File name:

PDF2003049000048003002.pdf

Full analysis: https://app.any.run/tasks/20c2b057-dd41-41a0-bb41-04822d120990
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: July 31, 2024, 20:17:28
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
Indicators:
MIME: application/octet-stream
File info: data
MD5:

CA00472B2AF43BF9F6DC1EB48A5946A6

SHA1:

3FCC8265ECB2E3CA1187F5597A43A6026D23A63E

SHA256:

8BE17769EFF442E9756C7F870F444A67A19B7BADB5E9E788A036B2300ED99D88

SSDEEP:

1536:n9BIvwtKTv9BsvuWllXH4Cbiu6roTaFeB4boGr:uwITv9BsW0HvWu6rKaBxr

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • setup.exe (PID: 2616)
      • setup.exe (PID: 6172)
      • setup.exe (PID: 6788)
      • setup.exe (PID: 5920)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • adobe_licensing_wf_acro.exe (PID: 7960)

    • Application launched itself

      • setup.exe (PID: 2616)
      • setup.exe (PID: 6788)

  • INFO

    • Executable content was dropped or overwritten

      • AdobeARM.exe (PID: 7228)

    • Checks supported languages

      • acrobat_sl.exe (PID: 7396)
      • adobe_licensing_wf_helper_acro.exe (PID: 8068)
      • adobe_licensing_wf_acro.exe (PID: 7960)
      • adobe_licensing_wf_helper_acro.exe (PID: 8112)
      • adobe_licensing_wf_helper_acro.exe (PID: 8140)
      • adobe_licensing_wf_helper_acro.exe (PID: 6496)
      • adobe_licensing_wf_helper_acro.exe (PID: 3984)
      • adobe_licensing_wf_helper_acro.exe (PID: 2044)
      • identity_helper.exe (PID: 4064)
      • setup.exe (PID: 2616)
      • setup.exe (PID: 6172)
      • setup.exe (PID: 6788)
      • TextInputHost.exe (PID: 2580)
      • setup.exe (PID: 5920)

    • Application launched itself

      • Acrobat.exe (PID: 6952)
      • AcroCEF.exe (PID: 5924)
      • msedge.exe (PID: 7832)

    • Reads the computer name

      • adobe_licensing_wf_acro.exe (PID: 7960)
      • adobe_licensing_wf_helper_acro.exe (PID: 8112)
      • adobe_licensing_wf_helper_acro.exe (PID: 8068)
      • identity_helper.exe (PID: 4064)
      • setup.exe (PID: 2616)
      • setup.exe (PID: 6788)
      • TextInputHost.exe (PID: 2580)

    • Create files in a temporary directory

      • adobe_licensing_wf_acro.exe (PID: 7960)

    • Process checks computer location settings

      • adobe_licensing_wf_helper_acro.exe (PID: 8140)
      • adobe_licensing_wf_acro.exe (PID: 7960)
      • adobe_licensing_wf_helper_acro.exe (PID: 6496)
      • adobe_licensing_wf_helper_acro.exe (PID: 2044)
      • setup.exe (PID: 6788)

    • Reads the software policy settings

      • adobe_licensing_wf_acro.exe (PID: 7960)

    • Reads the machine GUID from the registry

      • adobe_licensing_wf_acro.exe (PID: 7960)

    • Reads Environment values

      • identity_helper.exe (PID: 4064)

    • Reads Microsoft Office registry keys

      • adobe_licensing_wf_acro.exe (PID: 7960)
      • msedge.exe (PID: 7832)
      • setup.exe (PID: 2616)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
186
Monitored processes
52
Malicious processes
3
Suspicious processes
3

