Edit tour
Windows
Analysis Report
SIMEM_HumiditySensor-PCB-Manufacturing-rev1.0.zip
Overview
General Information
| Sample name: | SIMEM_HumiditySensor-PCB-Manufacturing-rev1.0.zip |
| Analysis ID: | 1544426 |
| MD5: | 9b21c3a8b5db2ce7f9021ec71a8bd337 |
| SHA1: | 7ae8d4dd69216c35859c8654325669cab007abd8 |
| SHA256: | a5dd938eafa8bc883847cf7884c98f73505e7df5b07299fa67c8686280bb4244 |
| Infos: | |
 | |
Detection
| Score: | 0 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
No high impact signatures.
Classification
- System is w10x64_ra
rundll32.exe (PID: 7132 cmdline: C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
Acrobat.exe (PID: 3896 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \AppData\L ocal\Temp\ Temp1_SIME M_Humidity Sensor-PCB -Manufactu ring-rev1. 0.zip\SIME M_Humidity Sensor-PCB -Manufactu ring-rev1. 0\SIMEM_Hu miditySens or-Schemat ico-rev1.0 -modificat o.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) 
AcroCEF.exe (PID: 2348 cmdline: "C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 1228 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 84 --field -trial-han dle=1644,i ,149706000 1184560092 2,58591382 4191795526 4,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- Acrobat.exe (PID: 2876 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \AppData\L ocal\Temp\ Temp1_SIME M_Humidity Sensor-PCB -Manufactu ring-rev1. 0.zip\SIME M_Humidity Sensor-PCB -Manufactu ring-rev1. 0\0_No-Len s-Expansio n\SCHEMATI CO.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 4588 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 1536 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 36 --field -trial-han dle=1628,i ,156446054 0840781723 8,69607092 0462161454 9,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- Acrobat.exe (PID: 6472 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \AppData\L ocal\Temp\ Temp1_SIME M_Humidity Sensor-PCB -Manufactu ring-rev1. 0.zip\SIME M_Humidity Sensor-PCB -Manufactu ring-rev1. 0\0_No-Len s-Expansio n\TOPOGRAF ICO.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 904 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 4800 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 40 --field -trial-han dle=1616,i ,774103158 7796399297 ,132246012 6875247665 4,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
EXCEL.EXE (PID: 4368 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \AppData\L ocal\Temp\ Temp1_SIME M_Humidity Sensor-PCB -Manufactu ring-rev1. 0.zip\SIME M_Humidity Sensor-PCB -Manufactu ring-rev1. 0\1_Sensin g\BOM-1_Se nsing(Prot otipo).csv " MD5: 4A871771235598812032C822E6F68F19)
- Acrobat.exe (PID: 3936 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \AppData\L ocal\Temp\ Temp1_SIME M_Humidity Sensor-PCB -Manufactu ring-rev1. 0.zip\SIME M_Humidity Sensor-PCB -Manufactu ring-rev1. 0\SIMEM_Hu miditySens or-Schemat ico-rev1.0 -modificat o.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 3652 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 2180 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 48 --field -trial-han dle=1620,i ,166626921 0271979895 6,59917582 4591784094 2,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | Memory has grown: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File read: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Window detected: | ||
| Source: | Key opened: | ||
| Source: | Static file information: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information queried: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Extra Window Memory Injection | 1 Rundll32 | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 2 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Extra Window Memory Injection | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| x1.i.lencr.org | unknown | unknown | false | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown |
⊘No contacted IP infos
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1544426 |
| Start date and time: | 2024-10-29 12:08:48 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 38s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 28 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | SIMEM_HumiditySensor-PCB-Manufacturing-rev1.0.zip |
| Detection: | CLEAN |
| Classification: | clean0.winZIP@57/69@1/0 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.90.27, 184.28.88.176, 52.5.13.197, 52.202.204.11, 54.227.187.23, 23.22.254.206, 162.159.61.3, 172.64.41.3, 2.23.197.184, 88.221.110.91, 2.16.100.168, 52.109.89.18, 52.113.194.132, 20.189.173.6
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, a767.dspw65.akamai.net, weu-azsc-config.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, ssl-delivery.adobe.com.edgekey.net, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, s-0005.s-msedge.net, config.officeapps.live.com, ecs.office.trafficmanager.net, geo2.adobe.com, europe.configsvc1.live.com.akadns.net, onedscolprdw
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: SIMEM_HumiditySensor-PCB-Manufacturing-rev1.0.zip
| Time | Type | Description |
|---|---|---|
| 07:10:20 | API Interceptor |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.1485871668401915 |
| Encrypted: | false |
| SSDEEP: | 6:cxhzNcM+q2PRN2nKuAl9OmbnIFUt8HxhQUmZmw+HxhHSMVkwORN2nKuAl9OmbjLJ:yN3+vaHAahFUt8R3m/+R1/V5JHAaSJ |
| MD5: | 31F9A3F6B8B1BA2CCCEF43B734E21FCC |
| SHA1: | 6D23FB6E09A46441B803847FDEACA16F7ABD8E45 |
| SHA-256: | AEE2D9305F7ACE55EA2FABBDF52618EBB4AAC2FD40E23E3C5631A9DBD795DFEF |
