193107894.dom.3.pdf
This report is generated from a file or URL submitted to this webservice on September 8th 2020 10:02:53 (UTC)
Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.31 © Hybrid Analysis
Incident Response
Risk Assessment
- Network Behavior
- Contacts 2 domains and 3 hosts. View all details
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 1
-
Unusual Characteristics
-
Document analysis contacts a domain
- details
-
Often seen on documents with macro droppers
embedded files or exploits - source
- Indicator Combinations
- relevance
- 3/10
-
Document analysis contacts a domain
-
Suspicious Indicators 6
-
External Systems
-
Found an IP/URL artifact that was identified as malicious by at least one reputation engine
- details
- 1/79 reputation engines marked "http://ocsp.quovadisglobal.com" as malicious (1% detection rate)
- source
- External System
- relevance
- 10/10
-
Found an IP/URL artifact that was identified as malicious by at least one reputation engine
-
General
-
Opened the service control manager
- details
-
"AdobeCollabSync.exe" called "OpenSCManager" requesting access rights "SC_MANAGER_CONNECT" (0x1)
"AdobeCollabSync.exe" called "OpenSCManager" requesting access rights "0XE0000000L" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1035 (Show technique in the MITRE ATT&CK™ matrix)
-
POSTs files to a webserver
- details
-
"POST / HTTP/1.1
Accept: */*
Content-Type: application/ocsp-request
Content-Length: 159
Character-Encoding: binary
User-Agent: PPKHandler
Host: ocsp.quovadisglobal.com
Connection: Keep-Alive
Cache-Control: no-cache" with no payload
"POST / HTTP/1.1
Accept: */*
Content-Type: application/ocsp-request
Content-Length: 159
Character-Encoding: binary
User-Agent: PPKHandler
Host: uw.ocsp.quovadisglobal.com
Connection: Keep-Alive
Cache-Control: no-cache" with no payload - source
- Network Traffic
- relevance
- 5/10
-
Opened the service control manager
-
Installation/Persistence
-
Creates new processes
- details
-
"AcroRd32.exe" is creating a new process (Name: "%WINDIR%\System32\VBoxTray.exe", Handle: 520)
"AcroRd32.exe" is creating a new process (Name: "%PROGRAMFILES%\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe", Handle: 1132)
"AcroRd32.exe" is creating a new process (Name: "%PROGRAMFILES%\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe", Handle: 1180)
"RdrCEF.exe" is creating a new process (Name: "%WINDIR%\System32\spoolsv.exe", Handle: 1320)
"RdrCEF.exe" is creating a new process (Name: "%PROGRAMFILES%\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe", Handle: 1676) - source
- API Call
- relevance
- 8/10
-
Creates new processes
-
Network Related
-
Found potential IP address in binary/memory
- details
-
Heuristic match: "<OID>2.16.578.1.26.1.3.1</OID>"
Heuristic match: "<OID>2.16.578.1.26.1.3.5</OID>"
Heuristic match: "<OID>2.16.578.1.26.1.3.6</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.25070.1.1.1.1.0.1.2</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.25070.1.1.1.1.0.7</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.23267.10.10.1</OID>"
Heuristic match: "<OID>1.3.159.1.26.1</OID>"
Heuristic match: "<OID>2.16.76.1.2.2.1</OID>"
Heuristic match: "<OID>2.16.76.1.2.2.2</OID>"
Heuristic match: "<OID>2.16.76.1.2.2.3</OID>"
Heuristic match: "<OID>2.16.76.1.2.2.4</OID>"
Heuristic match: "<OID>2.16.76.1.2.2.5</OID>"
Heuristic match: "<OID>2.16.76.1.2.2.6</OID>"
Heuristic match: "<OID>2.16.76.1.2.2.7</OID>"
Heuristic match: "<OID>2.16.76.1.2.2.8</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.1</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.2</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.3</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.4</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.5</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.6</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.7</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.8</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.9</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.10</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.11</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.12</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.13</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.14</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.15</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.16</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.17</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.18</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.19</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.20</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.21</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.22</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.23</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.24</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.25</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.26</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.27</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.28</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.29</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.30</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.31</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.32</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.33</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.34</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.35</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.36</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.37</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.38</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.39</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.40</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.41</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.42</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.43</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.44</