Edit tour
Windows
Analysis Report
lnv_20422206_Denverwater.pdf
Overview
General Information
| Sample name: | lnv_20422206_Denverwater.pdf |
| Analysis ID: | 1544569 |
| MD5: | 6090ef6d4bbea6240b8be5df50222bfa |
| SHA1: | ec0e35a52f6b85501e7a83522dedab726032686d |
| SHA256: | 14390f1f8c48653ab9a212b42e84e61bd83d6f669b9ebd8422ce05610c7e6b16 |
| Infos: | |
 | |
Detection
| Score: | 0 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
Potential document exploit detected (performs DNS queries)
Classification
- System is w10x64_ra
Acrobat.exe (PID: 880 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\l nv_2042220 6_Denverwa ter.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 6964 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7100 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 56 --field -trial-han dle=1568,i ,650098480 5101185617 ,157025045 3566356260 0,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
| x1.i.lencr.org | unknown | unknown | false | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown |
⊘No contacted IP infos
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1544569 |
| Start date and time: | 2024-10-29 15:35:15 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 43s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 15 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | lnv_20422206_Denverwater.pdf |
| Detection: | CLEAN |
| Classification: | clean0.winPDF@15/46@3/0 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176, 199.232.210.172, 52.5.13.197, 23.22.254.206, 54.227.187.23, 52.202.204.11, 162.159.61.3, 172.64.41.3, 2.23.197.184, 95.101.148.135, 2.19.126.143, 2.19.126.149
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- VT rate limit hit for: lnv_20422206_Denverwater.pdf
| Time | Type | Description |
|---|---|---|
| 10:35:58 | API Interceptor |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Tycoon2FA | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Stealc | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
|
⊘No context
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 290 |
| Entropy (8bit): | 5.216695435254168 |
| Encrypted: | false |
| SSDEEP: | 6:Ppxq2PRN2nKuAl9OmbnIFUt8cpAEQZmw+cpAEYkwORN2nKuAl9OmbjLJ:LvaHAahFUt8v/+95JHAaSJ |
| MD5: | 3226BE237FF22736B1DA22FCD332E593 |
| SHA1: | 97815556AE933D2D638436D30DE1C221EE2C29F5 |
| SHA-256: | F28ACB4D08CDB04EFB42BA0B72E319514A07E5438BDBACD5A349D166A88B87C1 |
| SHA-512: | DF69CE3C65C5AD88384A1D4552756D5499075AA80FD0A141700057C61552F4AA2E0773019FCEFF0C0F4EA93AA957ED67EDCCDED95C3A88DEDA7EEB3A6BF73BB1 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 290 |
| Entropy (8bit): | 5.216695435254168 |
| Encrypted: | false |
| SSDEEP: | 6:Ppxq2PRN2nKuAl9OmbnIFUt8cpAEQZmw+cpAEYkwORN2nKuAl9OmbjLJ:LvaHAahFUt8v/+95JHAaSJ |
| MD5: | 3226BE237FF22736B1DA22FCD332E593 |
| SHA1: | 97815556AE933D2D638436D30DE1C221EE2C29F5 |
| SHA-256: | F28ACB4D08CDB04EFB42BA0B72E319514A07E5438BDBACD5A349D166A88B87C1 |
| SHA-512: | DF69CE3C65C5AD88384A1D4552756D5499075AA80FD0A141700057C61552F4AA2E0773019FCEFF0C0F4EA93AA957ED67EDCCDED95C3A88DEDA7EEB3A6BF73BB1 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 334 |
| Entropy (8bit): | 5.1725497460156 |
| Encrypted: | false |
| SSDEEP: | 6:PpSdVq2PRN2nKuAl9Ombzo2jMGIFUt8cpzESgZmw+cpzESIkwORN2nKuAl9Ombzz:gdVvaHAa8uFUt8RSg/+RSI5JHAa8RJ |