| SHA-512: | CE78EB4B5EEBCE08F6AD07FF8BAF27A88DB578AC326E31C1366E89974513F0096E647FB9A1AE32941FA21F174709E4DF4C74ECE765A150063A8A76131F9519B9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.1485871668401915 |
| Encrypted: | false |
| SSDEEP: | 6:cxhzNcM+q2PRN2nKuAl9OmbnIFUt8HxhQUmZmw+HxhHSMVkwORN2nKuAl9OmbjLJ:yN3+vaHAahFUt8R3m/+R1/V5JHAaSJ |
| MD5: | 31F9A3F6B8B1BA2CCCEF43B734E21FCC |
| SHA1: | 6D23FB6E09A46441B803847FDEACA16F7ABD8E45 |
| SHA-256: | AEE2D9305F7ACE55EA2FABBDF52618EBB4AAC2FD40E23E3C5631A9DBD795DFEF |
| SHA-512: | CE78EB4B5EEBCE08F6AD07FF8BAF27A88DB578AC326E31C1366E89974513F0096E647FB9A1AE32941FA21F174709E4DF4C74ECE765A150063A8A76131F9519B9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF66dd50.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.1485871668401915 |
| Encrypted: | false |
| SSDEEP: | 6:cxhzNcM+q2PRN2nKuAl9OmbnIFUt8HxhQUmZmw+HxhHSMVkwORN2nKuAl9OmbjLJ:yN3+vaHAahFUt8R3m/+R1/V5JHAaSJ |
| MD5: | 31F9A3F6B8B1BA2CCCEF43B734E21FCC |
| SHA1: | 6D23FB6E09A46441B803847FDEACA16F7ABD8E45 |
| SHA-256: | AEE2D9305F7ACE55EA2FABBDF52618EBB4AAC2FD40E23E3C5631A9DBD795DFEF |
| SHA-512: | CE78EB4B5EEBCE08F6AD07FF8BAF27A88DB578AC326E31C1366E89974513F0096E647FB9A1AE32941FA21F174709E4DF4C74ECE765A150063A8A76131F9519B9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF67075d.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.1485871668401915 |
| Encrypted: | false |
| SSDEEP: | 6:cxhzNcM+q2PRN2nKuAl9OmbnIFUt8HxhQUmZmw+HxhHSMVkwORN2nKuAl9OmbjLJ:yN3+vaHAahFUt8R3m/+R1/V5JHAaSJ |
| MD5: | 31F9A3F6B8B1BA2CCCEF43B734E21FCC |
| SHA1: | 6D23FB6E09A46441B803847FDEACA16F7ABD8E45 |
| SHA-256: | AEE2D9305F7ACE55EA2FABBDF52618EBB4AAC2FD40E23E3C5631A9DBD795DFEF |
| SHA-512: | CE78EB4B5EEBCE08F6AD07FF8BAF27A88DB578AC326E31C1366E89974513F0096E647FB9A1AE32941FA21F174709E4DF4C74ECE765A150063A8A76131F9519B9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF67bd8e.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.1485871668401915 |
| Encrypted: | false |
| SSDEEP: | 6:cxhzNcM+q2PRN2nKuAl9OmbnIFUt8HxhQUmZmw+HxhHSMVkwORN2nKuAl9OmbjLJ:yN3+vaHAahFUt8R3m/+R1/V5JHAaSJ |
| MD5: | 31F9A3F6B8B1BA2CCCEF43B734E21FCC |
| SHA1: | 6D23FB6E09A46441B803847FDEACA16F7ABD8E45 |
| SHA-256: | AEE2D9305F7ACE55EA2FABBDF52618EBB4AAC2FD40E23E3C5631A9DBD795DFEF |
| SHA-512: | CE78EB4B5EEBCE08F6AD07FF8BAF27A88DB578AC326E31C1366E89974513F0096E647FB9A1AE32941FA21F174709E4DF4C74ECE765A150063A8A76131F9519B9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 331 |
| Entropy (8bit): | 5.160041942292542 |
| Encrypted: | false |
| SSDEEP: | 6:ctsEoq2PRN2nKuAl9Ombzo2jMGIFUt8HtCZmw+HtS2kwORN2nKuAl9Ombzo2jMmd:WsnvaHAa8uFUt8NC/+Nj5JHAa8RJ |
| MD5: | 442DA64F473F5851C47BE35D7F3B2FB3 |
| SHA1: | B6D4C9D4E367C3464CD944F48F990F113D7AEACB |
| SHA-256: | DDA2C680D6F5409994999D4B81D232AFA941F5EB7C5FEDCA2C589367BE9A07B5 |
| SHA-512: | 8C318BC0C0C1129159FB93B46EC3FCCEFC9CE5CE4A5A5BD28497FDAD8CE016CC5D9D8F3CD437BB64FAB51E723E0C1411576E61E30CF6587AE42A882B09FCE63F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 331 |
| Entropy (8bit): | 5.160041942292542 |
| Encrypted: | false |
| SSDEEP: | 6:ctsEoq2PRN2nKuAl9Ombzo2jMGIFUt8HtCZmw+HtS2kwORN2nKuAl9Ombzo2jMmd:WsnvaHAa8uFUt8NC/+Nj5JHAa8RJ |
| MD5: | 442DA64F473F5851C47BE35D7F3B2FB3 |
| SHA1: | B6D4C9D4E367C3464CD944F48F990F113D7AEACB |
| SHA-256: | DDA2C680D6F5409994999D4B81D232AFA941F5EB7C5FEDCA2C589367BE9A07B5 |
| SHA-512: | 8C318BC0C0C1129159FB93B46EC3FCCEFC9CE5CE4A5A5BD28497FDAD8CE016CC5D9D8F3CD437BB64FAB51E723E0C1411576E61E30CF6587AE42A882B09FCE63F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old~RF66dd5f.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 331 |
| Entropy (8bit): | 5.160041942292542 |
| Encrypted: | false |
| SSDEEP: | 6:ctsEoq2PRN2nKuAl9Ombzo2jMGIFUt8HtCZmw+HtS2kwORN2nKuAl9Ombzo2jMmd:WsnvaHAa8uFUt8NC/+Nj5JHAa8RJ |
| MD5: | 442DA64F473F5851C47BE35D7F3B2FB3 |
| SHA1: | B6D4C9D4E367C3464CD944F48F990F113D7AEACB |
| SHA-256: | DDA2C680D6F5409994999D4B81D232AFA941F5EB7C5FEDCA2C589367BE9A07B5 |
| SHA-512: | 8C318BC0C0C1129159FB93B46EC3FCCEFC9CE5CE4A5A5BD28497FDAD8CE016CC5D9D8F3CD437BB64FAB51E723E0C1411576E61E30CF6587AE42A882B09FCE63F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old~RF67077d.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 331 |
| Entropy (8bit): | 5.160041942292542 |
| Encrypted: | false |
| SSDEEP: | 6:ctsEoq2PRN2nKuAl9Ombzo2jMGIFUt8HtCZmw+HtS2kwORN2nKuAl9Ombzo2jMmd:WsnvaHAa8uFUt8NC/+Nj5JHAa8RJ |
| MD5: | 442DA64F473F5851C47BE35D7F3B2FB3 |
| SHA1: | B6D4C9D4E367C3464CD944F48F990F113D7AEACB |
| SHA-256: | DDA2C680D6F5409994999D4B81D232AFA941F5EB7C5FEDCA2C589367BE9A07B5 |
| SHA-512: | 8C318BC0C0C1129159FB93B46EC3FCCEFC9CE5CE4A5A5BD28497FDAD8CE016CC5D9D8F3CD437BB64FAB51E723E0C1411576E61E30CF6587AE42A882B09FCE63F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old~RF67bdad.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 331 |
| Entropy (8bit): | 5.160041942292542 |
| Encrypted: | false |
| SSDEEP: | 6:ctsEoq2PRN2nKuAl9Ombzo2jMGIFUt8HtCZmw+HtS2kwORN2nKuAl9Ombzo2jMmd:WsnvaHAa8uFUt8NC/+Nj5JHAa8RJ |
| MD5: | 442DA64F473F5851C47BE35D7F3B2FB3 |
| SHA1: | B6D4C9D4E367C3464CD944F48F990F113D7AEACB |
| SHA-256: | DDA2C680D6F5409994999D4B81D232AFA941F5EB7C5FEDCA2C589367BE9A07B5 |
| SHA-512: | 8C318BC0C0C1129159FB93B46EC3FCCEFC9CE5CE4A5A5BD28497FDAD8CE016CC5D9D8F3CD437BB64FAB51E723E0C1411576E61E30CF6587AE42A882B09FCE63F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\136cacd8-7abe-45be-9950-1334e2a338a7.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 371 |
| Entropy (8bit): | 4.990832648369336 |