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.45</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.46</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.47</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.48</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.49</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.1</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.2</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.3</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.4</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.5</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.6</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.7</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.8</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.9</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.10</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.11</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.12</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.13</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.14</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.15</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.16</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.17</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.18</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.19</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.20</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.21</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.22</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.23</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.50570.2.9</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.36305.1.3.1</OID>"
Heuristic match: "<OID>2.16.356.100.2.4.1</OID>"
Heuristic match: "<OID>2.16.356.100.2.4.2</OID>"
Heuristic match: "<OID>1.2.250.1.86.2.2.1.24.1</OID>"
Heuristic match: "<OID>1.2.250.1.86.2.2.1.25.1 </OID>"
Heuristic match: "<OID>1.2.616.1.113527.2.5.1.6.11</OID>"
Heuristic match: "<OID>2.16.840.1.101.3.2.1.3.7</OID>"
Heuristic match: "<OID>2.16.840.1.101.3.2.1.3.15</OID>"
Heuristic match: "<OID>2.16.840.1.101.3.2.1.3.16</OID>"
Heuristic match: "<OID>2.16.840.1.101.3.2.1.3.24</OID>"
Heuristic match: "<OID>1.2.250.1.78.1.1.3.1.3.1.2.2.3.1</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.34471.3.1.3</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.34471.3.2.3</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.34471.3.3.3</OID>"
Heuristic match: "<OID>2.16.840.1.101.2.1.11.4</OID>"
Heuristic match: "<OID>2.16.840.1.101.2.1.11.9</OID>"
Heuristic match: "<OID>2.16.840.1.101.2.1.11.19</OID>"
Heuristic match: "<OID>2.16.840.1.114027.200.3.10.2.3</OID>"
Heuristic match: "<OID>2.16.840.1.114027.200.3.10.7.2</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.23459.100.0.9</OID>"
Heuristic match: "<OID>2.16.840.1.101.3.2.1.3.18</OID>"
Heuristic match: "<OID>1.2.156.112559.1.1.1.2</OID>"
Heuristic match: "<OID>1.2.156.112559.1.1.2.2</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.4146.1.40.30</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.4146.1.31</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.4146.1.40.35.1</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.4146.1.40.35.2 </OID>"
Heuristic match: "<OID>1.3.6.1.4.1.16030.1.4</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.16030.1.5</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.8420.1.100</OID>"
Heuristic match: "<OID>2.16.840.1.113839.0.6.12.1</OID>"
Heuristic match: "<OID>2.16.840.1.113839.0.6.12.2</OID>"
Heuristic match: "<OID>1.3.76.36.1.1.8.3</OID>"
Heuristic match: "<OID>1.3.76.36.1.1.8.4</OID>"
Heuristic match: "<OID>1.3.76.36.1.1.8.5</OID>"
Heuristic match: "<OID>1.3.76.36.1.1.8.6</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.48990.1.2.1.1</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.48990.1.3.1.1</OID>"
Heuristic match: "<OID>1.2.410.200085.3.1.1.1.1</OID>"
Heuristic match: "<OID>1.2.410.200085.3.1.1.2.1</OID>"
Heuristic match: "<OID>1.2.410.200085.3.1.1.2.2</OID>"
Heuristic match: "<OID>1.2.410.200085.3.1.2.1.1</OID>"
Heuristic match: "<OID>1.2.410.200085.3.1.2.2.1</OID>"
Heuristic match: "<OID>1.2.410.200085.3.1.2.2.2</OID>"
Heuristic match: "<OID>1.2.410.200085.3.2.1.1.1</OID>"
Heuristic match: "<OID>1.2.410.200085.3.2.1.1.2</OID>"
Heuristic match: "<OID>1.2.410.200085.3.2.2.1.1</OID>"
Heuristic match: "<OID>1.2.410.200085.3.2.2.1.2</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.1</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.3</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.6</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.10</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.13</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.8.1</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.18</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.26</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.30</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.32</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.34</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.50775.2.9</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.25070.1.1.1.2.0.7</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.25070.1.1.1.1.0.1.14</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.49530.1.1.3</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20100722</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20101201</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20101213</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20101228</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20110630</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20110707</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20120126</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20120127</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20120301</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20121101</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20130312</