Stephen Poser - Elliott Wave Theory for Short Term and Intraday Trading.pdf
This report is generated from a file or URL submitted to this webservice on September 5th 2020 08:34:11 (UTC)
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.31 © Hybrid Analysis
Incident Response
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 2
-
External Systems
-
Sample was identified as malicious by a trusted Antivirus engine
- details
- No specific details available
- source
- External System
- relevance
- 5/10
-
Sample was identified as malicious by at least one Antivirus engine
- details
- 1/59 Antivirus vendors marked sample as malicious (1% detection rate)
- source
- External System
- relevance
- 8/10
-
Sample was identified as malicious by a trusted Antivirus engine
-
Suspicious Indicators 2
-
General
-
Found a potential E-Mail address in binary/memory
- details
- Pattern match: "_ive@ino.com"
- source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1114 (Show technique in the MITRE ATT&CK™ matrix)
-
Found a potential E-Mail address in binary/memory
-
Network Related
-
Found potential IP address in binary/memory
- details
-
Heuristic match: "<OID>2.16.578.1.26.1.3.1</OID>"
Heuristic match: "<OID>2.16.578.1.26.1.3.5</OID>"
Heuristic match: "<OID>2.16.578.1.26.1.3.6</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.25070.1.1.1.1.0.1.2</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.25070.1.1.1.1.0.7</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.23267.10.10.1</OID>"
Heuristic match: "<OID>1.3.159.1.26.1</OID>"
Heuristic match: "<OID>2.16.76.1.2.2.1</OID>"
Heuristic match: "<OID>2.16.76.1.2.2.2</OID>"
Heuristic match: "<OID>2.16.76.1.2.2.3</OID>"
Heuristic match: "<OID>2.16.76.1.2.2.4</OID>"
Heuristic match: "<OID>2.16.76.1.2.2.5</OID>"
Heuristic match: "<OID>2.16.76.1.2.2.6</OID>"
Heuristic match: "<OID>2.16.76.1.2.2.7</OID>"
Heuristic match: "<OID>2.16.76.1.2.2.8</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.1</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.2</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.3</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.4</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.5</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.6</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.7</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.8</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.9</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.10</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.11</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.12</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.13</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.14</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.15</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.16</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.17</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.18</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.19</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.20</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.21</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.22</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.23</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.24</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.25</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.26</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.27</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.28</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.29</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.30</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.31</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.32</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.33</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.34</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.35</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.36</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.37</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.38</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.39</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.40</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.41</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.42</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.43</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.44</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.45</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.46</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.47</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.48</OID>"