| Encrypted: | false |
| SSDEEP: | 6:YHpoNXR8+eqq59QD2sDHF4R8H2a9a1o3/QBR7Y53h6ubU74MS7PMVKJTnMRKXk1Y:YHO8sqs2sBd2caq3QYiubrP7E4TX |
| MD5: | 2AC8B0FC182FE56E1444DDB6EB3E6CC8 |
| SHA1: | 063FC78B3ED9E82B53C346AE429E60B1871C4E3D |
| SHA-256: | E73DE8AF247703951395D80936A4333C39074F38E46FC480368C3DB507DD640A |
| SHA-512: | 8DEBE9FD2FED8A08F2AFD28EC68AFDAFBEB204C095D12B46EC7FC0736158732D3A26EE30BE6262A5746C0EB3C24AE8885C3C61F8DDD97A0C711DDA3C3529B1F3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\19b9f214-df66-4335-b7a5-88dfd792efcd.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.99893227660789 |
| Encrypted: | false |
| SSDEEP: | 6:YHpoNXR8+eqq59/ZsDHF4R8HOVWj2HEda9a1o3/QBR7Y53h6ubU74MS7PMVKJTnn:YHO8sq1sBdOg2HWcaq3QYiubrP7E4TX |
| MD5: | 44E8A6ADF244421D93E1685D321E4633 |
| SHA1: | 8D0378042ACBE7E3D9B0735A63CFDA6A41B9083F |
| SHA-256: | 4990FE9345FD2553D4EFA830706B221D4D55DDC98B6CD5DBD60D6B50D99C6AA6 |
| SHA-512: | BC00CC5817CCFF19E38D1D589CDEF5C5C3C210E49D8C8E52125488E2001A70D69DFD06223163F7DA04A047B439ECC7CBDA6C4E66E1B5598CFFF2CEE27559AE40 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 371 |
| Entropy (8bit): | 4.990832648369336 |
| Encrypted: | false |
| SSDEEP: | 6:YHpoNXR8+eqq59QD2sDHF4R8H2a9a1o3/QBR7Y53h6ubU74MS7PMVKJTnMRKXk1Y:YHO8sqs2sBd2caq3QYiubrP7E4TX |
| MD5: | 2AC8B0FC182FE56E1444DDB6EB3E6CC8 |
| SHA1: | 063FC78B3ED9E82B53C346AE429E60B1871C4E3D |
| SHA-256: | E73DE8AF247703951395D80936A4333C39074F38E46FC480368C3DB507DD640A |
| SHA-512: | 8DEBE9FD2FED8A08F2AFD28EC68AFDAFBEB204C095D12B46EC7FC0736158732D3A26EE30BE6262A5746C0EB3C24AE8885C3C61F8DDD97A0C711DDA3C3529B1F3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF66fe16.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 371 |
| Entropy (8bit): | 4.990832648369336 |
| Encrypted: | false |
| SSDEEP: | 6:YHpoNXR8+eqq59QD2sDHF4R8H2a9a1o3/QBR7Y53h6ubU74MS7PMVKJTnMRKXk1Y:YHO8sqs2sBd2caq3QYiubrP7E4TX |
| MD5: | 2AC8B0FC182FE56E1444DDB6EB3E6CC8 |
| SHA1: | 063FC78B3ED9E82B53C346AE429E60B1871C4E3D |
| SHA-256: | E73DE8AF247703951395D80936A4333C39074F38E46FC480368C3DB507DD640A |
| SHA-512: | 8DEBE9FD2FED8A08F2AFD28EC68AFDAFBEB204C095D12B46EC7FC0736158732D3A26EE30BE6262A5746C0EB3C24AE8885C3C61F8DDD97A0C711DDA3C3529B1F3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF672797.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 371 |
| Entropy (8bit): | 4.990832648369336 |
| Encrypted: | false |
| SSDEEP: | 6:YHpoNXR8+eqq59QD2sDHF4R8H2a9a1o3/QBR7Y53h6ubU74MS7PMVKJTnMRKXk1Y:YHO8sqs2sBd2caq3QYiubrP7E4TX |
| MD5: | 2AC8B0FC182FE56E1444DDB6EB3E6CC8 |
| SHA1: | 063FC78B3ED9E82B53C346AE429E60B1871C4E3D |
| SHA-256: | E73DE8AF247703951395D80936A4333C39074F38E46FC480368C3DB507DD640A |
| SHA-512: | 8DEBE9FD2FED8A08F2AFD28EC68AFDAFBEB204C095D12B46EC7FC0736158732D3A26EE30BE6262A5746C0EB3C24AE8885C3C61F8DDD97A0C711DDA3C3529B1F3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF67f25a.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 371 |
| Entropy (8bit): | 4.990832648369336 |
| Encrypted: | false |
| SSDEEP: | 6:YHpoNXR8+eqq59QD2sDHF4R8H2a9a1o3/QBR7Y53h6ubU74MS7PMVKJTnMRKXk1Y:YHO8sqs2sBd2caq3QYiubrP7E4TX |
| MD5: | 2AC8B0FC182FE56E1444DDB6EB3E6CC8 |
| SHA1: | 063FC78B3ED9E82B53C346AE429E60B1871C4E3D |
| SHA-256: | E73DE8AF247703951395D80936A4333C39074F38E46FC480368C3DB507DD640A |
| SHA-512: | 8DEBE9FD2FED8A08F2AFD28EC68AFDAFBEB204C095D12B46EC7FC0736158732D3A26EE30BE6262A5746C0EB3C24AE8885C3C61F8DDD97A0C711DDA3C3529B1F3 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\abc0732f-d877-4946-881b-e37a0e96ff42.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.991191791548924 |
| Encrypted: | false |
| SSDEEP: | 12:YHO8sqyUJksBdOg2HpJcaq3QYiubrP7E4TX:YXsxSJdMHpw3QYhbz7n7 |
| MD5: | 1E9DB2C386E1A341D6E6D5A864845D74 |
| SHA1: | 530116913B26821BC6BAAB59D45F3EFD070BF91B |
| SHA-256: | 7767144F407C2C838CF193741F85CBBEA2BD60D8765793A399BA8DF6B9D364DD |
| SHA-512: | BD19A9E7AF8A867D58DE5C2EB16FE1C218E5F88FA8A7EB03189317F71E3681F112BF95FBC477C281AE9CAA3CF6E2FC40165B283A092E1145902EF49B9F5857A6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bac5d061-deac-42fd-94bd-7e8cc5aa10db.tmp
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 403 |
| Entropy (8bit): | 4.982170769158354 |
| Encrypted: | false |
| SSDEEP: | 6:YHpoNXR8+eqq597BpHksDHF4R8HOVWj2HEaZa9a1o3/QBR7Y53h6ubU74MS7PMVK:YHO8sqR2sBdOg2Hjcaq3QYiubrP7E4TX |
| MD5: | 380C87505DA9E2FD25A9AF1F97111A31 |
| SHA1: | B4E4AF86BB124E01AC8BF89BFCCDC568B3C87598 |
| SHA-256: | 9DABC2C1A5551764CA77CAA4E141FD6C5899B8BD8DFEF36029828C4C529F596D |
| SHA-512: | D6E15AC0B2FBC8B662B861F30D75BC8F7D3FD33BB42E4C30F486A9E4CE1C7151D4BC45F7892E0D7989991B8DC23785F47EBF5F785032E6CF23E0BEE2EA2D507B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5405 |
| Entropy (8bit): | 5.2334146672798 |
| Encrypted: | false |
| SSDEEP: | 96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xeflRQVoCve63R6mqM63PY6Z:OLT0bTIeYa51Ogu/0OZARBT8kN88fLQC |
| MD5: | EFAA591C740606D67581E70384F586B6 |
| SHA1: | 1F4BCDE4C51C77A837EF4171819E72533EAEF20A |
| SHA-256: | 2247DE1FC39868F18B3590C60D5BB4EF8AE050B86FDD529FEA5FBBB028308F2A |
| SHA-512: | 0E62BD23E448EF2000AE722E8DFDC9DC95CD2D52794AD75178411FB03B0FCC277DD7BB21E368C9EBD95DA5A2A98E75CEFE20F9A39B777C9439572B3D589551B9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.099671148041404 |
| Encrypted: | false |
| SSDEEP: | 6:cxUX4AVq2PRN2nKuAl9OmbzNMxIFUt8HxURAgZmw+HxURAIkwORN2nKuAl9OmbzE:yVAVvaHAa8jFUt8RMAg/+RMAI5JHAa8E |
| MD5: | 79A051E4453A6E2DCC99EE11E60C56FA |