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20131215</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20140417</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20140516</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20140709</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20100318</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20100830</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20100922</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20110630</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20110706</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20110927</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20120126</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20120127</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20120301</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20121101</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20130312</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20131210</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20140417</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20140516</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20140709</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.50.20120301</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.50.20121101</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.50.20130312</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.50.20131210</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.50.20140417</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.50.20140516</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.50.20140709</OID>"
Heuristic match: "<OID>1.2.250.1.78.1.1.3.1.3.1.2.1.3.1</OID>"
Heuristic match: "<OID>1.2.250.1.78.1.1.3.1.3.1.2.2.4.1</OID>"
Heuristic match: "<OID>2.16.124.113550.2.2.4.2</OID>"
Heuristic match: "<OID>2.16.756.5.14.8.1.1</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.50501.5</OID>"
Heuristic match: "<OID>2.23.134.1.2.1.7.300</OID>"
Heuristic match: "<OID>2.23.134.1.2.1.8.300</OID>"
Heuristic match: "<OID>2.23.134.1.4.1.7.300</OID>"
Heuristic match: "<OID>2.23.134.1.4.1.8.300</OID>"
Heuristic match: "<OID>2.23.134.1.4.1.101.140</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.8024.1.300</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.8024.1.400</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.8024.1.410</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.8024.0.2000.6</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.38064.1.3.4.1</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.38064.1.3.4.2</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.2.1</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.2.2</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.2.3</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.5.1</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.5.2</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.5.3</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.2.4</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.2.5</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.5.4</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.5.5</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.3.1</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.3.2</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.3.3</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.5.7</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.271.2.3.1.1.20</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.50318.3.1</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.49530.1.3.2</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.40869.1.1.26</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.15819.5.1.3.1</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.15819.5.1.3.2</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.15819.5.1.3.3</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.15819.5.1.3.4</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.15819.5.1.3.5</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.15819.5.1.3.6</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.15819.5.1.3.7 </OID>"
Heuristic match: "<OID>1.3.6.1.4.1.15819.5.1.1</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.6449.1.2.1.6.6</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.6449.1.2.1.6.7</OID>"
Heuristic match: "<OID>2.16.840.1.113733.1.23.3.1.7</OID>"
Heuristic match: "<OID>2.16.840.1.101.3.2.1.12.2</OID>"
Heuristic match: "<OID>1.2.156.112559.1.1.1.3</OID>"
Heuristic match: "<OID>1.2.156.112559.1.1.2.1</OID>" - source
- File/Memory
- relevance
- 3/10
-
Sends traffic on typical HTTP outbound port, but without HTTP header
- details
-
TCP traffic to 184.26.47.10 on port 443 is sent without HTTP header
TCP traffic to 35.156.254.208 on port 80 is sent without HTTP header
TCP traffic to 52.214.169.148 on port 80 is sent without HTTP header - source
- Network Traffic
- relevance
- 5/10
- ATT&CK ID
- T1043 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential IP address in binary/memory
-
Informative 14
-
Exploit/Shellcode
-
Possible heap spraying attempt detected
- details
- "AcroRd32.exe" allocated at least 19600 KB of consecutive memory with 160 calls
- source
- API Call
- relevance
- 10/10
-
Possible heap spraying attempt detected
-
General
-
Contacts domains
- details
-
"ocsp.quovadisglobal.com"
"uw.ocsp.quovadisglobal.com" - source
- Network Traffic
- relevance
- 1/10
-
Contacts server
- details
-
"184.26.47.10:443"
"35.156.254.208:80"
"52.214.169.148:80" - source
- Network Traffic
- relevance
- 1/10
-
Contains object with compressed stream data
- details
-
Object ID 9 contains compressed stream data: No filters
Object ID 24 contains compressed stream data: \x80\x01\xec
\x00\x00%!PS-AdobeFont-1.0: Helvetica 003.001
%%CreationDate: Mon Aug 23 12:48:20 1999
%%VMusage: 28955 35891
%% The digitally encoded machine readable software for producing the
%% Typefaces licensed to you is copyrighted (c) 1985
1987
198 ...
