File name:

FY25 TCAP QFR 2025Qtr1 - signed.pdf

Full analysis: https://app.any.run/tasks/a58d0624-2858-4fd7-952d-2f4cbe89ebc3
Verdict: Malicious activity
Analysis date: May 16, 2025, 17:11:45
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
brand-adobe
phishing
phish-img
Indicators:
MIME: application/pdf
File info: PDF document, version 1.7
MD5:

A24EDF6FDABF6B64860900D4918C760B

SHA1:

E89763413BE6B79AC528552759B62DA8CFC35CD0

SHA256:

16CBD86DE7B459D4D7ABDCCCDF422E41FE20D39226D830C997E135BEE1023FFE

SSDEEP:

3072:ENYM7SqZUOSweKL76CkdkDKHyWnW/C/nv6e2sKtAx/U/cVTOG0Ssfkpc9Nnra:pxqZUYNDKFnVCVsZx/U0NcSsfkE9a

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Phishing has been detected

      • Acrobat.exe (PID: 2136)

  • SUSPICIOUS

    • Application launched itself

      • AdobeCollabSync.exe (PID: 7468)

    • Reads security settings of Internet Explorer

      • AdobeCollabSync.exe (PID: 7468)
      • AdobeCollabSync.exe (PID: 7524)

  • INFO

    • Checks supported languages

      • AdobeCollabSync.exe (PID: 7468)
      • AdobeCollabSync.exe (PID: 7524)
      • FullTrustNotifier.exe (PID: 8020)

    • Checks proxy server information

      • AdobeCollabSync.exe (PID: 7468)
      • AdobeCollabSync.exe (PID: 7524)
      • slui.exe (PID: 3008)

    • Adobe logo has been found

      • Acrobat.exe (PID: 2136)

    • Reads the computer name

      • AdobeCollabSync.exe (PID: 7468)
      • AdobeCollabSync.exe (PID: 7524)
      • FullTrustNotifier.exe (PID: 8020)

    • Application launched itself

      • Acrobat.exe (PID: 2136)
      • AcroCEF.exe (PID: 8108)

    • Reads the machine GUID from the registry

      • AdobeCollabSync.exe (PID: 7524)

    • Reads the software policy settings

      • slui.exe (PID: 3008)
      • AdobeCollabSync.exe (PID: 7524)
      • slui.exe (PID: 7376)

    • Creates files or folders in the user directory

      • AdobeCollabSync.exe (PID: 7524)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.pdf | Adobe Portable Document Format (100)

EXIF

PDF

PDFVersion: 1.7
Linearized: No
Encryption: Standard V4.4 (128-bit)
UserAccess: Print, Copy, Extract, Print high-res
Language: EN-US
TaggedPDF: Yes
PageLayout: SinglePage
PageCount: 2
HasXFA: No
ModificationPermissions: No changes permitted
SigningReason: Certified by Adobe Acrobat Sign
SigningDate: 2025:05:16 15:30:52Z
Author: esmency
CreateDate: 2025:05:16 07:05:50-04:00
Creator: Acrobat PDFMaker 25 for Excel
ModifyDate: 2025:05:16 08:30:52-07:00
Producer: Acrobat Sign
Company: Franklin County Data Center

XMP

XMPToolkit: Adobe XMP Core 7.1.0
ModifyDate: 2025:05:16 08:30:52-07:00
CreateDate: 2025:05:16 07:05:50-04:00
MetadataDate: 2025:05:16 08:30:52-07:00
CreatorTool: Acrobat PDFMaker 25 for Excel
DocumentID: uuid:85a9ab73-bb24-4949-89e9-e4aa9cfe2873
InstanceID: uuid:ebeced33-6d41-2dd1-79d7-e5ea6e5f0fc1
Format: application/pdf
Creator: esmency
Producer: Acrobat Sign
Company: Franklin County Data Center
State: 1
Version: 1.1

ICC_Profile

ProfileCMMType: Little CMS
ProfileVersion: 2.3.0
ProfileClass: Display Device Profile
ColorSpaceData: RGB
ProfileConnectionSpace: XYZ
ProfileDateTime: 2004:08:13 12:18:06
ProfileFileSignature: acsp
PrimaryPlatform: Apple Computer Inc.
CMMFlags: Not Embedded, Independent
DeviceManufacturer: Little CMS
DeviceModel: -
DeviceAttributes: Reflective, Glossy, Positive, Color
RenderingIntent: Perceptual
ConnectionSpaceIlluminant: 0.9642 1 0.82491
ProfileCreator: Little CMS
ProfileID: 7fb30d688bf82d32a0e748daf3dba95d
DeviceMfgDesc: lcms generated
ProfileDescription: sRGB
DeviceModelDesc: sRGB
MediaWhitePoint: 0.95015 1 1.08826
RedMatrixColumn: 0.43585 0.22238 0.01392
BlueMatrixColumn: 0.14302 0.06059 0.71384
GreenMatrixColumn: 0.38533 0.71704 0.09714
RedTRC: (Binary data 2060 bytes, use -b option to extract)
GreenTRC: (Binary data 2060 bytes, use -b option to extract)
BlueTRC: (Binary data 2060 bytes, use -b option to extract)
ChromaticityChannels: 3
ChromaticityColorant: Unknown
ChromaticityChannel1: 0.64 0.33
ChromaticityChannel2: 0.3 0.60001
ChromaticityChannel3: 0.14999 0.06
ProfileCopyright: no copyright, use freely
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
150
Monitored processes
18
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start acrobat.exe acrobat.exe no specs sppextcomobj.exe no specs slui.exe adobecollabsync.exe no specs adobecollabsync.exe fulltrustnotifier.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
780"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1608,i,16621195114058484102,6067414781762415048,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
AcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1388"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=renderer --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2992 --field-trial-handle=1608,i,16621195114058484102,6067414781762415048,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2136"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\admin\AppData\Local\Temp\FY25 TCAP QFR 2025Qtr1 - signed.pdf"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
explorer.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrobat.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
3008C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4244"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=gpu-process --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2764 --field-trial-handle=1608,i,16621195114058484102,6067414781762415048,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4380"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1608,i,16621195114058484102,6067414781762415048,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4812"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=gpu-process --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1540 --field-trial-handle=1608,i,16621195114058484102,6067414781762415048,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4980"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=renderer --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1712 --field-trial-handle=1608,i,16621195114058484102,6067414781762415048,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
5008"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=gpu-process --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2600 --field-trial-handle=1608,i,16621195114058484102,6067414781762415048,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
5544"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=renderer --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --first-renderer-process --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --touch-events=enabled --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2172 --field-trial-handle=1608,i,16621195114058484102,6067414781762415048,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
22 622
Read events
22 506
Write events
114
Delete events
2

Modification events

(PID) Process:(2136) Acrobat.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-2034283098-2252572593-1072577386-2659511007-3245387615-27016815-3920691934
Operation:writeName:DisplayName
Value:
Adobe Acrobat Reader Protected Mode
(PID) Process:(7240) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\ExitSection
Operation:writeName:bLastExitNormal
Value:
0
(PID) Process:(7240) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\Collab\cDocumentCenter
Operation:writeName:bAlwaysUseServer
Value:
0
(PID) Process:(7240) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\Collab\cDocumentCenter
Operation:writeName:bAlwaysUseServerFD
Value:
0
(PID) Process:(7240) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\Collab\cDocumentCenter
Operation:writeName:bDefault
Value:
1
(PID) Process:(7240) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\Collab\cDocumentCenter
Operation:writeName:bDefaultFD
Value:
1
(PID) Process:(7240) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\Collab\cDocumentCenter
Operation:writeName:tDistMethod
Value:
UPLOAD
(PID) Process:(7240) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\Collab\cDocumentCenter\cSettings
Operation:writeName:tcSetting
Value:
https://api.share.acrobat.com
(PID) Process:(7240) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\Collab\cDocumentCenter
Operation:writeName:tUI
Value:
Adobe online services (Recommended)
(PID) Process:(7240) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\Collab\cDocumentCenter
Operation:writeName:tURL
Value:
urn://ns.adobe.com/Collaboration/SharedReview/Acrobat.com
Executable files
0
Suspicious files
216
Text files
10
Unknown types
0