| MD5: | 4E22CF7FCD9A5DF1760E3DC989F76D43 |
| SHA1: | 2E47F37A02CBF6FCA26C965DA1E5268B14F042B1 |
| SHA-256: | 6F8D942C29BFB25C606E34E542ABF134AA07ACC426E0E43E59F570FB72AFCEC1 |
| SHA-512: | 3CCB43FBC406A6698EEB796B362F9C87A7C4F7BD599718F8C54CF8DE2665026D2EC3F7CC5FB6FC27BECDC01CF7D2AB87B93997F1E8AED0D8B2A1305940D728BD |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 334 |
| Entropy (8bit): | 5.1725497460156 |
| Encrypted: | false |
| SSDEEP: | 6:PpSdVq2PRN2nKuAl9Ombzo2jMGIFUt8cpzESgZmw+cpzESIkwORN2nKuAl9Ombzz:gdVvaHAa8uFUt8RSg/+RSI5JHAa8RJ |
| MD5: | 4E22CF7FCD9A5DF1760E3DC989F76D43 |
| SHA1: | 2E47F37A02CBF6FCA26C965DA1E5268B14F042B1 |
| SHA-256: | 6F8D942C29BFB25C606E34E542ABF134AA07ACC426E0E43E59F570FB72AFCEC1 |
| SHA-512: | 3CCB43FBC406A6698EEB796B362F9C87A7C4F7BD599718F8C54CF8DE2665026D2EC3F7CC5FB6FC27BECDC01CF7D2AB87B93997F1E8AED0D8B2A1305940D728BD |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\59048770-7644-418b-b7d3-d2cd3a1bf6b7.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.953858338552356 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
| MD5: | 4C313FE514B5F4E7E89329630909F8DC |
| SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
| SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
| SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\5bd39301-5071-47aa-9f4a-f05228ecd6bd.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.989871521137908 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sq1ksBdOg2Hucaq3QYiubrP7E4T3y:YXs0JdMHR3QYhbz7nby |
| MD5: | 5F09C2993C3DCABF15FBFF5D4501C2B6 |
| SHA1: | 1995070D03DB2458CC6F57F8B533051F483C8F84 |
| SHA-256: | 49A4D5D15F195F5422ECAB4C6370A212F94C1DA0CD9A82C6EC0D78B847A5CF72 |
| SHA-512: | AAB8D9726075DE3E805081F37F82D764196A0079C8084D231FBED9ECCF2B4443BE780313A4B0DF350767DCE80E8A670D501ADD4BB581E5D729537B2687B3D20F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.953858338552356 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
| MD5: | 4C313FE514B5F4E7E89329630909F8DC |
| SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
| SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
| SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF3c6e17.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.953858338552356 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby |
| MD5: | 4C313FE514B5F4E7E89329630909F8DC |
| SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
| SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
| SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4099 |
| Entropy (8bit): | 5.230211068123553 |
| Encrypted: | false |
| SSDEEP: | 96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xeAbbt3:OLT0bTIeYa51Ogu/0OZARBT8kN88Abbd |
| MD5: | 84A9B6B20A322EFF00614D7ACF451B0C |
| SHA1: | 858140FD02A1CD1B2D66B8D22E66CE5F9FDFD896 |
| SHA-256: | 3564ABD213D8E936C44288C08F109F85DEB36AD371769908FA3F1648BE56BAB6 |
| SHA-512: | 18662FF3114D800628C6253E7376DBC2B095CA3D183FACA3A168F27F9C617F77B054223416071322A0086624D9C3E8A6A4FF93252A592951145CCD8DE1F91FC2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.187787975511011 |
| Encrypted: | false |
| SSDEEP: | 6:PpbHVq2PRN2nKuAl9OmbzNMxIFUt8cp/dgZmw+cpleBYIkwORN2nKuAl9OmbzNMT:lHVvaHAa8jFUt8yg/+YeBYI5JHAa84J |
| MD5: | 2BE3F3DAF628412E7B078EB512476C8D |
| SHA1: | C6D56D2A0FEBD8C69F0DB6525AC55E413D31CA89 |
