Edit tour
Windows
Analysis Report
20250115_125836_lfg_Scan.pdf
Overview
General Information
| Sample name: | 20250115_125836_lfg_Scan.pdf |
| Analysis ID: | 1592010 |
| MD5: | 97f7e77fa0950cce94bc87de36bdce3c |
| SHA1: | 2d5a1af1e215f97323f1cbc9a83214c33c5c9b52 |
| SHA256: | b26e0eb0f0214392b3aa8933021ea2c06947936f04b9ae902b1f63f2852f0163 |
| Infos: | |
 | |
Detection
| Score: | 0 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 80% |
Signatures
Potential document exploit detected (performs DNS queries)
Classification
- System is w10x64
Acrobat.exe (PID: 7124 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\2 0250115_12 5836_lfg_S can.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 6956 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 3840 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 04 --field -trial-han dle=1688,i ,855163989 2096939581 ,177411611 9171217328 7,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | high | |
| x1.i.lencr.org | unknown | unknown | false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high |
⊘No contacted IP infos
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1592010 |
| Start date and time: | 2025-01-15 16:39:12 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 0s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowspdfcookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 14 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | 20250115_125836_lfg_Scan.pdf |
| Detection: | CLEAN |
| Classification: | clean0.winPDF@14/50@1/0 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 2.23.240.205, 54.224.241.105, 34.237.241.83, 18.213.11.84, 50.16.47.176, 162.159.61.3, 172.64.41.3, 2.22.242.11, 2.22.242.123, 23.209.209.135, 199.232.214.172, 13.107.246.45, 184.28.90.27, 20.12.23.50, 104.126.112.182, 184.28.90.29
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, otelrules.azureedge.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com, crl.root-x1.letsencrypt.org.edgekey.net
| Time | Type | Description |
|---|---|---|
| 10:40:22 | API Interceptor |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Wannacry | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Strela Downloader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | PureCrypter, LummaC, LummaC Stealer | Browse |
| ||
| Get hash | malicious | Strela Downloader | Browse |
|
⊘No context
⊘No context
⊘No context
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 298 |
| Entropy (8bit): | 5.159392031013653 |
| Encrypted: | false |
| SSDEEP: | 6:iONr2m2uNIq2PN72nKuAl9OmbnIFUtLr2m08ZZmwpr2m08zkwON72nKuAl9Ombjd:7wm3NIvVaHAahFUtWm08Z/km08z5OaHi |
| MD5: | 8DD3EB8B3325A7A58B98D3B915F1903F |
| SHA1: | E31AF6C0B2DC114910EE897F42AF819F9405A698 |
| SHA-256: | 10DF2CD490D67FDA065BBCFED8959917316160E2DD7BA732D8B3E33D7B5CFFDC |
| SHA-512: | CB8DADACE86E557EE032448D7E70A1C029FFEE304360AA154E5DA668AAE02AE29F2A2FFD1A59987AFC1BAA292D30E267C4E8C81079F07C3668926B76E1D6C7F2 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 298 |
| Entropy (8bit): | 5.159392031013653 |
| Encrypted: | false |
| SSDEEP: | 6:iONr2m2uNIq2PN72nKuAl9OmbnIFUtLr2m08ZZmwpr2m08zkwON72nKuAl9Ombjd:7wm3NIvVaHAahFUtWm08Z/km08z5OaHi |
| MD5: | 8DD3EB8B3325A7A58B98D3B915F1903F |
| SHA1: | E31AF6C0B2DC114910EE897F42AF819F9405A698 |
| SHA-256: | 10DF2CD490D67FDA065BBCFED8959917316160E2DD7BA732D8B3E33D7B5CFFDC |
