Windows
Analysis Report
Alchemy_Quarterly_Newsletter-April__24.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- Acrobat.exe (PID: 4416 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\A lchemy_Qua rterly_New sletter-Ap ril__24.pd f" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 3560 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 7296 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --user-d ata-dir="C :\Users\us er\AppData \Local\CEF \User Data " --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=20 84 --field -trial-han dle=1628,i ,868452167 0987530744 ,942319650 4567068144 ,131072 -- disable-fe atures=Bac kForwardCa che,Calcul ateNativeW inOcclusio n,WinUseBr owserSpell Checker /p refetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | Initial sample: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Spearphishing Link | 2 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
184.31.48.185 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431807 |
Start date and time: | 2024-04-25 20:04:13 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowspdfcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Alchemy_Quarterly_Newsletter-April__24.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@14/43@0/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.24.36.138, 54.227.187.23, 52.5.13.197, 52.202.204.11, 23.22.254.206, 172.64.41.3, 162.159.61.3, 23.209.188.149, 23.209.188.151
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
184.31.48.185 | Get hash | malicious | STRRAT | Browse | ||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Babuk, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
|
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.050695043380379 |
Encrypted: | false |
SSDEEP: | 6:3IFKq2P92nKuAl9OmbnIFUt8MIwZmw+MI4kwO92nKuAl9OmbjLJ:wKv4HAahFUt8m/+a5LHAaSJ |
MD5: | 236EA27BA05CEF71A7EACD13D0602CC9 |
SHA1: | 21904F6AB82E91F90636F8A0C0E9776292E99436 |
SHA-256: | 473EA076170415348D868B1B996E642B7E1A816F010330A36765A0C96015F12A |
SHA-512: | CA27AE4D14C0E3F4235D7E0C72813B1700D03BDFF47720DDFE1D7654D1E338744BFAF8E20C6E411997BE190C96223D0C4006CA8530E3B351BF8EF3EFA8D892CE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.050695043380379 |
Encrypted: | false |
SSDEEP: | 6:3IFKq2P92nKuAl9OmbnIFUt8MIwZmw+MI4kwO92nKuAl9OmbjLJ:wKv4HAahFUt8m/+a5LHAaSJ |
MD5: | 236EA27BA05CEF71A7EACD13D0602CC9 |
SHA1: | 21904F6AB82E91F90636F8A0C0E9776292E99436 |
SHA-256: | 473EA076170415348D868B1B996E642B7E1A816F010330A36765A0C96015F12A |
SHA-512: | CA27AE4D14C0E3F4235D7E0C72813B1700D03BDFF47720DDFE1D7654D1E338744BFAF8E20C6E411997BE190C96223D0C4006CA8530E3B351BF8EF3EFA8D892CE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.060730165283677 |
Encrypted: | false |
SSDEEP: | 6:3K24FIq2P92nKuAl9Ombzo2jMGIFUt8MKN9Zmw+MKNPkwO92nKuAl9Ombzo2jMmd:63Iv4HAa8uFUt8/N9/+/NP5LHAa8RJ |
MD5: | 6F18E6FC51CF0BC430A3720B8A7896B7 |
SHA1: | 85CB1CAF43AB95387E49B124AF1D8F669BFD4822 |
SHA-256: | 8E5D7100C100CB65B324CEBCF5DE066CA664B94DDEB6594B74316D4A8529C778 |
SHA-512: | B3FE890EEACAB68E79B7A878C66526911DE1456B9486CC2D4B566FFD505253E4201709D3B1F92145C0843F27A80EA4A866CC4A10A8913355824EC38A25F525DA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.060730165283677 |