Heuristic match: "<OID>2.16.76.1.2.3.49</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.1</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.2</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.3</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.4</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.5</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.6</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.7</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.8</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.9</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.10</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.11</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.12</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.13</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.14</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.15</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.16</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.17</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.18</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.19</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.20</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.21</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.22</OID>"
Heuristic match: "<OID>2.16.76.1.2.4.23</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.50570.2.9</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.36305.1.3.1</OID>"
Heuristic match: "<OID>2.16.356.100.2.4.1</OID>"
Heuristic match: "<OID>2.16.356.100.2.4.2</OID>"
Heuristic match: "<OID>1.2.250.1.86.2.2.1.24.1</OID>"
Heuristic match: "<OID>1.2.250.1.86.2.2.1.25.1 </OID>"
Heuristic match: "<OID>1.2.616.1.113527.2.5.1.6.11</OID>"
Heuristic match: "<OID>2.16.840.1.101.3.2.1.3.7</OID>"
Heuristic match: "<OID>2.16.840.1.101.3.2.1.3.15</OID>"
Heuristic match: "<OID>2.16.840.1.101.3.2.1.3.16</OID>"
Heuristic match: "<OID>2.16.840.1.101.3.2.1.3.24</OID>"
Heuristic match: "<OID>1.2.250.1.78.1.1.3.1.3.1.2.2.3.1</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.34471.3.1.3</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.34471.3.2.3</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.34471.3.3.3</OID>"
Heuristic match: "<OID>2.16.840.1.101.2.1.11.4</OID>"
Heuristic match: "<OID>2.16.840.1.101.2.1.11.9</OID>"
Heuristic match: "<OID>2.16.840.1.101.2.1.11.19</OID>"
Heuristic match: "<OID>2.16.840.1.114027.200.3.10.2.3</OID>"
Heuristic match: "<OID>2.16.840.1.114027.200.3.10.7.2</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.23459.100.0.9</OID>"
Heuristic match: "<OID>2.16.840.1.101.3.2.1.3.18</OID>"
Heuristic match: "<OID>1.2.156.112559.1.1.1.2</OID>"
Heuristic match: "<OID>1.2.156.112559.1.1.2.2</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.4146.1.40.30</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.4146.1.31</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.4146.1.40.35.1</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.4146.1.40.35.2 </OID>"
Heuristic match: "<OID>1.3.6.1.4.1.16030.1.4</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.16030.1.5</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.8420.1.100</OID>"
Heuristic match: "<OID>2.16.840.1.113839.0.6.12.1</OID>"
Heuristic match: "<OID>2.16.840.1.113839.0.6.12.2</OID>"
Heuristic match: "<OID>1.3.76.36.1.1.8.3</OID>"
Heuristic match: "<OID>1.3.76.36.1.1.8.4</OID>"
Heuristic match: "<OID>1.3.76.36.1.1.8.5</OID>"
Heuristic match: "<OID>1.3.76.36.1.1.8.6</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.48990.1.2.1.1</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.48990.1.3.1.1</OID>"
Heuristic match: "<OID>1.2.410.200085.3.1.1.1.1</OID>"
Heuristic match: "<OID>1.2.410.200085.3.1.1.2.1</OID>"
Heuristic match: "<OID>1.2.410.200085.3.1.1.2.2</OID>"
Heuristic match: "<OID>1.2.410.200085.3.1.2.1.1</OID>"
Heuristic match: "<OID>1.2.410.200085.3.1.2.2.1</OID>"
Heuristic match: "<OID>1.2.410.200085.3.1.2.2.2</OID>"
Heuristic match: "<OID>1.2.410.200085.3.2.1.1.1</OID>"
Heuristic match: "<OID>1.2.410.200085.3.2.1.1.2</OID>"
Heuristic match: "<OID>1.2.410.200085.3.2.2.1.1</OID>"
Heuristic match: "<OID>1.2.410.200085.3.2.2.1.2</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.1</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.3</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.6</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.10</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.13</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.8.1</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.18</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.26</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.30</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.32</OID>"