| SHA-512: | CB8DADACE86E557EE032448D7E70A1C029FFEE304360AA154E5DA668AAE02AE29F2A2FFD1A59987AFC1BAA292D30E267C4E8C81079F07C3668926B76E1D6C7F2 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 342 |
| Entropy (8bit): | 5.175833531305261 |
| Encrypted: | false |
| SSDEEP: | 6:iONr2hIVq2PN72nKuAl9Ombzo2jMGIFUtLr2ZSgZmwpr2dIkwON72nKuAl9Ombzz:7wuVvVaHAa8uFUtWZSg/kdI5OaHAa8RJ |
| MD5: | 9C78BB167236C8157E23DA17C9DFC607 |
| SHA1: | FEA495189D9E3DD0F47AA95B8593BA9B5C4284CA |
| SHA-256: | 35C44BAE7186456940369C8C0735FF67CED391D729A8E1F3DD929400094CCD81 |
| SHA-512: | 5FD0550913144A565614E5BD8F150FDCB6F112175221F13B3F9B19287F03D905C20E3A05ADC80BF0311A0E42A8F5E9C0901A58F798F4ADA28325C0D16C00A01F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 342 |
| Entropy (8bit): | 5.175833531305261 |
| Encrypted: | false |
| SSDEEP: | 6:iONr2hIVq2PN72nKuAl9Ombzo2jMGIFUtLr2ZSgZmwpr2dIkwON72nKuAl9Ombzz:7wuVvVaHAa8uFUtWZSg/kdI5OaHAa8RJ |
| MD5: | 9C78BB167236C8157E23DA17C9DFC607 |
| SHA1: | FEA495189D9E3DD0F47AA95B8593BA9B5C4284CA |
| SHA-256: | 35C44BAE7186456940369C8C0735FF67CED391D729A8E1F3DD929400094CCD81 |
| SHA-512: | 5FD0550913144A565614E5BD8F150FDCB6F112175221F13B3F9B19287F03D905C20E3A05ADC80BF0311A0E42A8F5E9C0901A58F798F4ADA28325C0D16C00A01F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\2806d613-a9e4-44f9-bf7f-41ae3b7e3599.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.9569730822179325 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqC5OxsBdOg2HOfcaq3QYiubcP7E4T3y:Y2sRdsZ5dMHOu3QYhbA7nby |
| MD5: | 0C78952ED51DBE56DEBF5648EEF77501 |
| SHA1: | 8FD13CBCB121F81C0D20882C681F0D5E1051C595 |
| SHA-256: | 7B60610A7D54F0E70E2F7A2EA68E38EA612285E5F27E9CA4B64C29A8E8FACE8E |
| SHA-512: | D28C1559E0AFFB6F774E543FE3F82847A8C50CC107E763DF80C92D3BEBB1635A8AA03186E8FF0AD21654FBDB5EF5834ED88F748FC4E9FCFC10C1504BEA6C61B3 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 475 |
| Entropy (8bit): | 4.9569730822179325 |
| Encrypted: | false |
| SSDEEP: | 12:YH/um3RA8sqC5OxsBdOg2HOfcaq3QYiubcP7E4T3y:Y2sRdsZ5dMHOu3QYhbA7nby |
| MD5: | 0C78952ED51DBE56DEBF5648EEF77501 |
| SHA1: | 8FD13CBCB121F81C0D20882C681F0D5E1051C595 |
| SHA-256: | 7B60610A7D54F0E70E2F7A2EA68E38EA612285E5F27E9CA4B64C29A8E8FACE8E |
| SHA-512: | D28C1559E0AFFB6F774E543FE3F82847A8C50CC107E763DF80C92D3BEBB1635A8AA03186E8FF0AD21654FBDB5EF5834ED88F748FC4E9FCFC10C1504BEA6C61B3 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5859 |
| Entropy (8bit): | 5.252976821739888 |
| Encrypted: | false |
| SSDEEP: | 96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE70IBWE:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzht |
| MD5: | 51688C35278CD43DC5BCD96D21856537 |
| SHA1: | 46269A713FD567EDB2E40309203B11574C131D09 |
| SHA-256: | 5C521F4286C24BE8E5365759DCB311A0617D79332D13BBD66D6DB2BA30D171ED |
| SHA-512: | AB37937B19D3ED92D8A1D89F5842FDCEFE4B9961AC58C8F7E555B4015E87AD70DACDBF9F0231996EE5ACD11FEAA12E42DA0014E686DCDD50C5F0111675B9B846 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 330 |
| Entropy (8bit): | 5.123692591497835 |
| Encrypted: | false |
| SSDEEP: | 6:iONr/IVq2PN72nKuAl9OmbzNMxIFUtLreIgZmwprGlIkwON72nKuAl9OmbzNMFLJ:7KVvVaHAa8jFUtrg/GI5OaHAa84J |
| MD5: | FE2FA996771FF1E29C7BFF6A5E4DFC33 |
| SHA1: | 07662B18C695C1FDF17DC40B070F29E90B161362 |
| SHA-256: | 5302765910CEDE2D112455AB8B0DBC3F49391EFFD86CB455B0F4CD6C41195272 |
| SHA-512: | 069B8C22A46E6B342A926F3F645E5F9B22C6449DA40C3CCF25A9E4A5D78548AD30DE03400C976130BD933B26D024A8E513241AF15675D1E1C8BB15C940B7B598 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 330 |
