Attention: please enable javascript in order to properly view and use this malware analysis service.
AV Detection: Marked as clean Labeled as: HEUR:Trojan.PDF.Agent Link E-Mail

6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf

Analyzed on February 19th 2018 20:39:34 (CEST) running the Kernelmode monitor and action script Heavy Anti-Evasion
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Falcon Sandbox v7.30 © Hybrid Analysis

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

  • Informative 8

  • External Systems
  • General
    • Contains object with compressed stream data
      details
      Object ID 7 contains compressed stream data: No filters
      Object ID 13 contains compressed stream data: No filters
      source
      Static Parser
      relevance
      10/10
    • Creates mutants
      details
      "\Sessions\1\BaseNamedObjects\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagEJHCLDOFECJAAAAA"
      "Local\WininetProxyRegistryMutex"
      "Local\WininetConnectionMutex"
      "DBWinMutex"
      "Local\Acrobat Instance Mutex"
      "{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagEJHCLDOFECJAAAAA"
      "Local\WininetStartupMutex"
      "Local\c:!users!%OSUSER%!appdata!roaming!microsoft!windows!cookies!"
      "Local\c:!users!%OSUSER%!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
      "Local\_!MSFTHISTORY!_"
      "Local\c:!users!%OSUSER%!appdata!local!microsoft!windows!history!history.ie5!"
      "\Sessions\1\BaseNamedObjects\Local\Acrobat Instance Mutex"
      "\Sessions\1\BaseNamedObjects\DBWinMutex"
      "\Sessions\1\BaseNamedObjects\Local\_!MSFTHISTORY!_"
      "\Sessions\1\BaseNamedObjects\Local\c:!users!%OSUSER%!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
      "\Sessions\1\BaseNamedObjects\Local\c:!users!%OSUSER%!appdata!roaming!microsoft!windows!cookies!"
      "\Sessions\1\BaseNamedObjects\Local\c:!users!%OSUSER%!appdata!local!microsoft!windows!history!history.ie5!"
      "\Sessions\1\BaseNamedObjects\Local\WininetStartupMutex"
      "\Sessions\1\BaseNamedObjects\Local\WininetConnectionMutex"
      "\Sessions\1\BaseNamedObjects\Local\WininetProxyRegistryMutex"
      source
      Created Mutant
      relevance
      3/10
    • PDF contains no significant text data on the first page(s)
      details
      The input only has "288" visible characters on the first 2 page(s)
      source
      Static Parser
      relevance
      5/10
    • PDF file has an embedded URL
      details
      "https://mariadeabreu.cf" (Based on: "6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin")
      source
      String
      relevance
      3/10
    • Scanning for window names
      details
      "AcroRd32.exe" searching for window "_AcroAppTimer"
      "AcroRd32.exe" searching for class "AdobeAcrobatSpeedLaunchCmdWnd"
      "AcroRd32.exe" searching for class "AdobeReaderSpeedLaunchCmdWnd"
      "AcroRd32.exe" searching for class "Acrobat Instance Window Class"
      "AcroRd32.exe" searching for class "ACROSEMAPHORE_R11"
      "AcroRd32.exe" searching for class "JFWUI2"
      source
      API Call
      relevance
      10/10
  • Installation/Persistance
    • Dropped files
      details
      "A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" has type "data"
      "A9R5EC7.tmp" has type "data"
      "AdobeFnt14.lst.2340" has type "PostScript document text"
      "A9R5ECA.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
      "A9R5ECE.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
      "A9R5ECC.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
      "A9R5EC8.tmp" has type "data"
      "A9R5ECB.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
      "A9R5EC5.tmp" has type "data"
      "48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" has type "data"
      "A9R5ECD.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
      "A9R5EC6.tmp" has type "data"
      source
      Extracted File
      relevance
      3/10
  • Network Related

File Details

All Details:

offer_50_992411320.pdf

Filename
offer_50_992411320.pdf
Size
75KiB (76822 bytes)
Type
pdf
Description
PDF document, version 1.4
Document pages
2
Architecture
WINDOWS
SHA256
6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7fCopy SHA256 to clipboard
MD5
939eae73902a08976442a98920f9e19bCopy MD5 to clipboard
SHA1
a5996909d40c42c3de8294923fac21145172dbb5Copy SHA1 to clipboard

Resources

Icon
Sample Icon

Visualization

Input File (PortEx)
PE Visualization

Classification (TrID)

  • 100.0% (.PDF) Adobe Portable Document Format

Screenshots

Loading content, please wait...

Hybrid Analysis

Tip: Click an analysed process below to view more details.

Analysed 1 process in total (System Resource Monitor).

  • AcroRd32.exe "C:\6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf" (PID: 2340)

Network Analysis

DNS Requests

No relevant DNS requests were made.

Contacted Hosts

No relevant hosts were contacted.

HTTP Traffic

No relevant HTTP requests were made.