Heuristic match: "<OID>1.3.171.1.1.10.3.34</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.50775.2.9</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.25070.1.1.1.2.0.7</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.25070.1.1.1.1.0.1.14</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.49530.1.1.3</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20100722</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20101201</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20101213</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20101228</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20110630</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20110707</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20120126</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20120127</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20120301</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20121101</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20130312</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20131215</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20140417</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20140516</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.46.20140709</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20100318</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20100830</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20100922</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20110630</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20110706</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20110927</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20120126</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20120127</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20120301</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20121101</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20130312</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20131210</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20140417</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20140516</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.15.20140709</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.50.20120301</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.50.20121101</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.50.20130312</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.50.20131210</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.50.20140417</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.50.20140516</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.3555.1.50.20140709</OID>"
Heuristic match: "<OID>1.2.250.1.78.1.1.3.1.3.1.2.1.3.1</OID>"
Heuristic match: "<OID>1.2.250.1.78.1.1.3.1.3.1.2.2.4.1</OID>"
Heuristic match: "<OID>2.16.124.113550.2.2.4.2</OID>"
Heuristic match: "<OID>2.16.756.5.14.8.1.1</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.50501.5</OID>"
Heuristic match: "<OID>2.23.134.1.2.1.7.300</OID>"
Heuristic match: "<OID>2.23.134.1.2.1.8.300</OID>"
Heuristic match: "<OID>2.23.134.1.4.1.7.300</OID>"
Heuristic match: "<OID>2.23.134.1.4.1.8.300</OID>"
Heuristic match: "<OID>2.23.134.1.4.1.101.140</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.8024.1.300</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.8024.1.400</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.8024.1.410</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.8024.0.2000.6</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.38064.1.3.4.1</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.38064.1.3.4.2</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.2.1</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.2.2</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.2.3</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.5.1</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.5.2</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.5.3</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.2.4</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.2.5</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.5.4</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.5.5</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.3.1</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.3.2</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.3.3</OID>"
Heuristic match: "<OID>2.16.528.1.1003.1.2.5.7</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.271.2.3.1.1.20</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.50318.3.1</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.49530.1.3.2</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.40869.1.1.26</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.15819.5.1.3.1</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.15819.5.1.3.2</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.15819.5.1.3.3</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.15819.5.1.3.4</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.15819.5.1.3.5</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.15819.5.1.3.6</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.15819.5.1.3.7 </OID>"
Heuristic match: "<OID>1.3.6.1.4.1.15819.5.1.1</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.6449.1.2.1.6.6</OID>"
Heuristic match: "<OID>1.3.6.1.4.1.6449.1.2.1.6.7</OID>"
Heuristic match: "<OID>2.16.840.1.113733.1.23.3.1.7</OID>"
Heuristic match: "<OID>2.16.840.1.101.3.2.1.12.2</OID>"
Heuristic match: "<OID>1.2.156.112559.1.1.1.3</OID>"
Heuristic match: "<OID>1.2.156.112559.1.1.2.1</OID>" - source
- File/Memory
- relevance
- 3/10
-
Found potential IP address in binary/memory
-
Informative 15
-
Exploit/Shellcode
-
Possible heap spraying attempt detected
- details
