analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

97f116891027a9cb8a2c59d5a0de5bd169ae05829b9b4e034bdb9326a54c8dd6

Full analysis: https://app.any.run/tasks/d2452f94-c5c4-47a9-b4cd-b53040ff160d
Verdict: Malicious activity
Analysis date: February 04, 2022, 19:03:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/plain
File info: ASCII text, with very long lines, with CRLF line terminators
MD5:

1B56FBC346EF8C1512B616A2723B52B0

SHA1:

3DAE7FC25CE4393F0FAF555422C54944B26F427D

SHA256:

97F116891027A9CB8A2C59D5A0DE5BD169AE05829B9B4E034BDB9326A54C8DD6

SSDEEP:

192:mecoJee5Y1qsKlIQrFIplrYFjporSrG18r+gHHYFjpreIlqlMQ8r+5x5z4dkBBdE:mCI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • AdobeARMHelper.exe (PID: 3876)
      • AdobeARMHelper.exe (PID: 868)
      • AdobeARM.exe (PID: 3532)
      • AdobeARM.exe (PID: 2692)
      • RdrCEF.exe (PID: 2216)
      • RdrCEF.exe (PID: 1124)
      • RdrCEF.exe (PID: 2080)
      • RdrCEF.exe (PID: 3544)
      • RdrCEF.exe (PID: 924)
      • RdrCEF.exe (PID: 2276)
      • RdrCEF.exe (PID: 1284)
      • AcroRd32.exe (PID: 300)
      • AcroRd32.exe (PID: 1932)
      • Reader_sl.exe (PID: 1088)
    • Drops executable file immediately after starts

      • AdobeARMHelper.exe (PID: 3876)
    • Loads the Task Scheduler COM API

      • MsiExec.exe (PID: 900)
    • Loads dropped or rewritten executable

      • MsiExec.exe (PID: 4044)
      • MsiExec.exe (PID: 576)
  • SUSPICIOUS

    • Checks supported languages

      • AdobeARM.exe (PID: 3532)
      • Reader_sl.exe (PID: 1088)
      • filezilla.exe (PID: 3412)
      • AdobeARMHelper.exe (PID: 3876)
      • cmd.exe (PID: 1232)
      • AdobeARM.exe (PID: 2692)
      • MSICCD2.tmp (PID: 2660)
    • Reads the computer name

      • AdobeARM.exe (PID: 3532)
      • filezilla.exe (PID: 3412)
      • AdobeARMHelper.exe (PID: 3876)
      • AdobeARM.exe (PID: 2692)
    • Drops a file with a compile date too recent

      • RdrCEF.exe (PID: 3544)
    • Creates files in the program directory

      • AdobeARM.exe (PID: 3532)
      • AdobeARMHelper.exe (PID: 3876)
      • msiexec.exe (PID: 3300)
    • Executable content was dropped or overwritten

      • AdobeARM.exe (PID: 3532)
      • AdobeARMHelper.exe (PID: 3876)
      • msiexec.exe (PID: 3300)
    • Creates files in the user directory

      • filezilla.exe (PID: 3412)
    • Starts Internet Explorer

      • filezilla.exe (PID: 3412)
    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3960)
    • Drops a file that was compiled in debug mode

      • AdobeARM.exe (PID: 3532)
      • AdobeARMHelper.exe (PID: 3876)
      • msiexec.exe (PID: 3300)
    • Executed as Windows Service

      • msiexec.exe (PID: 3300)
    • Reads the Windows organization settings

      • msiexec.exe (PID: 3300)
    • Reads Windows owner or organization settings

      • msiexec.exe (PID: 3300)
    • Creates a directory in Program Files

      • AdobeARMHelper.exe (PID: 3876)
      • msiexec.exe (PID: 3300)
    • Drops a file with too old compile date