| Entropy (8bit): | 5.123692591497835 |
| Encrypted: | false |
| SSDEEP: | 6:iONr/IVq2PN72nKuAl9OmbzNMxIFUtLreIgZmwprGlIkwON72nKuAl9OmbzNMFLJ:7KVvVaHAa8jFUtrg/GI5OaHAa84J |
| MD5: | FE2FA996771FF1E29C7BFF6A5E4DFC33 |
| SHA1: | 07662B18C695C1FDF17DC40B070F29E90B161362 |
| SHA-256: | 5302765910CEDE2D112455AB8B0DBC3F49391EFFD86CB455B0F4CD6C41195272 |
| SHA-512: | 069B8C22A46E6B342A926F3F645E5F9B22C6449DA40C3CCF25A9E4A5D78548AD30DE03400C976130BD933B26D024A8E513241AF15675D1E1C8BB15C940B7B598 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250115154015Z-195.bmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65110 |
| Entropy (8bit): | 0.8231928237973899 |
| Encrypted: | false |
| SSDEEP: | 3:up/ql/naszsr/aYoiaFr/aO:upCl/4KT |
| MD5: | F11E718D9572DF6E0DE3CEB1C2FAFDC5 |
| SHA1: | 990FD8BD505DF9243E4041E5F483EADC8C3133C8 |
| SHA-256: | DAABAF5161D97BCD7FDBE0571B00BDA7BEE3ABC28A249742E438AE92B4CAAF7E |
| SHA-512: | 996AD13A1AE58F8F423F1DD4B077B06A2958892F3FD4AADF01B14F514D27BB4C4D007B4D450B5779EB936D7295E4C79836475D59EA8D18240CA333C69542824F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 86016 |
| Entropy (8bit): | 4.444526358861704 |
| Encrypted: | false |
| SSDEEP: | 384:ye6ci5tBiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mSs3OazzU89UTTgUL |
| MD5: | 0561BE1F618B53A34C2AA57013A3B254 |
| SHA1: | 90F7BD8629A78E352C894EC34A2F53B583AA857E |
| SHA-256: | 01E2C0549A5E20C3E10BD22E138EE230184F3BBF232772B4928C4BF68E36F3D7 |
| SHA-512: | A2751EC14A2C8771E8734E4E5DCD6651D3075A534D852441907A0C0DFC5BB33B033DF8CAC31FC34E3A9E51313F7D9E90BFB7855E3A52B610AF4703EAD80EC246 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 3.767685156506968 |
| Encrypted: | false |
| SSDEEP: | 48:7MiJioyVvioyDoy1C7oy16oy15KOioy1noy1AYoy1Wioy1oioykioyBoy1noy1O7:7FJuv1cXjBi5b9IVXEBodRBki |
| MD5: | 5A34BC5F49D78F76B52E8DEFAC2DD05F |
| SHA1: | 41DDAF86C9AC3421FBE1FAA514DC719B0FC15DC9 |
| SHA-256: | 4B1180FA96EB0CA3FD51F96F7A4AB3296146A5AD9995A7473F038CA216956FDC |
| SHA-512: | EB38DD600D9A1861D96F33C85CE033B95890C72E715FFB9F7E471A56CFCCD2B5FF71C7CC527F0097BB10FF63977950D5664D8EB6A27107B4B87C7E5087277F26 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1391 |
| Entropy (8bit): | 7.705940075877404 |
| Encrypted: | false |
| SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
| MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
| SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
| SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
| SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71954 |
| Entropy (8bit): | 7.996617769952133 |
| Encrypted: | true |
| SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
| MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
| SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
| SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
| SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 192 |
| Entropy (8bit): | 2.754329157248748 |
| Encrypted: | false |
| SSDEEP: | 3:kkFklmoKfllXlE/HT8k17vNNX8RolJuRdxLlGB9lQRYwpDdt:kK/oDT88RNMa8RdWBwRd |
| MD5: | 7F38173383F88D5DA7A2AA9A8DA81D66 |
| SHA1: | 073AC5070FDB3DEA7E8B06E352E09D61919CE642 |
| SHA-256: | C82B9B9AB4F20280A0438C419C7AD37744E0741DDDF4C15E03CFE08F94EEFDE4 |
| SHA-512: | B7FD9F4309D6C3BD82368A13B7E3E6F72C47474847FBB798BE97D817674AB689B710614DFD670856196A2D8871164AA4A1E2B1DBE11DF689D28FED0093CAA011 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 328 |