| SHA-256: | E1E62B5DE9413DA94628C3FD560784E99A5579F9567FBC11326B42D9FB24C134 |
| SHA-512: | FBD35E08F7887385EE816B3449A9E407EC80A2281FCCE2B2E259D451C28022216C37BDC000453B1F9761756BC0A33BD61C7D8491DFED559FFD8FC7DF9C0F4A68 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.187787975511011 |
| Encrypted: | false |
| SSDEEP: | 6:PpbHVq2PRN2nKuAl9OmbzNMxIFUt8cp/dgZmw+cpleBYIkwORN2nKuAl9OmbzNMT:lHVvaHAa8jFUt8yg/+YeBYI5JHAa84J |
| MD5: | 2BE3F3DAF628412E7B078EB512476C8D |
| SHA1: | C6D56D2A0FEBD8C69F0DB6525AC55E413D31CA89 |
| SHA-256: | E1E62B5DE9413DA94628C3FD560784E99A5579F9567FBC11326B42D9FB24C134 |
| SHA-512: | FBD35E08F7887385EE816B3449A9E407EC80A2281FCCE2B2E259D451C28022216C37BDC000453B1F9761756BC0A33BD61C7D8491DFED559FFD8FC7DF9C0F4A68 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241029143549Z-164.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65110 |
| Entropy (8bit): | 1.6727754309590992 |
| Encrypted: | false |
| SSDEEP: | 192:KRkEEYGMuDvMG4q1S70WyiW/rGjCO81fQwSPahwpTZPN9lflth:KRkE4PzQeC7zDPNHnh |
| MD5: | 4D0AA4BC3C9EA082383D90E99173A4FE |
| SHA1: | 17E7C9878AFCB6EA4ADD0C74D04C59E57FB38672 |
| SHA-256: | FB7B629B2210247CA42D3D308749128E8245E3572D6B81EC61C116FBC62C7ECE |
| SHA-512: | CEE43D91885D733D1123053EF325D94FBF52B34AC826757BCDD38196F6F369070141815733E9AB38DE3B095F15431C873069E9D690F5F4F99C6945CC542808BA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 57344 |
| Entropy (8bit): | 3.291927920232006 |
| Encrypted: | false |
| SSDEEP: | 192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP |
| MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
| SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
| SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
| SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16928 |
| Entropy (8bit): | 1.2151490374258482 |
| Encrypted: | false |
| SSDEEP: | 24:7+tWJqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+Zn:7M8qLmFTIF3XmHjBoGGR+jMz+LhI/ |
| MD5: | 253F79773C682CBEEBE0EA6474B48CB8 |
| SHA1: | 7956C5538660F6C211DDB24892CC092F68E49C44 |
| SHA-256: | 4F45ACB3BDA77A0474977419F06225EDB9D4A5A8C1785085E1D3930E5B4E2660 |
| SHA-512: | D018B7A9F965C367355885355AD74373E5ED2F3AA1682B9F123071518EEC09A96DC5D2DDBEF2526E8BF0219B59EBE7004ACD6DE877FC0E9ACBE4E80A59E9C5C6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1391 |
| Entropy (8bit): | 7.705940075877404 |
| Encrypted: | false |
| SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
| MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
| SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
| SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
| SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71954 |
| Entropy (8bit): | 7.996617769952133 |
| Encrypted: | true |
| SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
| MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
| SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
| SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
| SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 192 |
| Entropy (8bit): | 2.7673182398396405 |
| Encrypted: | false |
| SSDEEP: | 3:kkFklvD3L1fllXlE/HT8k68l/tNNX8RolJuRdxLlGB9lQRYwpDdt:kK9T8Q7NMa8RdWBwRd |
| MD5: | 2C1BBD4469B4300DF4FC048CE80566F5 |
| SHA1: | 273AF1811F559198F616A66A3A1C0891CC266E93 |
| SHA-256: | DFB3834F23498D92D81AA9A8E51DE8903D1294FC2B8643FB47D1D2173EB64996 |
