File name:

Grupo-Exito Distribution notice.pdf

Full analysis: https://app.any.run/tasks/fdde9fbf-3da8-4888-9491-e4ecbbfacc43
Verdict: Malicious activity
Threats:

Tycoon 2FA is a phishing-as-a-service (PhaaS) platform designed to bypass multi-factor authentication (MFA) protections, particularly targeting Microsoft 365 and Gmail accounts. Its advanced evasion techniques and modular architecture make it a significant threat to organizations relying on MFA for security.

Malware Trends Tracker     >>>
Analysis date: May 09, 2024, 13:05:37
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
phishing
tycoon
evasion
Indicators:
MIME: application/pdf
File info: PDF document, version 1.4, 1 pages
MD5:

0966666C886817EB8A55CD4827A40CA9

SHA1:

E6D15CB46E1DEDE985063E04A5AA53CC05ED854A

SHA256:

CE2063C17B2678F664C3C0BC41A567A3D17A835FDA4A3770A559D00E3AD1C338

SSDEEP:

1536:DUrZR4c4F7XhLdGIgdct9u01/xqDRxVgQgYfdmxV1R4:sWhLdGIgP0FggJGdmD8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 2872)

  • SUSPICIOUS

    • Creates file in the systems drive root

      • AcroRd32.exe (PID: 4028)

    • Device Retrieving External IP Address Detected

      • msedge.exe (PID: 2872)

  • INFO

    • Application launched itself

      • AcroRd32.exe (PID: 3984)
      • RdrCEF.exe (PID: 1136)
      • msedge.exe (PID: 2636)

    • Reads Microsoft Office registry keys

      • AcroRd32.exe (PID: 4028)

    • Reads the computer name

      • wmpnscfg.exe (PID: 1468)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1468)

    • Checks supported languages

      • wmpnscfg.exe (PID: 1468)

    • Drops the executable file immediately after the start

      • RdrCEF.exe (PID: 1136)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.pdf | Adobe Portable Document Format (100)

EXIF

PDF

PDFVersion: 1.4
Linearized: Yes
PageCount: 1
CreateDate: 2024:05:08 14:19:16-07:00
Creator: wkhtmltopdf 0.12.6
ModifyDate: 2024:05:09 08:00:29-05:00
Producer: Qt 4.8.7
Title: -

XMP

XMPToolkit: Adobe XMP Core 9.1-c001 79.675d0f7, 2023/06/11-19:21:16
CreateDate: 2024:05:08 14:19:16-07:00
CreatorTool: wkhtmltopdf 0.12.6
ModifyDate: 2024:05:09 08:00:29-05:00
MetadataDate: 2024:05:09 08:00:29-05:00
Producer: Qt 4.8.7
Format: application/pdf
Title: -
DocumentID: uuid:7fe4cd38-92a0-4b01-82b0-66759065bb7c
InstanceID: uuid:a5847504-4534-4c9f-9c9b-8b7bd36e399b
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
67
Monitored processes
34
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start acrord32.exe acrord32.exe no specs rdrcef.exe rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs wmpnscfg.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs #PHISHING msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
308"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1184,11002315572813662343,25118414325224711,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7228730007917339734 --renderer-client-id=2 --mojo-platform-channel-handle=1192 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
0
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
312"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1184,11002315572813662343,25118414325224711,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=7015255222991182226 --mojo-platform-channel-handle=1212 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1056"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3256 --field-trial-handle=1316,i,6620323246641505270,13595897024937878977,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1060"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1184,11002315572813662343,25118414325224711,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=11071843706754079380 --mojo-platform-channel-handle=1316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1132"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1184,11002315572813662343,25118414325224711,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7389885175904884594 --renderer-client-id=8 --mojo-platform-channel-handle=1528 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1136"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
AcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1468"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1468"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 --field-trial-handle=1316,i,6620323246641505270,13595897024937878977,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1660"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1184,11002315572813662343,25118414325224711,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5370069214458042522 --renderer-client-id=6 --mojo-platform-channel-handle=1464 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1664"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3684 --field-trial-handle=1316,i,6620323246641505270,13595897024937878977,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
21 394
Read events
21 294
Write events
85
Delete events
15

