General Info

File name

Limpio2.pdf.zip

Full analysis
https://app.any.run/tasks/f0bf3249-a762-40f3-8a51-7e59a8ef7770
Verdict
Malicious activity
Analysis date
4/23/2019, 16:25:15
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

5fbceed3f0d14efe4f8103f949f3bc3e

SHA1

6fae39faf882675fc1f04cb2ce278101e72668bf

SHA256

f7f22caccfb4745166b487624af8a380582ec613f1cdaebc8df19ef0d32129cc

SSDEEP

3072:RZFzoukj40B9TPkcIA1C0uakZltNFEa91g+oHi92V5+CaYn9ItSwp7:RZF8u30B9QcDaZ/EawpFV5+v9L7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
on
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

Creates files in the program directory
  • AdobeARM.exe (PID: 1464)
Executable content was dropped or overwritten
  • AdobeARM.exe (PID: 1464)
Starts Internet Explorer
  • AcroRd32.exe (PID: 3388)
Changes internet zones settings
  • iexplore.exe (PID: 2196)
Reads settings of System Certificates
  • iexplore.exe (PID: 3876)
Creates files in the user directory
  • iexplore.exe (PID: 3876)
  • AcroRd32.exe (PID: 3388)
Application launched itself
  • AcroRd32.exe (PID: 3388)
  • RdrCEF.exe (PID: 2548)
  • iexplore.exe (PID: 2196)
Reads internet explorer settings
  • iexplore.exe (PID: 3876)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3876)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
788
ZipBitFlag:
0x0001
ZipCompression:
Deflated
ZipModifyDate:
2019:04:23 04:10:05
ZipCRC:
0x7f27bccb
ZipCompressedSize:
147173
ZipUncompressedSize:
150739
ZipFileName:
Limpio2.pdf

Screenshots

Processes

Total processes
41
Monitored processes
10
Malicious processes
0
Suspicious processes
1

Behavior graph

+
start winrar.exe no specs acrord32.exe acrord32.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs adobearm.exe reader_sl.exe no specs iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1460
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Limpio2.pdf.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\installer\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\pdffile_8.ico
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
3388
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\Desktop\Limpio2.pdf"
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe Acrobat Reader DC
Version
15.23.20070.215641
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\kbdus.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sspicli.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\program files\common files\adobe\arm\1.0\adobearm.exe
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\program files\internet explorer\iexplore.exe

PID
2328
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer "C:\Users\admin\Desktop\Limpio2.pdf"
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Indicators
No indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
LOW
Version:
Company
Adobe Systems Incorporated
Description
Adobe Acrobat Reader DC
Version
15.23.20070.215641
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.dll
c:\program files\adobe\acrobat reader dc\reader\agm.dll
c:\windows\system32\msvcp120.dll
c:\windows\system32\msvcr120.dll
c:\windows\system32\version.dll
c:\program files\adobe\acrobat reader dc\reader\bib.dll
c:\program files\adobe\acrobat reader dc\reader\cooltype.dll
c:\program files\adobe\acrobat reader dc\reader\ace.dll
c:\windows\system32\profapi.dll
c:\program files\adobe\acrobat reader dc\reader\axe8sharedexpat.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\adobe\acrobat reader dc\reader\bibutils.dll
c:\program files\adobe\acrobat reader dc\reader\sqlite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\program files\adobe\acrobat reader dc\reader\plug_ins\ia32.api
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\program files\adobe\acrobat reader dc\reader\plug_ins\updater.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\weblink.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\escript.api
c:\windows\system32\psapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll

PID
2548
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16448250
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Indicators
No indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe RdrCEF
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\libcef.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\apphelp.dll

PID
1748
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2548.0.1091941516\165115634" --allow-no-sandbox-job /prefetch:673131151
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Indicators
No indicators
Parent process
RdrCEF.exe
User
admin
Integrity Level
LOW
Version:
Company
Adobe Systems Incorporated
Description
Adobe RdrCEF
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\libcef.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll

PID
580
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2548.1.1588146489\1083682620" --allow-no-sandbox-job /prefetch:673131151
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Indicators
No indicators
Parent process
RdrCEF.exe
User
admin
Integrity Level
LOW
Version:
Company
Adobe Systems Incorporated
Description
Adobe RdrCEF
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\libcef.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll

PID
1464
CMD
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:15.0 /MODE:3
Path
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe Reader and Acrobat Manager
Version
1.824.27.2646
Modules
Image
c:\program files\common files\adobe\arm\1.0\adobearm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wintrust.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\program files\adobe\acrobat reader dc\reader\reader_sl.exe
c:\windows\system32\normaliz.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\program files\common files\adobe\arm\1.0\adobearmhelper.exe

PID
2408
CMD
"C:\Program Files\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
Path
C:\Program Files\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
Indicators
No indicators
Parent process
AdobeARM.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Adobe Systems Incorporated
Description
Adobe Acrobat SpeedLauncher
Version
15.23.20053.211670
Modules
Image
c:\program files\adobe\acrobat reader dc\reader\reader_sl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcp120.dll
c:\windows\system32\msvcr120.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2196
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
AcroRd32.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll

PID
3876
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2196 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\feclient.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll

Registry activity

Total events
1083
Read events
973
Write events
110
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
1460
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
1460
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
1460
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
1460
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\Limpio2.pdf.zip
1460
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
1460
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
1460
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
1460
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
1460
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface
ShowPassword
0
3388
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
aFS
DOS
3388
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
tDIText
/C/Users/admin/Desktop/Limpio2.pdf
3388
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
tFileName
Limpio2.pdf
3388
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
tFileSource
local
3388
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
sFileAncestors
5B5D00
3388
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
sDI
2F432F55736572732F61646D696E2F4465736B746F702F4C696D70696F322E70646600
3388
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
sDate
443A32303139303432333135323630372B30312730302700
3388
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
uFileSize
150739
3388
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
uPageCount
1
3388
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3388
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3388
AcroRd32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3388
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3388
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2328
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\ExitSection
bLastExitNormal
0
2328
AcroRd32.exe
write
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
bExpandRHPInViewer
1
1464
AdobeARM.exe
write
HKEY_CURRENT_USER\Software\Adobe\Adobe ARM\1.0\ARM
iSpeedLauncherLogonTime
56D4D759AAE1D401
1464
AdobeARM.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1464
AdobeARM.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1464
AdobeARM.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AdobeARM_RASAPI32
EnableFileTracing
0
1464
AdobeARM.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AdobeARM_RASAPI32
EnableConsoleTracing
0
1464
AdobeARM.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AdobeARM_RASAPI32
FileTracingMask
4294901760
1464
AdobeARM.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AdobeARM_RASAPI32
ConsoleTracingMask
4294901760
1464
AdobeARM.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AdobeARM_RASAPI32
MaxFileSize
1048576
1464
AdobeARM.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AdobeARM_RASAPI32
FileDirectory
%windir%\tracing
1464
AdobeARM.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AdobeARM_RASMANCS
EnableFileTracing
0
1464
AdobeARM.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AdobeARM_RASMANCS
EnableConsoleTracing
0
1464
AdobeARM.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AdobeARM_RASMANCS
FileTracingMask
4294901760
1464
AdobeARM.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AdobeARM_RASMANCS
ConsoleTracingMask
4294901760
1464
AdobeARM.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AdobeARM_RASMANCS
MaxFileSize
1048576
1464
AdobeARM.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AdobeARM_RASMANCS
FileDirectory
%windir%\tracing
1464
AdobeARM.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1464
AdobeARM.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1464
AdobeARM.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000073000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{09B7052D-65D4-11E9-A370-5254004A04AF}
0
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070400020017000E001C0013002202
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070400020017000E001C0013002502
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070400020017000E001C001300F602
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
20
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070400020017000E001C0013004303
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
132
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070400020017000E001C0013009D03
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
83
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2196
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0