| SHA-512: | 7558199E199E83B63928667D0143FC38D08A5901C190DB78875AB6C4F9B89BEFFCA5CA47B7FE1BA9F988DA55487AF166F227103D16C75FBD41B40AE6E522B6F2 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 328 |
| Entropy (8bit): | 3.253995428229511 |
| Encrypted: | false |
| SSDEEP: | 6:kKPi9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:NDImsLNkPlE99SNxAhUe/3 |
| MD5: | 31056DF82DA253967B9CEA59353EA2B3 |
| SHA1: | C27DE3AD603E1328BD5E028303CCFBBBC6B301E2 |
| SHA-256: | 94CC69F8D34B14448C04B4D79580BF860ED98AE5EA22E18E2B833673DEC60C5C |
| SHA-512: | B10068EAAE59BA3521BC031AA1B118F1AF6992C7EC682CBA739DF07EA53E02675E46B9B70C74D207CB7F1AE27E3548CF02277035940FCA7B9537BCC22AC994D0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.364228156339793 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDzeydpQ5IRR4UhUR0Y9dVeoAvJM3g98kUwPeUkwRe9:YvXKXPeyXQWRuUhUpdVVGMbLUkee9 |
| MD5: | 9E80A9175D4F2C811047EA571DD790D6 |
| SHA1: | BE68641F4058293375655FBD3FB95A9D87712926 |
| SHA-256: | 2B7133F2ABC43D411E44193C242CF5F72361C67EE4158256EF26218AB1FAF1F8 |
| SHA-512: | 9EAFE8E3268774500A614EC8839A07517ABAE510A05DBDE10A88F7C1A122804550FD284F471B1A65ED5278333AC9DBC1AFF5AEC7372AB03936F80D1C3B972A94 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.3100286864379775 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDzeydpQ5IRR4UhUR0Y9dVeoAvJfBoTfXpnrPeUkwRe9:YvXKXPeyXQWRuUhUpdVVGWTfXcUkee9 |
| MD5: | 3D45D5082835F04822A2DDFA518ABEAC |
| SHA1: | 8CDAB3CAD9D1216261672403BE1CEA5362CBCCEB |
| SHA-256: | 6068BD38B6A5672ACDBEB55940B1D769395E7EA5AD1384865738D281A28EF5AB |
| SHA-512: | 893A9CD8433D12113BC4C047DADDC123DA7F52BF18BB689A00F751E3386C59B7A8CBA49E1FEAEDED905AF56D80A2711CA70830994810792C3574C3173D461542 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.288440359702839 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDzeydpQ5IRR4UhUR0Y9dVeoAvJfBD2G6UpnrPeUkwRe9:YvXKXPeyXQWRuUhUpdVVGR22cUkee9 |
| MD5: | 0C02350EC47C0FE649CDE7A7C30C97B5 |
| SHA1: | 4B1AD94716BBDAF58B71A7DD99D029188ED9B3DC |
| SHA-256: | 86342C3AC6523F9B76D176A38058E056B94C4C00560ECCC1B2C13878C0E404B5 |
| SHA-512: | DCA7F0A61ECD09FEDAB657E248A80420E63A7C67CBCE930A4294662E7825CC89D891477A08CE4D7BA275A8E64287DD51E3F5C134982F602568DAD07472859CA4 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.352638687888599 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDzeydpQ5IRR4UhUR0Y9dVeoAvJfPmwrPeUkwRe9:YvXKXPeyXQWRuUhUpdVVGH56Ukee9 |
| MD5: | 5EAFD737A2211E3A6EF21C3007028878 |
| SHA1: | E91D2DD758F2FAA7B79EB95E0E5977055220ACCD |
| SHA-256: | 3DC45C7F40EC88A8911FFB942DA26C1FE0C4C1822E2D0E7017F2CED56BA7FE7A |
| SHA-512: | 959D3669D991A9BF9D1711B4EEB3FE24892136D3820ED0CD21B78AFF106537E6B80195E952A082875A4B1DB30FC2A71967D4061A0244359594EBA5E0DAE21BAB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1055 |
| Entropy (8bit): | 5.658188976227345 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XPBRU4pLgEscLf7nnl0RCmK8czOCCS81:Yv+nU4hgGzaAh8cv/8 |
| MD5: | 1B82931556DC86699BD0ABFB7284BCC1 |
| SHA1: | BC2E50DD886B8A515D008E3576436EC0C9E1464D |
| SHA-256: | ED6A6F77ED483F99B072861A39C1A301BA8BBCF0A0629826D354C2BD48C84B5F |
| SHA-512: | 692A055AEF4C8571D22549A2A2ABA39203C85890E57BFBFFAD9A1A15243927FB825D2BD2C357297BA3CC8244261434FA58075D13978A392260E908D017FC708C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1050 |
| Entropy (8bit): | 5.64881044437762 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XPBRUqVLgEF0c7sbnl0RCmK8czOCYHflEpwiV/1:Yv+nUqFg6sGAh8cvYHWpw8 |
| MD5: | FE79BCB9020E952CF031E83509C0E5D3 |
| SHA1: | C8DC473692BB1A3C331C163DC08D97A59E028094 |
| SHA-256: | 9C1A28E6D1A65DA142641842F1399B2783A68FC894200F0FECD54DB1206488A9 |
| SHA-512: | 8CAA0D47AF4948AD07048C7BE42830AFCB38DD681661D325E8B8B3DE886C9D5055988073F27ED1D95AD2E869F4F73E7DBF4BBA16A5D8EC4EBEBE8A1796665B7E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.300618425444712 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDzeydpQ5IRR4UhUR0Y9dVeoAvJfQ1rPeUkwRe9:YvXKXPeyXQWRuUhUpdVVGY16Ukee9 |
| MD5: | DFE61D1BF6A75CDFC7B4FE07D1DD8D42 |
| SHA1: | 04874DE5259B5E5B4E86466C02BC4B704C9E230D |
| SHA-256: | 70B2F78C3239F150E4380B4023BF176B911F83544EB0797778547421EF4BEFCA |
| SHA-512: | 8A15F35DA8E1267096E5459F41DF44F6DFA5B2444CE76168F4622EB937EEFB7D793C766A6987BE7020C2C096842CC87D6167EDB5E1F9AF51B09A7A358F55BBBA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1038 |
| Entropy (8bit): | 5.643545167330871 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XPBRUX2LgEF7cciAXs0nl0RCmK8czOCAPtciB/1:Yv+nUXogc8hAh8cvAT |
| MD5: | ED18BEC005FF17C64C12FEA3FEF26A20 |
| SHA1: | 8E003265A64362778D4A0257660C8A774EA92908 |
| SHA-256: | 7C07DF49527BCB075FAD027C9F7F88DE58F16D586EBDF3C99E243E0FFBF2B2B4 |
| SHA-512: | 43D818D16024BB25DE4DB970F19B450D5B83C4BFEE05C4ED12E225B0F773B2C2A9AD6785790BAEF849288491C1D9E0701E169E9B520436616FE4F557233449A8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1164 |
| Entropy (8bit): | 5.6955342192689615 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XPBRU7KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5/1:Yv+nU7EgqprtrS5OZjSlwTmAfSKX |
| MD5: | 28B4047A2D025E26EE62DA2FBF8A2EE8 |
| SHA1: | AD7F7806224E6B00382980FDBD067375D90E581E |
| SHA-256: | 94218CB341A7AA5321D9A960B11D110B3ED8E3887B2B10984308EB77D7B8CDDD |
| SHA-512: | 423A4C409C5BC3E567DDDE906F6D1DC6833F2A005E518FA16CC48815B537C61723DF044FAC6EA60D08A22EAD79EA853C6BEA285BDC49951575A870301BA5DEF9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.304690189357113 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDzeydpQ5IRR4UhUR0Y9dVeoAvJfYdPeUkwRe9:YvXKXPeyXQWRuUhUpdVVGg8Ukee9 |
| MD5: | 359D7877FC2D6EAC1F5BA261C6720D82 |
| SHA1: | 8535DA8AEA8EE142E66F5D0B53683F04817E0D09 |
| SHA-256: | 06660589FAF2224DC40CE3C766CB55E440DBE4D50D3A727FD95BE3D5353DB376 |
| SHA-512: | D48699C41AB03FFC0A3C10EC9789784B72D9D70328F682DDDC1816A6AE0769E3F23A54DA492408F4C075C5275CB7F42D9A9774C30BA2545380DD875B1FC32A21 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.774811727124465 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XPBRUmrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNX1:Yv+nUmHgDv3W2aYQfgB5OUupHrQ9FJX |
| MD5: | 739CD6173CE6066C5C0C6AB0A677B65C |
| SHA1: | 72FC98119E7FA66B09C264E8E374743AD87ABD5F |
| SHA-256: | 611CB90248177F60135C039815A3282F7358F5426BA94714F3A3B18CFD02D9E8 |
| SHA-512: | 2F3A21C5A2A46AFCA63C2A5AB4E3278D897C6CDCC356C901A45EE80C11ACBC21A96E4C4B3D99D8A71A7D2E0590FD2D8879DAD2782A7D114BF5356479E32F35D3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.288205052052578 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDzeydpQ5IRR4UhUR0Y9dVeoAvJfbPtdPeUkwRe9:YvXKXPeyXQWRuUhUpdVVGDV8Ukee9 |
| MD5: | 5569D2A7BC144BDEF80971DED094E038 |
| SHA1: | 0D94FD2B796C23D9E88DA5B899F5E4528FCD8B77 |
| SHA-256: | A39D478385938B9694A5034DF0B9848EFE8F774E9976379B9BD6B40827347E72 |
| SHA-512: | E01F9580C22BEDC6CFB10DCF9B96CAC6CB5206B98D13FFC33F370A1B5A536AE748D3F27474119A3E84D638F8ED89473CD7E2F11AF967EA5B6DE15C35BB55DD82 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.291651291590943 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDzeydpQ5IRR4UhUR0Y9dVeoAvJf21rPeUkwRe9:YvXKXPeyXQWRuUhUpdVVG+16Ukee9 |
| MD5: | 38B1048F98AB882410F8E1CC4AB18CE0 |
| SHA1: | A9A331EE96E5D4FEB48F0E6258789158BFDD485C |
| SHA-256: | 90EF0362E3F15FF0296DB0760CB6E4C818BD9EECEEC5F1D7D2D9E0015EAAFD1C |
| SHA-512: | 184CFD86584F298C922F091B0E35D5F7F0D952E290E6DC6C13338A2F65596E250FDC4C5F87C4CA3273ADA14AA71C517A483CCAA1C07048AA93DC52D1D29A0235 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1026 |
| Entropy (8bit): | 5.628076623340669 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XPBRUMamXayLgE7cMCBNaqnl0RCmK8czOC/BS81:Yv+nUqBgACBOAh8cvM8 |
| MD5: | 62AC29862611D5255899A07DF822D819 |
| SHA1: | 7D4FB002588261ADDF283ACB35DC1B542E78CB3B |
| SHA-256: | 0AC24FD9DAF5062F466B64041D09DCCDA2BF35C1E8E996D16A523873F0B2CB5F |
| SHA-512: | 7866B70C239260C22B623185C1A0F251E9DEEBAA2219A53263CD9605DC6E01D661D4BB144F2A0AE2546F6491FDCBB0FECDB0608B5CDB737AD4EE64897CFAA9D7 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.267585098221963 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDzeydpQ5IRR4UhUR0Y9dVeoAvJfshHHrPeUkwRe9:YvXKXPeyXQWRuUhUpdVVGUUUkee9 |
| MD5: | C2AC2881D9E30B46071C51356015A26B |
| SHA1: | 0179AE1EA39D368B4D92213B185EA3BDF389BF74 |
| SHA-256: | F7E3C5337F17E4BB2FAD0B930D8C73C6C9615C40EEC66CE8A4276BC632BA57BC |
| SHA-512: | FCFF0D258795B620636BADD228B6E6321026BA583DF5DD3607CAB65B0F2A762E6244603A85CB4393B6EC5F5EC11BC66DAF701B7B17A240B5F0769F030564B9C6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.365476316386463 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXPeyXQWRuUhUpdVVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWx:Yv6XPBRUz168CgEXX5kcIfANh81 |
| MD5: | 70D338DD1EBBA07C5CE16879141B1EA0 |
| SHA1: | A1E364C87CBC4B9FB6D990FA15540371AAD98069 |
| SHA-256: | 0116058E16FCF4362C420C8EF8EEB2C87E796AD992576EB11C72D9251213AF86 |
| SHA-512: | A4633D7E9960C24B76589E9D98996E9429095A93027CC54FACED9130F16823568796805C79635AEDBABBB4F475AF8F71100146B66E6A293D5312E7F24AE999F6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2818 |
| Entropy (8bit): | 5.120280410901548 |
| Encrypted: | false |
| SSDEEP: | 48:YwhuhRNNWdDiIJhVGg87xauAVRkF7a69Rcy9zt:uRNNTMhVR87xzAvWmsigzt |
| MD5: | CB0FE792457A1135300A240AF0EED544 |
| SHA1: | F9D8331C9D88D66B1AD810740DFD9442A02DE625 |
| SHA-256: | 4EB84DA779EDA4D240FF2FD7539C4E2E001FBD4D53174F0121454F704A0DEBBF |
| SHA-512: | 20E3C4C3B020D69EC18EAC7F44885713EB0C16CDB6AA884B761B2EEAC2763A85FD61E05F2BD4C840C4F30696BC934CF6F8FBF17690AC3CA0EA7D0C0AA9B1C505 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 0.9877072685385363 |
| Encrypted: | false |
| SSDEEP: | 24:TLHRx/XYKQvGJF7urs67Y9QmQ6QeKIcLESiAieSF:TVl2GL7ms67YXtrpcI8W |
| MD5: | 3EFA68C464515226E93F70F75E7C1CC8 |
| SHA1: | 0AF90D8B40286F5913FAD62708A4BDB2B2BBA1EF |
| SHA-256: | DAF7C6A89BE90E580E13F0AADE0B054FECA61BEC8681A574FCC1F0DD9D15B9D6 |