Extracted Strings

All Details: Download All Memory Strings (1.8KiB)
!%cd04Ti
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
"C:\6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf"
Ansi based on Process Commandline (AcroRd32.exe)
%PDF-1.4%
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
&d,c_3d,4
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
'\Pho8@Z
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
(%@?Y\4:&J
Ansi based on PCAP Processing (network.pcap)
(LNy&O9aH
Ansi based on PCAP Processing (network.pcap)
)(5IB`c.
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
,0__,J
Ansi based on Image Processing (screen_0.png)
-"Juo/_~Qj&uaY!_AZxxj_AKN|wUWoO%E]gD3d%Um4==y&cto,N2s9Id6]*A6AoC7c/bRIsw+$kS}Pl8-dF5@\W84d~4wP?=OVrw?a#*!r&PX/gp|lN3"W2*RuJO~2]G\ydNy|*=BZ,Vihj#}U%lby/,"K&73zikrK2y-5.]E3AH4g0Jk9Rp-|E1IlT\imucR)D0R+|E4%*L{VA\#HV'),xDgb/#ke/sHx/_$],A)mYih,3-+6m@3AuYWa4Q"muY-1e@5Rl#Pvl8Gpvn
Ansi based on Hybrid Analysis (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
.zSI&E8j <d@
Ansi based on PCAP Processing (network.pcap)
///www___ooo/3-pj
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
/C/6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf
Ansi based on Runtime Data (AcroRd32.exe )
1 0 obj<</Type/XObject/Subtype/Image/Width 460/Height 480/Length 236/ColorSpace/DeviceGray/BitsPerComponent 8/Filter/FlateDecode>>streamx
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
4{\NcU>re
Ansi based on PCAP Processing (network.pcap)
8/2/06ygN
Ansi based on PCAP Processing (network.pcap)
9(}1:X;
Ansi based on PCAP Processing (network.pcap)
9Oyzu?!4
Ansi based on PCAP Processing (network.pcap)
>[kF,z2iM)z
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
?____?
Ansi based on Image Processing (screen_3.png)
?__m_
Ansi based on Image Processing (screen_0.png)
\XK9-5#;%
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
_'?m_
Ansi based on Image Processing (screen_0.png)
_-_6_7L____b_dL7b1__7___sa_1cbbB__6a7_æn_b7_.pdt
Ansi based on Image Processing (screen_0.png)
_-_6_7L____b_dL7b1__7___sa_1cbblB__6a7_æn_b7_.pdt
Ansi based on Image Processing (screen_2.png)
_?_J_?
Ansi based on Image Processing (screen_0.png)
_?_J_?__
Ansi based on Image Processing (screen_2.png)
__94o_o
Ansi based on Image Processing (screen_0.png)
______
Ansi based on Image Processing (screen_2.png)
_________?_?
Ansi based on Image Processing (screen_0.png)
__n_0,___e_9
Ansi based on Image Processing (screen_2.png)
_AcroAppTimer
Unicode based on Runtime Data (AcroRd32.exe )
_m_m,,,
Ansi based on Image Processing (screen_3.png)
_r?m?_?_?_J?____q_?__,m__??_mun??__?_v____,_,_
Ansi based on Image Processing (screen_3.png)
_v____AGRA
Ansi based on Image Processing (screen_2.png)
`bEGHrD$4
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
`Le.0mCNN
Ansi based on PCAP Processing (network.pcap)
Acrobat Instance Window
Unicode based on Runtime Data (AcroRd32.exe )
Acrobat Instance Window Class
Unicode based on Runtime Data (AcroRd32.exe )
ACROSEMAPHORE_R11
Unicode based on Runtime Data (AcroRd32.exe )
Adobe Fireworks CS6
Ansi based on PCAP Processing (network.pcap)
AdobeAcrobatSpeedLaunchCmdWnd
Unicode based on Runtime Data (AcroRd32.exe )
AdobeReaderSpeedLaunchCmdWnd
Unicode based on Runtime Data (AcroRd32.exe )
AdobLRLadLr
Ansi based on Image Processing (screen_0.png)
AnzL_gL
Ansi based on Image Processing (screen_0.png)
Ausfu___n
Ansi based on Image Processing (screen_0.png)
Balfae/Lu
Ansi based on PCAP Processing (network.pcap)
BLarbL_tLn
Ansi based on Image Processing (screen_0.png)
bLastExitNormal
Unicode based on Runtime Data (AcroRd32.exe )
Bz=+L<G8
Ansi based on PCAP Processing (network.pcap)
CG]B-;}dlLc
Ansi based on PCAP Processing (network.pcap)
comedgesuite
Ansi based on PCAP Processing (network.pcap)
comm_ntar
Ansi based on Image Processing (screen_0.png)
D:20180219204151-08'00'
Ansi based on Runtime Data (AcroRd32.exe )
d[FqgxGJp
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
DatL_
Ansi based on Image Processing (screen_0.png)
E+32Va\sAA
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
E__N_AE
Ansi based on Image Processing (screen_0.png)
endstreamendobj2 0 obj<</Type/XObject/Subtype/Image/Width 460/Height 480/SMask 1 0 R/Length 73170/ColorSpace[/CalRGB<</Gamma[2.2 2.2 2.2]/Matrix[0.41239 0.21264 0.01933 0.35758 0.71517 0.11919 0.18045 0.07218 0.9504]/WhitePoint[0.95043 1 1.09]>>]/BitsPerComponent 8/Filter/FlateDecode>>streamx
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
endstreamendobj3 0 obj<</Subtype/Link/Rect[162.25 451 449.75 751]/A<</S/URI/URI(https://mariadeabreu.cf)>>/Border[0 0 0]/C[0 0 1]>>endobj4 0 obj<</Length 91/Filter/FlateDecode>>streamx
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
endstreamendobj6 0 obj<</Type/Page/MediaBox[0 0 612 792]/Resources<</XObject<</img0 1 0 R/img1 2 0 R>>>>/Annots[3 0 R]/Contents 4 0 R/Parent 5 0 R>>endobj8 0 obj<</Length 328/Filter/FlateDecode>>streamx
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
endstreamendobj9 0 obj<</Type/Page/MediaBox[0 0 612 792]/Resources<</Font<</F1 7 0 R>>>>/Contents 8 0 R/Parent 5 0 R>>endobj7 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica/Encoding/WinAnsiEncoding>>endobj5 0 obj<</Type/Pages/Count 2/Kids[6 0 R 9 0 R]>>endobj10 0 obj<</Type/Catalog/Pages 5 0 R>>endobj11 0 obj<</Producer(iTextSharp
