File name:

COMPARENDO24755693025.pdf

Full analysis: https://app.any.run/tasks/1643075d-b11b-49c7-aaa2-ff6ab493dff5
Verdict: Malicious activity
Analysis date: December 05, 2022, 16:53:43
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/pdf
File info: PDF document, version 1.7
MD5:

9B02C24916C1C910EBB898DA92EC23A0

SHA1:

0C38FA7F9D48CBF93FAD7ECA53B3183CD5B560CB

SHA256:

103799875E945472D7B7D11C7BC051F6FF4FD4C15012EC12E6CF9B68C78C76D2

SSDEEP:

1536:zjOEhH9+x64Qk0NzyZns4fCOwVQ2iw/UTidEziIEO3Jslf1dKp:3J7+d17RfUP6L36f7Kp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Detected use of alternative data streams (AltDS)

      • AcroRd32.exe (PID: 1328)
  • INFO

    • Application launched itself

      • AcroRd32.exe (PID: 1328)
      • RdrCEF.exe (PID: 1232)
      • iexplore.exe (PID: 3080)
      • firefox.exe (PID: 972)
      • firefox.exe (PID: 3592)
    • Checks supported languages

      • Reader_sl.exe (PID: 3924)
    • Dropped object may contain Bitcoin addresses

      • iexplore.exe (PID: 3080)
    • Manual execution by a user

      • firefox.exe (PID: 972)
    • Creates files in the program directory

      • AdobeARM.exe (PID: 3196)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.pdf | Adobe Portable Document Format (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
61
Monitored processes
22
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start acrord32.exe acrord32.exe no specs rdrcef.exe rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs iexplore.exe iexplore.exe iexplore.exe adobearm.exe reader_sl.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1328"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\AppData\Local\Temp\COMPARENDO24755693025.pdf"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Explorer.EXE
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat Reader DC
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1660"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer "C:\Users\admin\AppData\Local\Temp\COMPARENDO24755693025.pdf"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeAcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat Reader DC
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1232"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
AcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3672"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1060,16453441527559573604,9570483225386677469,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1127828972764480478 --renderer-client-id=2 --mojo-platform-channel-handle=1188 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
0
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3364"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1060,16453441527559573604,9570483225386677469,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=2891548286977491993 --mojo-platform-channel-handle=1208 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
292"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1060,16453441527559573604,9570483225386677469,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=6960606002125793061 --mojo-platform-channel-handle=1396 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
1804"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1060,16453441527559573604,9570483225386677469,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=6494305496170236393 --mojo-platform-channel-handle=1456 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3056"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1060,16453441527559573604,9570483225386677469,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4048961341024282327 --renderer-client-id=6 --mojo-platform-channel-handle=1612 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\libcef.dll
3244"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1060,16453441527559573604,9570483225386677469,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4416556663089320542 --renderer-client-id=7 --mojo-platform-channel-handle=1500 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2372"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1060,16453441527559573604,9570483225386677469,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5129425436012864319 --renderer-client-id=8 --mojo-platform-channel-handle=1628 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
Total events
42 034
Read events
41 726
Write events
302
Delete events
6

Modification events

(PID) Process:(1660) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\ExitSection
Operation:writeName:bLastExitNormal
Value:
0
(PID) Process:(1660) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
Operation:writeName:iNumReaderLaunches
Value:
2
(PID) Process:(1660) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\FTEDialog
Operation:writeName:bShowUpdateFTE
Value:
1
(PID) Process:(1660) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\HomeWelcome
Operation:writeName:bIsAcrobatUpdated
Value:
1
(PID) Process:(1660) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\HomeWelcomeFirstMileReader
Operation:writeName:iCardCountShown
Value:
2
(PID) Process:(1660) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\FTEDialog
Operation:delete valueName:iLastCardShown
Value:
0
(PID) Process:(1328) AcroRd32.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1660) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\SessionManagement
Operation:writeName:bNormalExit
Value:
0
(PID) Process:(1660) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsCurrent\cWin0
Operation:writeName:iTabCount
Value:
0
(PID) Process:(1660) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsCurrent
Operation:writeName:iWinCount
Value:
1
Executable files
1
Suspicious files
251
Text files
46
Unknown types
36

Dropped files

PID
Process
Filename
Type
1232RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0binary
MD5:FDE53AC08AD91107D87BBEDC43B26396
SHA256:D79C872EAAC1F004946471C699D2CC0D2195727CD5ADF4861EDC091C8820D185
1232RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\72d9f526d2e2e7c8_0binary
MD5:654F2821CEF857A53F470355EAA07321
SHA256:5CB31711B10B55139F14E8A9A9A3EF17D220C96AF135DECA796EFF9F4A8F3B6A
1232RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0binary
MD5:0606C9FB07F3261BFF876E8A60DC7307
SHA256:765F4531A4579E448B5AC71DB163BBF777E4DBF304AC908598FACDB5B6DD1BC2
1232RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0binary
MD5:26E8168CE4AD56934BE4CF31CB9F0425
SHA256:4255DD2C04C4CA2B85BE18B6AE1D8F99C3BAB33F4734AF481204F6275E689DB7
1232RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0binary
MD5:634A6E4FD1E45098847F6C15B39A692C
SHA256:8EC1EF50E44695F98DD6426EEF09F48A82A5E4BFB7688E94DCA8B08C566CA4EE
1232RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0binary
MD5:45486F3268D44679CEEC94C92FD6C6C5
SHA256:E3C7F823E53214509CDC5F96A2F87E759E861AFEF1FC41D578EDD9D67BE3DFEA
1232RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0binary
MD5:A62FC01563353A5A41A7BC93974236E7
SHA256:18C5B1A20B65957E27ABA930958D579E22E2986755C6E0B6D6DF2EA2180B8AB0
1232RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0binary
MD5:DF71BCE0994205597E4989BD55E4523F
SHA256:5A0BEDEC8009DDECE89BCBD9B4CF23591F3101EC51269DDAA8B36993FFFC8824
1232RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0binary
MD5:EFA48340DC8A4C2CB77085A7FD613182
SHA256:38A1D415A8C4487C3D0C004BC33AFEB46BD2232F17C144918A4D2E31903DDBAE
1232RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0binary
MD5:E1A67FC4CA617280FF4C6A3D28621B47
SHA256:542D1D1682781C6605DE6B4F86DB70A6A83A00E236BBA6F74B6F31FA2CEAD792
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
87
DNS requests
91
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1328
AcroRd32.exe
GET
200
8.248.147.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3243c4811dd015a1
US
compressed
4.70 Kb
whitelisted
1328
AcroRd32.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
US
der
471 b
whitelisted
3744
iexplore.exe
GET
200
172.64.155.188:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
1.42 Kb
whitelisted
1328
AcroRd32.exe
GET
200
8.248.147.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6a310049cb403f54
US
compressed
4.70 Kb
whitelisted
3744
iexplore.exe
GET
200
104.18.32.68:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
2.18 Kb
whitelisted
3744
iexplore.exe
GET
200
104.18.32.68:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQCeFi55dzenDekVPxbR0Kvd
US
der
472 b
whitelisted
3240
iexplore.exe
GET
200
104.18.32.68:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQCeFi55dzenDekVPxbR0Kvd
US
der
472 b
whitelisted
3080
iexplore.exe
GET
200
8.248.137.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?65f8d05fa3788a01
US
compressed
4.70 Kb
whitelisted
3240
iexplore.exe
GET
200
8.248.137.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0bb3aa63280e8688
US
compressed
4.70 Kb
whitelisted
3080
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1232
RdrCEF.exe
23.35.236.137:443
geo2.adobe.com
AKAMAI-AS
DE
suspicious
34.107.207.124:443
gtly.to
GOOGLE
US
suspicious
3240
iexplore.exe
34.107.207.124:443
gtly.to
GOOGLE
US
suspicious
3240
iexplore.exe
8.248.147.254:80
ctldl.windowsupdate.com
LEVEL3
US
suspicious
1232
RdrCEF.exe
23.22.254.206:443
p13n.adobe.io
AMAZON-AES
US
unknown
3080
iexplore.exe
13.107.22.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3080
iexplore.exe
8.248.147.254:80
ctldl.windowsupdate.com
LEVEL3
US
suspicious
3744
iexplore.exe
34.107.207.124:443
gtly.to
GOOGLE
US
suspicious
1328
AcroRd32.exe
8.248.147.254:80
ctldl.windowsupdate.com
LEVEL3
US
suspicious
1328
AcroRd32.exe
23.48.23.34:443
acroipm2.adobe.com
Akamai International B.V.
DE
suspicious

DNS requests

Domain
IP
Reputation
gtly.to
  • 34.107.207.124
  • 2600:1901:0:56f6::
whitelisted
geo2.adobe.com
  • 23.35.236.137
whitelisted
ctldl.windowsupdate.com
  • 8.248.147.254
  • 8.248.137.254
  • 8.248.145.254
  • 8.248.97.254
  • 8.248.95.254
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.22.200
  • 131.253.33.200
  • 13.107.21.200
  • 204.79.197.200
whitelisted
p13n.adobe.io
  • 23.22.254.206
  • 52.202.204.11
  • 54.227.187.23
  • 52.5.13.197
whitelisted
armmf.adobe.com
  • 23.35.228.137
  • 23.3.108.167
whitelisted
acroipm2.adobe.com
  • 23.48.23.34
  • 23.48.23.54
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
ocsp.comodoca.com
  • 172.64.155.188
  • 104.18.32.68
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET DNS Query for .to TLD
3592
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
3592
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
868
svchost.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
Potentially Bad Traffic
ET DNS Query for .to TLD
Potentially Bad Traffic
ET DNS Query for .to TLD
Potentially Bad Traffic
ET DNS Query for .to TLD
3592
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
3592
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
No debug info