      • msiexec.exe (PID: 3300)
    • Searches for installed software

      • msiexec.exe (PID: 3300)
    • Application launched itself

      • msiexec.exe (PID: 3300)
    • Creates a software uninstall entry

      • msiexec.exe (PID: 3300)
    • Removes files from Windows directory

      • AdobeARM.exe (PID: 2692)
      • MsiExec.exe (PID: 4044)
    • Creates files in the Windows directory

      • MsiExec.exe (PID: 4044)
      • AdobeARM.exe (PID: 2692)
  • INFO

    • Checks supported languages

      • rundll32.exe (PID: 3680)
      • AcroRd32.exe (PID: 1932)
      • AcroRd32.exe (PID: 300)
      • RdrCEF.exe (PID: 3544)
      • RdrCEF.exe (PID: 1284)
      • RdrCEF.exe (PID: 1124)
      • RdrCEF.exe (PID: 2216)
      • RdrCEF.exe (PID: 924)
      • RdrCEF.exe (PID: 2276)
      • RdrCEF.exe (PID: 2080)
      • opera.exe (PID: 2344)
      • iexplore.exe (PID: 2148)
      • iexplore.exe (PID: 3960)
      • notepad.exe (PID: 3084)
      • msiexec.exe (PID: 3300)
      • MsiExec.exe (PID: 488)
      • MsiExec.exe (PID: 900)
      • MsiExec.exe (PID: 4044)
      • MsiExec.exe (PID: 576)
      • taskmgr.exe (PID: 312)
    • Reads the computer name

      • rundll32.exe (PID: 3680)
      • AcroRd32.exe (PID: 300)
      • AcroRd32.exe (PID: 1932)
      • RdrCEF.exe (PID: 3544)
      • opera.exe (PID: 2344)
      • iexplore.exe (PID: 2148)
      • iexplore.exe (PID: 3960)
      • msiexec.exe (PID: 3300)
      • MsiExec.exe (PID: 488)
      • MsiExec.exe (PID: 900)
      • MsiExec.exe (PID: 4044)
      • MsiExec.exe (PID: 576)
      • taskmgr.exe (PID: 312)
    • Application launched itself

      • AcroRd32.exe (PID: 1932)
      • RdrCEF.exe (PID: 3544)
      • iexplore.exe (PID: 2148)
    • Searches for installed software

      • AcroRd32.exe (PID: 1932)
      • AcroRd32.exe (PID: 300)
    • Reads CPU info

      • AcroRd32.exe (PID: 300)
    • Reads the hosts file

      • RdrCEF.exe (PID: 3544)
    • Reads settings of System Certificates

      • RdrCEF.exe (PID: 3544)
      • AcroRd32.exe (PID: 1932)
      • AdobeARM.exe (PID: 3532)
      • filezilla.exe (PID: 3412)
      • iexplore.exe (PID: 3960)
      • iexplore.exe (PID: 2148)
      • AdobeARMHelper.exe (PID: 3876)
      • msiexec.exe (PID: 3300)
      • AdobeARM.exe (PID: 2692)
    • Checks Windows Trust Settings

      • AcroRd32.exe (PID: 1932)
      • AdobeARM.exe (PID: 3532)
      • iexplore.exe (PID: 3960)
      • iexplore.exe (PID: 2148)
      • AdobeARMHelper.exe (PID: 3876)
      • msiexec.exe (PID: 3300)
      • AdobeARM.exe (PID: 2692)
    • Creates files in the user directory

      • AcroRd32.exe (PID: 1932)
      • opera.exe (PID: 2344)
    • Reads the date of Windows installation

      • opera.exe (PID: 2344)
      • iexplore.exe (PID: 2148)
    • Manual execution by user

      • opera.exe (PID: 2344)
      • filezilla.exe (PID: 3412)
      • notepad.exe (PID: 3084)
      • cmd.exe (PID: 1232)
      • taskmgr.exe (PID: 312)
    • Check for Java to be installed

      • opera.exe (PID: 2344)
    • Dropped object may contain Bitcoin addresses

      • opera.exe (PID: 2344)
    • Changes internet zones settings

      • iexplore.exe (PID: 2148)
    • Changes settings of System certificates

      • iexplore.exe (PID: 2148)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2148)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3960)
    • Application was dropped or rewritten from another process