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
FLn_Lr
Ansi based on Image Processing (screen_0.png)
FQ;.6+QbD
Ansi based on PCAP Processing (network.pcap)
GET /11/rdr/DEU/win/nooem/none/message.zip HTTP/1.1Accept: */*If-Modified-Since: Mon, 08 Dec 2014 07:17:29 GMTUser-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /11/rdr/DEU/win/nooem/none/message.zip HTTP/1.1Accept: */*User-Agent: IPMHost: acroipm2.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/1012.zip HTTP/1.1Accept: */*User-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/1084.zip HTTP/1.1Accept: */*User-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/198.zip HTTP/1.1Accept: */*If-Modified-Since: Mon, 04 Sep 2014 03:00:00 GMTUser-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/199.zip HTTP/1.1Accept: */*If-Modified-Since: Mon, 04 Sep 2014 03:00:00 GMTUser-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/200.zip HTTP/1.1Accept: */*If-Modified-Since: Mon, 04 Sep 2014 03:00:00 GMTUser-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/201.zip HTTP/1.1Accept: */*If-Modified-Since: Mon, 04 Sep 2014 03:00:00 GMTUser-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/21.zip HTTP/1.1Accept: */*User-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/47.zip HTTP/1.1Accept: */*User-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
H_lfL
Ansi based on Image Processing (screen_0.png)
he)c9g\ti
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
HTTP/1.1 200 OKLast-Modified: Wed, 09 Mar 2011 08:42:38 GMTServer: ApacheAccept-Ranges: bytesContent-Length: 81944Content-Type: application/zipCache-Control: max-age=315Expires: Mon, 19 Feb 2018 19:46:49 GMTDate: Mon, 19 Feb 2018 19:41:34 GMTConnection: keep-alivePK
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 200 OKServer: ApacheLast-Modified: Fri, 11 Aug 2017 15:16:04 GMTAccept-Ranges: bytesContent-Length: 41629Content-Type: application/zipCache-Control: max-age=151Expires: Mon, 19 Feb 2018 19:44:05 GMTDate: Mon, 19 Feb 2018 19:41:34 GMTConnection: keep-alivePK
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 200 OKServer: ApacheLast-Modified: Wed, 08 Nov 2017 08:44:36 GMTAccept-Ranges: bytesContent-Length: 46135Content-Type: application/zipCache-Control: max-age=378Expires: Mon, 19 Feb 2018 19:47:49 GMTDate: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alivePK
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 200 OKServer: ApacheLast-Modified: Wed, 24 May 2017 22:48:47 GMTAccept-Ranges: bytesContent-Length: 38445Content-Type: application/zipCache-Control: max-age=114Expires: Mon, 19 Feb 2018 19:43:28 GMTDate: Mon, 19 Feb 2018 19:41:34 GMTConnection: keep-alivePK
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 200 OKServer: ApacheLast-Modified: Wed, 29 Feb 2012 00:41:09 GMTAccept-Ranges: bytesContent-Length: 35731Content-Type: application/zipCache-Control: max-age=388Expires: Mon, 19 Feb 2018 19:48:02 GMTDate: Mon, 19 Feb 2018 19:41:34 GMTConnection: keep-alivePK
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 304 Not ModifiedContent-Type: application/zipLast-Modified: Tue, 02 Sep 2014 09:20:29 GMTCache-Control: max-age=408Expires: Mon, 19 Feb 2018 19:48:19 GMTDate: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alive
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 304 Not ModifiedContent-Type: application/zipLast-Modified: Tue, 02 Sep 2014 09:25:06 GMTCache-Control: max-age=552Expires: Mon, 19 Feb 2018 19:50:43 GMTDate: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alive
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 304 Not ModifiedContent-Type: application/zipLast-Modified: Tue, 02 Sep 2014 09:28:56 GMTCache-Control: max-age=389Expires: Mon, 19 Feb 2018 19:48:00 GMTDate: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alive
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 304 Not ModifiedContent-Type: application/zipLast-Modified: Tue, 02 Sep 2014 09:30:20 GMTCache-Control: max-age=398Expires: Mon, 19 Feb 2018 19:48:09 GMTDate: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alive
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 404 Not FoundServer: ApacheContent-Length: 354Content-Type: text/html; charset=iso-8859-1Date: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alive<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /11/rdr/DEU/win/nooem/none/message.zip was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Ansi based on PCAP Processing (network.pcap)
https://mariadeabreu.cf
Ansi based on PDF URL Extraction (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
iGCbv$}$K#
Ansi based on PCAP Processing (network.pcap)
JFWUI2
Unicode based on Runtime Data (AcroRd32.exe )
k!wm4fUoq
Ansi based on PCAP Processing (network.pcap)
K5'6&~-_Fi
Ansi based on PCAP Processing (network.pcap)
M=gvCA``c
Ansi based on PCAP Processing (network.pcap)
M>w:v>wrz
Ansi based on PCAP Processing (network.pcap)
message.xml
Ansi based on PCAP Processing (network.pcap)
message.xmlPK
Ansi based on PCAP Processing (network.pcap)
META-INF/signatures.xml
Ansi based on PCAP Processing (network.pcap)
META-INF/signatures.xmlPK
Ansi based on PCAP Processing (network.pcap)
mimetypeapplication/vnd.adobe.air-ucf-package+zipPK
Ansi based on PCAP Processing (network.pcap)
mimetypePK
Ansi based on PCAP Processing (network.pcap)
n<cU/<:t5
Ansi based on PCAP Processing (network.pcap)
NyABL
Ansi based on Image Processing (screen_3.png)
OC[{A%luT
Ansi based on PCAP Processing (network.pcap)
o{cSbK'Sw{'kgbQ
Ansi based on PCAP Processing (network.pcap)
PP:E~e/Mv8V
Ansi based on PCAP Processing (network.pcap)
PSPUBWS-PC
Ansi based on PCAP Processing (network.pcap)
QK%hl!G~v
Ansi based on PCAP Processing (network.pcap)
qVk-Nc)kFqVk-<%
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
R|-o ,snI
Ansi based on PCAP Processing (network.pcap)
sDate
Unicode based on Runtime Data (AcroRd32.exe )
tDIText
Unicode based on Runtime Data (AcroRd32.exe )
tEXtCreation Time
Ansi based on PCAP Processing (network.pcap)
tEXtSoftware
Ansi based on PCAP Processing (network.pcap)
tq=>/KEWJ
Ansi based on PCAP Processing (network.pcap)
uFileSize
Unicode based on Runtime Data (AcroRd32.exe )
unt_rschr_ib_n
Ansi based on Image Processing (screen_0.png)
uPageCount
Unicode based on Runtime Data (AcroRd32.exe )
w_r__u9_
Ansi based on Image Processing (screen_0.png)
x]g[7WX9^
Ansi based on PCAP Processing (network.pcap)
y^(7kmHs;.za
Ansi based on PCAP Processing (network.pcap)
{gh4mc-[m
Ansi based on PCAP Processing (network.pcap)
{SSW^g`+o
Ansi based on PCAP Processing (network.pcap)
~%-!%M,q|
Ansi based on PCAP Processing (network.pcap)
�������������
Ansi based on Runtime Data (AcroRd32.exe )
(%@?Y\4:&J
Ansi based on PCAP Processing (network.pcap)
-"Juo/_~Qj&amp;uaY!_AZxxj_AKN|wUWoO%E]gD3d%Um4==y&amp;cto,N2s9Id6]*A6AoC7c/bRIsw+$kS}Pl8-dF5@\W84d~4wP?=OVrw?a#*!r&amp;PX/gp|lN3"W2*RuJO~2]G\ydNy|*=BZ,Vihj#}U%lby/,"K&amp;73zikrK2y-5.]E3AH4g0Jk9Rp-|E1IlT\imucR)D0R+|E4%*L{VA\#HV'),xDgb/#ke/sHx/_$],A)mYih,3-+6m@3AuYWa4Q"muY-1e@5Rl#Pvl8Gpvn
Ansi based on Hybrid Analysis (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
///www___ooo/3-pj
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
1 0 obj<</Type/XObject/Subtype/Image/Width 460/Height 480/Length 236/ColorSpace/DeviceGray/BitsPerComponent 8/Filter/FlateDecode>>streamx
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
Acrobat Instance Window
Unicode based on Runtime Data (AcroRd32.exe )
Acrobat Instance Window Class
Unicode based on Runtime Data (AcroRd32.exe )
AdobeAcrobatSpeedLaunchCmdWnd
Unicode based on Runtime Data (AcroRd32.exe )
AdobeReaderSpeedLaunchCmdWnd
Unicode based on Runtime Data (AcroRd32.exe )
comedgesuite
Ansi based on PCAP Processing (network.pcap)
comm_ntar
Ansi based on Image Processing (screen_0.png)
endstreamendobj2 0 obj<</Type/XObject/Subtype/Image/Width 460/Height 480/SMask 1 0 R/Length 73170/ColorSpace[/CalRGB<</Gamma[2.2 2.2 2.2]/Matrix[0.41239 0.21264 0.01933 0.35758 0.71517 0.11919 0.18045 0.07218 0.9504]/WhitePoint[0.95043 1 1.09]>>]/BitsPerComponent 8/Filter/FlateDecode>>streamx
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
endstreamendobj3 0 obj<</Subtype/Link/Rect[162.25 451 449.75 751]/A<</S/URI/URI(https://mariadeabreu.cf)>>/Border[0 0 0]/C[0 0 1]>>endobj4 0 obj<</Length 91/Filter/FlateDecode>>streamx
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
endstreamendobj6 0 obj<</Type/Page/MediaBox[0 0 612 792]/Resources<</XObject<</img0 1 0 R/img1 2 0 R>>>>/Annots[3 0 R]/Contents 4 0 R/Parent 5 0 R>>endobj8 0 obj<</Length 328/Filter/FlateDecode>>streamx
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
endstreamendobj9 0 obj<</Type/Page/MediaBox[0 0 612 792]/Resources<</Font<</F1 7 0 R>>>>/Contents 8 0 R/Parent 5 0 R>>endobj7 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica/Encoding/WinAnsiEncoding>>endobj5 0 obj<</Type/Pages/Count 2/Kids[6 0 R 9 0 R]>>endobj10 0 obj<</Type/Catalog/Pages 5 0 R>>endobj11 0 obj<</Producer(iTextSharp
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
GET /11/rdr/DEU/win/nooem/none/message.zip HTTP/1.1Accept: */*If-Modified-Since: Mon, 08 Dec 2014 07:17:29 GMTUser-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /11/rdr/DEU/win/nooem/none/message.zip HTTP/1.1Accept: */*User-Agent: IPMHost: acroipm2.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/1012.zip HTTP/1.1Accept: */*User-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/1084.zip HTTP/1.1Accept: */*User-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/198.zip HTTP/1.1Accept: */*If-Modified-Since: Mon, 04 Sep 2014 03:00:00 GMTUser-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/199.zip HTTP/1.1Accept: */*If-Modified-Since: Mon, 04 Sep 2014 03:00:00 GMTUser-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/200.zip HTTP/1.1Accept: */*If-Modified-Since: Mon, 04 Sep 2014 03:00:00 GMTUser-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/201.zip HTTP/1.1Accept: */*If-Modified-Since: Mon, 04 Sep 2014 03:00:00 GMTUser-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/21.zip HTTP/1.1Accept: */*User-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/47.zip HTTP/1.1Accept: */*User-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 200 OKLast-Modified: Wed, 09 Mar 2011 08:42:38 GMTServer: ApacheAccept-Ranges: bytesContent-Length: 81944Content-Type: application/zipCache-Control: max-age=315Expires: Mon, 19 Feb 2018 19:46:49 GMTDate: Mon, 19 Feb 2018 19:41:34 GMTConnection: keep-alivePK