| SHA1: | 1591B3773E5B89755D8AAE6499DCFE8E4B7981ED |
| SHA-256: | DC6CF6BAE791446B35A616B78DC55BA3D7EB3903DEA0542E4D071F38B5BDFB03 |
| SHA-512: | 74B91F1AA71BC1E0D64B39A1868FFECAB329A56DF3BAB5F3884FE9156A32D5D6552A559021B6E1E2499CAA1F8053F18F6D7D359EB237F2F1CFD89E6D2D904447 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.099671148041404 |
| Encrypted: | false |
| SSDEEP: | 6:cxUX4AVq2PRN2nKuAl9OmbzNMxIFUt8HxURAgZmw+HxURAIkwORN2nKuAl9OmbzE:yVAVvaHAa8jFUt8RMAg/+RMAI5JHAa8E |
| MD5: | 79A051E4453A6E2DCC99EE11E60C56FA |
| SHA1: | 1591B3773E5B89755D8AAE6499DCFE8E4B7981ED |
| SHA-256: | DC6CF6BAE791446B35A616B78DC55BA3D7EB3903DEA0542E4D071F38B5BDFB03 |
| SHA-512: | 74B91F1AA71BC1E0D64B39A1868FFECAB329A56DF3BAB5F3884FE9156A32D5D6552A559021B6E1E2499CAA1F8053F18F6D7D359EB237F2F1CFD89E6D2D904447 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old~RF66dd8e.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.099671148041404 |
| Encrypted: | false |
| SSDEEP: | 6:cxUX4AVq2PRN2nKuAl9OmbzNMxIFUt8HxURAgZmw+HxURAIkwORN2nKuAl9OmbzE:yVAVvaHAa8jFUt8RMAg/+RMAI5JHAa8E |
| MD5: | 79A051E4453A6E2DCC99EE11E60C56FA |
| SHA1: | 1591B3773E5B89755D8AAE6499DCFE8E4B7981ED |
| SHA-256: | DC6CF6BAE791446B35A616B78DC55BA3D7EB3903DEA0542E4D071F38B5BDFB03 |
| SHA-512: | 74B91F1AA71BC1E0D64B39A1868FFECAB329A56DF3BAB5F3884FE9156A32D5D6552A559021B6E1E2499CAA1F8053F18F6D7D359EB237F2F1CFD89E6D2D904447 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old~RF6707bb.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.099671148041404 |
| Encrypted: | false |
| SSDEEP: | 6:cxUX4AVq2PRN2nKuAl9OmbzNMxIFUt8HxURAgZmw+HxURAIkwORN2nKuAl9OmbzE:yVAVvaHAa8jFUt8RMAg/+RMAI5JHAa8E |
| MD5: | 79A051E4453A6E2DCC99EE11E60C56FA |
| SHA1: | 1591B3773E5B89755D8AAE6499DCFE8E4B7981ED |
| SHA-256: | DC6CF6BAE791446B35A616B78DC55BA3D7EB3903DEA0542E4D071F38B5BDFB03 |
| SHA-512: | 74B91F1AA71BC1E0D64B39A1868FFECAB329A56DF3BAB5F3884FE9156A32D5D6552A559021B6E1E2499CAA1F8053F18F6D7D359EB237F2F1CFD89E6D2D904447 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old~RF67bdec.TMP (copy)
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 322 |
| Entropy (8bit): | 5.099671148041404 |
| Encrypted: | false |
| SSDEEP: | 6:cxUX4AVq2PRN2nKuAl9OmbzNMxIFUt8HxURAgZmw+HxURAIkwORN2nKuAl9OmbzE:yVAVvaHAa8jFUt8RMAg/+RMAI5JHAa8E |
| MD5: | 79A051E4453A6E2DCC99EE11E60C56FA |
| SHA1: | 1591B3773E5B89755D8AAE6499DCFE8E4B7981ED |
| SHA-256: | DC6CF6BAE791446B35A616B78DC55BA3D7EB3903DEA0542E4D071F38B5BDFB03 |
| SHA-512: | 74B91F1AA71BC1E0D64B39A1868FFECAB329A56DF3BAB5F3884FE9156A32D5D6552A559021B6E1E2499CAA1F8053F18F6D7D359EB237F2F1CFD89E6D2D904447 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1391 |
| Entropy (8bit): | 7.705940075877404 |
| Encrypted: | false |
| SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
| MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
| SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
| SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
| SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71954 |
| Entropy (8bit): | 7.996617769952133 |
| Encrypted: | true |
| SSDEEP: | 1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ |
| MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
| SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
| SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
| SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 192 |
| Entropy (8bit): | 2.752969867432539 |
| Encrypted: | false |
| SSDEEP: | 3:kkFklf81gsNttfllXlE/HT8kuztNNX8RolJuRdxLlGB9lQRYwpDdt:kKr1RPeT8PNMa8RdWBwRd |
| MD5: | F0E817D0F2864B4373DF75EAE007C6EB |
| SHA1: | E7A9DEFF97AAB7AA4CC386541FEC6A8EB472F9E5 |
| SHA-256: | 99975D45370D55E32D9B1EF6F2AE60E992A5912D812A33552382B1ADA1F223AC |
| SHA-512: | DEED72A0152A7F5F957D980FB6B09FD70552646629B09140AA4211D0D12CC7B5DB8F91054AEC15172B0E1DC240E78D9DAFCB5CC853617B1D927F5C7CF4FD4050 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 328 |
| Entropy (8bit): | 3.141785112603811 |
| Encrypted: | false |
| SSDEEP: | 6:kK/T3L9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:T3iDnLNkPlE99SNxAhUe/3 |
| MD5: | 12AFD9FE9E1C1426827D69BE476B7F9C |
| SHA1: | 3F77A5D034A8520ED32CE2471CD6F65A67711BB9 |
| SHA-256: | 5BE31E2FB06535D417E38946E975AF230785644A935159E19E6CF910FE147E66 |
| SHA-512: | 631D6502C7B86F7B4415701F198A94188436B35FFB6EE84D2111DD752AF8617464F7B2DAEA7FA60370726FEF5BFE5704246C874414B9569AF68E16C35575C3E3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 185099 |
| Entropy (8bit): | 5.182478651346149 |
| Encrypted: | false |
| SSDEEP: | 1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC |
| MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
| SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
| SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
| SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 232384 |
| Entropy (8bit): | 3.367022380565401 |
| Encrypted: | false |
| SSDEEP: | 1536:3pKPliyzDtrh1cK3XEi3D7VX/3AYvYwghfrioWiRn:5KP7t/3AYvYwgJOoWiRn |
| MD5: | D519BBC9F4E2920A2AB49AC93952C889 |
| SHA1: | 8956FE8B06D4EC34C86B6B26F83F1A3A8F3E5949 |
| SHA-256: | CA043CEC7FED5CD024F5D2FC5A9C0C8CC5CD334AC19C9F3A0688757001FE3274 |
| SHA-512: | A253A9595E9FA29B3C8EB841FE4D92A82CEFD5AC4849D9D98FCD47EF503034D1E3D3D695CBF6192B6C7FDA9156D51A5663207AE50057CBF08E8B343C387C7629 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295 |
| Entropy (8bit): | 5.39622250656609 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXoJ7pqTTfd+5IRR4UhUR0YR0xoAvJM3g98kUwPeUkwRe9:YvXKXoJ7pcsWRuUhUdzGMbLUkee9 |
