analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

NOTIFICACIÓN FALLO No 99807-40806-2022.pdf

Full analysis: https://app.any.run/tasks/20acf6c7-024a-4334-ba88-2d7ec22f2009
Verdict: Malicious activity
Analysis date: January 24, 2022, 22:19:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
generated-doc
Indicators:
MIME: application/pdf
File info: PDF document, version 1.5
MD5:

0BAE5157B11366D2FE37D8880F851F3F

SHA1:

05C5CD0D926873A72B75859710D018233B592CBE

SHA256:

680E2AF5983D9FBE23C6777EB285B206627C9933AA82C40B002C6D65BADF0155

SSDEEP:

1536:G9ecVGpKHpYGKvl+WYTXj4tIljuo2XWP12RjQsjjlqLi3Cx5Lhtm8ib9KLk46QJX:ieUGkPKAXOIj52WuoLig88gkT9VFcpY1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads the computer name

      • AdobeARM.exe (PID: 2840)
    • Checks supported languages

      • AdobeARM.exe (PID: 2840)
      • Reader_sl.exe (PID: 3832)
    • Starts Internet Explorer

      • AcroRd32.exe (PID: 3204)
    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3272)
      • iexplore.exe (PID: 3588)
      • iexplore.exe (PID: 3680)
  • INFO

    • Checks supported languages

      • AcroRd32.exe (PID: 3204)
      • RdrCEF.exe (PID: 1936)
      • RdrCEF.exe (PID: 3808)
      • RdrCEF.exe (PID: 1808)
      • RdrCEF.exe (PID: 2212)
      • AcroRd32.exe (PID: 3088)
      • RdrCEF.exe (PID: 2152)
      • RdrCEF.exe (PID: 1524)
      • RdrCEF.exe (PID: 2732)
      • iexplore.exe (PID: 3508)
      • RdrCEF.exe (PID: 3032)
      • iexplore.exe (PID: 3272)
      • explorer.exe (PID: 3368)
      • iexplore.exe (PID: 3284)
      • iexplore.exe (PID: 3588)
      • iexplore.exe (PID: 3732)
      • iexplore.exe (PID: 3680)
    • Reads the computer name

      • AcroRd32.exe (PID: 3088)
      • AcroRd32.exe (PID: 3204)
      • RdrCEF.exe (PID: 3808)
      • iexplore.exe (PID: 3508)
      • iexplore.exe (PID: 3272)
      • explorer.exe (PID: 3368)
      • iexplore.exe (PID: 3284)
      • iexplore.exe (PID: 3588)
      • iexplore.exe (PID: 3732)
      • iexplore.exe (PID: 3680)
    • Reads CPU info

      • AcroRd32.exe (PID: 3088)
    • Reads the hosts file

      • RdrCEF.exe (PID: 3808)
    • Application launched itself

      • AcroRd32.exe (PID: 3204)
      • RdrCEF.exe (PID: 3808)
      • iexplore.exe (PID: 3508)
      • iexplore.exe (PID: 3284)
      • iexplore.exe (PID: 3732)
    • Searches for installed software

      • AcroRd32.exe (PID: 3204)
      • AcroRd32.exe (PID: 3088)
    • Reads settings of System Certificates

      • AcroRd32.exe (PID: 3204)
      • RdrCEF.exe (PID: 3808)
      • iexplore.exe (PID: 3272)
      • iexplore.exe (PID: 3508)
      • iexplore.exe (PID: 3588)
      • iexplore.exe (PID: 3284)
      • iexplore.exe (PID: 3680)
    • Checks Windows Trust Settings

      • AcroRd32.exe (PID: 3204)
      • iexplore.exe (PID: 3272)
      • iexplore.exe (PID: 3508)
      • iexplore.exe (PID: 3588)
      • iexplore.exe (PID: 3284)
      • iexplore.exe (PID: 3680)
      • iexplore.exe (PID: 3732)
    • Changes internet zones settings