Dropped files

PID
Process
Filename
Type
7524AdobeCollabSync.exeC:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18
MD5:
SHA256:
7524AdobeCollabSync.exeC:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18.bak
MD5:
SHA256:
7524AdobeCollabSync.exeC:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-19
MD5:
SHA256:
7524AdobeCollabSync.exeC:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-19.bak
MD5:
SHA256:
7240Acrobat.exeC:\Users\admin\AppData\Local\Temp\acrobat_sbx\A9k260t7_zzht84_5l4.tmp\SecuritySettings.xml
MD5:
SHA256:
7240Acrobat.exeC:\Users\admin\AppData\Local\Temp\acrobat_sbx\A9tm67yv_zzht85_5l4.tmp
MD5:
SHA256:
7524AdobeCollabSync.exeC:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journalbinary
MD5:2B6533D2782D4375AB21768FB002DE79
SHA256:ADCE96A0D421FD0C8D0A73FBF9D4065ADC33343E05EE110387953C9AEB4A4F46
7524AdobeCollabSync.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:1D61262CF556554B8606BBA00D92FBA6
SHA256:A7A0A37CDFFB81DAE862AA234AAF9132CC651B4DD978639C9A868B29B9C95CE5
7524AdobeCollabSync.exeC:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizerbinary
MD5:DCD066A1C8CA38D94ACA4E5DF6CA20BF
SHA256:E484D26709945669E18A3D0A7F95E3EA943D4170736EDD8FEDFE3F69A7B8D25E
7240Acrobat.exeC:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\notificationsDBbinary
MD5:7D3288CE7E6D89EFEECB2F403F0F25AC
SHA256:90B49D06A0B64D0C8EA781B317C0E6BC6F9AB521A07096A94611DFFEDFA86185
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
31
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.134:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7524
AdobeCollabSync.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
2136
Acrobat.exe
POST
200
2.17.190.73:80
http://ocsp.digicert.com/
unknown
whitelisted
2136
Acrobat.exe
POST
200
2.17.190.73:80
http://ocsp.digicert.com/
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7892
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2136
Acrobat.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAfy81yHqHeveu%2FpR5k1Jb0%3D
unknown
whitelisted
2136
Acrobat.exe
POST
200
2.17.190.73:80
http://ocsp.digicert.com/
unknown
whitelisted
7892
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2516
RUXIMICS.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
23.48.23.134:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2112
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
7524
AdobeCollabSync.exe
23.212.202.90:443
trustlist.adobe.com
AKAMAI-AS
AU
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.48.23.134
  • 23.48.23.140
  • 23.48.23.145
  • 23.48.23.147
  • 23.48.23.146
  • 23.48.23.141
  • 23.48.23.148
  • 23.48.23.144
  • 23.48.23.194
whitelisted
google.com
  • 142.250.185.174
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 23.52.120.96
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
trustlist.adobe.com
  • 23.212.202.90
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
login.live.com
  • 40.126.31.69
  • 40.126.31.2
  • 40.126.31.71
  • 40.126.31.128
  • 20.190.159.4
  • 40.126.31.0
  • 20.190.159.64
  • 20.190.159.2
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
geo2.adobe.com
  • 23.35.236.137
whitelisted
p13n.adobe.io
  • 18.207.85.246
  • 34.193.227.236
  • 107.22.247.231
  • 54.144.73.197
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
FY25 TCAP QFR 2025Qtr1 - signed.pdf