| MD5: | 3373697D5171A8F404804EB8081E944F |
| SHA1: | 5AA8EB8A50E876A20A616DCFCED1F0F431972991 |
| SHA-256: | 254A635314552CF701CA2AD0CFC5B38E06E4F8EACC89C8FE82CD9321A4F4079E |
| SHA-512: | 3B7AE04C4035C63FB40DB386570FCAC3984267D880343847712F36AD2E07F6C46299F354192E37E30BB4F4F3B8ABDF16020353C982FD1E752F0F0BD4742FD133 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.346055900355175 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXoJ7pqTTfd+5IRR4UhUR0YR0xoAvJfBoTfXpnrPeUkwRe9:YvXKXoJ7pcsWRuUhUdzGWTfXcUkee9 |
| MD5: | C4DD7C28A6EBF0C93B67D62124F62E5F |
| SHA1: | 934CAB45BA2DA421010C4B5168DFC35478E15D2F |
| SHA-256: | 463AE161727C84B811A0DF81B8C75B9134AEEA21F58FD2DFE11315B6EA726583 |
| SHA-512: | 97685432BEE3DBE0B87B08A852D857D989C5B23CBFDFA0D7663627F8AC011729E8ED07D935D3EC458E92CFB4B44F8F97BEE3212FF63446625FBAD87D54719E7C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294 |
| Entropy (8bit): | 5.324455219223606 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXoJ7pqTTfd+5IRR4UhUR0YR0xoAvJfBD2G6UpnrPeUkwRe9:YvXKXoJ7pcsWRuUhUdzGR22cUkee9 |
| MD5: | F4086297A423D0258E90389A283BEDF5 |
| SHA1: | E58254500795730C85A8DE189F2B0729BE9BBBAE |
| SHA-256: | 791683BB7EFC161EAD321A7A0CBF8BACFEB989D73E7A533B8C4C3E740EC0E96A |
| SHA-512: | 96475646394984481E4C60935BEE175D28DF1A66963876613650C997F1A2EF31F9BF5DFAE7751B69B9642FA7255504FB961418C49462FA7B7DF63F781E0B35C8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 285 |
| Entropy (8bit): | 5.385755646894766 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXoJ7pqTTfd+5IRR4UhUR0YR0xoAvJfPmwrPeUkwRe9:YvXKXoJ7pcsWRuUhUdzGH56Ukee9 |
| MD5: | B1CABAB8880D6C2CBB636A921E519B0C |
| SHA1: | D164135C94D9F295845D4B1544C947FD0DF9BE61 |
| SHA-256: | D96424CA1FA1229C61B12EECBF55233CAB0C990F4C7DC6D066CEA72729758382 |
| SHA-512: | 1F9F6E5B5A172A3ECD1FA2D823C2F282997796FACA29FECDA74D18022D68E6922E64388158C8AEE4D46A72D65169F1F159E32909A9B1433450ABC9AC00936D91 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1055 |
| Entropy (8bit): | 5.67070924879252 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XoJ7SUdopLgEscLf7nnl0RCmK8czOCCSVm:YvD7SU2hgGzaAh8cv/Vm |
| MD5: | 91F614F56AB491D191851EC50FD538B3 |
| SHA1: | CA8421D0F65657EF8C154C07E5B18158B6164360 |
| SHA-256: | D977D23069871952D264BA1A2CFA45B6DDEE7F1A29297A07C32CF9EBCD62E217 |
| SHA-512: | C89D50623067F0689BE2747D10F4953A424B65E87D1EA5F36F03A4A0878EC0B3D37A1AF7687AF229878BCC709BF463DB75D3E040CE1DF39DD96D26C9EBF3738F |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1050 |
| Entropy (8bit): | 5.664665897935602 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XoJ7SUd6VLgEF0c7sbnl0RCmK8czOCYHflEpwiVom:YvD7SUAFg6sGAh8cvYHWpwVm |
| MD5: | 2BD2E6854B3F9E077089313F0A79A276 |
| SHA1: | CBD4989E5B3FAE906A0A0330A9EB4B1859524E6D |
| SHA-256: | 7D6CAD7161C104E6811D02EC6A9E821F2699B5B0355CAC5BA68DCA1F4AB45F0D |
| SHA-512: | C860BFE13CD8F5F74618A9872DE73EEB5147B7757D5C66D7177A1565E551360E1DC7E176536AA07D149AA7251A29CD4AC55541158E94DDF3F16A1314161EF7A5 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 5.33967633600623 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXoJ7pqTTfd+5IRR4UhUR0YR0xoAvJfQ1rPeUkwRe9:YvXKXoJ7pcsWRuUhUdzGY16Ukee9 |
| MD5: | CEB570CF7E5847A9892AEF91653F7EA8 |
| SHA1: | A7072F7F595749434E8FD7C9656A9745984E9A4C |
| SHA-256: | F55F87FA9E61B21FFFCDD1A6A981059F89587C2E0B5BD007F2971BF7F0037FE9 |
| SHA-512: | F026980AB7A64A75F47C5F5BDF791D27E85CA988A180BD225DFDA7E913D89D2B42ED17EA50C6C21E2CF18FF5F65ADE1625242369A244B64E0FF79D10E56E9E6D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1038 |
| Entropy (8bit): | 5.660301906652289 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XoJ7SUdn2LgEF7cciAXs0nl0RCmK8czOCAPtciBom:YvD7SUlogc8hAh8cvA2m |
| MD5: | 078F1B25F1829BF737F9AF68AE2E2B95 |
| SHA1: | D9FD230E0B82C760D72635708CC93501E5D365E0 |
| SHA-256: | 964BB16EE6B581B8EEE04546931FD4156C9E1B28BBAA344440A92FC098F292D6 |
| SHA-512: | 57102F9C442FA573D83318F33F0FB1126D9E90826F7EE9A7D9C01BEA2D988A018580390709FEDBA32CECD69F207C0DA9400EAEB77808B107F04ACB0139D6304B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1164 |
| Entropy (8bit): | 5.706426047887831 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XoJ7SUdLKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5om:YvD7SUNEgqprtrS5OZjSlwTmAfSKSm |
| MD5: | E3F66A6F7704B2FC06FEAAD0B233C8B2 |
| SHA1: | 00E73C8C5700CE4F341599D9EF9F8B070214ACC5 |
| SHA-256: | 4AD67D8CC3DA1351DE1185F6AF53D9A7B402C6B65F5D391665E42E3AF43CC1F6 |
| SHA-512: | 880883E46811C3F409335DA197E8CB5E70B70874E1868ECA173D2B1E9020A4A012F1EF8C6B7BFAFFEF47559766F9A35896731388B381F47AFFD2871C6773EFF7 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 289 |
| Entropy (8bit): | 5.343844313551393 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXoJ7pqTTfd+5IRR4UhUR0YR0xoAvJfYdPeUkwRe9:YvXKXoJ7pcsWRuUhUdzGg8Ukee9 |
| MD5: | 1FA554CD2F908302F3CD90BCF9A29635 |
| SHA1: | 5CD935452DF7DB9A11745636C042D68B7F7A501C |
| SHA-256: | 7B39FDF073557C706E108E1DF51E54C170E62C2BCB1B73A6B6B254D50A1CAC08 |
| SHA-512: | 5AD598087E8B47D3EF0E926249C7EAEBE697F834BC12F4CD422632EEC7D838B67262B15D232054566EE1F18BA770B60E74174F55B5DB536AE493FB9B4EF18C78 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1395 |
| Entropy (8bit): | 5.77968873809753 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XoJ7SUd2rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNQX:YvD7SUQHgDv3W2aYQfgB5OUupHrQ9FJO |
| MD5: | 5D4051B565CE7123F8A9C91D29E53E5C |
| SHA1: | 42B34D310D32C46ED813E670B7E54FEAD7A5C5EA |
