File name:

N. 490.349 N. 491.189.zip

Full analysis: https://app.any.run/tasks/43cee062-8f3a-4a3a-998b-1d24f67d7d3a
Verdict: Malicious activity
Analysis date: July 12, 2020, 08:13:20
OS: Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
Tags:
trojan
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

2A245C0245809F4A33B5AAC894070519

SHA1:

C27F2ED5029418C7F786640FB929460B9F931671

SHA256:

FB7E8A99CF8CB30F829DB0794042232ACFE7324722CBEA89BA8B77CE2DCF1CAA

SSDEEP:

12288:5swwMW9MrSXLFCwBFzUojVHdSAZ1skrCgU8eq5cIkR9GB9PvBpIwP4NK+RTSFoFA:Hwg+XLtBFzUCVHdIkrCgU85BqGBWk4Nc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • DOC-2020-05-15T092742.441.exe (PID: 3040)
    • Loads dropped or rewritten executable

      • DOC-2020-05-15T092742.441.exe (PID: 3040)
  • SUSPICIOUS

    • Reads the machine GUID from the registry

      • WinRAR.exe (PID: 2964)
    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2964)
  • INFO

    • Manual execution by user

      • DOC-2020-05-15T092742.441.exe (PID: 3040)
    • Application launched itself

      • AcroRd32.exe (PID: 2932)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: DOC-2020-05-15T092742.441/
ZipUncompressedSize: 0
ZipCompressedSize: 0
ZipCRC: 0x00000000
ZipModifyDate: 2020:05:18 14:49:00
ZipCompression: None
ZipBitFlag: 0
ZipRequiredVersion: 10
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe doc-2020-05-15t092742.441.exe acrord32.exe no specs acrord32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2964"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\N. 490.349 N. 491.189.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
3040"C:\Users\admin\Desktop\DOC-2020-05-15T092742.441\DOC-2020-05-15T092742.441.exe" C:\Users\admin\Desktop\DOC-2020-05-15T092742.441\DOC-2020-05-15T092742.441.exe
explorer.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Reader 9.0
Version:
9.0.0.2008061200
2932"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\Desktop\DOC-2020-05-15T092742.441\DOC-2020-05-15T092742.441.pdf"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeDOC-2020-05-15T092742.441.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat Reader DC
Version:
15.7.20033.133275
2752"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --channel=2932.0.637666135 --type=renderer "C:\Users\admin\Desktop\DOC-2020-05-15T092742.441\DOC-2020-05-15T092742.441.pdf"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeAcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat Reader DC
Version:
15.7.20033.133275
Total events
406
Read events
371
Write events
0
Delete events
0