      • iexplore.exe (PID: 3508)
      • iexplore.exe (PID: 3284)
      • iexplore.exe (PID: 3732)
    • Creates files in the user directory

      • iexplore.exe (PID: 3272)
      • iexplore.exe (PID: 3284)
      • iexplore.exe (PID: 3680)
    • Reads the date of Windows installation

      • iexplore.exe (PID: 3508)
      • iexplore.exe (PID: 3284)
      • iexplore.exe (PID: 3732)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3272)
      • iexplore.exe (PID: 3588)
    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3508)
    • Manual execution by user

      • explorer.exe (PID: 3368)
    • Changes settings of System certificates

      • iexplore.exe (PID: 3284)
    • Dropped object may contain Bitcoin addresses

      • iexplore.exe (PID: 3284)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3284)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.pdf | Adobe Portable Document Format (100)

EXIF

PDF

Producer: Microsoft® Word 2010
ModifyDate: 2022:01:19 09:49:30-05:00
CreateDate: 2022:01:19 09:49:30-05:00
Creator: Microsoft® Word 2010
Author: PC
TaggedPDF: Yes
Language: es-CO
PageCount: 1
Linearized: No
PDFVersion: 1.5
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
61
Monitored processes
19
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start acrord32.exe acrord32.exe no specs rdrcef.exe rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs adobearm.exe no specs reader_sl.exe no specs iexplore.exe iexplore.exe explorer.exe no specs iexplore.exe iexplore.exe iexplore.exe no specs iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3204"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\AppData\Local\Temp\NOTIFICACI�N FALLO No 99807-40806-2022.pdf"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Explorer.EXE
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat Reader DC
Version:
20.13.20064.405839
3088"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer "C:\Users\admin\AppData\Local\Temp\NOTIFICACI�N FALLO No 99807-40806-2022.pdf"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeAcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat Reader DC
Version:
20.13.20064.405839
3808"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
AcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
1808"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1180,10994401618290007579,7030215071322215631,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12670176849352556708 --renderer-client-id=2 --mojo-platform-channel-handle=1188 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
0
Version:
20.13.20064.405839
1936"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1180,10994401618290007579,7030215071322215631,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=6041554622522009135 --mojo-platform-channel-handle=1216 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
2212"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1180,10994401618290007579,7030215071322215631,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=15545973980397206561 --mojo-platform-channel-handle=1416 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
2152"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1180,10994401618290007579,7030215071322215631,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=11688391315040444077 --mojo-platform-channel-handle=1468 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
1524"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1180,10994401618290007579,7030215071322215631,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9096125310986574276 --renderer-client-id=6 --mojo-platform-channel-handle=1212 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
2732"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1180,10994401618290007579,7030215071322215631,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14716203904937959042 --renderer-client-id=7 --mojo-platform-channel-handle=1640 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
3032"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1180,10994401618290007579,7030215071322215631,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15522252154063937870 --renderer-client-id=8 --mojo-platform-channel-handle=1836 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
Total events
40 490
Read events
40 125
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
164
Text files
25
Unknown types
21