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 200 OKServer: ApacheLast-Modified: Fri, 11 Aug 2017 15:16:04 GMTAccept-Ranges: bytesContent-Length: 41629Content-Type: application/zipCache-Control: max-age=151Expires: Mon, 19 Feb 2018 19:44:05 GMTDate: Mon, 19 Feb 2018 19:41:34 GMTConnection: keep-alivePK
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 200 OKServer: ApacheLast-Modified: Wed, 08 Nov 2017 08:44:36 GMTAccept-Ranges: bytesContent-Length: 46135Content-Type: application/zipCache-Control: max-age=378Expires: Mon, 19 Feb 2018 19:47:49 GMTDate: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alivePK
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 200 OKServer: ApacheLast-Modified: Wed, 24 May 2017 22:48:47 GMTAccept-Ranges: bytesContent-Length: 38445Content-Type: application/zipCache-Control: max-age=114Expires: Mon, 19 Feb 2018 19:43:28 GMTDate: Mon, 19 Feb 2018 19:41:34 GMTConnection: keep-alivePK
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 200 OKServer: ApacheLast-Modified: Wed, 29 Feb 2012 00:41:09 GMTAccept-Ranges: bytesContent-Length: 35731Content-Type: application/zipCache-Control: max-age=388Expires: Mon, 19 Feb 2018 19:48:02 GMTDate: Mon, 19 Feb 2018 19:41:34 GMTConnection: keep-alivePK
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 304 Not ModifiedContent-Type: application/zipLast-Modified: Tue, 02 Sep 2014 09:20:29 GMTCache-Control: max-age=408Expires: Mon, 19 Feb 2018 19:48:19 GMTDate: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alive
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 304 Not ModifiedContent-Type: application/zipLast-Modified: Tue, 02 Sep 2014 09:25:06 GMTCache-Control: max-age=552Expires: Mon, 19 Feb 2018 19:50:43 GMTDate: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alive
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 304 Not ModifiedContent-Type: application/zipLast-Modified: Tue, 02 Sep 2014 09:28:56 GMTCache-Control: max-age=389Expires: Mon, 19 Feb 2018 19:48:00 GMTDate: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alive
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 304 Not ModifiedContent-Type: application/zipLast-Modified: Tue, 02 Sep 2014 09:30:20 GMTCache-Control: max-age=398Expires: Mon, 19 Feb 2018 19:48:09 GMTDate: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alive
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 404 Not FoundServer: ApacheContent-Length: 354Content-Type: text/html; charset=iso-8859-1Date: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alive<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /11/rdr/DEU/win/nooem/none/message.zip was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Ansi based on PCAP Processing (network.pcap)
https://mariadeabreu.cf
Ansi based on PDF URL Extraction (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
META-INF/signatures.xml
Ansi based on PCAP Processing (network.pcap)
META-INF/signatures.xmlPK
Ansi based on PCAP Processing (network.pcap)
mimetypeapplication/vnd.adobe.air-ucf-package+zipPK
Ansi based on PCAP Processing (network.pcap)
y^(7kmHs;.za
Ansi based on PCAP Processing (network.pcap)
1 0 obj<</Type/XObject/Subtype/Image/Width 460/Height 480/Length 236/ColorSpace/DeviceGray/BitsPerComponent 8/Filter/FlateDecode>>streamx
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
\XK9-5#;%
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
endstreamendobj2 0 obj<</Type/XObject/Subtype/Image/Width 460/Height 480/SMask 1 0 R/Length 73170/ColorSpace[/CalRGB<</Gamma[2.2 2.2 2.2]/Matrix[0.41239 0.21264 0.01933 0.35758 0.71517 0.11919 0.18045 0.07218 0.9504]/WhitePoint[0.95043 1 1.09]>>]/BitsPerComponent 8/Filter/FlateDecode>>streamx
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
endstreamendobj3 0 obj<</Subtype/Link/Rect[162.25 451 449.75 751]/A<</S/URI/URI(https://mariadeabreu.cf)>>/Border[0 0 0]/C[0 0 1]>>endobj4 0 obj<</Length 91/Filter/FlateDecode>>streamx
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
endstreamendobj6 0 obj<</Type/Page/MediaBox[0 0 612 792]/Resources<</XObject<</img0 1 0 R/img1 2 0 R>>>>/Annots[3 0 R]/Contents 4 0 R/Parent 5 0 R>>endobj8 0 obj<</Length 328/Filter/FlateDecode>>streamx
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
endstreamendobj9 0 obj<</Type/Page/MediaBox[0 0 612 792]/Resources<</Font<</F1 7 0 R>>>>/Contents 8 0 R/Parent 5 0 R>>endobj7 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica/Encoding/WinAnsiEncoding>>endobj5 0 obj<</Type/Pages/Count 2/Kids[6 0 R 9 0 R]>>endobj10 0 obj<</Type/Catalog/Pages 5 0 R>>endobj11 0 obj<</Producer(iTextSharp
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
!%cd04Ti
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
%PDF-1.4%
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
&d,c_3d,4
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
'\Pho8@Z
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
)(5IB`c.
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
-"Juo/_~Qj&amp;uaY!_AZxxj_AKN|wUWoO%E]gD3d%Um4==y&amp;cto,N2s9Id6]*A6AoC7c/bRIsw+$kS}Pl8-dF5@\W84d~4wP?=OVrw?a#*!r&amp;PX/gp|lN3"W2*RuJO~2]G\ydNy|*=BZ,Vihj#}U%lby/,"K&amp;73zikrK2y-5.]E3AH4g0Jk9Rp-|E1IlT\imucR)D0R+|E4%*L{VA\#HV'),xDgb/#ke/sHx/_$],A)mYih,3-+6m@3AuYWa4Q"muY-1e@5Rl#Pvl8Gpvn
Ansi based on Hybrid Analysis (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
///www___ooo/3-pj
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
>[kF,z2iM)z
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
`bEGHrD$4
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
d[FqgxGJp
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
E+32Va\sAA
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
he)c9g\ti
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
https://mariadeabreu.cf
Ansi based on PDF URL Extraction (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
qVk-Nc)kFqVk-<%
Ansi based on Memory/File Scan (6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf.bin)
"C:\6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf"
Ansi based on Process Commandline (AcroRd32.exe)
/C/6a207ea9d9e60a9bc9de7b1c2b87e06fa85ac31cbbf8c69e1627408c8f3d2b7f.pdf
Ansi based on Runtime Data (AcroRd32.exe )
_AcroAppTimer
Unicode based on Runtime Data (AcroRd32.exe )
Acrobat Instance Window
Unicode based on Runtime Data (AcroRd32.exe )
Acrobat Instance Window Class
Unicode based on Runtime Data (AcroRd32.exe )
ACROSEMAPHORE_R11
Unicode based on Runtime Data (AcroRd32.exe )
AdobeAcrobatSpeedLaunchCmdWnd
Unicode based on Runtime Data (AcroRd32.exe )
AdobeReaderSpeedLaunchCmdWnd
Unicode based on Runtime Data (AcroRd32.exe )
bLastExitNormal
Unicode based on Runtime Data (AcroRd32.exe )
D:20180219204151-08'00'
Ansi based on Runtime Data (AcroRd32.exe )
JFWUI2
Unicode based on Runtime Data (AcroRd32.exe )
sDate
Unicode based on Runtime Data (AcroRd32.exe )
tDIText
Unicode based on Runtime Data (AcroRd32.exe )
uFileSize
Unicode based on Runtime Data (AcroRd32.exe )
uPageCount
Unicode based on Runtime Data (AcroRd32.exe )
�������������
Ansi based on Runtime Data (AcroRd32.exe )
PSPUBWS-PC
Ansi based on PCAP Processing (network.pcap)
(%@?Y\4:&J
Ansi based on PCAP Processing (network.pcap)
(LNy&O9aH
Ansi based on PCAP Processing (network.pcap)
.zSI&E8j <d@
Ansi based on PCAP Processing (network.pcap)
4{\NcU>re
Ansi based on PCAP Processing (network.pcap)
8/2/06ygN
Ansi based on PCAP Processing (network.pcap)
9(}1:X;
Ansi based on PCAP Processing (network.pcap)
9Oyzu?!4
Ansi based on PCAP Processing (network.pcap)
`Le.0mCNN
Ansi based on PCAP Processing (network.pcap)
Adobe Fireworks CS6
Ansi based on PCAP Processing (network.pcap)
Balfae/Lu
Ansi based on PCAP Processing (network.pcap)
Bz=+L<G8
Ansi based on PCAP Processing (network.pcap)
CG]B-;}dlLc
Ansi based on PCAP Processing (network.pcap)
comedgesuite
Ansi based on PCAP Processing (network.pcap)
FQ;.6+QbD
Ansi based on PCAP Processing (network.pcap)
GET /11/rdr/DEU/win/nooem/none/message.zip HTTP/1.1Accept: */*If-Modified-Since: Mon, 08 Dec 2014 07:17:29 GMTUser-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /11/rdr/DEU/win/nooem/none/message.zip HTTP/1.1Accept: */*User-Agent: IPMHost: acroipm2.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/1012.zip HTTP/1.1Accept: */*User-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/1084.zip HTTP/1.1Accept: */*User-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/198.zip HTTP/1.1Accept: */*If-Modified-Since: Mon, 04 Sep 2014 03:00:00 GMTUser-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/199.zip HTTP/1.1Accept: */*If-Modified-Since: Mon, 04 Sep 2014 03:00:00 GMTUser-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/200.zip HTTP/1.1Accept: */*If-Modified-Since: Mon, 04 Sep 2014 03:00:00 GMTUser-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/201.zip HTTP/1.1Accept: */*If-Modified-Since: Mon, 04 Sep 2014 03:00:00 GMTUser-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/21.zip HTTP/1.1Accept: */*User-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
GET /assets/47.zip HTTP/1.1Accept: */*User-Agent: IPMHost: acroipm.adobe.comConnection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 200 OKLast-Modified: Wed, 09 Mar 2011 08:42:38 GMTServer: ApacheAccept-Ranges: bytesContent-Length: 81944Content-Type: application/zipCache-Control: max-age=315Expires: Mon, 19 Feb 2018 19:46:49 GMTDate: Mon, 19 Feb 2018 19:41:34 GMTConnection: keep-alivePK
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 200 OKServer: ApacheLast-Modified: Fri, 11 Aug 2017 15:16:04 GMTAccept-Ranges: bytesContent-Length: 41629Content-Type: application/zipCache-Control: max-age=151Expires: Mon, 19 Feb 2018 19:44:05 GMTDate: Mon, 19 Feb 2018 19:41:34 GMTConnection: keep-alivePK
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 200 OKServer: ApacheLast-Modified: Wed, 08 Nov 2017 08:44:36 GMTAccept-Ranges: bytesContent-Length: 46135Content-Type: application/zipCache-Control: max-age=378Expires: Mon, 19 Feb 2018 19:47:49 GMTDate: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alivePK