Object ID 27 contains compressed stream data: \x00\x01\x00\x00\x00\x000\x00\x03\x00`cvt \x1c\xbc\x00f\x00\x00\x01(\x00\x00\x01\x98fpgm>\x08\x00~\x00\x00\x02\xc0\x00\x00\x01\xf6glyf\x9c\xef\x00\x04\x00\x00\x07\xb4\x00\x00\x00>head\xcc\x1d\x00\x08\x00\x00\x00\x9c\x00\x00\x006hhea\x11\x95\x00\x00 ... - source
- Static Parser
- relevance
- 10/10
- ATT&CK ID
- T1207 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"Local\ZonesCacheCounterMutex"
"DBWinMutex"
"Local\ZonesLockedCacheCounterMutex"
"Local\Acrobat Instance Mutex"
"\Sessions\1\BaseNamedObjects\Local\Acrobat Instance Mutex"
"\Sessions\1\BaseNamedObjects\DBWinMutex"
"\Sessions\1\BaseNamedObjects\com.adobe.acrobat.rna.RdrCefBrowserLock.DC"
"com.adobe.acrobat.rna.RdrCefBrowserLock.DC" - source
- Created Mutant
- relevance
- 3/10
-
Drops files marked as clean
- details
-
Antivirus vendors marked dropped file "tl12_1_.acrobatsecuritysettings" as clean (type is "PDF document version 1.6")
Antivirus vendors marked dropped file "download-18" as clean (type is "PDF document version 1.6")
Antivirus vendors marked dropped file "download-19" as clean (type is "PDF document version 1.6")
Antivirus vendors marked dropped file "eutl12_1_.acrobatsecuritysettings" as clean (type is "PDF document version 1.6") - source
- Binary File
- relevance
- 10/10
-
PDF contains only a single page
- details
- Tag "pages" has a value of "1"
- source
- Static Parser
- relevance
- 5/10
-
Scanning for window names
- details
-
"AcroRd32.exe" searching for window "_AcroAppTimer"
"AcroRd32.exe" searching for class "AdobeAcrobatSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for class "AdobeReaderSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for class "ACROSEMAPHORE_R18"
"AcroRd32.exe" searching for class "JFWUI2"
"AcroRd32.exe" searching for class "Shell_TrayWnd"
"AcroRd32.exe" searching for class "Acrobat Instance Window Class" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1010 (Show technique in the MITRE ATT&CK™ matrix)
-
Spawns new processes
- details
-
Spawned process "AdobeCollabSync.exe" with commandline "-c" (Show Process)
Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=7C2F6291E40D3FC7DE3CFF2F ..." (Show Process)
Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=24ACAA64A25C076D47986FCE ..." (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Spawns new processes that are not known child processes
- details
- Spawned process "AdobeCollabSync.exe" with commandline "-c" (Show Process)
- source
- Monitored Target
- relevance
- 3/10
-
Contacts domains
-
Installation/Persistence
-
Dropped files
- details
-
"tl12_1_.acrobatsecuritysettings" has type "PDF document version 1.6"
"directories.acrodata" has type "FDF document version 1.2"
"download-18" has type "PDF document version 1.6"
"A9R19u5682_y0e8e8_2hc.tmp" has type "data"
"A9Rt137j7_y0e8e7_2hc.tmp" has type "data"
"A9Riggw9b_y0e8e9_2hc.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
"download-19" has type "PDF document version 1.6"
"A9R5g2vly_y0e8e6_2hc.tmp" has type "data"
"ReaderMessages-journal" has type "SQLite Rollback Journal"
"SharedDataEvents-journal" has type "SQLite Rollback Journal"
"Synchronizer-journal" has type "SQLite Rollback Journal"
"SecuritySettings.xml" has type "XML 1.0 document ASCII text with very long lines with CRLF LF line terminators"
