D5EA938007A1DD1
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0	data	C4F6704C5E6EE4F894B7E69D2DDE078E	0D369D20A8EEA10106EDC75B22ECE6F9F0796E76	99AA4FF6029C767F391946A6B8899A6037A3BB8C6731326873CA86713442E92D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0	data	789856E00911E40E6220F44B0257FF72	DD293AC6511E5A1591FE1105FD60B9939081BF5C	80EB8ACF37AF6577B09A0E218D438506360780A27784ACED553A8EB4DFD3BD97
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0	data	77EC7B5C7F4043DD49997B9668B5CC0C	B9BF7C4F9BC20B79DB0A9250A3150658E204D465	CA231AD13B1A1CFC739FFF6FC81674488C9F55F5F06A48F3DA5C02DDE115BA32
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index	data	597A0C79CB38A5815AF8C2D01461A186	306D18AF664F192DA5DE0BDE7320A5074F03C001	2FD71109C294666BA69927531EF4BD30B621161C9D8C6DF5CD20031ABA239341
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)	data	597A0C79CB38A5815AF8C2D01461A186	306D18AF664F192DA5DE0BDE7320A5074F03C001	2FD71109C294666BA69927531EF4BD30B621161C9D8C6DF5CD20031ABA239341
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index~RF52ad0a.TMP (copy)	data	597A0C79CB38A5815AF8C2D01461A186	306D18AF664F192DA5DE0BDE7320A5074F03C001	2FD71109C294666BA69927531EF4BD30B621161C9D8C6DF5CD20031ABA239341
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	9CE51067941ECE49660A2ADE4DDE9FF9	04EB808FB08CFC26642C88C38EC582DADCBFA0B9	FD11810774DE9FC895DBB8C350C054E652F22955C2C5C8E0F929E513B516FA87
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)	ASCII text	9CE51067941ECE49660A2ADE4DDE9FF9	04EB808FB08CFC26642C88C38EC582DADCBFA0B9	FD11810774DE9FC895DBB8C350C054E652F22955C2C5C8E0F929E513B516FA87
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF5230f4.TMP (copy)	ASCII text	9CE51067941ECE49660A2ADE4DDE9FF9	04EB808FB08CFC26642C88C38EC582DADCBFA0B9	FD11810774DE9FC895DBB8C350C054E652F22955C2C5C8E0F929E513B516FA87
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links	data	0A339004BCB425813505AE2871E61E20	9BDA040B5589E1B919A259DB212F4CE8E32AAA8F	46828E139BE167C9E36B556EB137571DE93A29930C366CE0666B1385BC106517
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-230105074603Z-204.bmp	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54	50E0B6F41EBC4EBA4269BCC68549650F	BCFAF794843CC99599F19D39F583FE2212B5E45C	285E0322149221AE993B67B6C3C4A393E53E280A8CF708E845F2AF9D3B4AC87E
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3024000, file counter 16, database pages 15, cookie 0x5, schema 4, UTF-8, version-valid-for 16	1493E25F56A03B4FEA5369E5DD04B3A7	C6AFA44FB16877C0D67365F49D370A1FFD4A9C35	F581ED070EA0F16ECFA2C0FD23558B56F3C3E49B78B58A6F63B4C245F1602213
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	A355ED99152FB1E8C5C758AE57969A86	4D837F790416C6A41AB2DECC32EA59365DF4BFE3	F76A43BBAC2BA708498A437EA3B2B9D3DD95453F484B678AF32CC1AE4E27E224
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin	data	ADFA47D162BDEE44A5AB1A381B1AC532	D70D719D929022B54AC149689E0E58CCAA5E4014	CEC98B7B1A11DD8C64276B0B64D2E519D5D84B75C5A7818503065AA2D5E26E81

Windows Analysis Report
osGcfBvGVu.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report osGcfBvGVu.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
osGcfBvGVu.pdf