Encrypted: | false |
SSDEEP: | 6:3K24FIq2P92nKuAl9Ombzo2jMGIFUt8MKN9Zmw+MKNPkwO92nKuAl9Ombzo2jMmd:63Iv4HAa8uFUt8/N9/+/NP5LHAa8RJ |
MD5: | 6F18E6FC51CF0BC430A3720B8A7896B7 |
SHA1: | 85CB1CAF43AB95387E49B124AF1D8F669BFD4822 |
SHA-256: | 8E5D7100C100CB65B324CEBCF5DE066CA664B94DDEB6594B74316D4A8529C778 |
SHA-512: | B3FE890EEACAB68E79B7A878C66526911DE1456B9486CC2D4B566FFD505253E4201709D3B1F92145C0843F27A80EA4A866CC4A10A8913355824EC38A25F525DA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4e3bbaab-757e-46b1-a686-29321586e52a.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 508 |
Entropy (8bit): | 5.044323380795808 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZSsBdOg2HMcaq3QYiubxnP7E4T3OF+:Y2sRds0dMHv3QYhbxP7nbI+ |
MD5: | 849639EDFE372A4A2CD9B65E6A64C778 |
SHA1: | AD4EF61D6112B9EDCB795CDCEE97EAB1DF8D2AC8 |
SHA-256: | 56E4BCA83C797F757A9E0A1B2519773885999E3253CA24EEB1677482A4EE89AE |
SHA-512: | 2A1DE1BE5FF3D592A495F58FB2A47DAF6B7FE2B4DE3834FEA7DBFFCD0AFBCB3EFC2D9ACF7310D48E24DA79752E05D9F223F90121CCACD590FDD614EE29D3FE5D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 5.044323380795808 |
Encrypted: | false |
SSDEEP: | 12:YH/um3RA8sqZSsBdOg2HMcaq3QYiubxnP7E4T3OF+:Y2sRds0dMHv3QYhbxP7nbI+ |
MD5: | 849639EDFE372A4A2CD9B65E6A64C778 |
SHA1: | AD4EF61D6112B9EDCB795CDCEE97EAB1DF8D2AC8 |
SHA-256: | 56E4BCA83C797F757A9E0A1B2519773885999E3253CA24EEB1677482A4EE89AE |
SHA-512: | 2A1DE1BE5FF3D592A495F58FB2A47DAF6B7FE2B4DE3834FEA7DBFFCD0AFBCB3EFC2D9ACF7310D48E24DA79752E05D9F223F90121CCACD590FDD614EE29D3FE5D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4509 |
Entropy (8bit): | 5.236990861208206 |
Encrypted: | false |
SSDEEP: | 96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUCO3vJbkZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLx |
MD5: | 7382DCE367E454E74B061E140F2FD87F |
SHA1: | DACBAB20928A0BFEC0D442465859F69FE62CFE60 |
SHA-256: | 1C8E1A99D047E94D0EC9755DAF40424B712737D3A4A20EF3A64965E012BE3C15 |
SHA-512: | 28E883CF6D0B89E3CB47E28EE90F8F4D1B7CA6C06C97B627E51E86A63E77A7FA3C4C97A0A7B3A3B043A36FBDF0358B284CB4441B1FDFFFFEBAEBC90E29508170 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.102146634945072 |
Encrypted: | false |
SSDEEP: | 6:3OlMq2P92nKuAl9OmbzNMxIFUt8MV9Zmw+MvWkwO92nKuAl9OmbzNMFLJ:+Sv4HAa8jFUt88/+8W5LHAa84J |
MD5: | D271BF383A0DFDD708E5A25B0EFC83A8 |
SHA1: | E066AFC47C467CF5E0BDCAE77C758DE2F98B8F07 |
SHA-256: | 090EEFA7A53EC738E70D51F87E2B7D2301AB23A92D0B3749374F86C3B8CC688F |
SHA-512: | DF772A6738B236D40EED7A5817D520F764A5FAD40DD129A5C8CF8AB978086012126E5EB95EF4434580F8581860B76185072D4F4656B139C8A675BF1E63CC4FC2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.102146634945072 |
Encrypted: | false |
SSDEEP: | 6:3OlMq2P92nKuAl9OmbzNMxIFUt8MV9Zmw+MvWkwO92nKuAl9OmbzNMFLJ:+Sv4HAa8jFUt88/+8W5LHAa84J |
MD5: | D271BF383A0DFDD708E5A25B0EFC83A8 |
SHA1: | E066AFC47C467CF5E0BDCAE77C758DE2F98B8F07 |
SHA-256: | 090EEFA7A53EC738E70D51F87E2B7D2301AB23A92D0B3749374F86C3B8CC688F |
SHA-512: | DF772A6738B236D40EED7A5817D520F764A5FAD40DD129A5C8CF8AB978086012126E5EB95EF4434580F8581860B76185072D4F4656B139C8A675BF1E63CC4FC2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240425180504Z-174.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 1.9304683848646098 |
Encrypted: | false |
SSDEEP: | 192:Cvc3qIuu7zorMuNjCh0tmc7UJyJZWgLHs+8llg8jmTwiVCUAuGoNYI:Cvc3qIuuQrMRoAkLH+mDSRI |
MD5: | 2640B6A863CCAE9FE06CC38D69BF19C8 |
SHA1: | C4582638E526224DE60C7C99BD383323DDD914F0 |
SHA-256: | 173716DA00C14C7EFC9027D8C6F66C0DA24F573A81C0FAF57DBB9D9D03B23447 |
SHA-512: | C808109BFE40D27B062C44D93373E9BB3F9D790407E75FCC3B59971BC0AAF6A1D0F93181C185F00E4FF4981E5CDDDCB395CE8665E7176C0A5545B4222768947C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227002 |
Entropy (8bit): | 3.392780893644728 |
Encrypted: | false |
SSDEEP: | 1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn |
MD5: | 87EDBEE38F56C20298F25D5D3D4D1B5C |
SHA1: | 7F904E9615AC3186A87472EF366DD8202855B0B7 |
SHA-256: | A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6 |
SHA-512: | BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.350723147798763 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXW5SUPx+FIbRI6XVW7+0Y/rCRoAvJM3g98kUwPeUkwRe9:YvXKX8SUPUYpW7MCuGMbLUkee9 |
MD5: | C2A7DD9AE35810E728BE6B6BC7FC7A1B |
SHA1: | 248467CA71ED0B6BB75197BA1E006086BE79DB62 |
SHA-256: | F758C20741544B5BA18A7E15A8963C622D49957795857B133C73CEA9A89D1F33 |
SHA-512: | 77A9AB86EE43896288B85E97F333973C4863DC4FBF1F11CF06310EA6CA7BFF2D9F3958695B87085EF95B0ED64F57E010BD0335A921CF8D047EA18634565E8A20 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.289550314735322 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXW5SUPx+FIbRI6XVW7+0Y/rCRoAvJfBoTfXpnrPeUkwRe9:YvXKX8SUPUYpW7MCuGWTfXcUkee9 |
MD5: | 3AF7AB937A1946FE861F59CEF136D18F |
SHA1: | 88FB628BFFB37D32DB6D30EC54BC33B7124EE871 |
SHA-256: | CE0AB102A3118878843710B32D1C9FAABD4C74E2DD6D1C2A19EEE4354A216E72 |
SHA-512: | A9DDE378A406B6B3898BE48D45725F7AD313999429754DE25BA1024D47EA7F49F4843E5843A098AA6E6A159D9545D1C5E586A4F9120168B4524F1FFE27B2BEF9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.267400408312391 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXW5SUPx+FIbRI6XVW7+0Y/rCRoAvJfBD2G6UpnrPeUkwRe9:YvXKX8SUPUYpW7MCuGR22cUkee9 |
MD5: | 3A8D06CEB3877327BCD700CA0BD5B96A |
SHA1: | 3F6235C6C242724A7F7D87E0525ED508E210A902 |
SHA-256: | D57BDD95F9A60FED83CBF1307BE521530662CD507B48A7536FEE855E6F1F9B35 |
SHA-512: | 8E0E44AA7FCA2B1708433EED9865D90FA1E7F2794A79977DE182E8089F67AED744EE2783A9A7F7ECD4FA7E588892C72FB720CA4C8CD409F09F8C2528553E9ED8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.329172508311701 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXW5SUPx+FIbRI6XVW7+0Y/rCRoAvJfPmwrPeUkwRe9:YvXKX8SUPUYpW7MCuGH56Ukee9 |
MD5: | 7629125BEBFA8FBF03C961B872CD0487 |
SHA1: | 299D68427A92CA86CEB93A600D0FE54C634DE788 |
SHA-256: | DC7A7D757CA49E7275C19E97FEB23354F0CDFB8689EB9351341C6C4862E03111 |
SHA-512: | 1DC153CD39C0EDBE714CB6F971F1F01D6B0C9EBDA5940C841E578448AF24B48B4F8C3CA5DD5918F059FF461126567F5B9DF5F1010BB8894ED8C147F1EF118DB8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.288291837905225 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXW5SUPx+FIbRI6XVW7+0Y/rCRoAvJfJWCtMdPeUkwRe9:YvXKX8SUPUYpW7MCuGBS8Ukee9 |
MD5: | A758A16F73D48E1689C1A1F09ADE0630 |
SHA1: | B3B4D62B17F4382ECEC0BFF0831B68EBD6AB36CF |
SHA-256: | 9D90BF02CCF92177609A41A306639EF0177AF67FBC985CDA89E78342BF84ED26 |
SHA-512: | D01FDB67D0485C8798987D2C572A65FC6849B38F23A217DE23EE21679194A56283FD592838EB098A8E81A8633E295ADB7724ADD59D8764EA2E84AACD6A96EAE4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.273528329629824 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXW5SUPx+FIbRI6XVW7+0Y/rCRoAvJf8dPeUkwRe9:YvXKX8SUPUYpW7MCuGU8Ukee9 |
MD5: | FC8A14E251DDD97C33B5C256C3904860 |
SHA1: | ADF4EA44920FFF78EDDC9BE51E39C01E0B1396F1 |
SHA-256: | B0601FB45C921DA896BEAB8F0A72B48549FFC4D7C58B9BB9FEF6441C2949C4D7 |
SHA-512: | D49588D28A2F5A8EA52349AE6C6978783F79F71FA4E08FD0D72D0F1130E9487A29E8941474EB17A46A5A7D6DD0A5217593831255B97D345FE80C721845240623 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.274755500277802 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXW5SUPx+FIbRI6XVW7+0Y/rCRoAvJfQ1rPeUkwRe9:YvXKX8SUPUYpW7MCuGY16Ukee9 |
MD5: | 9F7C9F9BD39FE15D7AF79AF499CE7F33 |
SHA1: | 7CD70243660C9F7FA22B9DB5BA66B7D5C8B68851 |
SHA-256: | 2693C1FA65EC8D096A3BC7332055BFC8F397C957EAFFC6C3D08A248AB96CAF49 |
SHA-512: | E69EB22C0862BBD324EC5C761E120DA9EA4F669F9CDB25D744C48752BE16EFD05F3DAC10F8E039AB803B1F9CC806EDCFDB604B7CEC2866E42BDE2B66C6A38B54 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.293663937009117 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXW5SUPx+FIbRI6XVW7+0Y/rCRoAvJfFldPeUkwRe9:YvXKX8SUPUYpW7MCuGz8Ukee9 |
MD5: | 5CD79AFBF940C073BAB66F2FA607F50B |
SHA1: | 6DCDEE3B7E8D381ECB7CB8C65319207F7F657086 |
SHA-256: | C9B25874C4B6C698EBA354CC8AE303B8FAC9FC72461967BA25C152116F496ECB |
SHA-512: | EC2561A0B1259C2EBE3C4BD4018714474501DC4AA659115B26ABF455604A7F85618078576E29F7EDE8DE529B583E52794E3A754012C7F10B881CFEF6C3EF62FA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1372 |
Entropy (8bit): | 5.7381051889677295 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8Li6KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN801:Yv+6EgigrNt0wSJn+ns8cvFJF |
MD5: | CDFF69D65F538C6220E3CB688027B82A |
SHA1: | E71F4195343C10944228AF0DB835F499BF088486 |
SHA-256: | 48875DAF2EB59FD89548880B7696AF5E858C085377703B2F7021882191B1157F |
SHA-512: | 86E8ADE049CC4096FDA455FD585EFAC3CA4CAD0ABF1D333BD8EB9A84FBC605B6CEFAAD90D6ADAFB91155B489DAA6DF24818D63EE74C41D17C3FAF8A33F9C11A8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.282248768571157 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXW5SUPx+FIbRI6XVW7+0Y/rCRoAvJfYdPeUkwRe9:YvXKX8SUPUYpW7MCuGg8Ukee9 |
MD5: | 8F955EE5B7247004D86F21F116E11720 |
SHA1: | 723A78989BB4B0BA292A9E4210B2AEC0586B24ED |
SHA-256: | 1B0F4305CAC3E9D484ECE13D71986AEB21F9A474571DBB58361A7D9EC6B38D0C |
SHA-512: | 382D0A390F51E9D9154F7B558043B174D4367116357FCA0FEC1CC271BEB6ECEBC5FF75C5AD718AB98B7864A9BDE98993C3AA2BB8164E7B60785DCE03BEB2F55A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.775595550534218 |
Encrypted: | false |
SSDEEP: | 24:Yv6X8LiprLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNE01:Yv+pHgDv3W2aYQfgB5OUupHrQ9FJR |
MD5: | 9804D20D0A867D377244B0FDC35A070E |
SHA1: | 5C7FBD5C434E1C8CDD38A00B53F12B3021617213 |
SHA-256: | 412A24C960645A02830DF092D29764D267D95ED127F8CFEE8EE12ADC36C2B3C2 |
SHA-512: | 5D6687F313559F098A6413C4EBE45F4B93A19CF768EC73ADD66C408BBEC7C8886030252F4757189948CD935946E04CD33A004AFC24D410543CA2E0638891EF12 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.265917867835597 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXW5SUPx+FIbRI6XVW7+0Y/rCRoAvJfbPtdPeUkwRe9:YvXKX8SUPUYpW7MCuGDV8Ukee9 |
MD5: | 20E1CCAD680C9019DFE06345E4FFEF9A |
SHA1: | 37ED4AA1A6E4975921E14A970041AE3184506E1A |
SHA-256: | C1DAF5058825D247CB34CAC5E1AF4F8BBD9AE596C7E1BB0E82D1E005D257ADB3 |
SHA-512: | 0A91B63A59A985567A6C711F56A16432EC3E4213B663D04AB3A6FDF662D6DE21E1A34F213950A6E319405C87EFD7304DAFBB8BC5F08B0DDE80967917CEE61F31 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.267031002956108 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXW5SUPx+FIbRI6XVW7+0Y/rCRoAvJf21rPeUkwRe9:YvXKX8SUPUYpW7MCuG+16Ukee9 |
MD5: | EEE8CDE3D946709C6AA8DAC9AF55F1D9 |
SHA1: | 0104E07B367E3582DBF92AFD85F7DDAADA6484C7 |
SHA-256: | BC92E52FDACFC94DE928448F28955696486E690CCBFEE621FB8A070560B3A88D |
SHA-512: | C3EF5A48DE18444F94615C538EDCC2C7F5081929AE7071113C9D018146CA481CDFBFCD1DF05557C440BF081D97F0E88C716A1A6C274E01E412BA496C0C4CE897 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.288790079255083 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXW5SUPx+FIbRI6XVW7+0Y/rCRoAvJfbpatdPeUkwRe9:YvXKX8SUPUYpW7MCuGVat8Ukee9 |
MD5: | 705623FC0224DF6F46DDC74FF254695B |
SHA1: | 554936837B3011918352770123099F190BF30DEE |
SHA-256: | 804ABDFF937CE9946C41B9E65F194DB864A04D272E5F5AE62AA59F547662B392 |
SHA-512: | 94091AA98B86DE0ABF3AE411F8A9F9C194803F6FC7239AFAE8EA82CECCD52C399EB42E64B1E8915B8ECFED54D054FD959E3F1FECBDF0D844259AAFDC00175512 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.240756535261598 |
Encrypted: | false |
SSDEEP: | 6:YEQXJ2HXW5SUPx+FIbRI6XVW7+0Y/rCRoAvJfshHHrPeUkwRe9:YvXKX8SUPUYpW7MCuGUUUkee9 |
MD5: | 79544C42521B6C9F89D86EDFCCA0295E |
SHA1: | 8C76D005F312D08BCF987557D3EA57C3E7DC0271 |
SHA-256: | 504E4FE8CDDB6AA78AFCF5129FDE85C5C7F5564116E5C1C1820CBBB2DCB230F4 |
SHA-512: | E52874A4501D61BC414CD66A00B412B68916FC677B06DBEC3D3F5DE4F60D167A7D6B55CF1FC0627E204155291C8EC142AF219A423D1511C3E7D8ADB30775B71A |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.366157314080212 |
Encrypted: | false |
SSDEEP: | 12:YvXKX8SUPUYpW7MCuGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYV01:Yv6X8LiI168CgEXX5kcIfANhT01 |
MD5: | DB19C57D10CF8AE62FCAF0DBA89A360A |
SHA1: | 3F8E070D2C79B195CC81C8EAEFC77E11146ABCA9 |
SHA-256: | E010ECDFD999F36D377BECF799FE593781FBE4211FF2AD2C221A73B68B303099 |
SHA-512: | 39701F97B7FC362D2A21F45A4451F86A357DD4166F55DBCFCEF47FED41D0BF405A417E16A4DCB20ACC4C769536B7CAFD68B2FE739A2D31D18E1F6C0F4C34A3DB |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:e:e |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2814 |
Entropy (8bit): | 5.13883554286607 |
Encrypted: | false |
SSDEEP: | 48:YBV6RefsaSjg6dLfIxAQWomRlQEMBn9jo:MP/SM6dTAAQyRlhMX8 |
MD5: | 2CAD0E0D5BA37FD6257B7554D103D2EC |
SHA1: | 4787E97F6F95FBBD1B213D9F2BF1D049915D13CA |
SHA-256: | F18C620A71331F627E34BFE8DA49904DA33085BDE6633335590E35EB3BED668C |
SHA-512: | 78B9E57A5DA4587DB5429B66B3E0C50F41A539D9F683908624989E7FF423F0AFD93743DE66FDC3F3187C65D9EBA8CEBD17BFD9C21E7973C2A3B9282B9B30906B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9836269328810748 |
Encrypted: | false |
SSDEEP: | 24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpJKP4zJwtNBwtNbRZ6bRZ4OKPF:TVl2GL7ms6ggOVpAAzutYtp6P2d |
MD5: | B2D4C781F3D4FE6BE1E8F23836035AD3 |
SHA1: | 7A13E08981BCE8E3C2EC294E23BE37920E44A9CF |
SHA-256: | ACA836959869496E10DF10D407337A7D6124B11892285A2A33B3E22F7A49EA17 |
SHA-512: | 9D8F7B433B6E18DE2E3CE1BB88DF94F34EF50E0C876DB160C54D668E0B836977365019E6AB7A6940B9E64C40025352E0496B1A2B4F4C1043922F3CFE6FEFFDC6 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3378973289746885 |
Encrypted: | false |
SSDEEP: | 24:7+t5vAD1RZKHs/Ds/SpJKPPzJwtNBwtNbRZ6bRZWf1RZKdqLBx/XYKQvGJF7urs8:7MNGgOVpAnzutYtp6PMgqll2GL7ms8 |
MD5: | BAA20ABE8805D49FF1113B62D4155143 |
SHA1: | 7A3BBD59291CA0C6C765164C0BC02E94FAD457B7 |
SHA-256: | F3B079E4364C500CA537A64F506D0F07C92437DDE4CC2315D1330A65D83078AC |
SHA-512: | 295AC9C93EB0BE9153672E385DA5E5189110D00C225D94AD59AE2D6A5227E4EDDD0F31FD30DFC35003C46D1A161E193320F528D4D5982C4138DEE715B38C47A8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5046637269111454 |
Encrypted: | false |
SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+WlNPWl:Qw946cPbiOxDlbYnuRK8el |
MD5: | 1459D8805F044A3977F2A7E6749FCD20 |
SHA1: | 221A4D64E232932A4FA17D5B9FCA1FD00C969022 |
SHA-256: | 2EB4A9B92D8BF44C30B5A785FC6EC86F07BE789DF9BA8B4B51D50A4264DC9112 |
SHA-512: | 7394538246ADD8338CF30FDDE8C0B0B4DBE0CCCF93973E415205BB263CDFF751BD7988556450E35DA9A20608B7263DAEA3C53AF875085C36DCF37100F833000F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3910912 |
Entropy (8bit): | 1.760316161828955 |
Encrypted: | false |
SSDEEP: | 3072:W6AqcptqP2yiDQcdda1MG/P5P6l3EqE9AF5Tnin8jegKYCu7l1VxGl7PtwQSReb4:ESJ5ec9KTASetcJ36lBebXRHlys |
MD5: | 9AA606E670AFE0344747962B1181E7B3 |
SHA1: | 07B5B639EFF3FC1ED3ABBFDD41F7542463DC9470 |
SHA-256: | 6F4918B2F64CD30E84259BACDC4F90D27F24481B9FF6CEB34745CEA557E53BF4 |
SHA-512: | FF6EDF8A454D72BC39DAFC8357C471BB3CC0D05DE6507E977146F4848A68938CBA7BE42A4AC3FACBE2148D7368EBC7A3384EB4D2FCA1B68E2A6EFE510919EF55 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 5.076608541208585 |
Encrypted: | false |
SSDEEP: | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOv6GRDleGRDluCSyAAO:IngVMre9T0HQIDmy9g06JXXDulX |
MD5: | 121E254F71C38E2071853F6730B07E83 |
SHA1: | 69BFBCD8E5515AE1C5D7E77E1D6036B1E5EF52D5 |
SHA-256: | E5145F8B44D78339C96EB756F92F51D43FEBF7FCBAF3254217AFF9AA9C030AEC |
SHA-512: | 950167555F0627E276A9634C0446F250BCA6642AB0B542E5A193C5AB1BE48245B09F055063D6338A49B97E903E413536DA629B18C7EBFE109E0ABE192ABA27B4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 20-05-02-382.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.376360055978702 |
Encrypted: | false |
SSDEEP: | 384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn |
MD5: | 1336667A75083BF81E2632FABAA88B67 |
SHA1: | 46E40800B27D95DAED0DBB830E0D0BA85C031D40 |