| Entropy (8bit): | 3.2368928658074476 |
| Encrypted: | false |
| SSDEEP: | 6:kK+Vn9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:2V2DImsLNkPlE99SNxAhUe/3 |
| MD5: | D234348ED0E83F53FCEC12E1DB9152EC |
| SHA1: | 79AB9740C4147C2D57F4C7BB222B0897E7A8C1A7 |
| SHA-256: | 63AB2E22E0986AC2D4404125CB4B3004F723153252FC90AF6837A747624649B3 |
| SHA-512: | 811FD9C00A400D8B80A6F5F44C9BAB738B53304362EC8B41929E5B701670A9EC30D36AE3F947AD1075E3967294B0446B9AD86001B19441D2C84870520CBD16A8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1233 |
| Entropy (8bit): | 5.233980037532449 |
| Encrypted: | false |
| SSDEEP: | 24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap |
| MD5: | 8BA9D8BEBA42C23A5DB405994B54903F |
| SHA1: | FC1B1646EC8A7015F492AA17ADF9712B54858361 |
| SHA-256: | 862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C |
| SHA-512: | 26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10880 |
| Entropy (8bit): | 5.214360287289079 |
| Encrypted: | false |
| SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
| MD5: | B60EE534029885BD6DECA42D1263BDC0 |
| SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
| SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
| SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10880 |
| Entropy (8bit): | 5.214360287289079 |
| Encrypted: | false |
| SSDEEP: | 192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp |
| MD5: | B60EE534029885BD6DECA42D1263BDC0 |
| SHA1: | 4E801BA6CA503BDAE7E54B7DB65BE641F7C23375 |
| SHA-256: | B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856 |
| SHA-512: | 52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.360826334042674 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDsETO2MV0nZiQ0YfyoAvJM3g98kUwPeUkwRe9:YvXKXDJDI0cyGMbLUkee9 |
| MD5: | 9BA9B525F8213AA2658B0E502630D4E2 |
| SHA1: | AA4E652138E9FC5CB24E74711C21388D83C73337 |
| SHA-256: | 488E418820A4D9838E9606439992B4F990217663A75AEF0CF30C0FAECFF8C2A0 |
| SHA-512: | 535C2F712E8DA34E4E2AB875BDF7A3060C0AFCD68194A23228A0FA216DFD47467F19A13A659179ADDFC6FB5177E94E7092FCA0479F18542369B1376FA3C25079 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.314430638634441 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDsETO2MV0nZiQ0YfyoAvJfBoTfXpnrPeUkwRe9:YvXKXDJDI0cyGWTfXcUkee9 |
| MD5: | B01BE146CC0574231BB4D92F9DA9A69D |
| SHA1: | E8EE9E394984377FF44CBC9444FD59E34F5CAB70 |
| SHA-256: | 6B524405DDF550297EC012C801A277A7B253410EB49F64B95FF1484DC03587D6 |
| SHA-512: | AB587E62C4F9417076878EA057AA1BBD6B2D1DBE058B8C3B6DCCDB5AAA4E5820F6813412DF08C31985838CCED0B4636970C9E563B68D8D712230A6FC3C642775 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.291973836853064 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDsETO2MV0nZiQ0YfyoAvJfBD2G6UpnrPeUkwRe9:YvXKXDJDI0cyGR22cUkee9 |
| MD5: | 1E5F31976A30E723FD74E4ED03C5325A |
| SHA1: | 076E2992A823DFA15E9D4372199713AA7B9FDAA0 |
| SHA-256: | 0A99AC78EF29EF5E56367DC4EF149AE9A423B296F02ADDACA3DBB007A6D8D4A4 |
| SHA-512: | 35A94CC0E0981771730EA6E46EBB0836F2DEA70D3CA7364C1E7E1DDFA769C041E3DDA2EC272AB65AF7E2795BDD85560260E09E8316A000AFABB3D7BA8FE3679D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.340759890328557 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDsETO2MV0nZiQ0YfyoAvJfPmwrPeUkwRe9:YvXKXDJDI0cyGH56Ukee9 |
| MD5: | 574E2F51CB1897A5F40A9D4039176DFC |
| SHA1: | F3EAA54BA72F3DF1CA62FF1CCCD95BFF498DA64E |