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 200 OKServer: ApacheLast-Modified: Wed, 24 May 2017 22:48:47 GMTAccept-Ranges: bytesContent-Length: 38445Content-Type: application/zipCache-Control: max-age=114Expires: Mon, 19 Feb 2018 19:43:28 GMTDate: Mon, 19 Feb 2018 19:41:34 GMTConnection: keep-alivePK
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 200 OKServer: ApacheLast-Modified: Wed, 29 Feb 2012 00:41:09 GMTAccept-Ranges: bytesContent-Length: 35731Content-Type: application/zipCache-Control: max-age=388Expires: Mon, 19 Feb 2018 19:48:02 GMTDate: Mon, 19 Feb 2018 19:41:34 GMTConnection: keep-alivePK
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 304 Not ModifiedContent-Type: application/zipLast-Modified: Tue, 02 Sep 2014 09:20:29 GMTCache-Control: max-age=408Expires: Mon, 19 Feb 2018 19:48:19 GMTDate: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alive
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 304 Not ModifiedContent-Type: application/zipLast-Modified: Tue, 02 Sep 2014 09:25:06 GMTCache-Control: max-age=552Expires: Mon, 19 Feb 2018 19:50:43 GMTDate: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alive
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 304 Not ModifiedContent-Type: application/zipLast-Modified: Tue, 02 Sep 2014 09:28:56 GMTCache-Control: max-age=389Expires: Mon, 19 Feb 2018 19:48:00 GMTDate: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alive
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 304 Not ModifiedContent-Type: application/zipLast-Modified: Tue, 02 Sep 2014 09:30:20 GMTCache-Control: max-age=398Expires: Mon, 19 Feb 2018 19:48:09 GMTDate: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alive
Ansi based on PCAP Processing (network.pcap)
HTTP/1.1 404 Not FoundServer: ApacheContent-Length: 354Content-Type: text/html; charset=iso-8859-1Date: Mon, 19 Feb 2018 19:41:31 GMTConnection: keep-alive<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /11/rdr/DEU/win/nooem/none/message.zip was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Ansi based on PCAP Processing (network.pcap)
iGCbv$}$K#
Ansi based on PCAP Processing (network.pcap)
k!wm4fUoq
Ansi based on PCAP Processing (network.pcap)
K5'6&~-_Fi
Ansi based on PCAP Processing (network.pcap)
M=gvCA``c
Ansi based on PCAP Processing (network.pcap)
M>w:v>wrz
Ansi based on PCAP Processing (network.pcap)
message.xml
Ansi based on PCAP Processing (network.pcap)
message.xmlPK
Ansi based on PCAP Processing (network.pcap)
META-INF/signatures.xml
Ansi based on PCAP Processing (network.pcap)
META-INF/signatures.xmlPK
Ansi based on PCAP Processing (network.pcap)
mimetypeapplication/vnd.adobe.air-ucf-package+zipPK
Ansi based on PCAP Processing (network.pcap)
mimetypePK
Ansi based on PCAP Processing (network.pcap)
n<cU/<:t5
Ansi based on PCAP Processing (network.pcap)
OC[{A%luT
Ansi based on PCAP Processing (network.pcap)
o{cSbK'Sw{'kgbQ
Ansi based on PCAP Processing (network.pcap)
PP:E~e/Mv8V
Ansi based on PCAP Processing (network.pcap)
QK%hl!G~v
Ansi based on PCAP Processing (network.pcap)
R|-o ,snI
Ansi based on PCAP Processing (network.pcap)
tEXtCreation Time
Ansi based on PCAP Processing (network.pcap)
tEXtSoftware
Ansi based on PCAP Processing (network.pcap)
tq=>/KEWJ
Ansi based on PCAP Processing (network.pcap)
x]g[7WX9^
Ansi based on PCAP Processing (network.pcap)
y^(7kmHs;.za
Ansi based on PCAP Processing (network.pcap)
{gh4mc-[m
Ansi based on PCAP Processing (network.pcap)
{SSW^g`+o
Ansi based on PCAP Processing (network.pcap)
~%-!%M,q|
Ansi based on PCAP Processing (network.pcap)
,0__,J
Ansi based on Image Processing (screen_0.png)
?__m_
Ansi based on Image Processing (screen_0.png)
_'?m_
Ansi based on Image Processing (screen_0.png)
_-_6_7L____b_dL7b1__7___sa_1cbbB__6a7_æn_b7_.pdt
Ansi based on Image Processing (screen_0.png)
_?_J_?
Ansi based on Image Processing (screen_0.png)
__94o_o
Ansi based on Image Processing (screen_0.png)
_________?_?
Ansi based on Image Processing (screen_0.png)
AdobLRLadLr
Ansi based on Image Processing (screen_0.png)
AnzL_gL
Ansi based on Image Processing (screen_0.png)
Ausfu___n
Ansi based on Image Processing (screen_0.png)
BLarbL_tLn
Ansi based on Image Processing (screen_0.png)
comm_ntar
Ansi based on Image Processing (screen_0.png)
DatL_
Ansi based on Image Processing (screen_0.png)
E__N_AE
Ansi based on Image Processing (screen_0.png)
FLn_Lr
Ansi based on Image Processing (screen_0.png)
H_lfL
Ansi based on Image Processing (screen_0.png)
unt_rschr_ib_n
Ansi based on Image Processing (screen_0.png)
w_r__u9_
Ansi based on Image Processing (screen_0.png)
_-_6_7L____b_dL7b1__7___sa_1cbblB__6a7_æn_b7_.pdt
Ansi based on Image Processing (screen_2.png)
_?_J_?__
Ansi based on Image Processing (screen_2.png)
______
Ansi based on Image Processing (screen_2.png)
__n_0,___e_9
Ansi based on Image Processing (screen_2.png)
_v____AGRA
Ansi based on Image Processing (screen_2.png)
?____?
Ansi based on Image Processing (screen_3.png)
_m_m,,,
Ansi based on Image Processing (screen_3.png)
_r?m?_?_?_J?____q_?__,m__??_mun??__?_v____,_,_
Ansi based on Image Processing (screen_3.png)
NyABL
Ansi based on Image Processing (screen_3.png)

Extracted Files

Displaying 12 extracted file(s). The remaining 1 file(s) are available in the full version and XML/JSON reports.

  • Informative 12

    • AdobeFnt14.lst.2340
      Download Disabled Hash Seen Before
      Size
      512B (512 bytes)
      Type
      text
      Description
      PostScript document text
      Runtime Process
      AcroRd32.exe (PID: 2340)
      MD5
      60d86be8d31b494b0edf0cb1edc33bd7 Copy MD5 to clipboard
      SHA1
      7845d6a6eb46a17afee8d2821c0173b539fe1a57 Copy SHA1 to clipboard
      SHA256
      133a54800ed9a7951a92d11b92f5b8822fd49f071f3ecf0240cb4e0464cd9379 Copy SHA256 to clipboard
    • A9R5EC5.tmp
      Download Disabled Hash Seen Before
      Size
      2B (2 bytes)
      Type
      data
      Runtime Process
      AcroRd32.exe (PID: 2340)
      MD5
      c4103f122d27677c9db144cae1394a66 Copy MD5 to clipboard
      SHA1
      1489f923c4dca729178b3e3233458550d8dddf29 Copy SHA1 to clipboard
      SHA256
      96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7 Copy SHA256 to clipboard
    • A9R5EC6.tmp
      Download Disabled Hash Seen Before
      Size
      2B (2 bytes)
      Type
      data
      Runtime Process
      AcroRd32.exe (PID: 2340)
      MD5
      c4103f122d27677c9db144cae1394a66 Copy MD5 to clipboard
      SHA1
      1489f923c4dca729178b3e3233458550d8dddf29 Copy SHA1 to clipboard
      SHA256
      96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7 Copy SHA256 to clipboard
    • A9R5EC7.tmp
      Download Disabled Hash Seen Before
      Size
      2B (2 bytes)
      Type
      data
      Runtime Process
      AcroRd32.exe (PID: 2340)
      MD5
      c4103f122d27677c9db144cae1394a66 Copy MD5 to clipboard
      SHA1
      1489f923c4dca729178b3e3233458550d8dddf29 Copy SHA1 to clipboard
      SHA256
      96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7 Copy SHA256 to clipboard
    • A9R5EC8.tmp
      Download Disabled Hash Seen Before
      Size
      2B (2 bytes)
      Type
      data
      Runtime Process
      AcroRd32.exe (PID: 2340)
      MD5
      c4103f122d27677c9db144cae1394a66 Copy MD5 to clipboard
      SHA1
      1489f923c4dca729178b3e3233458550d8dddf29 Copy SHA1 to clipboard
      SHA256
      96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7 Copy SHA256 to clipboard
    • A9R5ECA.tmp
      Download Disabled Hash Seen Before
      Size
      45KiB (46135 bytes)
      Type
      java
      Description
      Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
      Runtime Process
      AcroRd32.exe (PID: 2340)
      MD5
      7de4a2e866ed8aefb829cf5e04db261a Copy MD5 to clipboard
      SHA1
      38a68fded15d2c8950a6b0d855492e5b4ce7ed95 Copy SHA1 to clipboard
      SHA256
      70bdea097b02d2cba9f5363f9e986cc5ba57267999374c303a248d01000d713b Copy SHA256 to clipboard
    • A9B8213768ADC68AF64FCC6409E8BE414726687F.crl
      Download Disabled Hash Seen Before
      Size
      37KiB (37738 bytes)
      Type
      data
      MD5
      eb3e7c0d28537e2662c1bc2795b26eb9 Copy MD5 to clipboard
      SHA1
      3bfbc57934740c491eaeeeb3a6dcd7ff295912b3 Copy SHA1 to clipboard
      SHA256
      37174acf10a8a6b39cc7afb4ef77689001acf0b420c760d12739e667569e4fbe Copy SHA256 to clipboard
    • A9R5ECE.tmp
      Download Disabled Hash Seen Before
      Size
      35KiB (35731 bytes)
      Type
      java
      Description
      Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
      MD5
      60fb8491aa4b141264152614c765d450 Copy MD5 to clipboard
      SHA1
      c33105a5d6bda4f09bfcd774ade9a62e77e131ee Copy SHA1 to clipboard
      SHA256
      3184ca2a7ef723d242309f3770e6f60ac57e436ee3eb2b434112d0df848e5c60 Copy SHA256 to clipboard
    • A9R5ECC.tmp
      Download Disabled Hash Seen Before
      Size
      38KiB (38445 bytes)
      Type
      java
      Description
      Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
      MD5
      c2be4c74c4d98eac6140acb383f77d0b Copy MD5 to clipboard
      SHA1
      a54e90b58dd2463d913142d4d7ec1d038f249c55 Copy SHA1 to clipboard
      SHA256
      d1e10ebe9f745f12c7b29f0a7ca27c576c0ba1e37fdcc19563e822c6692a1d68 Copy SHA256 to clipboard
    • A9R5ECB.tmp
      Download Disabled Hash Seen Before
      Size
      41KiB (41629 bytes)
      Type
      java
      Description
      Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
      MD5
      2270aa3192da68562fdb1e4c468b13df Copy MD5 to clipboard
      SHA1
      0efdaae1163af1ac0c61c6e5f92714cdbb03e41a Copy SHA1 to clipboard
      SHA256
      5c74fec27dec1d0fe65987b22d85ba7953e118b34ed48ad59a8000e4d3d4f975 Copy SHA256 to clipboard
    • 48B76449F3D5FEFA1133AA805E420F0FCA643651.crl
      Download Disabled Hash Seen Before
      Size
      1KiB (1073 bytes)
      Type
      data
      MD5
      cbb08ba4ff75a8e56e1d1d8f5f7733e2 Copy MD5 to clipboard
      SHA1
      cd88afd55a8232ca96638e63393ca290e173b4c2 Copy SHA1 to clipboard
      SHA256
      2f8e5075d1ed7322b95c00cda2ff7502acfdfa1471eedb0eb5e89fb32d44d9e3 Copy SHA256 to clipboard
    • A9R5ECD.tmp
      Download Disabled Hash Seen Before
      Size
      80KiB (81944 bytes)
      Type
      java
      Description
      Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
      MD5
      39c9b484f43d03a05d306bc7bcc16654 Copy MD5 to clipboard
      SHA1
      1cb992eaff6228116e55b858f2ed825b09f2f50b Copy SHA1 to clipboard
      SHA256
      fa5fdebe80ec0ce7dc40738b4fd46a9e9b36eca6a810c523ee6ef3fd40b4179e Copy SHA256 to clipboard

Notifications

  • Runtime

  • Not all sources for indicator ID "mutant-0" are available in the report

Community