| SHA-256: | D3CE6CE7599BCBE4D13BE38F3D74A23B5E01D9C979C57FF0694B3D80C68476CD |
| SHA-512: | 2BF4720965DC442D14A46ECB2E04D02B654B72BBC82FE1A0A9CBBE459BB75B888156704EEB7B3A03CCD6CEB66B224C235025A3F391A9A26FD1CF4CA46DD6CB1B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 291 |
| Entropy (8bit): | 5.327090075736931 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXoJ7pqTTfd+5IRR4UhUR0YR0xoAvJfbPtdPeUkwRe9:YvXKXoJ7pcsWRuUhUdzGDV8Ukee9 |
| MD5: | E08F4FD774B217AF49D41A9FF594E021 |
| SHA1: | 22D5FDA2A01BEF3928A8902404E82B40FA1142F9 |
| SHA-256: | 51EE9B6AF99E9701B74E2922D9D509597C132F11A1DE2D27AEB95E3A52FE4306 |
| SHA-512: | D690E857EC11C600EA3B56A4253B18F6D3A5A12FC1A6CB502E2135AA2F5CE5482085A5D454AFF6BFA5D82C7DFFFBC765B886AC0D4AF4E6BB2065E72E0FBA104C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287 |
| Entropy (8bit): | 5.330428516734541 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXoJ7pqTTfd+5IRR4UhUR0YR0xoAvJf21rPeUkwRe9:YvXKXoJ7pcsWRuUhUdzG+16Ukee9 |
| MD5: | 10CD0E13B254E318CB650E05146D3B36 |
| SHA1: | F6388FD4D5A246EF9B2DADB0E4820B4657D2159E |
| SHA-256: | E5C0A430FCEA2ED7D2DB1259537AB8A91F32069706A4D071B0D3106C8B72AF8E |
| SHA-512: | AB41313C30DA98EA3F624E2696EDA053A8DC4D997994C943CAB87B92600877E264D81494A6C59B7EFCCCD826AF42470601308589B47B26876F86833E6B7ACC66 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1026 |
| Entropy (8bit): | 5.64240807885673 |
| Encrypted: | false |
| SSDEEP: | 24:Yv6XoJ7SUdcamXayLgE7cMCBNaqnl0RCmK8czOC/BSVm:YvD7SUkBgACBOAh8cvMVm |
| MD5: | 1810A3B314B9B67892FCEB21E82CE92C |
| SHA1: | 3550597AB63909C5053E7BB32402EF195583B82F |
| SHA-256: | 720995E096CBE253C3DBEDAD38293A739E3BBD3B899B1CF6CE1EAC74B582BE8D |
| SHA-512: | E533F745539F567B65F3E347589F81A3AA7C9379CE46B8F12BC4898C58A5EE22745A46A4C8BE03C05618D3DE8F18C02A41517D3B1412BD46AFF556FD1739C71B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 5.307272875438766 |
| Encrypted: | false |
| SSDEEP: | 6:YEQXJ2HXoJ7pqTTfd+5IRR4UhUR0YR0xoAvJfshHHrPeUkwRe9:YvXKXoJ7pcsWRuUhUdzGUUUkee9 |
| MD5: | 1BFA1DD310F309E2200179DCB67BF560 |
| SHA1: | 32A3522F8E940ABA6BB795899E232271B1874826 |
| SHA-256: | 07FC6C970D5DAC075CF0F082E8B563727BB20E1EB1D904F969200247C5FA1D11 |
| SHA-512: | 9570A916D10666102272E16663051FF45AF988587EF6EF5DEFCAAE44ACC1A414F9E5CFD6C5B9D2E4CBA00ECF6BF3FA8E545C19D2A968CA472CB0C91827E55D57 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 782 |
| Entropy (8bit): | 5.38214029626802 |
| Encrypted: | false |
| SSDEEP: | 12:YvXKXoJ7pcsWRuUhUdzGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWUm:Yv6XoJ7SUdD168CgEXX5kcIfANhVm |
| MD5: | 5929E7EC234C33454387C5A2AF3E420F |
| SHA1: | EF5CB5171E7DD57221BC249B13C319A26FA2AB98 |
| SHA-256: | AF025445991F7B2A9719850922D079BD001D50555F67544006AFE73A689A9315 |
| SHA-512: | D770CC6A09F883CED1BACCDF860BC1CA824E63F403FBC908270E83E32B7AD8574275A0BD0421001F7EA6D8EDEF59C27C5AD55B6DC389A696150B202EA4E7F0B9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4 |
| Entropy (8bit): | 0.8112781244591328 |
| Encrypted: | false |
| SSDEEP: | 3:e:e |
| MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
| SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
| SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
| SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2818 |
| Entropy (8bit): | 5.111088910802451 |
| Encrypted: | false |
| SSDEEP: | 48:YvZRMlETI19YR6L9JLjmlxWsYspvOkFrkonij2iaMOg+6b:IIljbD5cv9Io+JOy |
| MD5: | 4B27397ECC985FA2A884A662828F14B4 |
| SHA1: | 175B4B77B2CBA1F984E1D293A113BD255C080C6E |
| SHA-256: | 0A2B27840F34DB546CBD658A2186D5D1A0778BE0D3915B0A0A614FA8696363CE |
| SHA-512: | 4ECFE19DFDF70E881110F18B6EC442F194E04D07C3EDAC76B8FB3BAF33A77397B3CC7A55C878CC49DCACE121ADAD27949148898D04CB94B4FE1A5B3300835FDD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 1.0275444788919534 |
| Encrypted: | false |
| SSDEEP: | 24:TLxx/XYKQvGJF7ursuR+X+UslLps5I03/AyYI0ql0H3+xOXJOy/AF:TVl2GL7msuZCLVIOC50 |
| MD5: | 42715AD41FD3F0B185CE3EC86844BB1F |
| SHA1: | DD45B1F852F574F2632B1A99B964B0830817BB9A |
| SHA-256: | D521B7EC28727A2A2FB9ABEC532D22ECD5005D05DF23472E2B782AFDB9107A05 |
| SHA-512: | ADE9F10AFF500DB5AFB9617E5685A4A5FDC47548617F83FD0394749F14D5E08028763CAECFB7DDAFA9CDDD079AA7102D3E2F17A86A739EB54BD93C8312F94186 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8720 |
| Entropy (8bit): | 1.3557998746945317 |
| Encrypted: | false |
| SSDEEP: | 24:7+tl3OY9C+UslLps5I03/AyYI0ql0H3+xOXJOy/A+/nqLBx/XYKQvGJF7ursln:7MtOYBCLVIOC5Znqll2GL7msln |
| MD5: | 7346E072611315A7E7346C56C6E5F4F2 |
| SHA1: | 1EB66105F336F37ABC187017EB2E547B5B7A4339 |
| SHA-256: | FC8A0574A9FB97041283057B756C09590215007C77C170CA02AE8559DF3130E0 |
| SHA-512: | 4165EF29012C0289D65A989ACEFC33900406B400E131E35F7AA9EEE968508C3C368C5FF238279F642357A9A91494D089E1EFEF871606EF738859C199D8760908 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 850 |
| Entropy (8bit): | 2.7129887455492763 |
| Encrypted: | false |
| SSDEEP: | 24:YIrNvpCHhFfzLRwcftR/8AJp9WtAZRJ5poIHWPt:YmbCHrzLmcL8AJtfJ52IH2t |
| MD5: | 13BE1793E272884A53089F16CF9CDCFD |
| SHA1: | 7E3B88F63393AA202507F7960BC2C63473132D6F |
| SHA-256: | E853CB6B0CCB4696FE0A4D5D20976E9E48EA051451675D292DC2C4AE4D0EF579 |
| SHA-512: | 90D201383FCDB8C50DAD7D9A84A3AC9BD1A8020B3A1C50C42D109B31927FD1DA0C80E24D8D889FE2C721A9DF074746CC03824311EED7876F0F8B7ED5CA5DD84D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 850 |
| Entropy (8bit): | 2.7129887455492763 |
| Encrypted: | false |
| SSDEEP: | 24:YIrNvpCHhFfzLRwcftR/8AJp9WtAZRJ5poIHWPt:YmbCHrzLmcL8AJtfJ52IH2t |