"Synchronizer" has type "SQLite 3.x database"
"data_1" has type "data"
"7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" has type "data"
"Visited Links" has type "data"
"eutl12_1_.acrobatsecuritysettings" has type "PDF document version 1.6"
"0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl" has type "data"
"SecuritySettings.xml" has type "XML 1.0 document UTF-8 Unicode text with very long lines" - source
- Binary File
- relevance
- 3/10
-
Found a string that may be used as part of an injection method
- details
- "Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)
- source
- File/Memory
- relevance
- 4/10
- ATT&CK ID
- T1055 (Show technique in the MITRE ATT&CK™ matrix)
-
Touches files in the Windows directory
- details
-
"AdobeCollabSync.exe" touched file "C:\Windows\Globalization\Sorting\SortDefault.nls"
"AdobeCollabSync.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\counters.dat"
"AdobeCollabSync.exe" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files"
"AdobeCollabSync.exe" touched file "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Cookies"
"AdobeCollabSync.exe" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\History"
"AdobeCollabSync.exe" touched file "C:\Windows\System32\wshqos.dll"
"AdobeCollabSync.exe" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKDNCXYS\eutl12[1].acrobatsecuritysettings"
"AdobeCollabSync.exe" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQW0X29Y\tl12[1].acrobatsecuritysettings"
"AdobeCollabSync.exe" touched file "C:\Windows\System32\rsaenh.dll"
"AdobeCollabSync.exe" touched file "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Cookies\Q27AZWQ5.txt"
"AdobeCollabSync.exe" touched file "C:\Windows\System32\en-US\KernelBase.dll.mui"
"AdobeCollabSync.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\counters.dat"
"AdobeCollabSync.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files"
"AdobeCollabSync.exe" touched file "%APPDATA%\Microsoft\Windows\Cookies"
"AdobeCollabSync.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\History"
"AdobeCollabSync.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKDNCXYS\eutl12[1].acrobatsecuritysettings"
"AdobeCollabSync.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQW0X29Y\tl12[1].acrobatsecuritysettings" - source
- API Call
- relevance
- 7/10
-
Dropped files
-
Network Related
-
Found potential URL in binary/memory
- details
-
Heuristic match: "ocsp.quovadisglobal.com"
Heuristic match: "uw.ocsp.quovadisglobal.com"
Pattern match: "http://www.pkioverheid.nl/voor-certificaatverleners/oid-nummers/"
Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
File Details
193107894.dom.3.pdf
- Filename
- 193107894.dom.3.pdf
- Size
- 403KiB (412274 bytes)
- Type
- Description
- PDF document, version 1.3
- Document producer
- FOP 0.20.4
- Document pages
- 1
- Architecture
- WINDOWS
- SHA256
- 3f1291373ef88a9f3c1209c2e351d4e6538e631ecf14c3aeb4f5126a40fb6fba
- MD5
- 834649b06e10390b9d683211e39f5261
- SHA1
- 1cf180b50f2834e352f71b7e04667b6f846a79e9
- ssdeep
- 6144:m1oiLNB4ejLF8YEUhrguU/+JVK2fkDtoWuQLJtzJ0Hd+NhbG:ynNv5EyMmMDm2LJtV8ARG
Classification (TrID)
- 100.0% (.PDF) Adobe Portable Document Format
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 6 processes in total.