SHA-256: | F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1 |
SHA-512: | D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.322750854110725 |
Encrypted: | false |
SSDEEP: | 384:7C2T22qP2N9Q2QAB/RDh8NlqlkPG8ErwfbZnf59EJagOVwn+LAc+3+riAiDWBR5C:JZX |
MD5: | 23B12D34A917AF07F4FFC15480293AE5 |
SHA1: | AB543291F5B3E7B917D52AEDA66E6C80F1E11AE3 |
SHA-256: | 0BFA5CC6842A2E27A76FF5ACC507A48789B0F470DA8BC07DFFDE6EEAD59757DC |
SHA-512: | DEBEF7E26AA1A8CF9AA211997009BCF21A51061962A4231365E29C62040D0ABEC897F6B101B0272E282E58AAD20954AE11D9BF418C8FB7DDB6DFF65CA2337834 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29845 |
Entropy (8bit): | 5.3876338753198425 |
Encrypted: | false |
SSDEEP: | 768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbN:irg |
MD5: | 31934BB00B8AD0023C760B3A30CC867E |
SHA1: | D21477775784661905A0919EFFD9366C48CDA742 |
SHA-256: | D58163CA5332FDD31E5CFD26FC7C5F4B2FA15359E4B1797E69E8616AD8F329C7 |
SHA-512: | 768E322ED9E352CF2A1707860EF893113A3ECFFF60A4210A09F90E1139AF6B6531AF56AEA32B2C1F63CE105A3011E93BD8D45FEF1F824AF9AF5354506CD2C01C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1419751 |
Entropy (8bit): | 7.976496077007677 |
Encrypted: | false |
SSDEEP: | 24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru |
MD5: | 18E3D04537AF72FDBEB3760B2D10C80E |
SHA1: | B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC |
SHA-256: | BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4 |
SHA-512: | 2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 386528 |
Entropy (8bit): | 7.9736851559892425 |
Encrypted: | false |
SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1407294 |
Entropy (8bit): | 7.97605879016224 |
Encrypted: | false |
SSDEEP: | 24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
MD5: | A0CFC77914D9BFBDD8BC1B1154A7B364 |
SHA1: | 54962BFDF3797C95DC2A4C8B29E873743811AD30 |
SHA-256: | 81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685 |
SHA-512: | 74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 758601 |
Entropy (8bit): | 7.98639316555857 |
Encrypted: | false |
SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
MD5: | 3A49135134665364308390AC398006F1 |
SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.423150438633679 |
TrID: |
|
File name: | Alchemy_Quarterly_Newsletter-April__24.pdf |
File size: | 698'166 bytes |
MD5: | 9f7d4b9dfd805cf2c811535cd750d86c |
SHA1: | 7c7d74d23e42c47df705c560e232a1201ba276ca |
SHA256: | 1917bc9d6591663e5eb22710cfe9d97ab9eab4e1c650f401a6e9082c4a248d4e |
SHA512: | 20ce011cb587bd7ea1b109a6672870f8fbe0cf312daedfc76b00645e777fea4bf0fbb5ab375d9da31ae6784dcafedf3cd8782fdffff9efd15ad7e0c7c51e6ae1 |
SSDEEP: | 12288:apf1mPO3OeMSBJFayrCrK0RO/Y9xpcStvbVnzMb/p:a5v3OeMSBL2foY9HtDd4bB |
TLSH: | 94E4E2A0899D3DEFC79A13D01B6F3D6E706E7132F2C82B096328D7411268A7B664754F |
File Content Preview: | %PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 66 0 R/Outlines 54 0 R/MarkInfo<</Marked true>>/Metadata 8595 0 R/ViewerPreferences 8596 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 11/Kids[ 3 0 R 25 0 R 32 0 R 34 0 R 36 0 R |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.7 |
Total Entropy: | 7.423150 |
Total Bytes: | 698166 |