Behavior graph

Click at the process to see the details
start acrobat.exe acrobat.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs adobearm.exe acrocef.exe no specs acrobat_sl.exe no specs adobe_licensing_wf_acro.exe no specs adobe_licensing_wf_helper_acro.exe no specs adobe_licensing_wf_helper_acro.exe adobe_licensing_wf_helper_acro.exe no specs adobe_licensing_wf_helper_acro.exe no specs adobe_licensing_wf_helper_acro.exe no specs adobe_licensing_wf_helper_acro.exe no specs textinputhost.exe no specs msedge.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs setup.exe setup.exe msedge.exe no specs setup.exe setup.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
872"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2208 --field-trial-handle=2232,i,10149559603132726865,7185816389414429289,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2044"C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe" --type=renderer --log-severity=disable --cef-dll-path="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1" --no-sandbox --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\debug.log" --touch-events=enabled --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2568 --field-trial-handle=1368,i,5616857027230791727,15477958746830747349,131072 --disable-features=WebRtcHideLocalIpsWithMdns /prefetch:1C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeadobe_licensing_wf_acro.exe
User:
admin
Company:
Adobe Inc.
Integrity Level:
LOW
Description:
Adobe Licensing WF Helper
Version:
1.6.0.4
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\ngl\cefworkflow\adobe_licensing_wf_helper_acro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2240"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=gpu-process --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2632 --field-trial-handle=1636,i,3947399357327715307,11766322229828316017,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2456"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=gpu-process --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1964 --field-trial-handle=1636,i,3947399357327715307,11766322229828316017,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2580"C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mcaC:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Version:
123.26505.0.0
Modules
Images
c:\windows\systemapps\microsoftwindows.client.cbs_cw5n1h2txyewy\textinputhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\systemapps\microsoftwindows.client.cbs_cw5n1h2txyewy\vcruntime140_app.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
2616"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable --force-configure-user-settingsC:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\Installer\setup.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge Installer
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\installer\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2804"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4420 --field-trial-handle=2232,i,10149559603132726865,7185816389414429289,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3164"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5184 --field-trial-handle=2232,i,10149559603132726865,7185816389414429289,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
3268"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2380 --field-trial-handle=2232,i,10149559603132726865,7185816389414429289,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3540"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5860 --field-trial-handle=2232,i,10149559603132726865,7185816389414429289,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
40 806
Read events
40 671
Write events
132
Delete events
3

Modification events

(PID) Process:(6952) Acrobat.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-2034283098-2252572593-1072577386-2659511007-3245387615-27016815-3920691934
Operation:writeName:DisplayName
Value:
Adobe Acrobat Reader Protected Mode
(PID) Process:(7020) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\ExitSection
Operation:writeName:bLastExitNormal
Value:
0
(PID) Process:(7020) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement
Operation:writeName:bSynchronizeOPL
Value:
0
(PID) Process:(7020) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral
Operation:writeName:uLastAppLaunchTimeStamp
Value:
175172304
(PID) Process:(7020) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral
Operation:writeName:iNumAcrobatLaunches
Value:
3
(PID) Process:(7020) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\HomeWelcomeFirstMile
Operation:writeName:iCardCountShown
Value:
3
(PID) Process:(7020) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\DLLInjection
Operation:writeName:bBlockDLLInjection
Value:
0
(PID) Process:(7020) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement
Operation:writeName:sProductGUID
Value:
4143524F4241545F475549445F4E474C5F44554D4D5900
(PID) Process:(7020) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement
Operation:writeName:sProductGUID
Value:
4143524F5F5245534944554500
(PID) Process:(7020) Acrobat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AdobeViewer
Operation:delete valueName:ProductInfoCache
Value:
Executable files
15
Suspicious files
402
Text files
60
Unknown types
0