| MD5: | 13BE1793E272884A53089F16CF9CDCFD |
| SHA1: | 7E3B88F63393AA202507F7960BC2C63473132D6F |
| SHA-256: | E853CB6B0CCB4696FE0A4D5D20976E9E48EA051451675D292DC2C4AE4D0EF579 |
| SHA-512: | 90D201383FCDB8C50DAD7D9A84A3AC9BD1A8020B3A1C50C42D109B31927FD1DA0C80E24D8D889FE2C721A9DF074746CC03824311EED7876F0F8B7ED5CA5DD84D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.4965336456103326 |
| Encrypted: | false |
| SSDEEP: | 6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8xOlQUCSlYH:Qw946cPbiOxDlbYnuRK5LbYH |
| MD5: | 29CDB6F3C75046C1E9C8EE6827B654E7 |
| SHA1: | 0A06346F84F252CD1EB50FC83A58007122958859 |
| SHA-256: | 1017EF128BCB08B5F8C4B26DA9C4599228DA8959A45DD6315E06681494CE5374 |
| SHA-512: | E10BF36739B12FFA20CA47D1EA2810F8E7CB3E6EB255759DCFAE5A1323053BFC6DAE7F3195134B71D18BB82D846AF7FC6378FA63A0AC740845E39944E62C818A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-29 07-10-04-020.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16525 |
| Entropy (8bit): | 5.353642815103214 |
| Encrypted: | false |
| SSDEEP: | 384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL |
| MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
| SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
| SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
| SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-29 07-10-15-831.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16529 |
| Entropy (8bit): | 5.307332465195317 |
| Encrypted: | false |
| SSDEEP: | 384:ws9m1paGO2X3vLzaHUg9eg1m2r3eoVIyHnGnl5XfvcPimkqfkT52G9x6xapwqNBP:oZp9 |
| MD5: | 8B808867DE6CE7BFBD98B2644C6C0BE2 |
| SHA1: | 6FB0B8250B818562D1BD1F3459C41597FCE9D512 |
| SHA-256: | 17F5FD06C63F6E728B9C4D5CEF14C0C2D7078A6BD42D9DEEBC72D27FF59103B4 |
| SHA-512: | 63C8766C6E1575C2CBE1384D89F476BD1C8D177CA66A158D353D7AFAEF45710B34ABE42846E0C72736402C9831CCBA107E4EF21211CE8D0F52D8213C76F64DDB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-29 07-10-26-583.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16529 |
| Entropy (8bit): | 5.325671733059831 |
| Encrypted: | false |
| SSDEEP: | 384:16jMLf4CgUNVINi3OzoEeslGOHSSyrprtrXrkr9rurqr0rwrErDrAyxM6VhEClgb:1mSo |
| MD5: | 322A43C8FE8EE26DBCCD8654A390EFD3 |
| SHA1: | 74FABC0B04BD1955F5D96AB5407CD2D6DD05B39B |
| SHA-256: | 4BF4B19141E63C0796BF460BB6C33465DD53E6427B151CBC00A85B15B0B79594 |
| SHA-512: | 207E43538DEBDF6213F903F11BEA38DEFFB7C6950E31FEF99E410B5A8BDCF9770223855283A35854CEC38879D46E72586C0406859199CBDE04AD42A7F3AA19A9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-29 07-11-17-948.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16528 |
| Entropy (8bit): | 5.292585107971669 |
| Encrypted: | false |
| SSDEEP: | 384:juC1CPsU+4NdjjPO348AewRumjmEhxhPO3h9HyC8LiIVPlKIiQMR/8/Y7pbzFaCD:cDtU |
| MD5: | 3D2C77EC758DDE9F122030746EA9E73A |
| SHA1: | 2A62BD430BBBC64DFA8FDC87F0CC1E95D3CF0E83 |
| SHA-256: | 8F21E49FF81B87CAB4A59B04877A1BA908143F1DA0C4CF36626615AF911D1917 |
| SHA-512: | E192E4B70AADBFEB474D86A05CBC3B5777E1F0913E34B9ADC08AF95BB4280D242ACA593942FF2DD677A231332B0F3FA132C6D478ADA20F6EF3F7A1E9E73EA807 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16602 |
| Entropy (8bit): | 5.328324803763531 |
| Encrypted: | false |
| SSDEEP: | 384:Aw+FjdqhnCr188V5SkUZCgxwszqdrq2HFWM/Befx9BfeNiBJL2CTDyDiLhku1c0B:fXPh |
| MD5: | A2EB6D3A6A18A92EBC668A88BF43EEF9 |
| SHA1: | 4B516369064177643D69C1A1D0F4AC948A2992CD |
| SHA-256: | 1C908E95E798ACC3629DC62F4119180E0CC6A82CF39FD693B6B3B161EE26DC03 |
| SHA-512: | 827ECACAE89EFB798D9694D86D10E4DBB066BE5CE770C1085313D6C99E6758752E412CADE06E3118EFC7CC0A6D1F06DD43BCD3511715176BE31E0A143C21A185 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 47752 |
| Entropy (8bit): | 5.417078304856433 |
| Encrypted: | false |
| SSDEEP: | 192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbt2CcbeIaEcbbU4cbeI4+cbnjllBS:fhWlA/TVy2/a9U14EGfu1L5i2 |
| MD5: | 2061B057FD69C5FBE0A2A7CD2A54B139 |
| SHA1: | 598E3DA8006EF362464462B818446C8BF5D862C0 |
| SHA-256: | 63600B19AC7AAD8B2C9A923EC0FDF097194126013B17694392232852131A5E0B |
| SHA-512: | 8910F77C2377118A57D9A6AFEB0C3BE1C3D8A1C723680A2D10059AE0F6DF554AF2AC350D74D4C1CC0F374B40CE6F682BBE4120075D97B53AFEDEBF2500C8EDE4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 386528 |
| Entropy (8bit): | 7.9736851559892425 |
| Encrypted: | false |
| SSDEEP: | 6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m |
| MD5: | 5C48B0AD2FEF800949466AE872E1F1E2 |
| SHA1: | 337D617AE142815EDDACB48484628C1F16692A2F |
| SHA-256: | F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE |
| SHA-512: | 44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1407294 |
| Entropy (8bit): | 7.97605879016224 |
| Encrypted: | false |
| SSDEEP: | 24576:NDA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo |
| MD5: | 6B9C5F026987A4C6A402B442B613E46F |
| SHA1: | 53B45C73D714A93A26A5BCB25C37BE7CCB94AFCE |
| SHA-256: | 2D90C694412A22FD0E0EEF638F9F34BF6B8C55D98AD2DA3CB8932ECA361EC9CF |
| SHA-512: | 2545211D5A9686FC31C4E26CC3D9FCF01F235A30BAEA7579151D187937C69AC40091510D2A14D5B008895A24969116B012EB5BD3E63608BF256A955875023119 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 758601 |
| Entropy (8bit): | 7.98639316555857 |
| Encrypted: | false |
| SSDEEP: | 12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg |
| MD5: | 3A49135134665364308390AC398006F1 |
| SHA1: | 28EF4CE5690BF8A9E048AF7D30688120DAC6F126 |
| SHA-256: | D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B |
| SHA-512: | BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 22 |
| Entropy (8bit): | 3.4594316186372964 |