| SHA-256: | EDE110D048A6BA491A0940C08D7B6F442A1EF500F2DF11C91D06974D840ECE0C |
| SHA-512: | 6308DA18F8D99C774887C2D80A06C58B0074DEAA81FACB1D9E0B75A9FC90F30BA03E819D8D316C443749FBD55850C9E98521EB4873267550A3CD5C3DE29C087B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1123 |
| Entropy (8bit): | 5.685939104817229 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XDqZPpLgE9cQx8LennAvzBvkn0RCmK8czOCCS0B:YvuKhgy6SAFv5Ah8cv/0B |
| MD5: | 730D8272B3B58252831B6221E434B910 |
| SHA1: | DACD8618E4FC6426FBC433BA4859DFD800B0E37C |
| SHA-256: | 666CF5AD9E2FC2A6EDDC056A897BADFE325BE51F5A8655E550471260A8714BAD |
| SHA-512: | 6C45388E4E8AB01A10F663942815099321038AC1E1856D02A45979968794569BAD0479743A7832273522824E52274B9501683765EAF3594AA506CF1031A366B9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.289804223251607 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDsETO2MV0nZiQ0YfyoAvJf8dPeUkwRe9:YvXKXDJDI0cyGU8Ukee9 |
| MD5: | 4C1F7E16D6A86EAD1AA422CB5752288D |
| SHA1: | F2A275F4964F9C0602348288172A205E936B9B9D |
| SHA-256: | 90F1D866AD2955FB18EDA7D64003BCE5CA4113896ADFF358ECB318F73BA0F5E1 |
| SHA-512: | 47DF3121AC56CE74CAC756D7DA4527F1AD63AB8EAABFF4579A6E4E194901FB5F33C308FC853C1E08284E5168CA007B05B9F6B75E2CBBCA4B290D28A20849360F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.293451822697616 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDsETO2MV0nZiQ0YfyoAvJfQ1rPeUkwRe9:YvXKXDJDI0cyGY16Ukee9 |
| MD5: | EA21CF65D57F93C7639095C9D5589BB6 |
| SHA1: | 89954FFFB19F7751F615D4CFB91C72E84971048D |
| SHA-256: | 099B68168300D0306C3D27FF303751EE85529C05573E433705269E4E848C04DC |
| SHA-512: | 76D4AA64217D7CF3FFBAFA24BCC296ECA2250E3DE28632FAD40C1A69FEA47480755F59E0BA06B46A608C259609D5B44EBC9FDF058C89E7F4D7CECA55C8468368 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.299907310138141 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDsETO2MV0nZiQ0YfyoAvJfFldPeUkwRe9:YvXKXDJDI0cyGz8Ukee9 |
| MD5: | D642256F93EC6AEFD990D677E9819EB6 |
| SHA1: | E0726EF00E3E2BCA71054F1F491782394EE345E3 |
| SHA-256: | 8FB5CD35807D9A468BC8FB45F800699C146AD161876E91C50E5805591F4AFB69 |
| SHA-512: | 0A7DB7DE13784F5CBB43D59912D7A452C87B35BE89556D78C670E39AF74FFCD019FEFACBE97504F0ACF12FC03CE23662EAE600A47F1E047C9041D3A14D4049C9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.317455229654422 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDsETO2MV0nZiQ0YfyoAvJfzdPeUkwRe9:YvXKXDJDI0cyGb8Ukee9 |
| MD5: | 66336BBE24721F5B8A7526A5B6ED3029 |
| SHA1: | 9FDFDFB807C9B28677F68D05C7831E2ACF0750FC |
| SHA-256: | AC851E1A08360F7874CE5122A63A76DCB3E4EFFF6BD57A458EC0B43A14675695 |
| SHA-512: | 3F30DC99DA402092F05B597D1A5E675307F532FA207268C4908DFEEA4320F16D56F9DDE7D8608362565C4316CEA5F6BF04E783CA43DB9517A10201237A68082A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.298336829373354 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDsETO2MV0nZiQ0YfyoAvJfYdPeUkwRe9:YvXKXDJDI0cyGg8Ukee9 |
| MD5: | 02D7305947C7AB670427193273C61D99 |
| SHA1: | 3D443DD265E46446532B361814AA640CE4D459E4 |
| SHA-256: | 029E856710C378BE042C030B65EAEAF97600C8C12D77814C62F0D98730202BEE |
| SHA-512: | 56E38C06692C456971987F04E850DF45DFE6A11DE20228C32D0DB1A8233A06E205D90A63E4CB63E6FAF6CF1BF2E36A5AAE47AF6E8E4AAC1F48706CB64460989A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 284 |
| Entropy (8bit): | 5.2840402194901825 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDsETO2MV0nZiQ0YfyoAvJf+dPeUkwRe9:YvXKXDJDI0cyG28Ukee9 |