-
AcroRd32.exe
"C:\193107894.dom.3.pdf"
(PID: 3216)
- AdobeCollabSync.exe -c (PID: 3692)
-
RdrCEF.exe
--backgroundcolor=16448250
(PID: 968)
- RdrCEF.exe --type=renderer --primordial-pipe-token=7C2F6291E40D3FC7DE3CFF2FE36E3C8E --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.11.20036 Chrome/59.0.3071.15" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=7C2F6291E40D3FC7DE3CFF2FE36E3C8E --renderer-client-id=2 --mojo-platform-channel-handle=1284 --allow-no-sandbox-job /prefetch:1 (PID: 2612)
- RdrCEF.exe --type=renderer --primordial-pipe-token=24ACAA64A25C076D47986FCEFEA6B9E8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.11.20036 Chrome/59.0.3071.15" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=24ACAA64A25C076D47986FCEFEA6B9E8 --renderer-client-id=3 --mojo-platform-channel-handle=1664 --allow-no-sandbox-job /prefetch:1 (PID: 2628)
- RdrCEF.exe --backgroundcolor=16448250 (PID: 3832)
Network Analysis
DNS Requests
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
184.26.47.10 |
443
TCP |
adobecollabsync.exe PID: 3692 |
United States |
35.156.254.208 |
80
TCP |
acrord32.exe PID: 3216 |
United States |
52.214.169.148 |
80
TCP |
acrord32.exe PID: 3216 |
United States |
Contacted Countries
HTTP Traffic
Endpoint | Request | URL | |
---|---|---|---|
35.156.254.208:80 (ocsp.quovadisglobal.com) | POST | ocsp.quovadisglobal.com/ | POST / HTTP/1.1
Accept: */*
Content-Type: application/ocsp-request
Content-Length: 159
Character-Encoding: binary
User-Agent: PPKHandler
Host: ocsp.quovadisglobal.com
Connection: Keep-Alive
Cache-Control: no-cache More Details |
35.156.254.208:80 (ocsp.quovadisglobal.com) | POST | ocsp.quovadisglobal.com/ | POST / HTTP/1.1
Accept: */*
Content-Type: application/ocsp-request
Content-Length: 159
Character-Encoding: binary
User-Agent: PPKHandler
Host: ocsp.quovadisglobal.com
Connection: Keep-Alive
Cache-Control: no-cache More Details |
52.214.169.148:80 (uw.ocsp.quovadisglobal.com) | POST | uw.ocsp.quovadisglobal.com/ | POST / HTTP/1.1
Accept: */*
Content-Type: application/ocsp-request
Content-Length: 159
Character-Encoding: binary
User-Agent: PPKHandler
Host: uw.ocsp.quovadisglobal.com
Connection: Keep-Alive
Cache-Control: no-cache More Details |
Extracted Strings
Extracted Files
Displaying 20 extracted file(s). The remaining 7 file(s) are available in the full version and XML/JSON reports.