| Encrypted: | false |
| SSDEEP: | 3:3cEHn:3nHn |
| MD5: | 4AC65FD0505524C840E4B8ED9352125F |
| SHA1: | F914B6F0DF85ED7B5AA059AFDBD993E18748493F |
| SHA-256: | 913EF675AA4754FBB1A0B07E73B75D515B05C2058CB1144BC115E0430A90CC11 |
| SHA-512: | 9E8913B2E71CA3C0D422A2ED1CA6E2BEE3C7C7F493A0F79573CA4E0341946FFB1D38F669521190B1303B4F3F6F392E20B7694ED25A177301C93816BB8B073438 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 24 |
| Entropy (8bit): | 3.66829583405449 |
| Encrypted: | false |
| SSDEEP: | 3:So6FwHn:So6FwHn |
| MD5: | DD4A3BD8B9FF61628346391EA9987E1D |
| SHA1: | 474076C122CACAAF112469FC62976BB69187AA2B |
| SHA-256: | 7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486 |
| SHA-512: | FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 36 |
| Entropy (8bit): | 4.294653473544341 |
| Encrypted: | false |
| SSDEEP: | 3:8QvCyKGziFLpn:8QayKGyLpn |
| MD5: | 5C6B932A79952B4B27833691305E61DB |
| SHA1: | 09804DB0986A989C2C49CDCEA563567FB4C7B1A0 |
| SHA-256: | DEE5A5925227B125F4AC6D9B70A277E6EC8494FFC73D1CCE9E08CC7A78D6208A |
| SHA-512: | 4FAA9585BB10156D5DEA3B62D3A3A1BFA92430BA6E1E3381FC4C76C3071C85E53D5CBCE0016DBA1D1F9EA1B7AF37B4A4EFBAF4F3106B7D958B6E2E90AA0DF059 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 54 |
| Entropy (8bit): | 3.7119196645733785 |
| Encrypted: | false |
| SSDEEP: | 3:8QvCxXLV1AiLKltVln:8QaRhJ2ltPn |
| MD5: | 6A614A7743B0C781AAECA60448E861D6 |
| SHA1: | 67B7DF5EBEB4527E4C31F3F9B7E52A0581DC4B6D |
| SHA-256: | 9703120DC62C2C3F843BAD5B1E77594682CA7820F0345AE0BBD73021C1427146 |
| SHA-512: | 3A45B27ED6F3AAA8C2113FBB21637675CC91D1239754447A7032D1A86CB1E7381575B28F992E5FFC9986354C2B9C173C614F1F703CA4C2BEE63AB3BC6ED909A6 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.998351901270001 |
| TrID: |
|
| File name: | SIMEM_HumiditySensor-PCB-Manufacturing-rev1.0.zip |
| File size: | 8'137'311 bytes |
| MD5: | 9b21c3a8b5db2ce7f9021ec71a8bd337 |
| SHA1: | 7ae8d4dd69216c35859c8654325669cab007abd8 |
| SHA256: | a5dd938eafa8bc883847cf7884c98f73505e7df5b07299fa67c8686280bb4244 |
| SHA512: | dbdf8fdc4892c8310377e94dc3233cdfce08de4c7094d770ae7231d28cfe68e09885931444b3178b2fbe062b34d5f57843ba7eb0b09c6d53b305fce8e89ab87a |
| SSDEEP: | 196608:qGFxCBsSxfmgcn26wf5k7619JI2UyptxuoRrUZz9H6V:q2xCCSxfeJwxk219JI2hptkoqhUV |
| TLSH: | 3A8633A5740C8B5BDA15843E8CF7A39EE1D901DDD224F050FA4D49B37A2BB96EB05B0C |
| File Content Preview: | PK........-NYY............B...SIMEM_HumiditySensor-PCB-Manufacturing-rev1.0/0_No-Lens-Expansion/PK........-NYY............N...SIMEM_HumiditySensor-PCB-Manufacturing-rev1.0/0_No-Lens-Expansion/DRILL FILES/PK........r.IX.a(.z.......Z...SIMEM_HumiditySensor- |
 | |
| Icon Hash: | 1c1c1e4e4ececedc |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 29, 2024 12:10:20.149012089 CET | 50666 | 53 | 192.168.2.16 | 1.1.1.1 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Oct 29, 2024 12:10:20.149012089 CET | 192.168.2.16 | 1.1.1.1 | 0xcedb | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Oct 29, 2024 12:10:20.157265902 CET | 1.1.1.1 | 192.168.2.16 | 0xcedb | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 07:09:23 |
| Start date: | 29/10/2024 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff741d90000 |
| File size: | 71'680 bytes |
| MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 8 |
| Start time: | 07:10:00 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff76a820000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 07:10:01 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6b1790000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 10 |
| Start time: | 07:10:02 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6b1790000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 11 |
| Start time: | 07:10:11 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff76a820000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 12 |
| Start time: | 07:10:13 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6b1790000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 13 |
| Start time: | 07:10:13 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6b1790000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 16 |
| Start time: | 07:10:23 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff76a820000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 17 |
| Start time: | 07:10:24 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6b1790000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 18 |
| Start time: | 07:10:24 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6b1790000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 21 |
| Start time: | 07:10:40 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xd10000 |
| File size: | 53'161'064 bytes |
| MD5 hash: | 4A871771235598812032C822E6F68F19 |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 24 |
| Start time: | 07:11:09 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff76a820000 |
| File size: | 5'641'176 bytes |
| MD5 hash: | 24EAD1C46A47022347DC0F05F6EFBB8C |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 25 |
| Start time: | 07:11:10 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6b1790000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
| Target ID: | 26 |
| Start time: | 07:11:10 |
| Start date: | 29/10/2024 |
| Path: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6b1790000 |
| File size: | 3'581'912 bytes |
| MD5 hash: | 9B38E8E8B6DD9622D24B53E095C5D9BE |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Has exited: | true |
⊘No disassembly