Dropped files

PID
Process
Filename
Type
5924AcroCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RFe7858.TMPtext
MD5:FCD96552DAA6924F8C1E9C378163E2C9
SHA256:E8EC8E1501E489B27B564C363F4E60963DD57180453B35B092A4B3769E7AA5CA
5924AcroCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.oldtext
MD5:002CE9F1C8E638C89460289DFF260E3B
SHA256:710FF791CABA4771BFB6DBAFAF141DA47E1F041BC4040CBB7E7F82C69E15AF0C
6952Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lstbinary
MD5:366B140BAFC863B7E366AA1E51604759
SHA256:CBC8B288DBD2C72432081CF33CEF431572A94C7FB89DBCD59973B99E3871814E
7020Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalbinary
MD5:AD9A42D41F3E9998108B6289C3C1F940
SHA256:A19E03C93A2BC939C03040040227F5212A4BB9E4BC5F3879197224B19B342A9E
5924AcroCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.oldtext
MD5:43D1F53B48631F8B32E040219417874B
SHA256:AA4C99C362EB18EB8B91EEB8821960807F725E7C5DE1FBABBA7B910BDA3EEEB8
7020Acrobat.exeC:\Users\admin\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txttext
MD5:5B8162DFD011E3DBC87FE462BC277811
SHA256:2C6EEE059246F53BCCA64E20AFEBB1835B5BFFE20F58CF3EBA80393E1AA318D0
5924AcroCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0binary
MD5:EC52944036D0D3AA5A5F433B52AB7E2C
SHA256:AD2722A666ABDDDD187E2322CCB809C97E5661DA8961C746A7AA03B3E53B0CC6
5924AcroCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old~RFe76e1.TMPtext
MD5:E26AF4B6A1AD62E54D67510EEFE20B2C
SHA256:BF001234CF5F261254DEA1EA459BBFD4A35D15166C765CA3ED9B56D49A04BE1B
5924AcroCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0binary
MD5:8D676B9F84A60BC19858579AB4B152E6
SHA256:CBC2CE00720C43A96586613BB3914AAE9D55180CA6FF5CD9BB5B500D3A6B514E
5924AcroCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.oldtext
MD5:EC382FFF4B7232181CDB8226E9C289C7
SHA256:27BDA724E8E0654E4BDA2F8E98FE399EF826F052F73FBBDB19CDF78954DB9954
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
89
DNS requests
57
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3160
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6404
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6380
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7228
AdobeARM.exe
GET
304
2.19.11.121:80
http://acroipm2.adobe.com/assets/Owner/arm/ReportOwner.txt
unknown
whitelisted
7228
AdobeARM.exe
GET
404
2.19.11.121:80
http://acroipm2.adobe.com/assets/Owner/arm/2024/7/OwnerAPI/Rdr.txt
unknown
whitelisted
7228
AdobeARM.exe
GET
404
2.19.11.121:80
http://acroipm2.adobe.com/assets/Owner/arm/2024/7/UC/Other.txt
unknown
whitelisted
7228
AdobeARM.exe
GET
304
2.19.11.121:80
http://acroipm2.adobe.com/assets/Owner/arm/ProcessMAU.txt
unknown
whitelisted
7228
AdobeARM.exe
GET
404
2.19.11.121:80
http://acroipm2.adobe.com/assets/Owner/arm/31/adnme/NoValidReasonForAdnme.txt
unknown
whitelisted
6952
Acrobat.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5040
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3888
svchost.exe
239.255.255.250:1900
whitelisted
4208
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
5336
SearchApp.exe
104.126.37.179:443
www.bing.com
Akamai International B.V.
DE
unknown
40.126.31.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
40.113.110.67:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3160
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.110
whitelisted
www.bing.com
  • 104.126.37.179
  • 104.126.37.185
  • 104.126.37.139
  • 104.126.37.171
  • 104.126.37.177
  • 104.126.37.130
  • 104.126.37.178
  • 104.126.37.146
  • 104.126.37.145
whitelisted
login.live.com
  • 40.126.31.73
  • 20.190.159.73
  • 20.190.159.4
  • 20.190.159.64
  • 20.190.159.23
  • 40.126.31.71
  • 20.190.159.68
  • 40.126.31.67
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
th.bing.com
  • 104.126.37.170
  • 104.126.37.155
  • 104.126.37.147
  • 104.126.37.178
  • 104.126.37.185
  • 104.126.37.171
  • 104.126.37.177
  • 104.126.37.179
  • 104.126.37.152
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted
arc.msn.com
  • 20.74.47.205
whitelisted
geo2.adobe.com
  • 184.28.88.176
  • 23.218.208.137
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PDF2003049000048003002.pdf