analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

AETNA EFT PAYMENT CLAIM- APPROVAL.pdf

Full analysis: https://app.any.run/tasks/a4774cda-02cc-45a0-b146-6bd08640a653
Verdict: Malicious activity
Analysis date: January 24, 2022, 20:38:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/pdf
File info: PDF document, version 1.4
MD5:

BC069120C3466E81797C38712A98A227

SHA1:

F23D9723588227674CDCFDE3184EF9B22CF42173

SHA256:

B5537DBA4F3F0BF0BCC30846F81D729A6BAFE64BD743F493FADB44B4D23D4497

SSDEEP:

768:bCyR7w83eMPo8p6xv4j3xSFqAgWe1TAopJZ66khu:WyFw83ee8d0UlgX9AoXZ66au

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Starts Internet Explorer

      • AcroRd32.exe (PID: 3660)
    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2404)
    • Checks supported languages

      • AdobeARM.exe (PID: 3412)
      • Reader_sl.exe (PID: 272)
    • Reads the computer name

      • AdobeARM.exe (PID: 3412)
    • Executable content was dropped or overwritten

      • AdobeARM.exe (PID: 3412)
    • Creates files in the program directory

      • AdobeARM.exe (PID: 3412)
  • INFO

    • Checks supported languages

      • AcroRd32.exe (PID: 3660)
      • AcroRd32.exe (PID: 3484)
      • RdrCEF.exe (PID: 3296)
      • RdrCEF.exe (PID: 2644)
      • RdrCEF.exe (PID: 2984)
      • RdrCEF.exe (PID: 1208)
      • RdrCEF.exe (PID: 2952)
      • RdrCEF.exe (PID: 2260)
      • RdrCEF.exe (PID: 3988)
      • RdrCEF.exe (PID: 3576)
      • iexplore.exe (PID: 3276)
      • iexplore.exe (PID: 2404)
    • Reads the computer name

      • AcroRd32.exe (PID: 3660)
      • AcroRd32.exe (PID: 3484)
      • RdrCEF.exe (PID: 3296)
      • iexplore.exe (PID: 3276)
      • iexplore.exe (PID: 2404)
    • Searches for installed software

      • AcroRd32.exe (PID: 3660)
      • AcroRd32.exe (PID: 3484)
    • Application launched itself

      • AcroRd32.exe (PID: 3660)
      • RdrCEF.exe (PID: 3296)
      • iexplore.exe (PID: 3276)
    • Reads CPU info

      • AcroRd32.exe (PID: 3484)
    • Reads the hosts file

      • RdrCEF.exe (PID: 3296)
    • Reads settings of System Certificates

      • AcroRd32.exe (PID: 3660)
      • RdrCEF.exe (PID: 3296)
      • iexplore.exe (PID: 3276)
      • iexplore.exe (PID: 2404)
      • AdobeARM.exe (PID: 3412)
    • Checks Windows Trust Settings

      • AcroRd32.exe (PID: 3660)
      • iexplore.exe (PID: 2404)
      • iexplore.exe (PID: 3276)
      • AdobeARM.exe (PID: 3412)
    • Changes internet zones settings

      • iexplore.exe (PID: 3276)
    • Reads the date of Windows installation

      • iexplore.exe (PID: 3276)
    • Creates files in the user directory

      • iexplore.exe (PID: 2404)
    • Reads internet explorer settings

      • iexplore.exe (PID: 2404)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.pdf | Adobe Portable Document Format (100)

EXIF

PDF

PDFVersion: 1.4
Linearized: No
Title: -
Creator: wkhtmltopdf 0.12.5
Producer: Qt 4.8.7
CreateDate: 2022:01:24 19:57:47Z
PageCount: 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
51
Monitored processes
14
Malicious processes
0
Suspicious processes
2

Behavior graph

Click at the process to see the details
start acrord32.exe acrord32.exe no specs rdrcef.exe rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs iexplore.exe iexplore.exe adobearm.exe reader_sl.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3660"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\AppData\Local\Temp\AETNA EFT PAYMENT CLAIM- APPROVAL.pdf"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Explorer.EXE
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat Reader DC
Version:
20.13.20064.405839
3484"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer "C:\Users\admin\AppData\Local\Temp\AETNA EFT PAYMENT CLAIM- APPROVAL.pdf"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeAcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat Reader DC
Version:
20.13.20064.405839
3296"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
AcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
2952"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1196,4598719458392518891,7873163615107772860,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7641086846009068228 --renderer-client-id=2 --mojo-platform-channel-handle=1200 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
0
Version:
20.13.20064.405839
2644"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1196,4598719458392518891,7873163615107772860,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=10122125545382554334 --mojo-platform-channel-handle=1236 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
1208"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1196,4598719458392518891,7873163615107772860,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=15329668042541599387 --mojo-platform-channel-handle=1396 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
3988"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1196,4598719458392518891,7873163615107772860,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=8557723707972287129 --mojo-platform-channel-handle=1460 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
2984"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1196,4598719458392518891,7873163615107772860,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12962157756547325949 --renderer-client-id=6 --mojo-platform-channel-handle=1540 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
2260"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1196,4598719458392518891,7873163615107772860,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14021006694433528985 --renderer-client-id=7 --mojo-platform-channel-handle=1424 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
3576"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1196,4598719458392518891,7873163615107772860,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13092816356116771418 --renderer-client-id=8 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
Total events
31 758
Read events
31 542
Write events
0
Delete events
0