| SHA-512: | D7AE8980411141462482759D0FB03D9B1B580DFE1104578A13F731CA57F9550467DB20009576EFCE8C138ACDCCEE45294C5B74E1734CD6864F0B0CE165F998C3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.343377339654432 |
| Encrypted: | false |
| SSDEEP: | 24:7+t3UEASY9QmQ6QeK7cLESiAi0mY9QiqLBx/XYKQvGJF7urse:7M5lYXtrecI8KY/qll2GL7mse |
| MD5: | 6EB62B5E41393AEC9F7FEF14AF3E8494 |
| SHA1: | 058B7A85FC536079D109D52CABFA53DA3653D693 |
| SHA-256: | C5ED9D2008D5BADDF0CFDAB74CF78C89475C69AB2F3382592FDCFA9195B5647A |
| SHA-512: | FE26C391DBE81516068E55F3AEEF6E1077C32D8D72E869B00DBAA4A6ED89FF0842309F81BB3230DBD0164A12038E94181D3B7E1839EA7ABF6E0BF014B6E70F0C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.524398495091119 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8xOlQqdNz4ACH:Qw946cPbiOxDlbYnuRK5Z4ACH |
| MD5: | AA9663B4ECBE77A4984842BBB062F963 |
| SHA1: | 73D31E0FDF57830A13AD7C3D049DF37F570E2A51 |
| SHA-256: | EB92FE648E6801EE868972C67387FC799617E8E2095DD74BA8DBBB6F1D16FE3E |
| SHA-512: | AFCA150EFBE5D60C91596EEE20E69D64DAB2B425EB420BCB748B5D0CBF5F652A2FD970F39ABDC6DD928F74F5355F53CDDFEA62AACBFAAE1A2C518B51E3745BD0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-29 10-35-47-231.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.353642815103214 |
| Encrypted: | false |
| SSDEEP: | 384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL |
| MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
| SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
| SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
| SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15114 |
| Entropy (8bit): | 5.3375130382545 |
| Encrypted: | false |
| SSDEEP: | 384:gBnE/p+FnpYep7p9hCAhm8448XyJDskSCtvrJRhMdRjq4ubx3XsRKBiBEdzdaPiw:SJs7 |
| MD5: | 875289F9499072C9C4D89B4C6ACAF81D |
| SHA1: | A2BADDF91763D9684AFF259E91283391A05E36EB |
| SHA-256: | DFC878CEF7E190E0D7C58035887C98CD138934855487B559F0DE0BEA7C4E9FD7 |
| SHA-512: | E498B65CFC81CEC4372A1D49FD18A232FB13D74983211AE7027FA386F7B1286D809889D00A2010E714BE52C0625ADC9CA9DFBDE139D3BB743E82C5A49583EA3C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.423748359712298 |
| Encrypted: | false |
| SSDEEP: | 768:YAoAoAkA/AUAFAkA9A5AvASkA1A0AZA/AkAUAAAhAeAyAyAQAdAlAfAzAzA/AqA+:YAoAoAkA/AUAFAkA9A5AvASkA1A0AZAU |
| MD5: | EB7955AAC3E9E3C24B056424A0472AF3 |
| SHA1: | 2F8C4455F7BEEEEF7993A8D9DA40807708641AD5 |
| SHA-256: | 779A1E90443592EBA153EF2171B6E6C3C099B68007A6085DAAAFFDA1BB6CCD16 |
| SHA-512: | 26135F48B591D21C476F572E3BD982A1FA5C889F3EC7322FA99599BC1370F088BFD95D28479F894300DC3EBE83C0D6B8885421AEE25A16F85D4777DF3BC4C826 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tOWLaGZ4ZwYIGNPS:RB3mlind9i4ufFXpAXkrfUs0kWLaGZ48 |
| MD5: | 1D64D25345DD73F100517644279994E6 |
| SHA1: | DE807F82098D469302955DCBE1A963CD6E887737 |
| SHA-256: | 0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC |
| SHA-512: | C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7ouWLgGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLgGZtwZGk3mlind9i4ufFXpAXkru |
| MD5: | A8E5C37206C98D1B655FF994A420FFB6 |
| SHA1: | 827237782AB5971EC205C3BCECCC7950BE9F84C3 |
| SHA-256: | F1F755059AF7C2CBC36920337941AEFB18FBDB3CD14D3239CBBBCF0CB8F208EA |
| SHA-512: | 12DE33EB7624458AEC44D83D4E2C09E626F8E54E177FC0C26EEBA232935F34FAAAEB71FBB025EB7C53BEA9933C46ADCE759C32516D1B80C03B6734C61D61CEB2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.90358819584579 |
| TrID: |
|