| MD5: | 0F3657F07FE09A760DC162F6D0861C65 |
| SHA1: | 02559212EDDE1923B2481DA0B0A1B4CFEB4E1BDA |
| SHA-256: | 81EEEDF26F8F838AEC0F73EF71D713B75B1DFB0E2CBFEB2679C4E34200261404 |
| SHA-512: | 2C9BE16925F2DFC89C259D6804F2F6305BFD2D80BF4F8CCE4EE2D10BDC8C355BE4F417038AEB3AE64398E98345FE7E7DAD0FA46E83A0CCB65AF1547B29D39AF2 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.281895357773173 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDsETO2MV0nZiQ0YfyoAvJfbPtdPeUkwRe9:YvXKXDJDI0cyGDV8Ukee9 |
| MD5: | D1D2C8C8C71BDBC28E6E7614CAF5B63C |
| SHA1: | B689FC5E62364F82C68615A77F2326E184AF5F5B |
| SHA-256: | 6B6752B8E7491A2BBB1728A5DD3342203B3D9EA46395C6A78839B4918DFE4D1E |
| SHA-512: | 403311DC6B6ACE914D638B14E887801A2A99A81CF6C3E97C5BA4F55C5B7C9AEF1F592B5C4E099812A2561DE11C60846B9E9C62388125CFAB98697078986FB9AB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.285549522908517 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDsETO2MV0nZiQ0YfyoAvJf21rPeUkwRe9:YvXKXDJDI0cyG+16Ukee9 |
| MD5: | 72C1F5593853CE5FAE850729B0AC5FB3 |
| SHA1: | 10EFD2C870BB0835D7194700A204C165DF2793EB |
| SHA-256: | D04B11627D629BD3FDBCB4FDA64ACB8218A85C1A82B50E8EF8157D5E7AD83C27 |
| SHA-512: | B01E1E5037462677A834F9E9747B029FD4DF8AB8A1AC5788A6EF1D9A1727FF456F55E16AF029921229AEFBF31F159B351D5652FFC2A1B7BEC9FC94F964F52B68 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1090 |
| Entropy (8bit): | 5.658785652040861 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XDqZXamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BS0B:YvuYBgkDMUJUAh8cvM0B |
| MD5: | A7EB3CDF00D2E8AE540A8AB5BD63F595 |
| SHA1: | E32A459C479139CF199FE6A4838BC3DB45A27398 |
| SHA-256: | 31807EA750C03C598AD01FF92FCF3EA19DC65F8A9A48B3F0D576A471D70E07C7 |
| SHA-512: | BEA75AFC93E62F6989D1115059EA5B3B1267F75D89E63AAF36281974F598361EE5E199F1ED9F7F04950F5DDC09981ADBD2F96F76B2659F1623B102D5C4DC46AE |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.260702232339144 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDsETO2MV0nZiQ0YfyoAvJfshHHrPeUkwRe9:YvXKXDJDI0cyGUUUkee9 |
| MD5: | 8735EF9FC2AE54B6E1459F2B66DAEE4B |
| SHA1: | CE67A9427B2E6663D14C746673B6BC3F39D8F1AE |
| SHA-256: | 0EE92E0856C6F04D8EB2AFD2A7367AB476793FE52E154CEC543082CF3EBA427F |
| SHA-512: | E621A78F646F45DFD203E9DE305BB90EFDD86AF33DE2A4C7B1F8E6B9DDFFDB9FBD9B89F2A5A482774B4EAE51809D5EE75DFD0D75811208D7FB3235867F028D87 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 282 |
| Entropy (8bit): | 5.268220020042472 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXDsETO2MV0nZiQ0YfyoAvJTqgFCrPeUkwRe9:YvXKXDJDI0cyGTq16Ukee9 |
| MD5: | 3705D52051D31B6B78CD52121F3A07EC |
| SHA1: | 7BC8E5739C37F18868F5958A5723B0B06CF514FF |
| SHA-256: | 864741544BA258C9FC98B36148052BDE0B8E18B7016BCB029C84C42E80641ECC |
| SHA-512: | 9AEBB568EFB19B8831B4019531556ABD17AA057BB48283B9C90724964FD04CE0DB405B7E9519DEFB50B4B30E0DF9613DD7E9D26F1BC72041A32EEAAA85FFB864 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2814 |
| Entropy (8bit): | 5.133820158605 |
| Encrypted: | false |
| SSDEEP: | 24:YMdT31gapkayG5nG6KCRkDdTUIEgeN5ojk2j0SouICU2J2LSyCEPLM04V75Yc9C7:YKBstqkBXDdIXU0nPLM0QKc9Kt |
| MD5: | 2B3A3F67FE179DD39FEB602A01508F4A |
| SHA1: | 6403BE36EDFBE971BA4F2632D0B2B2592C2CBB4A |
| SHA-256: | BD4CDCD244E75197C477669872A0DD922CFA376BF5B97906EB70563409EABB5A |