      • MSICCD2.tmp (PID: 2660)
    • Starts application with an unusual extension

      • msiexec.exe (PID: 3300)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
74
Monitored processes
28
Malicious processes
6
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start rundll32.exe no specs acrord32.exe acrord32.exe no specs rdrcef.exe rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs adobearm.exe reader_sl.exe no specs opera.exe filezilla.exe no specs iexplore.exe iexplore.exe notepad.exe no specs msiexec.exe cmd.exe adobearmhelper.exe no specs adobearmhelper.exe msiexec.exe no specs msiexec.exe no specs adobearm.exe no specs msiexec.exe no specs msiexec.exe no specs msiccd2.tmp no specs taskmgr.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3680"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL "C:\Users\admin\AppData\Local\Temp\97f116891027a9cb8a2c59d5a0de5bd169ae05829b9b4e034bdb9326a54c8dd6"C:\Windows\system32\rundll32.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
1932"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\AppData\Local\Temp\97f116891027a9cb8a2c59d5a0de5bd169ae05829b9b4e034bdb9326a54c8dd6"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
rundll32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat Reader DC
Exit code:
1
Version:
20.13.20064.405839
300"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer "C:\Users\admin\AppData\Local\Temp\97f116891027a9cb8a2c59d5a0de5bd169ae05829b9b4e034bdb9326a54c8dd6"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeAcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat Reader DC
Exit code:
1
Version:
20.13.20064.405839
3544"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
AcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
3221225547
Version:
20.13.20064.405839
1284"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1064,12117355061493381834,15796683565427345412,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14832092721445255764 --renderer-client-id=2 --mojo-platform-channel-handle=1184 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
0
Version:
20.13.20064.405839
2216"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1064,12117355061493381834,15796683565427345412,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=16178616915132857648 --mojo-platform-channel-handle=1204 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
1124"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1064,12117355061493381834,15796683565427345412,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=8560675899389475706 --mojo-platform-channel-handle=1388 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
2276"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1064,12117355061493381834,15796683565427345412,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=1179060311744941336 --mojo-platform-channel-handle=1220 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
2080"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1064,12117355061493381834,15796683565427345412,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12935998636817048734 --renderer-client-id=6 --mojo-platform-channel-handle=1512 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
0
Version:
20.13.20064.405839
924"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1064,12117355061493381834,15796683565427345412,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8081591501089534128 --renderer-client-id=7 --mojo-platform-channel-handle=1548 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
0
Version:
20.13.20064.405839
Total events
62 826
Read events
61 071
Write events
0
Delete events
0