Files activity

Executable files
2
Suspicious files
1
Text files
37
Unknown types
25

Dropped files

PID
Process
Filename
Type
1464
AdobeARM.exe
C:\ProgramData\Adobe\ARM\Reader_15.023.20070\ReaderDCManifest2.msi
executable
MD5: 6f014505b038aa70695dc6557662df8b
SHA256: 52040d7492e91856c658e4779bdc2de38a81f47e5136d9a772f4559178fbe7fc
1464
AdobeARM.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\ReaderDCManifest2[1].msi
executable
MD5: 6f014505b038aa70695dc6557662df8b
SHA256: 52040d7492e91856c658e4779bdc2de38a81f47e5136d9a772f4559178fbe7fc
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H19WV1ZR\error_icons[1].png
image
MD5: 6547c5fb2d63fcb74cd2467030071c18
SHA256: 09b4776a08d6df046909a3a3f54a9b58c858d55c0abbfeade9bbdeabc025118f
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H19WV1ZR\browser-bar[1].png
image
MD5: a4d9835a33a2d99db7d08d43a70d41e5
SHA256: aca6112fde67478c404094e1424ae792a75e700193c63a85aa9215d1a173eb3a
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XY63APXC\opensans-300i[1].eot
eot
MD5: fc2cb1a0bbf3294cd276fdc34538d0f2
SHA256: b5b38b2fc120908c86f73a14a6b18e98f230a4b4e4be0566edc5799be289df0b
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LA6EL7GT\opensans-400i[1].eot
eot
MD5: b65a44e1c6c2d42daf9f20a8c08e067b
SHA256: 2d80a84811db8fc86ddccaa07fd4e8df22c33b578f674d21bc4efbeaaab7594b
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LA6EL7GT\opensans-700[1].eot
eot
MD5: 5281996fc5e0b7a766eaee928bd7123e
SHA256: 368b82fdf6e99815f10efa81120057ed3ea283c4a5abc4e5204473578a1ac0fe
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XY63APXC\opensans-400[1].eot
eot
MD5: 77ff7c7f933f217ef1293452e6de6de3
SHA256: 278eca87489ac9998015a84141632dcc778c16df71958835029879ea3d3bfbbc
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5H4WJ0FS\opensans-300[1].eot
eot
MD5: 566e3a1d44c9cdb02891828c686a60a6
SHA256: a95920ff81b2bc13a269aac4e13d17db7303bd442e847eee2aad411716b04202
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5H4WJ0FS\cf.challenge[1].js
text
MD5: fa838db2022197988c2ec8ce59880ba5
SHA256: b7fc2fb688cf1bb7c4de30c20b2c28142153e2f296624cb73f7c5d223e57bd08
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H19WV1ZR\cf.errors[1].css
text
MD5: 3d041bd798b1c6a68c1cb4f3a1fd6b8a
SHA256: e2dba22a9ee028e3aa09baa7c36e14c86effba2516862aad01019c06e757b375
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H19WV1ZR\cf.errors.ie[1].css
text
MD5: b6664be34fa5f99c65e55e8d721cb511
SHA256: 5e490c30bfdfbddad8d38d625ad878e7cde78ea766538efbda82add7f19f435b
3876
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 2737dbba4bef38a4a0a46820dc60b0a4
SHA256: 9dfdb32370f18c702251ff257bd149b467fdfc3df4342a450f074da7f18dcddd
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: e8adc63cc37aba40fce3415260f8b22c
SHA256: 3caf05a71e8dce23b6560023a0508e3f685cd5dfab3e0d54df34f44ebc72f9e1
3876
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 10177c34426c5c3a96f056758ed23e63
SHA256: 153413c008ccf1dcb5e7c1904048f0071f02bc313df915ab9026fa11f24bc259
3876
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: ee703fb6a7f03abbee6a486c49ead2ee
SHA256: 84ac419b9c22c40ad49ed3509abc73599f386b3aa0c3c4a3b0890c4d54de721c
2196
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2196
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2196
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2328
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: e8d20c7e93691f35af49d11ec3b940be
SHA256: f54e507ad9181090b69915c952066146a116685523475adf2faeca2932752ccd
2328
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
––
MD5:  ––
SHA256:  ––
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: a5783c67b278ded55a57072d6b5b6919
SHA256: ff9d2fe3e170f56111a1186b59cd64f861536572872ffb3f1f9fca450eceb016
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LA6EL7GT\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XY63APXC\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5H4WJ0FS\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H19WV1ZR\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2196
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1460