- "RdrCEF.exe" issued more than 3000 memory allocations
- source
- API Call
- relevance
- 10/10
-
Possible heap spraying attempt detected
-
General
-
Contains object with compressed stream data
- details
-
Object ID 207 contains compressed stream data: No filters
Object ID 211 contains compressed stream data: No filters
Object ID 226 contains compressed stream data: No filters
Object ID 230 contains compressed stream data: No filters
Object ID 244 contains compressed stream data: No filters
Object ID 248 contains compressed stream data: No filters
Object ID 254 contains compressed stream data: /Group BMC
0.5 0 1 0.12 k
140.2959 -411.1836 m
135.3799 -411.1836 l
135.6533 -413.7324 l
140.2046 -413.6406 l
140.2959 -411.1836 l
h
f
0 0.2 1 0.06 k
191.9106 -241.7734 m
191.9106 -253.7896 l
193.3672 -261.0723 l
193.3672 -277.458 l
191.5464 -292.3872 l
19 ...
Object ID 256 contains compressed stream data: /Group BMC
/Attribute<</ShowCenterPoint false >> DP
q 521.9617 0 0 459.8751 42.9019 -720.4883 cm
/Im1 Do
Q
1 1 1 rg
0 0 0 RG
0 i 2 w 4 M
42.9019 -260.6133 m
564.8628 -260.6133 l
B
EMC
Object ID 261 contains compressed stream data: No filters
Object ID 265 contains compressed stream data: No filters
Object ID 272 contains compressed stream data: No filters
Object ID 276 contains compressed stream data: No filters
Object ID 282 contains compressed stream data: No filters
Object ID 286 contains compressed stream data: No filters
Object ID 292 contains compressed stream data: No filters
Object ID 296 contains compressed stream data: No filters
Object ID 302 contains compressed stream data: No filters
Object ID 306 contains compressed stream data: No filters
Object ID 312 contains compressed stream data: No filters
Object ID 316 contains compressed stream data: No filters - source
- Static Parser
- relevance
- 10/10
- ATT&CK ID
- T1207 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates a writable file in a temporary directory
- details
-
"AdobeCollabSync.exe" created file "%TEMP%\etilqs_ObyJ5rTgdPMyvWn"
"AdobeCollabSync.exe" created file "%TEMP%\etilqs_aRF7ySApJ8Jd6Gd"
"AdobeCollabSync.exe" created file "%TEMP%\etilqs_GnJ6ZU9n6aXKlak"
"AdobeCollabSync.exe" created file "%TEMP%\etilqs_sQuRZtdVsf7bKJt"
"AdobeCollabSync.exe" created file "%TEMP%\etilqs_dpudQy9pPPjb8Du" - source
- API Call
- relevance
- 1/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"DBWinMutex"
"Local\Acrobat Instance Mutex"
"\Sessions\1\BaseNamedObjects\Local\Acrobat Instance Mutex"
"\Sessions\1\BaseNamedObjects\DBWinMutex"
"Local\ZonesCacheCounterMutex"
"Local\ZonesLockedCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\com.adobe.acrobat.rna.RdrCefBrowserLock.DC"
"com.adobe.acrobat.rna.RdrCefBrowserLock.DC" - source
- Created Mutant
- relevance
- 3/10
-
Drops files marked as clean
- details
-
Antivirus vendors marked dropped file "download-18" as clean (type is "PDF document version 1.6")
Antivirus vendors marked dropped file "download-19" as clean (type is "PDF document version 1.6")
Antivirus vendors marked dropped file "eutl12_1_.acrobatsecuritysettings" as clean (type is "PDF document version 1.6")
Antivirus vendors marked dropped file "tl12_1_.acrobatsecuritysettings" as clean (type is "PDF document version 1.6") - source
- Binary File
- relevance
- 10/10
-
PDF file has an embedded URL
- details
-
"http://quotes.ino.com/portfolio/" (Based on: "c61f68f60bf0fdc757e7bae8cffcb83d51d5f0e020cb6a1c456bcb9390ea2107.bin")
"http://free.ino.com" (Based on: "c61f68f60bf0fdc757e7bae8cffcb83d51d5f0e020cb6a1c456bcb9390ea2107.bin")
"http://www.ino.com/email" (Based on: "c61f68f60bf0fdc757e7bae8cffcb83d51d5f0e020cb6a1c456bcb9390ea2107.bin") - source
- File/Memory
- relevance
- 3/10
-
Process launched with changed environment
- details
-
Process "AdobeCollabSync.exe" (Show Process) was launched with new environment variables: "PATH="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\plug_ins;%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\;%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\test_tools""
Process "AdobeCollabSync.exe" (Show Process) was launched with missing environment variables: "MEOW" - source
- Monitored Target
- relevance
- 10/10
-
Scanning for window names
- details
-
"AcroRd32.exe" searching for class "AdobeAcrobatSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for class "AdobeReaderSpeedLaunchCmdWnd"
"AcroRd32.exe" searching for window "_AcroAppTimer"
"AcroRd32.exe" searching for class "Acrobat Instance Window Class"
"AcroRd32.exe" searching for class "ACROSEMAPHORE_R18"
"AcroRd32.exe" searching for class "JFWUI2"
"AcroRd32.exe" searching for class "Shell_TrayWnd" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1010 (Show technique in the MITRE ATT&CK™ matrix)
-
Spawns new processes
- details
-
Spawned process "AdobeCollabSync.exe" with commandline "-c" (Show Process)
Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=4523A4B1DFD0C532544D6872 ..." (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=EC7DA8B36C3097F746F201CF ..." (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Spawns new processes that are not known child processes