Modification events

No data
Executable files
339
Suspicious files
430
Text files
70
Unknown types
51

Dropped files

PID
Process
Filename
Type
3544RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0binary
MD5:7D28804B545983211A07E57E9CB707E2
SHA256:0A11A6E71CEFB9D43684B69AA7D831E909A7C9FBF95AA9E2EA3CAE980DABB859
3544RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0binary
MD5:3EF095B64468539285B6AA612F179EF9
SHA256:5E3308EFC3B81427595D1D41231B46ACE896358595080FC334D346D6F17B7D08
3544RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0binary
MD5:38659DE78863DD9E74441D754B7400C9
SHA256:38E92B535DF409B61F0E3F5E45CF290C59AFC47996490FB050C091989EC6C102
3544RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0binary
MD5:606861CE5EEFD0B0463CBFC0CB508C24
SHA256:2EDD47EF562B99148DEB54B3C35D5956B693018E1E14FE5E2A2CB81A4CA24417
3544RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0binary
MD5:317045376563BD87F41D11F806428C6D
SHA256:392A703EA974BE2C5117574DD35E4FE784EACC260F5CCB2712CF02E1D3FA13E4
3544RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0binary
MD5:D514F4C912413BBF41C71E7DBCB85E86
SHA256:B205FB7FF51D6CA917BFF8317A7BE712533F45F0B8E7CDFB63937598191EB539
3544RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0binary
MD5:DECA31CAFA0802611CB2956EFB6F6D71
SHA256:18976F760483D5D7FE5C852CC25042D135AF6DB5ED8F22B8AFFA1C40B1B8028C
3544RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\78bff3512887b83d_0binary
MD5:FC6A7CE82D27BE778453C71C0BEF6ED8
SHA256:C07AC4A6A5ABA7E7E5791AAA03B70F7DFB715DF400B4AB56B88C582E3EB04A53
3544RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\72d9f526d2e2e7c8_0binary
MD5:8FD96E057610391E504E5A320895F247
SHA256:D9BA9C2D280E8BC0B0D3FD7A596F1B2CA9AC5888F5E3ED857AABC9104C37A78F
3544RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0binary
MD5:17E9C15C6AA284BB59FF969894994870
SHA256:813630FCF8C118E9EBF40D584C00E930D98ADBD6F44114D9DFD04B09EA0A5490
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
41
DNS requests
24
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3960
iexplore.exe
GET
200
23.37.41.57:80
http://x1.c.lencr.org/
NL
der
717 b
whitelisted
2344
opera.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl
US
der
592 b
whitelisted
1932
AcroRd32.exe
GET
200
93.184.220.29:80
http://crl3.digicert.com/DigiCertGlobalRootCA.crl
US
der
631 b
whitelisted
3960
iexplore.exe
GET
200
23.32.238.178:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b25ff531a249c85b
US
compressed
59.9 Kb
whitelisted
1932
AcroRd32.exe
GET
200
13.107.4.50:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c71a67e206f41b8c
US
compressed
4.70 Kb
whitelisted
2148
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3960
iexplore.exe
GET
200
23.32.238.178:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ca90a69becb2f1c2
US
compressed
59.9 Kb
whitelisted
1932
AcroRd32.exe
GET
200
13.107.4.50:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3b4b98b827cfd746
US
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1932
AcroRd32.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3544
RdrCEF.exe
184.30.20.134:443
armmf.adobe.com
GTT Communications Inc.
US
suspicious
3544
RdrCEF.exe
72.247.224.199:443
geo2.adobe.com
Akamai Technologies, Inc.
US
whitelisted
872
svchost.exe
92.123.225.26:443
ardownload3.adobe.com
Akamai International B.V.
suspicious
3532
AdobeARM.exe
92.123.225.26:443
ardownload3.adobe.com
Akamai International B.V.
suspicious
3544
RdrCEF.exe
52.5.13.197:443
p13n.adobe.io
Amazon.com, Inc.
US
suspicious
2344
opera.exe
185.26.182.93:443
certs.opera.com
Opera Software AS
whitelisted
1932
AcroRd32.exe
2.16.107.49:443
acroipm2.adobe.com
Akamai International B.V.
suspicious
1932
AcroRd32.exe
13.107.4.50:80
ctldl.windowsupdate.com
Microsoft Corporation
US
whitelisted
2344
opera.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
geo2.adobe.com
  • 72.247.224.199
whitelisted
p13n.adobe.io
  • 52.5.13.197
  • 23.22.254.206
  • 54.227.187.23
  • 52.202.204.11
whitelisted
armmf.adobe.com
  • 184.30.20.134
  • 184.30.24.134
  • 104.79.88.64
whitelisted
acroipm2.adobe.com
  • 2.16.107.49
  • 2.16.107.24
whitelisted
ctldl.windowsupdate.com
  • 13.107.4.50
  • 23.32.238.178
  • 23.32.238.201
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
crl3.digicert.com
  • 93.184.220.29
whitelisted
ardownload3.adobe.com
  • 92.123.225.26
  • 92.123.225.67
whitelisted
certs.opera.com
  • 185.26.182.93
  • 185.26.182.94
whitelisted
filezilla-project.org
  • 49.12.121.47
whitelisted

Threats

PID
Process
Class
Message
872
svchost.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
No debug info