Dropped files

PID
Process
Filename
Type
3808RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0binary
MD5:BF3154F4E09BA2C02FEDC4F33DC13B78
SHA256:4618491870EE09D9B521DB5561E5A4CC5370E35B39E8C1EA02090C3A837F74D6
3808RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0binary
MD5:2401C06DBC863EB68448AB710F57F570
SHA256:7FE78E0CBD04FCC59ECFE3D3DD3CF0856E6E1C37CA9DB9510E063996D63BF779
3808RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0binary
MD5:520B4DA59247A5B23738DAE5E72FA622
SHA256:FBA679D4FECD0C3C41059B095795B4329FB179B4815616475E0126748DAE46A9
3808RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0binary
MD5:9988F07080755A4AD189CCB8203E5E5B
SHA256:CF8516F3CBFF02AD5A465E94B855FAFED08F1E36F6222C686D6461A0555F8F04
3808RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\72d9f526d2e2e7c8_0binary
MD5:D4B731A796BEC77E4ED86E97E2C49AC9
SHA256:0223A1346B2D0F524B80872116A226C271F45620FFF076F6C041C979B2ED9173
3808RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0binary
MD5:1BDC8CBB496AF2AAC9FFF4D1DADF4CBA
SHA256:D157FAE4E4D9A7C782F41C0901F064650EC56EA9B2C71A3BC43487ACD15BF9C0
3808RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0binary
MD5:EEC60C7B6D347EAEDDD49552576B1028
SHA256:952C6780E7D6261E76FE7CBD83346D650A2DCCD46F8F363C033222D7B476CA0E
3808RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0binary
MD5:8B29F6CCEE958965C664451FF67BCA81
SHA256:F48A30A7C82331114A656E1CB18227F96950C1F4BF7CE43868271875C535D088
3808RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0binary
MD5:865D224196666D788E55B812799A8936
SHA256:8379522CB6574FF8F5BD33C11D3D807B6A86D0130401D6A4A1B6F17BBAF3EF2B
3808RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0binary
MD5:E39C418F8009CA57192B196984B1C98A
SHA256:7DA29F144569BC718EDE5EB22A4A7882D747981018202FDFA0D797616A286E50
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
49
DNS requests
30
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3508
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3272
iexplore.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEA9%2FdKivN6zeCgAAAAErf8I%3D
US
der
471 b
whitelisted
3272
iexplore.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
3204
AcroRd32.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
3272
iexplore.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
der
724 b
whitelisted
3284
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
3272
iexplore.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQC04WHG3wyS9QoAAAABK3x8
US
der
472 b
whitelisted
3284
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D
US
der
471 b
whitelisted
3272
iexplore.exe
GET
200
67.26.81.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ba53f832073962bf
US
compressed
4.70 Kb
whitelisted
3272
iexplore.exe
GET
200
67.26.81.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?31fc04e7a76608d0
US
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3808
RdrCEF.exe
2.18.233.74:443
geo2.adobe.com
Akamai International B.V.
whitelisted
3204
AcroRd32.exe
67.27.233.126:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
3204
AcroRd32.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3204
AcroRd32.exe
2.16.107.24:443
acroipm2.adobe.com
Akamai International B.V.
malicious
3808
RdrCEF.exe
23.22.254.206:443
p13n.adobe.io
Amazon.com, Inc.
US
suspicious
3204
AcroRd32.exe
8.253.95.249:80
ctldl.windowsupdate.com
Global Crossing
US
suspicious
3272
iexplore.exe
67.26.81.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
924
svchost.exe
2.18.233.74:443
geo2.adobe.com
Akamai International B.V.
whitelisted
3204
AcroRd32.exe
67.26.81.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
3272
iexplore.exe
142.250.185.110:443
drive.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
geo2.adobe.com
  • 2.18.233.74
whitelisted
p13n.adobe.io
  • 23.22.254.206
  • 52.202.204.11
  • 54.227.187.23
  • 52.5.13.197
whitelisted
armmf.adobe.com
  • 2.18.233.74
whitelisted
acroipm2.adobe.com
  • 2.16.107.24
  • 2.16.107.49
whitelisted
ctldl.windowsupdate.com
  • 67.26.81.254
  • 67.27.233.126
  • 8.253.95.249
  • 8.253.95.121
  • 8.248.131.254
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
drive.google.com
  • 142.250.185.110
  • 142.250.186.142
shared
ocsp.pki.goog
  • 142.250.181.227
whitelisted
doc-10-4g-docs.googleusercontent.com
  • 142.250.184.193
shared
api.bing.com
  • 13.107.13.80
  • 13.107.5.80
whitelisted

Threats

No threats detected
No debug info