- details
-
Spawned process "AdobeCollabSync.exe" with commandline "-c" (Show Process)
Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=4523A4B1DFD0C532544D6872 ..." (Show Process)
Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=EC7DA8B36C3097F746F201CF ..." (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Contains object with compressed stream data
-
Installation/Persistence
-
Creates new processes
- details
-
"AcroRd32.exe" is creating a new process (Name: "%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe", Handle: 500), "AcroRd32.exe" is creating a new process (Name: "%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe", Handle: 988), "RdrCEF.exe" is creating a new process (Name: "%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe", Handle: 1344), "RdrCEF.exe" is creating a new process (Name: "%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"
Handle: 1432) - source
- API Call
- relevance
- 8/10
-
Dropped files
- details
-
"etilqs_sQuRZtdVsf7bKJt" has type "data"
"etilqs_ObyJ5rTgdPMyvWn" has type "data"
"directories.acrodata" has type "FDF document version 1.2"
"download-18" has type "PDF document version 1.6"
"etilqs_GnJ6ZU9n6aXKlak" has type "data"
"download-19" has type "PDF document version 1.6"
"A9Rtnvyty_n18s2o_2r0.tmp" has type "data"
"SharedDataEvents-journal" has type "SQLite Rollback Journal"
"A9Rr5ja0g_n18s2s_2r0.tmp" has type "data"
"Synchronizer-journal" has type "SQLite Rollback Journal"
"Synchronizer" has type "SQLite 3.x database"
"data_1" has type "data"
"7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" has type "data"
"Visited Links" has type "data"
"0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl" has type "data"
"eutl12_1_.acrobatsecuritysettings" has type "PDF document version 1.6"
"A9Rvrmoc7_n18s2r_2r0.tmp" has type "data"
"etilqs_dpudQy9pPPjb8Du" has type "data"
"SharedDataEvents" has type "SQLite 3.x database" - source
- Binary File
- relevance
- 3/10
-
Found a string that may be used as part of an injection method
- details
- "Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)
- source
- File/Memory
- relevance
- 4/10
- ATT&CK ID
- T1055 (Show technique in the MITRE ATT&CK™ matrix)
-
Touches files in the Windows directory
- details
-
"AdobeCollabSync.exe" touched file "C:\Windows\Globalization\Sorting\SortDefault.nls"
"AdobeCollabSync.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\counters.dat"
"AdobeCollabSync.exe" touched file "C:\Windows\SysWOW64\rsaenh.dll"
"AdobeCollabSync.exe" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files"
"AdobeCollabSync.exe" touched file "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Cookies"
"AdobeCollabSync.exe" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\History"
"AdobeCollabSync.exe" touched file "C:\Windows\SysWOW64\wshqos.dll"
"AdobeCollabSync.exe" touched file "C:\Windows\SysWOW64\en-US\KernelBase.dll.mui"
"AdobeCollabSync.exe" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CP53U0VR\tl12[1].acrobatsecuritysettings"
"AdobeCollabSync.exe" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CP53U0VR\eutl12[1].acrobatsecuritysettings"
"AdobeCollabSync.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\counters.dat"
"AdobeCollabSync.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files"
"AdobeCollabSync.exe" touched file "%APPDATA%\Microsoft\Windows\Cookies"
"AdobeCollabSync.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\History"
"AdobeCollabSync.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\CP53U0VR\tl12[1].acrobatsecuritysettings"
"AdobeCollabSync.exe" touched file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\CP53U0VR\eutl12[1].acrobatsecuritysettings"
"RdrCEF.exe" touched file "C:\Windows\SysWOW64\oleaccrc.dll" - source
- API Call
- relevance
- 7/10
-
Creates new processes
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "http://quotes.ino.com/portfolio/"
Pattern match: "http://free.ino.com"
Pattern match: "http://www.ino.com/email"
Pattern match: "http://www.pkioverheid.nl/voor-certificaatverleners/oid-nummers/"
Heuristic match: "_ive@ino.com"
Heuristic match: "INO.com" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
File Details
Stephen Poser - Elliott Wave Theory for Short Term and Intraday Trading.pdf
- Filename
- Stephen Poser - Elliott Wave Theory for Short Term and Intraday Trading.pdf
- Size
- 1.1MiB (1153075 bytes)
- Type
- Description
- PDF document, version 1.4
- Document author
- INO.com
- Document producer
- Adobe PDF Library 2.0; modified using iTextSharp 4.1.6 by 1T3XT
- Document title
- Live @ Tag Work Book
- Document subject
- Steven Poser
- Document pages
- 15
- Architecture
- WINDOWS
- SHA256
- c61f68f60bf0fdc757e7bae8cffcb83d51d5f0e020cb6a1c456bcb9390ea2107
- MD5
- e3866b115ee23ed5144338df51b1796b
- SHA1
- 6d6e508e3b337ff9702033401124e55df67513b3
- ssdeep
- 24576:Qpc8rNok8OAS8nXKZ5Ei3yDdRL2yjZQLKIgXYpgtCxdv1i:QzNovOh8XQE9Dd99NQaYpg0xdv1i
Classification (TrID)
- 100.0% (.PDF) Adobe Portable Document Format
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 5 processes in total.