-
Clean 3
-
-
download-18
- Size
- 309KiB (316291 bytes)
- Type
- Description
- PDF document, version 1.6
- AV Scan Result
- 0/57
- Runtime Process
- AdobeCollabSync.exe (PID: 3692)
- MD5
- dbba67d66a4b003fc0757010ff22c88b
- SHA1
- 0625c75c669c6c90b727c7e9ad7749fabb822f73
- SHA256
- 8d36f585156ed629cfe093477345172493f1a9f11c596c1d3c0ee4437cc0d8a6
-
download-19
- Size
- 2.6MiB (2694695 bytes)
- Type
- Description
- PDF document, version 1.6
- AV Scan Result
- 0/59
- Runtime Process
- AdobeCollabSync.exe (PID: 3692)
- MD5
- a4396444dbb702e32f7605a45bbf7cc0
- SHA1
- cc26b1874454b8a04192172a5bb166f8074f8f8f
- SHA256
- 89dc63b0cb66a6994b3961b1cf2fd977fc773de54da77a07992c07f7d7ca3330
-
tl12_1_.acrobatsecuritysettings
- Size
- 309KiB (316291 bytes)
- Type
- Description
- PDF document, version 1.6
- AV Scan Result
- 0/57
- MD5
- dbba67d66a4b003fc0757010ff22c88b
- SHA1
- 0625c75c669c6c90b727c7e9ad7749fabb822f73
- SHA256
- 8d36f585156ed629cfe093477345172493f1a9f11c596c1d3c0ee4437cc0d8a6
-
-
Informative 17
-
-
addressbook.acrodata
- Size
- 3.5MiB (3708839 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 3216)
- MD5
- dfac41e3ce190a3436123b0e48be32f2
- SHA1
- 70538a9e374fd322be01a0b2576f42cf6e0745f1
- SHA256
- bb4e097a7e38eeefdd5158e9bc22b7a8a5c81c9855acfc8755a039bdd8c3e802
-
directories.acrodata
- Size
- 204B (204 bytes)
- Type
- unknown
- Description
- FDF document, version 1.2
- Runtime Process
- AcroRd32.exe (PID: 3216)
- MD5
- f1ddd492a9d56497a6dcc1ee55204244
- SHA1
- 4d2c325c55e776731ea019ce180881b4824011da
- SHA256
- 897b30acabf35da4937b1b8258d30dd2f89cf64ada8522b558d01eb503b7b85f
-
data_1
- Size
- 264KiB (270336 bytes)
- Type
- data
- Runtime Process
- RdrCEF.exe (PID: 968)
- MD5
- 86881d2219b747abfddcae950d59b266
- SHA1
- 966a77fcaace4ff5675b65ddc8b389d92abdc65e
- SHA256
- d703f689e5e4ceea2cbd3121d423055b1cacdaaa4a65a6c28c328bf9bc1ecc0c
-
Visited Links
- Size
- 128KiB (131072 bytes)
- Type
- data
- Runtime Process
- RdrCEF.exe (PID: 968)
- MD5
- e5f299c3100e113c9343e86ed9504a2d
- SHA1
- 7865b3759d1cba84cc165aceb3ceee856f31f6e2
- SHA256
- 9d1c9dc432b2e97f7a54b4da2724e4ff96dc719e60cb89c9f82dbec9226856c3
-
SharedDataEvents
- Size
- 7KiB (7168 bytes)
- Type
- data
- Description
- SQLite 3.x database
- Runtime Process
- AcroRd32.exe (PID: 3216)
- MD5
- 388d63bde8d7d841762b6fa34aa3ddf5
- SHA1
- 8018b06ff62e79b2c05254d25bd393b4044c6cdb
- SHA256
- 52312dce7b1126ac99bab150fe971621df12e6fb7b851def1dcf0f1f4175bf99
-
SharedDataEvents-journal
- Size
- 6.5KiB (6704 bytes)
- Type
- data
- Description
- SQLite Rollback Journal
- Runtime Process
- AcroRd32.exe (PID: 3216)
- MD5
- c7e61c85e1bc9a4df574e897b928726a
- SHA1
- 7b327cb0cdc030a1d763d24a2df87b080470f65a
- SHA256
- ede42528a9a485b740e328c8344e7c0bb3dc3c36558815fc99cd1b69ac2fcd11
-
RFLDB180
- Size
- 32KiB (32768 bytes)
- Type
- data
- Description
- SQLite 3.x database
- Runtime Process
- AdobeCollabSync.exe (PID: 3692)
- MD5
- 8225a75de61e8e83e3b4a51497275462
- SHA1
- 46a7a3546ab01d50d0410c26bfb71b8a1acf09bf
- SHA256
- 886ec6a1125d43d729cf8d34ba3be2e200fa325296e487f61790777d20de1fc3
-
RFLDB180-journal
- Size
- 512B (512 bytes)
- Type
