File name: | InstitutionalApplication.pdf |
Full analysis: | https://app.any.run/tasks/6b6218f6-2b90-462d-9084-fd86af6a40ac |
Verdict: | Malicious activity |
Threats: | A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. |
Analysis date: | January 24, 2022, 15:33:19 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/pdf |
File info: | PDF document, version 1.7 |
MD5: | 8E9766F370F3B7C0CF0638FACD679227 |
SHA1: | 4824045F708EDD215219A9A9F4B240163C60F18B |
SHA256: | 54ACCC6D7FF28843E6D4D66ADC0E9ADCBE3F5E2E20E7DAECE85595E31DC7588E |
SSDEEP: | 6144:tEBN+SfcFwVAegyTd9i/rpPZHy1BIkq+mEHHEwpfi7PpwTMgxwGwyl/e3NArXpo:tEN+S0TiqyAArXpo |
| | Adobe Portable Document Format (100) |
Trapped: | - |
---|---|
Producer: | Adobe PDF Library 15.0 |
Format: | application/pdf |
HistoryWhen: | 2021:10:04 15:27:04-04:00 |
HistoryChanged: | / |
HistorySoftwareAgent: | Adobe InDesign 16.2 (Macintosh) |
HistoryParameters: | from application/x-indesign to application/pdf |
HistoryAction: | converted |
DerivedFromRenditionClass: | default |
DerivedFromOriginalDocumentID: | xmp.did:fe066db2-d7ed-4cc6-9fe5-30d7ca780be0 |
DerivedFromDocumentID: | xmp.did:4e10d1ef-0216-47fc-8145-cc1d5debf3f1 |
DerivedFromInstanceID: | xmp.iid:ddb7a1ae-caff-4ca6-89aa-66a9c29ab4c2 |
RenditionClass: | proof:pdf |
DocumentID: | xmp.id:d5f5dc9a-a558-4f31-b637-38f62048f020 |
OriginalDocumentID: | xmp.did:fe066db2-d7ed-4cc6-9fe5-30d7ca780be0 |
InstanceID: | uuid:7c244116-40d5-9e42-b831-b1784a4de902 |
CreatorTool: | Adobe InDesign 16.2 (Macintosh) |
ModifyDate: | 2021:10:04 15:27:06-04:00 |
MetadataDate: | 2021:10:04 15:27:06-04:00 |
CreateDate: | 2021:10:04 15:27:04-04:00 |
XMPToolkit: | Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 |
Trapped: | - |
---|---|
Producer: | Adobe PDF Library 15.0 |
ModifyDate: | 2021:10:04 15:27:06-04:00 |
Creator: | Adobe InDesign 16.2 (Macintosh) |
CreateDate: | 2021:10:04 15:27:04-04:00 |
PageCount: | 9 |
Language: | en-US |
HasXFA: | No |
Linearized: | Yes |
PDFVersion: | 1.7 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3980 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\AppData\Local\Temp\InstitutionalApplication.pdf" | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | Explorer.EXE | ||||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe Acrobat Reader DC Version: 20.13.20064.405839 Modules
| |||||||||||||||
3904 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer "C:\Users\admin\AppData\Local\Temp\InstitutionalApplication.pdf" | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | AcroRd32.exe | |||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe Acrobat Reader DC Version: 20.13.20064.405839 Modules
| |||||||||||||||
2228 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | AcroRd32.exe | ||||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Version: 20.13.20064.405839 Modules
| |||||||||||||||
3396 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1180,1430351759683397787,6841567238502883560,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4366760220352983720 --renderer-client-id=2 --mojo-platform-channel-handle=1188 --allow-no-sandbox-job /prefetch:1 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe | |||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Exit code: 0 Version: 20.13.20064.405839 Modules
| |||||||||||||||
3636 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1180,1430351759683397787,6841567238502883560,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=1356331672578233294 --mojo-platform-channel-handle=1212 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe | |||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Exit code: 1 Version: 20.13.20064.405839 Modules
| |||||||||||||||
3676 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1180,1430351759683397787,6841567238502883560,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=47768836358545687 --mojo-platform-channel-handle=1264 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe | |||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Exit code: 1 Version: 20.13.20064.405839 Modules
| |||||||||||||||