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb1460.6002\Limpio2.pdf
––
MD5:  ––
SHA256:  ––
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1464
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: dccca46d389fa845ad9ddbbe1efadc1a
SHA256: c08af9f55e1f08c2d55f2c4b31ff658c03befba9bdc77d80685cbbc26c42d9be
1464
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\TmpF621.tmp
––
MD5:  ––
SHA256:  ––
1464
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\TmpF5F1.tmp
––
MD5:  ––
SHA256:  ––
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XY63APXC\recaptcha__en[1].js
text
MD5: af72610e25b2371134620830d44fc612
SHA256: 07a045bd0b098c8ca4b92ec31d5247281c8db4ea451d53db155b50bd2e388a70
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H19WV1ZR\opensans-600[1].eot
eot
MD5: 2010fb390506d647ffd001661bb9167f
SHA256: e4731df81feb1afcfed0f3d583bd0760b550af9d7b6e499c65ad0d771fcf4e36
1464
AdobeARM.exe
C:\ProgramData\Adobe\ARM\ArmReport.ini
text
MD5: d64ce186bdf6978dcdd90b7461d7b169
SHA256: f5d500ea27a27a34df00b33e8460e6be01bac03937c47e78e4052d16204c6e3a
1464
AdobeARM.exe
C:\Users\admin\AppData\Local\Temp\ArmUI.ini
text
MD5: 864c22fb9a1c0670edf01c6ed3e4fbe4
SHA256: b4d4dcd9594d372d7c0c975d80ef5802c88502895ed4b8a26ca62e225f2f18b0
2328
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: fa96f7c0082d185c446b173ee9769f99
SHA256: 71608547379774739027d14cc29bdf0b921df68f16093e1154e2420488da54c5
2328
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9Rx1s1e3_k92sue_1so.tmp
––
MD5:  ––
SHA256:  ––
2328
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9R1tqlt2h_k92sud_1so.tmp
––
MD5:  ––
SHA256:  ––
2328
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9R3tbzzd_k92suc_1so.tmp
––
MD5:  ––
SHA256:  ––
2328
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9R1273myi_k92sua_1so.tmp
––
MD5:  ––
SHA256:  ––
2328
AcroRd32.exe
C:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9Rbgislo_k92sub_1so.tmp
––
MD5:  ––
SHA256:  ––
2328
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: c60df63d64af4dee3a7f3b84b13a65e2
SHA256: 937b18db5d65c966a5d0db76d49f8f27fb879024f56c80d65795a043c4200fc2
2328
AcroRd32.exe
C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\UserCache.bin
binary
MD5: 5602d353162b15bd8d4c6a961134a783
SHA256: 79c09151ec40b407ac8507024fe502199b19d13e2b25efce802b3cf91ec585ea
3388
AcroRd32.exe
C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt15.lst
ps
MD5: 0d5624abbf1c79aec38cbe52b56038b4
SHA256: ab5a46ba09f515e56892c0270d67eed215e56e43557b83a2ce295f2ed87d09d6
2328
AcroRd32.exe
C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.2328
––
MD5:  ––
SHA256:  ––
3388
AcroRd32.exe
C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt15.lst
ps
MD5: 25e48f152f9db94dd9aae6c296e3c98d
SHA256: a26c91de905ebb8932ca931dbb68d589d058e7dedffad02039fc8740e9e7beb5
3388
AcroRd32.exe
C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt15.lst
ps
MD5: 76c993d6e29fbe12da4525151364653b
SHA256: f1cbecc2d9952366ce231e4b651ec8354c17288aeb1908b4a01b6e5a29f6270e
2328
AcroRd32.exe
C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.2328
––
MD5:  ––
SHA256:  ––
2328
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: b93b145fe0eb9ccadf3b49905c4a0ae2
SHA256: 8928b58dc44f172b2bea427a12bc8aa05e44873e6425a6fe6f302964c5a59822
2328
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 37a0303191a90de5742ddb378fb281bc
SHA256: e42fdb7cb9817206fab71f933a2a5eafcb3668eccc20d9883badafdcfb083403
2328
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 26a8885ce9b1e03aac7d6ae6e1343801
SHA256: 37dd44e1ab880b4baefc5abf97b1e24444fe8a3d880a245199ae16e7a520c5a8
2328
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: eab71718813cfe89151bbfdc77f7a471
SHA256: cb34a1f8ae424cd9d25fc4a2081ad0f8a5943a027ec5e30d7a02f5bd56ec80a0
2328
AcroRd32.exe
C:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
sqlite
MD5: 0b8bdbb076b08e5036ed7e9d59564860
SHA256: 60e1fe70c2c455f22d9be3e19cab4ff36c4d12d92b5058ee5ce71a8c8373e3eb
3876
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5H4WJ0FS\api[1].js
text
MD5: 0499a461abcee83fba3d271e14ff3149
SHA256: 8fb625fde358f171b9d5d7db7d17b5b82638cea25ab08e3b6da80e3343eddacc