Modification events

No data
Executable files
1
Suspicious files
156
Text files
14
Unknown types
19

Dropped files

PID
Process
Filename
Type
3296RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0binary
MD5:FBE95EEE6DA84ABE8C745691837E3D82
SHA256:F50D52929400CFFC95410BD0CD53289EDC751D818DC1619E80CB886742B8923A
3296RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\72d9f526d2e2e7c8_0binary
MD5:B9747B45D6A8310F988B148FCE76A070
SHA256:0B8BEA16AE0B2D6057EBC2A4A450E3D1D93626FFCCC6DBDC3A235371F3F6F8CB
3296RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0binary
MD5:190FEB77216A3142E55319677910BF42
SHA256:A4A7E74C6D0BED66024AB1E33EDED06C62FE7B70DDCF3BCA7CB5E74A68C12B0D
3296RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\78bff3512887b83d_0binary
MD5:39AD9F26E16C2A9FEF9B3645EDC7299E
SHA256:80CD3BF3239900202E64FA50FA385BF5CCFB7C1DF594BA853A1CA714BE9AD6D7
3296RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0binary
MD5:2CA4F8349A8469D51B43E0906F0A7934
SHA256:130864ADE5D0332B09A6D95A23B5217B2EC64C219DEFDBF6C8062F6557155222
3296RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0binary
MD5:610E01AF55F2CA19CDB5CCBD65A6FAF5
SHA256:F6529549F112EA62D8FD3EA06C2170732AD66C586812C5847864D3B51D789BF1
3296RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0binary
MD5:309CA420B471293F29771E23235B38EB
SHA256:8E2EE39C434AFC5D08F0F0F0E18A7EF8A6755EB5F74995BBD0BBEA76302C994B
3296RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0binary
MD5:2F9D61FB0ED593D9B5CD1B5A047D7C02
SHA256:018756B5EE20D105E79E7A8E3DE353B4F7D8E33E95BB212175B61671A390C335
3296RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0binary
MD5:162F259BAE473BDD476B091269B872A7
SHA256:FED3B69C55A797C8EA34A00E17B682157B341C2950DC4658F7D9A2DE60F8D5C7
3296RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0binary
MD5:AFD1E1FBD37AA27BBFB9F828D301C1E4
SHA256:F1A37D10706DE733EDB25A328D2B9C1378B87DE2753D6D9C38AD868044781EAF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
35
DNS requests
22
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3276
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3660
AcroRd32.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
3276
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
3660
AcroRd32.exe
GET
200
67.26.137.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3c60d4db74b0c0a5
US
compressed
4.70 Kb
whitelisted
2404
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
US
der
1.47 Kb
whitelisted
3660
AcroRd32.exe
GET
200
67.26.137.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?627282dbb34b1153
US
compressed
4.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3296
RdrCEF.exe
72.247.224.199:443
geo2.adobe.com
Akamai Technologies, Inc.
US
whitelisted
2404
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3660
AcroRd32.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3296
RdrCEF.exe
2.18.233.74:443
armmf.adobe.com
Akamai International B.V.
whitelisted
72.247.224.199:443
geo2.adobe.com
Akamai Technologies, Inc.
US
whitelisted
3660
AcroRd32.exe
67.26.137.254:80
ctldl.windowsupdate.com
Level 3 Communications, Inc.
US
malicious
3296
RdrCEF.exe
52.5.13.197:443
p13n.adobe.io
Amazon.com, Inc.
US
suspicious
2404
iexplore.exe
199.59.247.110:443
aqsysteme.com
PlanetHoster
CA
suspicious
3276
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3276
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted

DNS requests

Domain
IP
Reputation
geo2.adobe.com
  • 72.247.224.199
whitelisted
p13n.adobe.io
  • 52.5.13.197
  • 23.22.254.206
  • 52.202.204.11
  • 54.227.187.23
whitelisted
armmf.adobe.com
  • 2.18.233.74
  • 104.79.88.64
whitelisted
acroipm2.adobe.com
  • 2.16.107.49
  • 2.16.107.24
whitelisted
ctldl.windowsupdate.com
  • 67.26.137.254
  • 67.27.157.254
  • 8.248.143.254
  • 8.241.78.254
  • 8.253.204.249
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
dik.si
  • 188.114.97.7
  • 188.114.96.7
malicious
aqsysteme.com
  • 199.59.247.110
suspicious
api.bing.com
  • 13.107.13.80
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted

Threats

PID
Process
Class
Message
2404
iexplore.exe
Potentially Bad Traffic
ET INFO Observed URL Shortening Service Domain (dik .si in TLS SNI)
2404
iexplore.exe
Potentially Bad Traffic
ET INFO Observed URL Shortening Service Domain (dik .si in TLS SNI)
2404
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2404
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
2404
iexplore.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
872
svchost.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
No debug info