-
AcroRd32.exe
"C:\StephenPoser-ElliottWaveTheoryforShortTermandIntradayTrading.pdf"
(PID: 3564)
- AdobeCollabSync.exe -c (PID: 2984)
-
RdrCEF.exe
--backgroundcolor=16448250
(PID: 3604)
- RdrCEF.exe --type=renderer --primordial-pipe-token=4523A4B1DFD0C532544D68724F765C16 --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.9.20044 Chrome/59.0.3071.15" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=4523A4B1DFD0C532544D68724F765C16 --renderer-client-id=2 --mojo-platform-channel-handle=1300 --allow-no-sandbox-job /prefetch:1 (PID: 3144)
- RdrCEF.exe --type=renderer --primordial-pipe-token=EC7DA8B36C3097F746F201CF536735C3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.9.20044 Chrome/59.0.3071.15" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=EC7DA8B36C3097F746F201CF536735C3 --renderer-client-id=3 --mojo-platform-channel-handle=1336 --allow-no-sandbox-job /prefetch:1 (PID: 3616)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
Displaying 20 extracted file(s). The remaining 14 file(s) are available in the full version and XML/JSON reports.
-
Clean 2
-
-
download-18
- Size
- 309KiB (316291 bytes)
- Type
- Description
- PDF document, version 1.6
- AV Scan Result
- 0/58
- Runtime Process
- AdobeCollabSync.exe (PID: 2984)
- MD5
- dbba67d66a4b003fc0757010ff22c88b
- SHA1
- 0625c75c669c6c90b727c7e9ad7749fabb822f73
- SHA256
- 8d36f585156ed629cfe093477345172493f1a9f11c596c1d3c0ee4437cc0d8a6
-
download-19
- Size
- 2.6MiB (2694695 bytes)
- Type
- Description
- PDF document, version 1.6
- AV Scan Result
- 0/58
- Runtime Process
- AdobeCollabSync.exe (PID: 2984)
- MD5
- a4396444dbb702e32f7605a45bbf7cc0
- SHA1
- cc26b1874454b8a04192172a5bb166f8074f8f8f
- SHA256
- 89dc63b0cb66a6994b3961b1cf2fd977fc773de54da77a07992c07f7d7ca3330
-
-
Informative 18
-
-
addressbook.acrodata
- Size
- 3.8MiB (3951900 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 3564)
- MD5
- 62629569bed275da7ad5ff0a83080e5b
- SHA1
- 629b171ce1c6242cfdce7b021777d7dd90e7a368
- SHA256
- d606d3f981d3c567cb41e54db88cc7853a7f7ac9f48a318df94399c71b8cf5c7
-
data_1
- Size
- 264KiB (270336 bytes)
- Type
- data
- Runtime Process
- RdrCEF.exe (PID: 3604)
- MD5
- fb4752484f31d149edcef2c63c31c2fd
- SHA1
- b25025f4bd649f1d86865cde47b74eddc4da4884
- SHA256
- e10606496226470244ddba14d63afa2e68e34248831d1cbad19d125fa8f572c3
-
Visited Links
- Size
- 128KiB (131072 bytes)
- Type
- data
- Runtime Process
- RdrCEF.exe (PID: 3604)
- MD5
- 81a284a2b84dde3230ff339415b0112f
- SHA1
- f61be0648fe365bc7d398aa4907c097a06739384
- SHA256
- cdb94563c99017ea9eb34642740794033fb48257f3f06df0ab5af0da5f7cbf6c
-
SharedDataEvents
- Size
- 5KiB (5120 bytes)
- Type
- data
- Description
- SQLite 3.x database
- Runtime Process
- AcroRd32.exe (PID: 3564)
- MD5
- 4578edcbd1ce42690e4dc0c7c4e871b0
- SHA1
- 3167b2dd5f6584ba0545a74eab63d311a9577a8d
- SHA256
- 3698dfd978f7e1a2849974885582168995e62d76468d0ac37c6460e411373c3d
-
SharedDataEvents-journal
- Size
- 2.5KiB (2576 bytes)
- Type
- data
- Description
- SQLite Rollback Journal
- Runtime Process
- AcroRd32.exe (PID: 3564)
- MD5
- 52ed8574becb8f44edea6617d8709f0e
- SHA1
- 6cd350956b1cb7e82892561ec927fd8fbf5b5e55
- SHA256
- 3189c013df70ceced267890bdef1b0ef417e199298c5cda294a9ba77a73e7ce1
-
RFLDB180
- Size
- 8KiB (8192 bytes)
- Type
- data
- Description
- SQLite 3.x database
- Runtime Process
- AdobeCollabSync.exe (PID: 2984)
- MD5
- f4e128fe3dcbc564c56ff2814b88e27e
- SHA1
- 6a70a50a1ab56176a035530720bea645d9f2f292
- SHA256
- 3e69bdbeef1fb835bd4521633bb9347f7711be96ee4ce9e7298c2d3d5a71eb42
-
RFLDB180-journal
- Size
- 512B (512 bytes)
- Type
- data
- Description
- SQLite Rollback Journal
- Runtime Process
- AdobeCollabSync.exe (PID: 2984)
- MD5
- 126c7b9eb8410cb0228e13ceb504372a
- SHA1
- b81bd0b4a10e340b87b3d905b1b5104fdb695019
- SHA256
- 43628732a755489374038c6ec445604262a58fd97e92a01c4e3ec7cbd6232651
-
Synchronizer
- Size
- 33KiB (33792 bytes)
- Type
- data
- Description
- SQLite 3.x database
- Runtime Process
- AcroRd32.exe (PID: 3564)
- MD5
- 1724726d12b9edbdb9dcbce9466da9ae
- SHA1
- 305843d0f5a24f62666230395742e8dbd453808c
- SHA256
- 79727a96b86d902164adc95a14f2c28a24bbbccf8e913db11c92275fa80c79f3
-
Synchronizer-journal
- Size
- 12KiB (11864 bytes)
- Type
- data
- Description
- SQLite Rollback Journal
- Runtime Process
- AcroRd32.exe (PID: 3564)
- MD5
- f2582dd6040290f36f4cd2c151f681a5
- SHA1
- 9e818415511098636cf542b157b88d96b3ed02da
- SHA256
- 84c4f83450fc45ed44c842e7dc791e36adde82eccf80470022d109d9d967ef1d
-
7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
- Size
- 434B (434 bytes)
- Type
- data
- Runtime Process
- AdobeCollabSync.exe (PID: 2984)
- MD5
- f1abcd0bd564ebd992a6ad658b25bf73
- SHA1
- 0a2da00b10e034af08371590e3d82e5c1048ab3c
- SHA256
- fe14006593fc63da238c53d571fae02ef33ee6e78876d61dd0e96d58876194bc
-
SecuritySettings.xml
- Size
- 5MiB (5238784 bytes)
- Type
- text
- Description
- XML 1.0 document, ASCII text, with very long lines, with CRLF, LF line terminators
- Runtime Process
- AcroRd32.exe (PID: 3564)
- MD5
- 5e862c3eea73089924e6a43ed330d377
- SHA1
- 9f6e819a89b2d891fc34d9e53e1c2cdda0b7163f
- SHA256
- 91d1c0968647634c5984dfa0d12d6bfb056a10a26e64d227bbde21c8a73ab894
-
etilqs_GnJ6ZU9n6aXKlak
- Size
- 2KiB (2056 bytes)
- Type
- data
- Runtime Process
- AdobeCollabSync.exe (PID: 2984)