3712 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1180,1430351759683397787,6841567238502883560,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=5529972981449926715 --mojo-platform-channel-handle=1472 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe | |||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Exit code: 1 Version: 20.13.20064.405839 Modules
| |||||||||||||||
2388 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1180,1430351759683397787,6841567238502883560,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17713693215816810867 --renderer-client-id=6 --mojo-platform-channel-handle=1528 --allow-no-sandbox-job /prefetch:1 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe | |||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Version: 20.13.20064.405839 Modules
| |||||||||||||||
1512 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1180,1430351759683397787,6841567238502883560,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18356744442792283538 --renderer-client-id=7 --mojo-platform-channel-handle=1420 --allow-no-sandbox-job /prefetch:1 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe | |||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Version: 20.13.20064.405839 Modules
| |||||||||||||||
3564 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1180,1430351759683397787,6841567238502883560,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3546826658032637253 --renderer-client-id=8 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe | |||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Version: 20.13.20064.405839 Modules
|
(PID) Process: | (3904) AcroRd32.exe | Key: | HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\ExitSection |
Operation: | write | Name: | bLastExitNormal |
Value: 0 | |||
(PID) Process: | (3904) AcroRd32.exe | Key: | HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral |
Operation: | write | Name: | iNumReaderLaunches |
Value: 2 | |||
(PID) Process: | (3904) AcroRd32.exe | Key: | HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\FTEDialog |
Operation: | write | Name: | bShowUpdateFTE |
Value: 1 | |||
(PID) Process: | (3904) AcroRd32.exe | Key: | HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\HomeWelcome |
Operation: | write | Name: | bIsAcrobatUpdated |
Value: 1 | |||
(PID) Process: | (3904) AcroRd32.exe | Key: | HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\HomeWelcomeFirstMileReader |
Operation: | write | Name: | iCardCountShown |
Value: 2 | |||
(PID) Process: | (3904) AcroRd32.exe | Key: | HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\FTEDialog |
Operation: | delete value | Name: | iLastCardShown |
Value: 0 | |||
(PID) Process: | (3904) AcroRd32.exe | Key: | HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\DiskCabs |
Operation: | write | Name: | bForms_AdhocWorkflowBackup |
Value: 0 | |||
(PID) Process: | (3904) AcroRd32.exe | Key: | HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\DiskCabs |
Operation: | write | Name: | bJSCache_GlobData |
Value: 1 | |||
(PID) Process: | (3904) AcroRd32.exe | Key: | HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\DC\DiskCabs |
Operation: | write | Name: | bJSCache_GlobSettings |
Value: 0 | |||
(PID) Process: | (3980) AcroRd32.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US |
PID | Process | Filename | Type | |
---|---|---|---|---|
2228 | RdrCEF.exe | C:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0 | binary | |
MD5:64AAF00EB45D09424F93D0A871CC23A4 | SHA256:D879D88F6FD1985F4E6DD4C5C520C68C378F92E945AFCC4075427369B6379D2E | |||
2228 | RdrCEF.exe | C:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0 | binary | |
MD5:E29D9B7EA5C7D9D50701F301C12D69F1 | SHA256:78FB238362F406AE322D20B4F5E70AB9C4FB30C4F61C346871C62871C39A76DB | |||
2228 | RdrCEF.exe | C:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0 | binary | |
MD5:C5E42A1F07D87D502A0ECC74E88AA96B | SHA256:137463A6F5A557764BDF4240105BF78E935BE759B0ADD51820C25AC839231274 | |||
2228 | RdrCEF.exe | C:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0 | binary | |
MD5:BF83E372EABACCF36371F4AAAD3CB8BF | SHA256:06514A4727C70A92F392D9B2251942962127E8985E9E2044B650F063E2A69EFB | |||