| SHA-512: | A4FE35EAA679E6093B61C0C483CBB1E28476F5B0330514152E4DFFB6AB86EF61C7E13B696EA6C43025DB266DE27F53B12A3C9DE47E0C32B19B82A818225F1412 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.1469541342755516 |
| Encrypted: | false |
| SSDEEP: | 24:TLhx/XYKQvGJF7ursZ+voRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUuR:TFl2GL7msZ+qXc+XcGNFlRYIX2v3km+c |
| MD5: | 99FBDB2A99F61AAA198FFC99CBF9EF20 |
| SHA1: | 187B850CA8FC5CD13FE20D51052A4C3196B25109 |
| SHA-256: | BA7A46AF2D982E0A7D68FF7966C38C69B12E8B1DC28FA20A2E3FAD6DC9A4BEBF |
| SHA-512: | 182CBD7219F477C91060ADC326220ED7832EC96355C846239F8ED62FB63AAFF0872D72A508C382DAF7BD7F2F8583C7423FD3D234795EB5A86340CA41503587C8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.552061568982549 |
| Encrypted: | false |
| SSDEEP: | 24:7+tj+voUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLux5qLxx/Xa:7Mj+FXc+XcGNFlRYIX2vsqVl2GL7msk |
| MD5: | 91E42985C0C9DA8F3DAA3C0EC155FECA |
| SHA1: | B89D470C6CA2DDB03420F67BB43E59558D235762 |
| SHA-256: | 8FD2F816416761413419D3604E27DB8251AFB973FE98904D9E337211A42C70AB |
| SHA-512: | EA5A6C7A2FDBCD0E4864C8AE6B9DB3CDFA2FBADEC5B190BC39198589A3FC1908B4E52C7D2973674853D6A9081D6EFA370E734C6C09BF8C04DD372C2A5B699FE6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 66726 |
| Entropy (8bit): | 5.392739213842091 |
| Encrypted: | false |
| SSDEEP: | 768:RNOpblrU6TBH44ADKZEgTzoGueXK2ozh5SegJhNFPe8PYyu:6a6TZ44ADEHoLea2qhcPVPK |
| MD5: | 4F3335D9A6340655B0CDC6769613CF0A |
| SHA1: | 2457FD3442B8B8C81396101E20DCA8798E38DE0A |
| SHA-256: | CE3A7A41F95621BA5417B4D0DBEA6AD15EBE44F55323CC41C3B26ED658E66F38 |
| SHA-512: | 7B7F1898EA3577D124E2B48CDBABB4C5B9DAA58D3662D41636AF300681D4514F696F4E3DF7B1CF9D739F11715D37E8A5C7200B8443CF916DC911E677BEDF5AA2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5004142083842487 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+pClEdN9:Qw946cPbiOxDlbYnuRKZD9 |
| MD5: | ACF0FC360C37F8C4A1407D7D8B1A7E66 |
| SHA1: | AB56C15F73CD1A574A488B3DACE6638DF9F6C361 |
| SHA-256: | F98B0C34DED5AAA279DEBB1CAC07081F48951A779FDD75C9B146037D6A717197 |
| SHA-512: | 5C2D19A09BD50B9E74F498A92D109FF83A23D0BAEEE5318BA11A16CE9362FF74FED2C07BE07FFF6AF0F51FA742C05C9E04E9829941FDCD7EE8E70C1911DA73FF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-15 10-40-12-224.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.338264912747007 |
| Encrypted: | false |
| SSDEEP: | 384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb |
| MD5: | 128A51060103D95314048C2F32A15C66 |
| SHA1: | EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB |
| SHA-256: | 601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713 |
| SHA-512: | 55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15114 |
| Entropy (8bit): | 5.333771773259654 |
| Encrypted: | false |
| SSDEEP: | 384:pt7wTJaPlC7N2lD0x0dUw+0J9WT7ycsKOBjV9VXV/VdVjauDjFXEi6hX1MXMFw62:56CbFRrF |
| MD5: | CD85867F35B4B4F1F4AB557E1B1A44FF |
| SHA1: | BCD6DDCD46C4AAF6F9E551D6FC4CF273EF036328 |
| SHA-256: | 9F76F74D97CDB60F112FB54BCB735A826C064333A7487D3060E3927745D4E90A |
| SHA-512: | A8E38F6F0494BBB54EAE49BC448A4378A69AB800D5C61EC3EA037034A390F3A68DEBB81E54908226FF298923B1D7C4D74968BD7B005D551D6054101700DA25A2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29752 |
| Entropy (8bit): | 5.394465631111686 |
| Encrypted: | false |
| SSDEEP: | 192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcblcbqIfZcbd:V3fOCIdJDeAfK |
| MD5: | 44335C232CD4427F0FA5371F8501E7D3 |
| SHA1: | 3D66A9D0BE43D550016FDF784C788AEB5514ECFD |