- data
- Description
- SQLite Rollback Journal
- Runtime Process
- AdobeCollabSync.exe (PID: 3692)
- MD5
- be161c160e2dc69a7f45dbc085d9f2b6
- SHA1
- d563f5d7af4980259d9b2091698d585ff9562ac4
- SHA256
- 1693adb8b243d4518d6cb13e89bd2fb3f4fe86c857dc36fd672a7c27438043c9
-
Synchronizer
- Size
- 92KiB (94208 bytes)
- Type
- data
- Description
- SQLite 3.x database
- Runtime Process
- AcroRd32.exe (PID: 3216)
- MD5
- c13db6ab73e227c65ca80712912f2e0f
- SHA1
- 376e438908cdf48cfc5944a48cc376b4c94981d5
- SHA256
- 8d01f96f04f152d57cda92e55f54b2622b9ef1628eef926976d3765fe207a644
-
Synchronizer-journal
- Size
- 45KiB (45656 bytes)
- Type
- data
- Description
- SQLite Rollback Journal
- Runtime Process
- AcroRd32.exe (PID: 3216)
- MD5
- bd2df88602e50fcd095be0006fabd052
- SHA1
- bc56cea9d43c341f9e87bebc82707d6b6f49fcab
- SHA256
- 45f6c46cfb68168869b63ff4127637584713164a8b2736104fc24a98f9019e2c
-
7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
- Size
- 434B (434 bytes)
- Type
- data
- Runtime Process
- AdobeCollabSync.exe (PID: 3692)
- MD5
- b96c6ba2b29ff44d18733c253271d7c2
- SHA1
- 65f4cfd11f8a93d3034a45c76c52889649d451f4
- SHA256
- 82f2a2142da1b629931ac0935230db9b590237db6147da7360e362ffdab25879
-
SecuritySettings.xml
- Size
- 593KiB (607407 bytes)
- Type
- text
- Description
- XML 1.0 document, UTF-8 Unicode text, with very long lines
- Runtime Process
- AcroRd32.exe (PID: 3216)
- MD5
- cfadada40c38d5f0f22277ee0c65738e
- SHA1
- a520bda0e92f9e71e74f4898bb28911b1e0031e6
- SHA256
- 8d875c9e0a981541bdafb6ddfc5c0a8677f5a58a7434e4c058803fa28262e43d
-
A9Refrduh_y0e8e3_2hc.tmp
- Size
- 2.4MiB (2493170 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 3216)
- MD5
- d76dd6fa803b15e7bb9c81a10a73daf6
- SHA1
- ff2f6ca272956dc6f304450a099796e62efe8c8b
- SHA256
- 32343ec19441737f9cb0f148f45f7235ccd48f9d1488596ffab1fd75b7d20a74
-
A9R19u5682_y0e8e8_2hc.tmp
- Size
- 2B (2 bytes)
- Type
- data
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
A9Rt137j7_y0e8e7_2hc.tmp
- Size
- 2B (2 bytes)
- Type
- data
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
A9Riggw9b_y0e8e9_2hc.tmp
- Size
- 9.5KiB (9737 bytes)
- Type
- data
- Description
- Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
- MD5
- 4112fbc70ea3a37f64de226ea646979a
- SHA1
- 04135085477108dfd0693090b54227cc493025a3
- SHA256
- 42a850147cf596396bede5dab89e19580c09b58b610ece5e525b37618b4826d0
-
A9R5g2vly_y0e8e6_2hc.tmp
- Size
- 2B (2 bytes)
- Type
- data
- MD5
- c4103f122d27677c9db144cae1394a66
- SHA1
- 1489f923c4dca729178b3e3233458550d8dddf29
- SHA256
- 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
-
Notifications
-
Runtime
- Although all strings were processed, some are hidden from the report in order to reduce the overall size
- Not all IP/URL string resources were checked online
- Not all sources for indicator ID "api-55" are available in the report
- Not all sources for indicator ID "api-88" are available in the report
- Not all sources for indicator ID "binary-0" are available in the report
- Not all sources for indicator ID "mutant-0" are available in the report
- Some low-level data is hidden, as this is only a slim report