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
19
TCP/UDP connections
18
DNS requests
8
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3388 AcroRd32.exe GET 304 2.21.34.27:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/277_15_23_20070.zip FR
––
––
whitelisted
3388 AcroRd32.exe GET 304 2.21.34.27:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/278_15_23_20070.zip FR
––
––
whitelisted
3388 AcroRd32.exe GET 304 2.21.34.27:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/281_15_23_20070.zip FR
––
––
whitelisted
3388 AcroRd32.exe GET 304 2.21.34.27:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/280_15_23_20070.zip FR
––
––
whitelisted
3388 AcroRd32.exe GET 304 2.21.34.27:80 http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/message.zip FR
––
––
whitelisted
2196 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3876 iexplore.exe GET 301 91.224.140.71:80 http://gg.gg/pericolospalotes NL
––
––
malicious
3876 iexplore.exe GET 403 104.28.2.56:80 http://norefs.com/https://files.fm/down.php?truemimetype=1&i=7y7z32df US
html
unknown
3876 iexplore.exe GET 200 104.28.2.56:80 http://norefs.com/cdn-cgi/styles/cf.errors.css US
text
unknown
3876 iexplore.exe GET 200 104.28.2.56:80 http://norefs.com/cdn-cgi/styles/cf.errors.ie.css US
text
unknown
3876 iexplore.exe GET 200 104.28.2.56:80 http://norefs.com/cdn-cgi/scripts/cf.challenge.js US
text
unknown
3876 iexplore.exe GET 200 104.28.2.56:80 http://norefs.com/cdn-cgi/styles/fonts/opensans-300.eot US
eot
unknown
3876 iexplore.exe GET 200 104.28.2.56:80 http://norefs.com/cdn-cgi/styles/fonts/opensans-400.eot US
eot
unknown
3876 iexplore.exe GET 200 104.28.2.56:80 http://norefs.com/cdn-cgi/styles/fonts/opensans-700.eot US
eot
unknown
3876 iexplore.exe GET 200 104.28.2.56:80 http://norefs.com/cdn-cgi/styles/fonts/opensans-400i.eot US
eot
unknown
3876 iexplore.exe GET 200 104.28.2.56:80 http://norefs.com/cdn-cgi/styles/fonts/opensans-300i.eot US
eot
unknown
3876 iexplore.exe GET 200 104.28.2.56:80 http://norefs.com/cdn-cgi/styles/fonts/opensans-600.eot US
eot
unknown
3876 iexplore.exe GET 200 104.28.2.56:80 http://norefs.com/cdn-cgi/images/browser-bar.png?1376755637 US
image
unknown
3876 iexplore.exe GET 200 104.28.2.56:80 http://norefs.com/cdn-cgi/images/error_icons.png US
image
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3388 AcroRd32.exe 2.21.34.27:80 GTT Communications Inc. FR unknown
3388 AcroRd32.exe 92.123.109.74:443 Akamai Technologies, Inc. –– unknown
–– –– 92.123.109.74:443 Akamai Technologies, Inc. –– unknown
1464 AdobeARM.exe 92.123.109.74:443 Akamai Technologies, Inc. –– unknown
–– –– 23.56.184.217:443 Akamai International B.V. NL whitelisted
2196 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3876 iexplore.exe 91.224.140.71:80 Innovation IT Solutions LTD NL suspicious
3876 iexplore.exe 104.28.2.56:80 Cloudflare Inc US unknown
3876 iexplore.exe 172.217.18.196:443 Google Inc. US whitelisted
3876 iexplore.exe 216.58.213.131:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
acroipm2.adobe.com 2.21.34.27
whitelisted
armmf.adobe.com 92.123.109.74
whitelisted
ardownload2.adobe.com 23.56.184.217
whitelisted
www.bing.com 204.79.197.200
whitelisted
gg.gg 91.224.140.71
malicious
norefs.com 104.28.2.56
unknown
www.google.com 172.217.18.196
whitelisted
www.gstatic.com 216.58.213.131
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.