Stream Entropy: | 7.993776 |
Stream Bytes: | 510491 |
Entropy outside Streams: | 3.570767 |
Bytes outside Streams: | 187675 |
Number of EOF found: | 2 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 99 |
endobj | 99 |
stream | 40 |
endstream | 40 |
xref | 2 |
trailer | 2 |
startxref | 2 |
/Page | 11 |
/Encrypt | 0 |
/ObjStm | 17 |
/URI | 4 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |
Image Streams |
---|
ID | DHASH | MD5 | Preview |
---|---|---|---|
6 | 0030b0c4c8581000 | 298a3725030f24806563c2eed69b1ec2 | |
7 | 0030f0cce8f01000 | 76b91b26247838cf23d9d13530b3de91 | |
8 | 04140c2c2c0c0600 | 4f827f78ace2c6bee4c6fc222ad9403d | |
9 | 14140cac0cac9692 | 36b53b6e7497afe7401bc10c2c498852 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 20:05:12.878005028 CEST | 49715 | 443 | 192.168.2.5 | 184.31.48.185 |
Apr 25, 2024 20:05:12.878051043 CEST | 443 | 49715 | 184.31.48.185 | 192.168.2.5 |
Apr 25, 2024 20:05:12.878146887 CEST | 49715 | 443 | 192.168.2.5 | 184.31.48.185 |
Apr 25, 2024 20:05:12.878302097 CEST | 49715 | 443 | 192.168.2.5 | 184.31.48.185 |
Apr 25, 2024 20:05:12.878314972 CEST | 443 | 49715 | 184.31.48.185 | 192.168.2.5 |
Apr 25, 2024 20:05:13.222239971 CEST | 443 | 49715 | 184.31.48.185 | 192.168.2.5 |
Apr 25, 2024 20:05:13.222721100 CEST | 49715 | 443 | 192.168.2.5 | 184.31.48.185 |
Apr 25, 2024 20:05:13.222764969 CEST | 443 | 49715 | 184.31.48.185 | 192.168.2.5 |
Apr 25, 2024 20:05:13.223793030 CEST | 443 | 49715 | 184.31.48.185 | 192.168.2.5 |
Apr 25, 2024 20:05:13.223865032 CEST | 49715 | 443 | 192.168.2.5 | 184.31.48.185 |
Apr 25, 2024 20:05:13.225891113 CEST | 49715 | 443 | 192.168.2.5 | 184.31.48.185 |
Apr 25, 2024 20:05:13.225971937 CEST | 443 | 49715 | 184.31.48.185 | 192.168.2.5 |
Apr 25, 2024 20:05:13.226238012 CEST | 49715 | 443 | 192.168.2.5 | 184.31.48.185 |
Apr 25, 2024 20:05:13.226254940 CEST | 443 | 49715 | 184.31.48.185 | 192.168.2.5 |
Apr 25, 2024 20:05:13.276484013 CEST | 49715 | 443 | 192.168.2.5 | 184.31.48.185 |
Apr 25, 2024 20:05:13.336313963 CEST | 443 | 49715 | 184.31.48.185 | 192.168.2.5 |
Apr 25, 2024 20:05:13.336378098 CEST | 443 | 49715 | 184.31.48.185 | 192.168.2.5 |
Apr 25, 2024 20:05:13.336987019 CEST | 49715 | 443 | 192.168.2.5 | 184.31.48.185 |
Apr 25, 2024 20:05:13.337028980 CEST | 443 | 49715 | 184.31.48.185 | 192.168.2.5 |
Apr 25, 2024 20:05:13.337063074 CEST | 49715 | 443 | 192.168.2.5 | 184.31.48.185 |
Apr 25, 2024 20:05:13.338746071 CEST | 49715 | 443 | 192.168.2.5 | 184.31.48.185 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49715 | 184.31.48.185 | 443 | 7296 | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 18:05:13 UTC | 475 | OUT | |
2024-04-25 18:05:13 UTC | 198 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 20:04:59 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff686a00000 |
File size: | 5'641'176 bytes |
MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 20:04:59 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 4 |
Start time: | 20:05:00 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6413e0000 |
File size: | 3'581'912 bytes |
MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |