analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

cbae92f47ef31b8347dbc965764397fc.zip

Full analysis: https://app.any.run/tasks/a8b434ee-3cf8-4bcb-a5c0-fd45adf10c0c
Verdict: Malicious activity
Analysis date: June 27, 2022, 08:53:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

34F25C0D4CCED0216098DF6D0271C5B0

SHA1:

01D1196D99884BF5ACC2235D4EB2B53C7538D8B1

SHA256:

246B1467221ED13830AAFA8A167620CC055F8D7E1D274814AF59F72F444ED235

SSDEEP:

768:aPw3Uflz54K1/HtVy123EiPhCD2J0nlivjYOS/HxqE/1n2TjSMrj7E:AfjBy1XYJ0nw7Y//J2ZA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops executable file immediately after starts

      • RdrCEF.exe (PID: 1532)
      • RdrCEF.exe (PID: 3604)

  • SUSPICIOUS

    • Reads the computer name

      • WinRAR.exe (PID: 1912)

    • Checks supported languages

      • WinRAR.exe (PID: 1912)

    • Reads the date of Windows installation

      • rundll32.exe (PID: 3224)

    • Reads default file associations for system extensions

      • rundll32.exe (PID: 3224)

    • Drops a file with a compile date too recent

      • RdrCEF.exe (PID: 1532)
      • RdrCEF.exe (PID: 3604)

  • INFO

    • Checks supported languages

      • explorer.exe (PID: 3652)
      • rundll32.exe (PID: 3224)
      • AcroRd32.exe (PID: 3968)
      • AcroRd32.exe (PID: 2936)
      • RdrCEF.exe (PID: 1532)
      • RdrCEF.exe (PID: 1988)
      • RdrCEF.exe (PID: 3564)
      • RdrCEF.exe (PID: 3700)
      • RdrCEF.exe (PID: 1688)
      • RdrCEF.exe (PID: 2912)
      • RdrCEF.exe (PID: 2872)
      • AcroRd32.exe (PID: 452)
      • AcroRd32.exe (PID: 2768)
      • RdrCEF.exe (PID: 3604)
      • RdrCEF.exe (PID: 2372)
      • RdrCEF.exe (PID: 532)
      • RdrCEF.exe (PID: 392)
      • RdrCEF.exe (PID: 1872)

    • Reads the computer name

      • explorer.exe (PID: 3652)
      • rundll32.exe (PID: 3224)
      • AcroRd32.exe (PID: 3968)
      • AcroRd32.exe (PID: 2936)
      • RdrCEF.exe (PID: 1532)
      • AcroRd32.exe (PID: 452)
      • AcroRd32.exe (PID: 2768)
      • RdrCEF.exe (PID: 3604)

    • Manual execution by user

      • explorer.exe (PID: 3652)
      • rundll32.exe (PID: 3224)
      • AcroRd32.exe (PID: 452)

    • Application launched itself

      • AcroRd32.exe (PID: 3968)
      • RdrCEF.exe (PID: 1532)
      • AcroRd32.exe (PID: 452)
      • RdrCEF.exe (PID: 3604)

    • Reads CPU info

      • AcroRd32.exe (PID: 2936)
      • AcroRd32.exe (PID: 2768)

    • Searches for installed software

      • AcroRd32.exe (PID: 3968)
      • AcroRd32.exe (PID: 2936)
      • AcroRd32.exe (PID: 452)
      • AcroRd32.exe (PID: 2768)

    • Reads the hosts file

      • RdrCEF.exe (PID: 1532)
      • RdrCEF.exe (PID: 3604)

    • Reads settings of System Certificates

      • AcroRd32.exe (PID: 3968)
      • RdrCEF.exe (PID: 1532)
      • AcroRd32.exe (PID: 452)

    • Checks Windows Trust Settings

      • AcroRd32.exe (PID: 3968)
      • AcroRd32.exe (PID: 452)

    • Creates files in the user directory

      • AcroRd32.exe (PID: 3968)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: crash-81154a65438ba5aaeca73fd502fa4850fbde60f8.tif
ZipUncompressedSize: 42224
ZipCompressedSize: 38008
ZipCRC: 0xf17b5ce8
ZipModifyDate: 2022:02:20 02:11:09
ZipCompression: Deflated
ZipBitFlag: 0x0001
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
54
Monitored processes
19
Malicious processes
1
Suspicious processes
3