- MD5
- d43d1be01917ab7dfafa073c1105c99d
- SHA1
- b5249b6af7771d3941d447abfaca200724a6aaa0
- SHA256
- 6da14438e1cc01bbbad69c6481ef1ded1dfe15b734a9f55a8fa328aef3d488c2
-
etilqs_ObyJ5rTgdPMyvWn
- Size
- 2KiB (2056 bytes)
- Type
- data
- Runtime Process
- AdobeCollabSync.exe (PID: 2984)
- MD5
- f6a722fc85c9d3dd56528a7e294dbd15
- SHA1
- 9f97cc3aa437f7a043e74c62d2e44fe3b08a4d43
- SHA256
- f53f6397542f00faa6f194facfff3402ae3dda95209a67bd93b0f0aca8347976
-
etilqs_aRF7ySApJ8Jd6Gd
- Size
- 2KiB (2056 bytes)
- Type
- data
- Runtime Process
- AdobeCollabSync.exe (PID: 2984)
- MD5
- 86cfd0aa486737007e6201b4aea1e10a
- SHA1
- 5aeebac583f2c9d750a7cab5af48993d7b9705cd
- SHA256
- 233b9605dc16a85abb073777a93f8f43a5d856a78ed89e5245734dd31e5a5908
-
etilqs_dpudQy9pPPjb8Du
- Size
- 1KiB (1028 bytes)
- Type
- data
- Runtime Process
- AdobeCollabSync.exe (PID: 2984)
- MD5
- 9a093ca9836c432b8551e468e31a1a5d
- SHA1
- 91045ac23fdda271c38275a984eb59cf8c0de736
- SHA256
- b2a2d26f6d3dc94cba4a0a9694ce1b3b159b2587dc5b927a87ad26c1bab66130
-
etilqs_sQuRZtdVsf7bKJt
- Size
- 1KiB (1028 bytes)
- Type
- data
- Runtime Process
- AdobeCollabSync.exe (PID: 2984)
- MD5
- d4b3221ebfd2537deff32f221bc9cb27
- SHA1
- de9702ac70281a0e061e5c1a324694dc83358caa
- SHA256
- 90bd7f4e158b784fe9dd8afdea349a8dc7a745f51dbd4279bbc6f4513b2c0a42
-
directories.acrodata
- Size
- 204B (204 bytes)
- Type
- unknown
- Description
- FDF document, version 1.2
- Runtime Process
- AcroRd32.exe (PID: 3564)
- MD5
- f1ddd492a9d56497a6dcc1ee55204244
- SHA1
- 4d2c325c55e776731ea019ce180881b4824011da
- SHA256
- 897b30acabf35da4937b1b8258d30dd2f89cf64ada8522b558d01eb503b7b85f
-
A9Rtnvyty_n18s2o_2r0.tmp
- Size
- 3.8MiB (3951900 bytes)
- Type
- data
- Runtime Process
- AcroRd32.exe (PID: 3564)
- MD5
- 62629569bed275da7ad5ff0a83080e5b
- SHA1
- 629b171ce1c6242cfdce7b021777d7dd90e7a368
- SHA256
- d606d3f981d3c567cb41e54db88cc7853a7f7ac9f48a318df94399c71b8cf5c7
-
Notifications
-
Runtime
- Although all strings were processed, some are hidden from the report in order to reduce the overall size
- Network whitenoise filtering (Process) was applied
- Not all Falcon MalQuery lookups completed in time
- Not all IP/URL string resources were checked online
- Not all sources for indicator ID "api-55" are available in the report
- Not all sources for indicator ID "api-88" are available in the report
- Not all sources for indicator ID "binary-0" are available in the report
- Not all sources for indicator ID "mutant-0" are available in the report
- Not all sources for indicator ID "static-66" are available in the report
- Some low-level data is hidden, as this is only a slim report