| File name: | lnv_20422206_Denverwater.pdf |
| File size: | 178'181 bytes |
| MD5: | 6090ef6d4bbea6240b8be5df50222bfa |
| SHA1: | ec0e35a52f6b85501e7a83522dedab726032686d |
| SHA256: | 14390f1f8c48653ab9a212b42e84e61bd83d6f669b9ebd8422ce05610c7e6b16 |
| SHA512: | c944fac62cc769bbc6a69a29a28a4216d5f70f8865f7a9aef475e5e7b50ed8ee81e6ecdd0090b7de8334b59c9d58fe5e88d4955623283c03d483f5c7ca247ba3 |
| SSDEEP: | 3072:ST6PWE05AJXvJe5I2SSXfc9DjUWPo2AP2Dqyixm3N0sw8mW4:S+WE0MvJe5BX2DjUpeDz7N2nP |
| TLSH: | C004D070F6894C4CE9C6DB1FC2B8384E4F5DF66B92CD7884117C8A19E612DA5A783387 |
| File Content Preview: | %PDF-1.4.%.....1 0 obj.<</Title (about:blank)./Creator (Mozilla/5.0 \(Windows NT 10.0; Win64; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) HeadlessChrome/127.0.0.0 Safari/537.36)./Producer (Skia/PDF m127)./CreationDate (D:20241028194756+00'00')./ModDate |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.4 |
| Total Entropy: | 7.903588 |
| Total Bytes: | 178181 |
| Stream Entropy: | 7.997017 |
| Stream Bytes: | 154595 |
| Entropy outside Streams: | 5.028095 |
| Bytes outside Streams: | 23586 |
| Number of EOF found: | 1 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 142 |
| endobj | 142 |
| stream | 16 |
| endstream | 16 |
| xref | 1 |
| trailer | 1 |
| startxref | 1 |
| /Page | 1 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 0 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Image Streams |
|---|
| ID | DHASH | MD5 | Preview |
|---|---|---|---|
| 4 | ab2b550f2a550bab | ac466a0a90811c2fa8f5b0e141e1abc5 |  |
| 7 | 0022222211110000 | 8f9830e2317c459ccaccde223926a865 |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 29, 2024 15:35:58.785079002 CET | 56424 | 53 | 192.168.2.16 | 1.1.1.1 |
| Oct 29, 2024 15:36:11.055618048 CET | 52311 | 53 | 192.168.2.16 | 1.1.1.1 |
| Oct 29, 2024 15:36:24.687792063 CET | 61304 | 53 | 192.168.2.16 | 1.1.1.1 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Oct 29, 2024 15:35:58.785079002 CET | 192.168.2.16 | 1.1.1.1 | 0xaf17 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 29, 2024 15:36:11.055618048 CET | 192.168.2.16 | 1.1.1.1 | 0x82e7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 29, 2024 15:36:24.687792063 CET | 192.168.2.16 | 1.1.1.1 | 0x5933 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Oct 29, 2024 15:35:49.909918070 CET | 1.1.1.1 | 192.168.2.16 | 0xf503 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Oct 29, 2024 15:35:49.909918070 CET | 1.1.1.1 | 192.168.2.16 | 0xf503 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Oct 29, 2024 15:35:58.792967081 CET | 1.1.1.1 | 192.168.2.16 | 0xaf17 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Oct 29, 2024 15:36:11.064620018 CET | 1.1.1.1 | 192.168.2.16 | 0x82e7 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Oct 29, 2024 15:36:24.697751045 CET | 1.1.1.1 | 192.168.2.16 | 0x5933 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 10:35:43 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7b2230000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 2 |
| Start time: | 10:35:44 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff680d90000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 3 |
| Start time: | 10:35:45 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff680d90000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
⊘No disassembly