Modification events

No data
Executable files
4
Suspicious files
1
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
3040DOC-2020-05-15T092742.441.exeC:\Users\admin\Desktop\DOC-2020-05-15T092742.441\DOC-2020-05-15T092742.441.pdfpdf
MD5:92C27C5DE0EF3119D447769750496222
SHA256:2BC7ED201C7AF3E57A20EEC4099E242631734FA37B50FA4BCE194751F497F7C8
2964WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2964.48513\DOC-2020-05-15T092742.441\DOC-2020-05-15T092742.441.exeexecutable
MD5:E16DD9FAECA97B4C185426E5672BECBA
SHA256:C21BFC263890F02763F56B4E9F5CF9113656CF09D7864B53EC2FD2024BDADD60
3040DOC-2020-05-15T092742.441.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDW1XBVN\dis[1].gifhtml
MD5:7BBBF2015E0575388B4F2DE42065F699
SHA256:5882AB797F622B87B4836F71D7EABEEE4D61AFAF65F6CF4118E5985DE11AE029
2964WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2964.48513\DOC000(54)\acrord32.dllexecutable
MD5:F888BB77AF9018A617B8A74D739AC29F
SHA256:1F4C6010859130CE9DF006AA169CE1840624DE8DA5FEE845F209C2A7D6B606A8
2964WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2964.48513\DOC-2020-05-15T092742.441\acrord32.dllexecutable
MD5:6060F7DC35C4D43728D5CA5286327C01
SHA256:8A07C265A20279D4B60DA2CC26F2BB041730C90C6D3ECA64A8DD9F4A032D85D3
2964WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2964.48513\DOC000(54)\DOC000(54).exeexecutable
MD5:E16DD9FAECA97B4C185426E5672BECBA
SHA256:C21BFC263890F02763F56B4E9F5CF9113656CF09D7864B53EC2FD2024BDADD60
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
124
TCP/UDP connections
105
DNS requests
11
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3040
DOC-2020-05-15T092742.441.exe
GET
200
167.88.180.198:80
http://167.88.180.198/dis.dat
CA
html
89 b
malicious
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
GET
200
167.88.180.198:80
http://167.88.180.198/dis.dat
CA
html
89 b
malicious
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
GET
304
2.16.177.91:80
http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/278.zip
unknown
whitelisted
GET
304
2.16.177.91:80
http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/281.zip
unknown
whitelisted
GET
304
2.16.177.91:80
http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/277.zip
unknown
whitelisted
GET
304
2.16.177.91:80
http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/280.zip
unknown
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
GET
200
2.16.177.91:80
http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/message.zip
unknown
compressed
9.54 Kb
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
HEAD
200
2.16.177.113:80
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1502320070/AcroRdrDCUpd1502320070_MUI.msp
unknown
whitelisted
GET
206
2.16.177.113:80
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1502320070/AcroRdrDCUpd1502320070_MUI.msp
unknown
binary
10.2 Kb
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
GET
206
2.16.177.113:80
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1502320070/AcroRdrDCUpd1502320070_MUI.msp
unknown
binary
7.40 Kb
whitelisted
GET
206
2.16.177.113:80
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1502320070/AcroRdrDCUpd1502320070_MUI.msp
unknown
binary
4.70 Kb
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.7.9.69:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
GET
206
2.16.177.113:80
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1502320070/AcroRdrDCUpd1502320070_MUI.msp
unknown
binary
21.4 Kb
whitelisted
GET
206
2.16.177.113:80
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1502320070/AcroRdrDCUpd1502320070_MUI.msp
unknown
abr
10.2 Kb
whitelisted
GET
206
2.16.177.113:80
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1502320070/AcroRdrDCUpd1502320070_MUI.msp
unknown
mp3
43.9 Kb
whitelisted
GET
206
2.16.177.113:80
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1502320070/AcroRdrDCUpd1502320070_MUI.msp
unknown
atn
88.9 Kb
whitelisted
GET
206
2.16.177.113:80
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1502320070/AcroRdrDCUpd1502320070_MUI.msp
unknown
binary
178 Kb
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
GET
206
2.16.177.113:80
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1502320070/AcroRdrDCUpd1502320070_MUI.msp
unknown
binary
718 Kb
whitelisted
GET
206
2.16.177.113:80
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1502320070/AcroRdrDCUpd1502320070_MUI.msp
unknown
binary
358 Kb
whitelisted
GET
206
2.16.177.113:80
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1502320070/AcroRdrDCUpd1502320070_MUI.msp
unknown
binary
1.41 Mb
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
GET
206
2.16.177.113:80
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1502320070/AcroRdrDCUpd1502320070_MUI.msp
unknown
binary
5.62 Mb
whitelisted
GET
206
2.16.177.113:80
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1502320070/AcroRdrDCUpd1502320070_MUI.msp
unknown
binary
11.2 Mb
whitelisted
GET
206
2.16.177.113:80
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1502320070/AcroRdrDCUpd1502320070_MUI.msp
unknown
binary
2.81 Mb
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
GET
206
2.16.177.113:80
http://ardownload.adobe.com/pub/adobe/reader/win/AcrobatDC/1502320070/AcroRdrDCUpd1502320070_MUI.msp
unknown
binary
18.7 Mb
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.44.210.24:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.44.210.24:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.224.183.8:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.44.210.24:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.44.210.24:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.44.210.24:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.44.210.24:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.44.210.24:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.44.210.24:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.44.210.24:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.44.210.24:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
3.226.128.10:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.44.210.24:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
3.226.128.10:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
3.226.128.10:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.44.210.24:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
3.226.128.10:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
3.226.128.10:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
3.226.128.10:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
3.226.128.10:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
3.226.128.10:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
3.226.128.10:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.202.87.85:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.202.87.85:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.202.87.85:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.202.87.85:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.202.87.85:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
34.202.87.85:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.73.1.97:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.73.1.97:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.73.1.97:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.73.1.97:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.73.1.97:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.73.1.97:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.73.1.97:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.73.1.97:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.73.1.97:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
3040
DOC-2020-05-15T092742.441.exe
GET
404
52.73.1.97:443
https://cloud.acrobat.com/appmeasurement.js
US
text
66 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3040
DOC-2020-05-15T092742.441.exe
167.88.180.198:80
CA
malicious
167.88.180.198:80
CA
malicious
2.16.177.91:80
acroipm2.adobe.com
Akamai International B.V.
whitelisted
52.7.9.69:443
cloud.acrobat.com
Amazon.com, Inc.
US
unknown
2.18.233.74:443
armmf.adobe.com
Akamai International B.V.
whitelisted
2.16.177.113:80
ardownload.adobe.com
Akamai International B.V.
suspicious
34.224.183.8:443
cloud.acrobat.com
Amazon.com, Inc.
US
unknown
3.226.128.10:443
cloud.acrobat.com
US
unknown
34.202.87.85:443
cloud.acrobat.com
Amazon.com, Inc.
US
unknown
52.73.1.97:443
cloud.acrobat.com
Amazon.com, Inc.
US
unknown

DNS requests

Domain
IP
Reputation
cloud.acrobat.com
  • 52.7.9.69
  • 18.214.119.207
  • 34.226.158.12
  • 34.233.62.27
  • 34.202.87.85
  • 34.204.131.124
  • 52.73.1.97
  • 3.226.128.10
  • 34.224.183.8
  • 34.199.147.197
  • 3.92.230.82
  • 3.217.245.43
  • 52.22.230.93
  • 52.44.210.24
  • 3.218.27.162
  • 52.23.117.214
  • 52.3.63.148
  • 52.45.86.89
  • 54.152.49.194
  • 54.165.145.36
  • 34.236.72.146
  • 34.197.30.181
  • 3.223.252.77
  • 52.206.37.116
  • 54.156.244.56
  • 3.232.170.116
  • 52.86.78.194
  • 34.232.49.24
whitelisted
acroipm2.adobe.com
  • 2.16.177.91
  • 2.16.177.50
whitelisted
armmf.adobe.com
  • 2.18.233.74
whitelisted
ardownload.adobe.com
  • 2.16.177.113
  • 2.16.177.114
whitelisted

Threats

PID
Process
Class
Message
3040
DOC-2020-05-15T092742.441.exe
A Network Trojan was detected
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
3040
DOC-2020-05-15T092742.441.exe
A Network Trojan was detected
ET TROJAN Request for Malicious .dat File
A Network Trojan was detected
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
A Network Trojan was detected
ET TROJAN Request for Malicious .dat File
No debug info