2228 | RdrCEF.exe | C:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0 | binary | |
MD5:6F351F425E1924D5011D6703CC433E01 | SHA256:EE63B5C77A5DCD1AF15F60BF6D70EDA9CF28BC2A5D8029D6530768C43D59C113 | |||
2228 | RdrCEF.exe | C:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0 | binary | |
MD5:965AC8A49A4BB2CFEE9D9D38907F3911 | SHA256:70099E067E21E7E9C5F965283DFB0D3AF8A251D4D5BA86F0680C594372A64156 | |||
2228 | RdrCEF.exe | C:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\72d9f526d2e2e7c8_0 | binary | |
MD5:CAB98FACCDCE8AE8C9DE727453903E39 | SHA256:6B1A7287CD81D29A69C7A70B21E4C622259C750DA208CF44BB0C484ED1F9B1E3 | |||
2228 | RdrCEF.exe | C:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0 | binary | |
MD5:8E949B0357A0F096315C65C144295270 | SHA256:EE53E01D05B3E223A3AAD2E7BDE45C5B3B18515607A480558B114AD87BF7C349 | |||
3904 | AcroRd32.exe | C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9Rrw0ipq_1vxex5t_30g.tmp | ||
MD5:9E8E26C257AB573FA8347031EF740FA7 | SHA256:ADF397C91B1A223A049F23F509F2E58430423C974CDB0C27731A0B71232CBAE4 | |||
2228 | RdrCEF.exe | C:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0 | binary | |
MD5:BF8C2DA9168CFCCB828CE3EB0C42741F | SHA256:05CF69229CC48E819926056F48A2453A7A6EF4FF6572C6C4494535808DADAF62 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3980 | AcroRd32.exe | GET | 304 | 23.32.238.129:80 | http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_13_20064.zip | US | — | — | whitelisted |
3980 | AcroRd32.exe | GET | 304 | 23.32.238.129:80 | http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_13_20064.zip | US | — | — | whitelisted |
3980 | AcroRd32.exe | GET | 304 | 23.32.238.129:80 | http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_13_20064.zip | US | — | — | whitelisted |
3980 | AcroRd32.exe | GET | 304 | 23.32.238.123:80 | http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_13_20064.zip | US | — | — | whitelisted |
3704 | AdobeARM.exe | GET | — | 2.16.107.113:80 | http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/2101120039/AcroRdrDCUpd2101120039.msi | unknown | — | — | whitelisted |
3980 | AcroRd32.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b1c9b8d2163a2d2c | US | compressed | 4.70 Kb | whitelisted |
3980 | AcroRd32.exe | GET | 200 | 93.184.221.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ad2ddb176bb6aefa | US | compressed | 4.70 Kb | whitelisted |
3980 | AcroRd32.exe | GET | 200 | 23.32.238.123:80 | http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip | US | compressed | 10.1 Kb | whitelisted |
3704 | AdobeARM.exe | GET | 200 | 2.18.233.74:80 | http://armmf.adobe.com/arm-manifests/win/ReaderDCManifest3.msi | unknown | executable | 19.5 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3980 | AcroRd32.exe | 23.32.238.129:443 | acroipm2.adobe.com | XO Communications | US | suspicious |
— | — | 2.18.233.74:443 | armmf.adobe.com | Akamai International B.V. | — | whitelisted |
— | — | 52.5.13.197:443 | p13n.adobe.io | Amazon.com, Inc. | US | suspicious |
— | — | 184.30.24.134:443 | geo2.adobe.com | GTT Communications Inc. | US | suspicious |
3980 | AcroRd32.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2228 | RdrCEF.exe | 184.30.24.134:443 | geo2.adobe.com | GTT Communications Inc. | US | suspicious |
3980 | AcroRd32.exe | 23.32.238.129:80 | acroipm2.adobe.com | XO Communications | US | suspicious |
3704 | AdobeARM.exe | 2.18.233.74:80 | armmf.adobe.com | Akamai International B.V. | — | whitelisted |
2704 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
3096 | iexplore.exe | 104.16.53.111:443 | help.paxos.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
geo2.adobe.com |
| whitelisted |
p13n.adobe.io |
| whitelisted |
armmf.adobe.com |
| whitelisted |
acroipm2.adobe.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
help.paxos.com |
| malicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ardownload3.adobe.com |
| whitelisted |
ardownload.adobe.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
924 | svchost.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |
924 | svchost.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |