Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Vanderweil Engineers, LLP..pdf
|
PDF document, version 1.7, 1 pages
|
initial sample
|
||
C:\Program Files\ChromiumTemp3652_1449008672\model-info.pb
|
data
|
dropped
|
||
C:\Program Files\ChromiumTemp3652_1449008672\model.tflite
|
data
|
dropped
|
||
C:\Program Files\ChromiumTemp3652_1961238311\model-info.pb
|
data
|
dropped
|
||
C:\Program Files\ChromiumTemp3652_1961238311\model.tflite
|
data
|
dropped
|
||
C:\Program Files\ChromiumTemp3652_392935131\model-info.pb
|
data
|
dropped
|
||
C:\Program Files\ChromiumTemp3652_392935131\model.tflite
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1
|
data
|
modified
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF6cec62.TMP (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240328193233Z-179.bmp
|
PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3024000, file counter 15, database pages 15, cookie 0x5, schema 4,
UTF-8, version-valid-for 15
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\6ea49823-e825-454f-927c-2ac42bf6c0de\model.tflite
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\d1abae24-49f9-4f40-93be-6ffe6c203ae7\model.tflite
(copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\eea6d789-5259-4f6b-92cd-59ac167f226d\model.tflite
(copy)
|
data
|
dropped
|
||
Chrome Cache Entry: 111
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 112
|
HTML document, ASCII text, with very long lines (4020)
|
downloaded
|
||
Chrome Cache Entry: 113
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 114
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 115
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 116
|
ASCII text, with very long lines (32065)
|
downloaded
|
||
Chrome Cache Entry: 117
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
Chrome Cache Entry: 118
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 119
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 120
|
ASCII text, with very long lines (7043), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 121
|
ASCII text, with very long lines (50758)
|
downloaded
|
||
Chrome Cache Entry: 122
|
SVG Scalable Vector Graphics image
|
dropped
|
||
Chrome Cache Entry: 123
|
ASCII text, with very long lines (65536), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 124
|
HTML document, ASCII text
|
downloaded
|
||
Chrome Cache Entry: 125
|
SVG Scalable Vector Graphics image
|
dropped
|
There are 24 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
|
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\Vanderweil Engineers, LLP..pdf"
|
||
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
|
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
|
||
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
|
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "https://prident-group.com/"
|
||
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
|
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1280,i,13602845175421175850,11116694525089090820,131072
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://prident-group.com/77624fc8e83077b92433578af825365d6605c5e808f5dLOG77624fc8e83077b92433578af825365d6605c5e808f5e
|
|||
https://prident-group.com/1
|
5.42.65.39
|
||
https://prident-group.com/js/c4cb7af9e3c7df1f0ade3b8159ba2d5b6605c5e839892
|
5.42.65.39
|
||
https://prident-group.com/x/c4cb7af9e3c7df1f0ade3b8159ba2d5b6605c5eadf065
|
5.42.65.39
|
||
https://github.com/twbs/bootstrap/graphs/contributors)
|
unknown
|
||
https://prident-group.com/boot/c4cb7af9e3c7df1f0ade3b8159ba2d5b6605c5e839891
|
5.42.65.39
|
||
https://prident-group.com/ASSETS/img/sig-op.svg
|
5.42.65.39
|
||
https://deptwoosinc.com/)
|
unknown
|
||
https://prident-group.com/jq/c4cb7af9e3c7df1f0ade3b8159ba2d5b6605c5e83988d
|
5.42.65.39
|
||
https://prident-group.com/
|
5.42.65.39
|
||
https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
unknown
|
||
https://prident-group.com/o/c4cb7af9e3c7df1f0ade3b8159ba2d5b6605c5eadf419
|
5.42.65.39
|
||
https://prident-group.com/ASSETS/img/m_.svg
|
5.42.65.39
|
||
https://prident-group.com/favicon.ico
|
5.42.65.39
|
||
https://getbootstrap.com/)
|
unknown
|
||
https://prident-group.com/)
|
unknown
|
||
https://prident-group.com/APP-c4cb7af9e3c7df1f0ade3b8159ba2d5b6605c5eadf05f/c4cb7af9e3c7df1f0ade3b8159ba2d5b6605c5eadf060
|
5.42.65.39
|
There are 7 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
prident-group.com
|
5.42.65.39
|
||
www.google.com
|
142.251.167.147
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
239.255.255.250
|
unknown
|
Reserved
|
||
142.251.167.147
|
www.google.com
|
United States
|
||
5.42.65.39
|
prident-group.com
|
Russian Federation
|
||
192.168.2.4
|
unknown
|
unknown
|
||
192.168.2.255
|
unknown
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://prident-group.com/77624fc8e83077b92433578af825365d6605c5e808f5dLOG77624fc8e83077b92433578af825365d6605c5e808f5e
|
||
https://prident-group.com/77624fc8e83077b92433578af825365d6605c5e808f5dLOG77624fc8e83077b92433578af825365d6605c5e808f5e
|