Behavior graph

Click at the process to see the details
start winrar.exe no specs explorer.exe no specs rundll32.exe no specs acrord32.exe acrord32.exe no specs rdrcef.exe rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs acrord32.exe no specs acrord32.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1912"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\cbae92f47ef31b8347dbc965764397fc.zip"C:\Program Files\WinRAR\WinRAR.exeExplorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
3652"C:\Windows\explorer.exe" C:\Windows\explorer.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3224"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\Pictures\crash-81154a65438ba5aaeca73fd502fa4850fbde60f8.tifC:\Windows\system32\rundll32.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3968"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\Pictures\crash-81154a65438ba5aaeca73fd502fa4850fbde60f8.tif"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
rundll32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat Reader DC
Exit code:
1
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2936"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer "C:\Users\admin\Pictures\crash-81154a65438ba5aaeca73fd502fa4850fbde60f8.tif"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeAcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat Reader DC
Exit code:
1
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1532"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
AcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
0
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3564"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1184,1909810128143619495,4117345998562959615,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6209234068807919139 --renderer-client-id=2 --mojo-platform-channel-handle=1192 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
0
Version:
20.13.20064.405839
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1988"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1184,1909810128143619495,4117345998562959615,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=18214019118666137980 --mojo-platform-channel-handle=1216 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3700"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1184,1909810128143619495,4117345998562959615,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=8555608119318289428 --mojo-platform-channel-handle=1384 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
1688"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1184,1909810128143619495,4117345998562959615,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=2976828541000349557 --mojo-platform-channel-handle=1460 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
Total events
26 391
Read events
26 049
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
167
Text files
9
Unknown types
6

Dropped files

PID
Process
Filename
Type
1532RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0binary
MD5:3D79B90A4D4ECA4276279FCF4224FA6E
SHA256:172B02E84425A2BACC56CDE88F30D838908EF64BE7039207AD39F8BAFD9A6F2D
1532RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0binary
MD5:5CD54BFE356C834BA3950A62CED64C87
SHA256:DDF90F20443897FFB139A3F1D537E44F564400839033C969870C30D249DFC257
1532RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0binary
MD5:1A78CF12D3FC31DE18CC6F27953BF81F
SHA256:9B301659493F936A35CBB3CDD1E976422D589AB483E621D7E252DE408323FD50
1532RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0binary
MD5:E52273A28564CEA1C476DEAD8E3F53E0
SHA256:E98866EEFEFFE5DE752510C80BCFDB449C9C8125DD3A792CFF46D40A335041EA
1532RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0binary
MD5:D762258260ED2BDA10FEADABA1E29F75
SHA256:3C258CE96C1440DD7C68CAC4B87B40F69C9BC8253A74EBC63ED933E036C27354
1532RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0binary
MD5:4536861754509319C6621559D3E6152D
SHA256:7268904D41D91136A62A1CC6735F213884FD82DD2911AE692406975B6D130587
1532RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0binary
MD5:F125043DC55425AB4E86F3654B141BA9
SHA256:AE270103ECEC38E6E71052C36E9BBDF1B26C44222AC8F3DD8BD3018A57D99636
1532RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0binary
MD5:4708A218D6A668D838A2F2E834BCF9FE
SHA256:347790AA6AC1B76417693445A87ACFFE549E8695A6FA3D35EDD7011AC35CB525
1532RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0binary
MD5:F5A99C569039CDF122A33AB46E426E1B
SHA256:75BF290649F3E497E686F3AC726D9B3219193CB9AA3FDA4D1B642AAF1F1C3EC7
1532RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0binary
MD5:87D29B7376251F397892E9739C1E8322
SHA256:9F12EA8467BFAD67C5C7EE2ACAF9E6DC183D79C9ADAB06A72B7A84350B5A3F8F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
9
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3968
AcroRd32.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
3968
AcroRd32.exe
GET
200
92.123.195.57:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a5d9ee54ce7f83f3
unknown
compressed
4.70 Kb
whitelisted
3968
AcroRd32.exe
GET
200
92.123.195.57:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6cee0c620f4772c1
unknown
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1532
RdrCEF.exe
104.102.28.179:443
geo2.adobe.com
Akamai Technologies, Inc.
US
unknown
3968
AcroRd32.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3968
AcroRd32.exe
92.123.195.57:80
ctldl.windowsupdate.com
Akamai International B.V.
whitelisted
3968
AcroRd32.exe
92.123.225.24:443
acroipm2.adobe.com
Akamai International B.V.
suspicious
1532
RdrCEF.exe
54.227.187.23:443
p13n.adobe.io
Amazon.com, Inc.
US
suspicious
1532
RdrCEF.exe
23.35.228.137:443
armmf.adobe.com
Zayo Bandwidth Inc
US
suspicious

DNS requests

Domain
IP
Reputation
geo2.adobe.com
  • 104.102.28.179
whitelisted
p13n.adobe.io
  • 54.227.187.23
  • 52.202.204.11
  • 23.22.254.206
  • 52.5.13.197
whitelisted
armmf.adobe.com
  • 23.35.228.137
whitelisted
acroipm2.adobe.com
  • 92.123.225.24
  • 92.123.225.41
  • 92.123.225.11
  • 92.123.225.82
  • 92.123.225.59
  • 92.123.225.9
whitelisted
ctldl.windowsupdate.com
  • 92.123.195.57
  • 92.123.195.41
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
cbae92f47ef31b8347dbc965764397fc.zip