Modification events

(PID) Process:(4028) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\ExitSection
Operation:writeName:bLastExitNormal
Value:
0
(PID) Process:(4028) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
Operation:writeName:aDefaultRHPViewModeL
Value:
Expanded
(PID) Process:(4028) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
Operation:writeName:bExpandRHPInViewer
Value:
1
(PID) Process:(4028) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
Operation:writeName:uLastAppLaunchTimeStamp
Value:
(PID) Process:(4028) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
Operation:writeName:iNumReaderLaunches
Value:
6
(PID) Process:(4028) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\FillSign
Operation:writeName:uFillSignVariantTrackingTime
Value:
(PID) Process:(4028) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\NoTimeOut
Operation:writeName:smailto
Value:
5900
(PID) Process:(4028) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\ToolsSearch
Operation:writeName:iSearchHintIndex
Value:
0
(PID) Process:(4028) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\SessionManagement
Operation:writeName:bNormalExit
Value:
0
(PID) Process:(4028) AcroRd32.exeKey:HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsCurrent\cWin0
Operation:writeName:iTabCount
Value:
0
Executable files
0
Suspicious files
215
Text files
35
Unknown types
4

Dropped files

PID
Process
Filename
Type
1136RdrCEF.exe
MD5:
SHA256:
4028AcroRd32.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.jsonbinary
MD5:01F233C92A89C705229A0D63D09F846A
SHA256:62137C4381ACC2DE8BCA158AD9D9CE730BD7A96A39A2FB64CE7CFA5C861CF7B4
1136RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0binary
MD5:9FB00E5DC7B3F0734A810416E72825C3
SHA256:74886561F4F7F3919F0AD9C9535BF08C29F8561CF8E9F0933F2B3F520B7D9DBF
1136RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\72d9f526d2e2e7c8_0binary
MD5:9E9F64ECFD95CA9DA210A4A0E33866DF
SHA256:802F685C1E2D7DF6CF8172799BB4F48D95C610A9CDA0CCBB5041D607D8E78FD7
1136RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0binary
MD5:44C1A29C61A5B049392F67EB5EBF576C
SHA256:991B6324DD6134D4A629C1D5BA913980B3C44DBAFF06517480F6443A4F001522
1136RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0binary
MD5:9264973713F5DA79F6429570176CA6D4
SHA256:9F564488E5328DE74D256376EED14B580D9137A75BAADD380FB276C2AED5034D
1136RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0binary
MD5:1C6CC301629D88CFF73710F26FA8D42B
SHA256:BE777D4BFB37692B38A04281C6A5612FE2A596303D1AE85A661CF4AB56E9DB15
4028AcroRd32.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTINGmp3
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
1136RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.oldtext
MD5:5705BEF2F423E8D5EF921B2CBEE16FB9
SHA256:154DF2B4012DEAA86794EF8A0C44FB435615A3143AA3336EA79D2A9544C14900
1136RdrCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0binary
MD5:8E198581721D0DB89195A21C15A47519
SHA256:FFC2B18964EC369F23DA85BF5178FEB3A196B7989A33A95742F000C19290ECB2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
56
DNS requests
51
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3984
AcroRd32.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9f8883cdccd3725e
US
unknown
3984
AcroRd32.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?21d798131f44d5b1
US
unknown
1088
svchost.exe
GET
304
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e42d90092c0249b4
US
unknown
3984
AcroRd32.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
US
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
1136
RdrCEF.exe
23.42.246.103:443
geo2.adobe.com
TELXIUS TELXIUS Cable
BR
unknown
1136
RdrCEF.exe
2.22.200.162:443
armmf.adobe.com
AKAMAI-AS
FR
unknown
3984
AcroRd32.exe
23.223.17.199:443
acroipm2.adobe.com
AKAMAI-AS
US
unknown
3984
AcroRd32.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
3984
AcroRd32.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1136
RdrCEF.exe
52.5.13.197:443
p13n.adobe.io
AMAZON-AES
US
unknown

DNS requests

Domain
IP
Reputation
geo2.adobe.com
  • 23.42.246.103
whitelisted
armmf.adobe.com
  • 2.22.200.162
whitelisted
acroipm2.adobe.com
  • 23.223.17.199
  • 23.223.17.210
whitelisted
ctldl.windowsupdate.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
p13n.adobe.io
  • 52.5.13.197
  • 52.202.204.11
  • 54.227.187.23
  • 23.22.254.206
whitelisted
etcohome.us17.list-manage.com
  • 23.42.12.35
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
embers.co.za
  • 196.41.123.155
unknown

Threats

PID
Process
Class
Message
2872
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code.jquery .com)
2872
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
2872
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
2872
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Client-Server Socket.IO CDN communication (cdn.socket .io)
2872
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Domain chain identified as Phishing (Tycoon 2FA)
2872
msedge.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup Domain (ipapi .co in DNS lookup)
2872
msedge.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup Domain (ipapi .co in DNS lookup)
2872
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Image branding component hosted by Microsoft
2872
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Possible Fake Microsoft Login Page
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Grupo-Exito Distribution notice.pdf