| SHA-256: | C8E5AA173AF3741FE2567299D2E1C3711CF98EB457D5DE2579390F3C1BA7E64F |
| SHA-512: | 16AE00DD7FAB7C3146CEC0EB454CAB0456C1978A5C9BA480F4B6D07BEF8E2B1CC19BBB46200B05F1829328CCD6B9A582BEE7F76ED7B86CEB1C905C7EB406A515 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
| SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
| SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
| SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1419751 |
| Entropy (8bit): | 7.976496077007677 |
| Encrypted: | false |
| SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
| MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
| SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
| SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
| SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.189955929418661 |
| TrID: |
|
| File name: | 20250115_125836_lfg_Scan.pdf |
| File size: | 13'576 bytes |
| MD5: | 97f7e77fa0950cce94bc87de36bdce3c |
| SHA1: | 2d5a1af1e215f97323f1cbc9a83214c33c5c9b52 |
| SHA256: | b26e0eb0f0214392b3aa8933021ea2c06947936f04b9ae902b1f63f2852f0163 |
| SHA512: | 34f989e8b8175c2254f57a30fc67d27dbf1420a8759a5345cd1ca16bf42feb9e9e17e8218cd96a8176a7ce52c7825bcc8e7f48cab1c63d9720e74d5bae91a84c |
| SSDEEP: | 384:i2yflvrRzgC9y/3cfrzO9ODW9An07petx9Y7GWriOt6:egE/ |
| TLSH: | BF526521605F98ECD04253F06F212A83F9AA7C12D6D8758030BCF9939775EE8AD13F4A |
| File Content Preview: | %PDF-1.6..%......22 0 obj..<< /Linearized 1../L 13576../O 25../E 3400../N 5../T 12996../H [ 592 340] ..>>....endobj.. xref..22 11..0000000017 00000 n..0000000536 00000 n..0000000932 00000 n..0000000961 00000 n..0000001242 00000 n..0000 |
 | |
| Icon Hash: | 62cc8caeb29e8ae0 |
General | |
|---|---|
| Header: | %PDF-1.6 |
| Total Entropy: | 6.189956 |
| Total Bytes: | 13576 |
| Stream Entropy: | 5.881104 |
| Stream Bytes: | 7306 |
| Entropy outside Streams: | 5.122338 |
| Bytes outside Streams: | 6270 |
| Number of EOF found: | 2 |
| Bytes after EOF: | |
| Name | Count |
|---|---|
| obj | 32 |
| endobj | 32 |
| stream | 22 |
| endstream | 22 |
| xref | 2 |
| trailer | 2 |
| startxref | 2 |
| /Page | 5 |
| /Encrypt | 0 |
| /ObjStm | 0 |
| /URI | 0 |
| /JS | 0 |
| /JavaScript | 0 |
| /AA | 0 |
| /OpenAction | 0 |
| /AcroForm | 0 |
| /JBIG2Decode | 1 |
| /RichMedia | 0 |
| /Launch | 0 |
| /EmbeddedFile | 0 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 15, 2025 16:40:22.515943050 CET | 54052 | 53 | 192.168.2.6 | 1.1.1.1 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 15, 2025 16:40:22.515943050 CET | 192.168.2.6 | 1.1.1.1 | 0xd66a | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 15, 2025 16:40:22.523320913 CET | 1.1.1.1 | 192.168.2.6 | 0xd66a | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Jan 15, 2025 16:40:22.595489025 CET | 1.1.1.1 | 192.168.2.6 | 0x7627 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Jan 15, 2025 16:40:22.595489025 CET | 1.1.1.1 | 192.168.2.6 | 0x7627 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 10:40:08 |
| Start date: | 15/01/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff651090000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 10:40:09 |
| Start date: | 15/01/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff70df30000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 10:40:09 |
| Start date: | 15/01/2025 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff70df30000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly