Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

086316d55f...75.pdf

windows7-x64

1

086316d55f...75.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 10:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    086316d55fb59dcdf8c3d4822be87675.pdf

  • Size

    76KB

  • MD5

    086316d55fb59dcdf8c3d4822be87675

  • SHA1

    093181f235925fd19bcaa28f0d4a9bcc83df6ccb

  • SHA256

    75ccb759a92d93f62cc60f104879d1451a2beef054b56bbe43d04fd52968c542

  • SHA512

    899453502a4428a7ca78705ab3df87f80403cf90c2ca72031cdaa2aabc5405672d3ba0762e9a43ca9d0ebff10faa667c19a0313a3e10834b8f7cab6951426d1e

  • SSDEEP

    1536:TCXLXiD5xKodOYLOlqCOJS6wMidw+ErWGpOKCWIYOb+v0jMX:WXLSDHKCOYLOs0+iyiKfObmSMX

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\086316d55fb59dcdf8c3d4822be87675.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4900
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1639C90C205CE639F7FE56351A5846DA --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:3504
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7091A3850DF029B9E5BE6ABF8FE007FD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7091A3850DF029B9E5BE6ABF8FE007FD --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:1880
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9CCF70ADB2426160587E31EDAB09CE49 --mojo-platform-channel-handle=2156 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            3⤵
              PID:3300
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8518D5257822DB51226B212857679B82 --mojo-platform-channel-handle=2284 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:3176
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B00BFA73ABA2E4201CEBE8DDF6B61F48 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B00BFA73ABA2E4201CEBE8DDF6B61F48 --renderer-client-id=6 --mojo-platform-channel-handle=2424 --allow-no-sandbox-job /prefetch:1
                3⤵
                  PID:2772
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=19D3ECDEDCBD2A8A5961061B14629BDA --mojo-platform-channel-handle=2548 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:1544

              Network

              • flag-us
                DNS
                g.bing.com
                Remote address:
                8.8.8.8:53
                Request
                g.bing.com
                IN A
                Response
                g.bing.com
                IN CNAME
                g-bing-com.a-0001.a-msedge.net
                g-bing-com.a-0001.a-msedge.net
                IN CNAME
                dual-a-0001.a-msedge.net
                dual-a-0001.a-msedge.net
                IN A
                204.79.197.200
                dual-a-0001.a-msedge.net
                IN A
                13.107.21.200
              • flag-us
                GET
                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=85d21c097d224cb190f9c62906227425&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=
                Remote address:
                204.79.197.200:443
                Request
                GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=85d21c097d224cb190f9c62906227425&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
                host: g.bing.com
                accept-encoding: gzip, deflate
                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                Response
                HTTP/2.0 204
                cache-control: no-cache, must-revalidate
                pragma: no-cache
                expires: Fri, 01 Jan 1990 00:00:00 GMT
                set-cookie: MUID=2A0F136B096866AE1C0B008708D3679C; domain=.bing.com; expires=Sun, 12-Jan-2025 12:16:18 GMT; path=/; SameSite=None; Secure; Priority=High;
                strict-transport-security: max-age=31536000; includeSubDomains; preload
                access-control-allow-origin: *
                x-cache: CONFIG_NOCACHE
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: 691D82E6B62A435389C151179B198B3A Ref B: LON04EDGE0919 Ref C: 2023-12-19T12:16:17Z
                date: Tue, 19 Dec 2023 12:16:18 GMT
              • flag-us
                GET
                https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=85d21c097d224cb190f9c62906227425&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=
                Remote address:
                204.79.197.200:443
                Request
                GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=85d21c097d224cb190f9c62906227425&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
                host: g.bing.com
                accept-encoding: gzip, deflate
                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                cookie: MUID=2A0F136B096866AE1C0B008708D3679C
                Response
                HTTP/2.0 204
                cache-control: no-cache, must-revalidate
                pragma: no-cache
                expires: Fri, 01 Jan 1990 00:00:00 GMT
                set-cookie: MSPTC=QveOf-1SM_732B18UM4aSih9bM0strhh2PFDUz1scfI; domain=.bing.com; expires=Sun, 12-Jan-2025 12:16:18 GMT; path=/; Partitioned; secure; SameSite=None
                strict-transport-security: max-age=31536000; includeSubDomains; preload
                access-control-allow-origin: *
                x-cache: CONFIG_NOCACHE
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: D741B8BE544445BC91F354725F6EFA48 Ref B: LON04EDGE0919 Ref C: 2023-12-19T12:16:18Z
                date: Tue, 19 Dec 2023 12:16:18 GMT
              • flag-us
                GET
                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=85d21c097d224cb190f9c62906227425&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=
                Remote address:
                204.79.197.200:443
                Request
                GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=85d21c097d224cb190f9c62906227425&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid= HTTP/2.0
                host: g.bing.com
                accept-encoding: gzip, deflate
                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                cookie: MUID=2A0F136B096866AE1C0B008708D3679C; MSPTC=QveOf-1SM_732B18UM4aSih9bM0strhh2PFDUz1scfI
                Response
                HTTP/2.0 204
                cache-control: no-cache, must-revalidate
                pragma: no-cache
                expires: Fri, 01 Jan 1990 00:00:00 GMT
                strict-transport-security: max-age=31536000; includeSubDomains; preload
                access-control-allow-origin: *
                x-cache: CONFIG_NOCACHE
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: CB249E5F462542F7889714EBE693DAFF Ref B: LON04EDGE0919 Ref C: 2023-12-19T12:16:18Z
                date: Tue, 19 Dec 2023 12:16:18 GMT
              • flag-us
                DNS
                23.159.190.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                23.159.190.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                178.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                178.178.17.96.in-addr.arpa
                IN PTR
                Response
                178.178.17.96.in-addr.arpa
                IN PTR
                a96-17-178-178deploystaticakamaitechnologiescom
              • flag-us
                DNS
                241.154.82.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                241.154.82.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                200.197.79.204.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                200.197.79.204.in-addr.arpa
                IN PTR
                Response
                200.197.79.204.in-addr.arpa
                IN PTR
                a-0001a-msedgenet
              • flag-us
                DNS
                41.110.16.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                41.110.16.96.in-addr.arpa
                IN PTR
                Response
                41.110.16.96.in-addr.arpa
                IN PTR
                a96-16-110-41deploystaticakamaitechnologiescom
              • flag-us
                DNS
                205.47.74.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                205.47.74.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                95.221.229.192.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                95.221.229.192.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                9.228.82.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                9.228.82.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                135.240.123.92.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                135.240.123.92.in-addr.arpa
                IN PTR
                Response
                135.240.123.92.in-addr.arpa
                IN PTR
                a92-123-240-135deploystaticakamaitechnologiescom
              • flag-us
                DNS
                211.135.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                211.135.221.88.in-addr.arpa
                IN PTR
                Response
                211.135.221.88.in-addr.arpa
                IN PTR
                a88-221-135-211deploystaticakamaitechnologiescom
              • flag-us
                DNS
                183.59.114.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                183.59.114.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                56.126.166.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                56.126.166.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                18.134.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                18.134.221.88.in-addr.arpa
                IN PTR
                Response
                18.134.221.88.in-addr.arpa
                IN PTR
                a88-221-134-18deploystaticakamaitechnologiescom
              • flag-us
                DNS
                81.171.91.138.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                81.171.91.138.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                240.221.184.93.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                240.221.184.93.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                19.229.111.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                19.229.111.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                123.10.44.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                123.10.44.20.in-addr.arpa
                IN PTR
                Response
              • 138.91.171.81:80
                208 B
                 4
              • 204.79.197.200:443
                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=85d21c097d224cb190f9c62906227425&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=
                tls, http2
                2.6kB
                 9.4kB
                 24
                18

                HTTP Request

                GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=85d21c097d224cb190f9c62906227425&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

                HTTP Response

                204

                HTTP Request

                GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=85d21c097d224cb190f9c62906227425&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

                HTTP Response

                204

                HTTP Request

                GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=85d21c097d224cb190f9c62906227425&localId=w:CB46C7AD-3FBE-4EAF-8E4F-46C212B95A7B&deviceId=6896190258833704&anid=

                HTTP Response

                204
              • 8.8.8.8:53
                g.bing.com
                dns
                56 B
                 158 B
                 1
                1

                DNS Request

                g.bing.com

                DNS Response

                204.79.197.200
                13.107.21.200

              • 8.8.8.8:53
                23.159.190.20.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                23.159.190.20.in-addr.arpa

              • 8.8.8.8:53
                178.178.17.96.in-addr.arpa
                dns
                72 B
                 137 B
                 1
                1

                DNS Request

                178.178.17.96.in-addr.arpa

              • 8.8.8.8:53
                241.154.82.20.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                241.154.82.20.in-addr.arpa

              • 8.8.8.8:53
                200.197.79.204.in-addr.arpa
                dns
                73 B
                 106 B
                 1
                1

                DNS Request

                200.197.79.204.in-addr.arpa

              • 8.8.8.8:53
                41.110.16.96.in-addr.arpa
                dns
                71 B
                 135 B
                 1
                1

                DNS Request

                41.110.16.96.in-addr.arpa

              • 8.8.8.8:53
                205.47.74.20.in-addr.arpa
                dns
                71 B
                 157 B
                 1
                1

                DNS Request

                205.47.74.20.in-addr.arpa

              • 8.8.8.8:53
                95.221.229.192.in-addr.arpa
                dns
                73 B
                 144 B
                 1
                1

                DNS Request

                95.221.229.192.in-addr.arpa

              • 8.8.8.8:53
                9.228.82.20.in-addr.arpa
                dns
                70 B
                 156 B
                 1
                1

                DNS Request

                9.228.82.20.in-addr.arpa

              • 8.8.8.8:53
                135.240.123.92.in-addr.arpa
                dns
                73 B
                 139 B
                 1
                1

                DNS Request

                135.240.123.92.in-addr.arpa

              • 8.8.8.8:53
                211.135.221.88.in-addr.arpa
                dns
                73 B
                 139 B
                 1
                1

                DNS Request

                211.135.221.88.in-addr.arpa

              • 8.8.8.8:53
                183.59.114.20.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                183.59.114.20.in-addr.arpa

              • 8.8.8.8:53
                56.126.166.20.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                56.126.166.20.in-addr.arpa

              • 8.8.8.8:53
                18.134.221.88.in-addr.arpa
                dns
                72 B
                 137 B
                 1
                1

                DNS Request

                18.134.221.88.in-addr.arpa

              • 8.8.8.8:53
                81.171.91.138.in-addr.arpa
                dns
                72 B
                 146 B
                 1
                1

                DNS Request

                81.171.91.138.in-addr.arpa

              • 8.8.8.8:53
                240.221.184.93.in-addr.arpa
                dns
                73 B
                 144 B
                 1
                1

                DNS Request

                240.221.184.93.in-addr.arpa

              • 8.8.8.8:53
                19.229.111.52.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                19.229.111.52.in-addr.arpa

              • 8.8.8.8:53
                123.10.44.20.in-addr.arpa
                dns
                71 B
                 145 B
                 1
                1

                DNS Request

                123.10.44.20.in-addr.arpa

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                64KB

                MD5

                e634e3ddcbe3a5db9179ddedaf452dde

                SHA1

                2be8bb177c57643b26bfe53ba9d317505bc28dc7

                SHA256

                cf225071e21f991d1bef1cba5535f7828f8c07b149203bee118b084cd516465d

                SHA512

                5070c1c72430e3f78f9709400e81c6956ba9fe10ed2a709d0e6ab8cf5831f49906ea8569d095cc1a9178e2d70b85f5aa7b05a11b9274259ea779409e7b1e7daa

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                36KB

                MD5

                b30d3becc8731792523d599d949e63f5

                SHA1

                19350257e42d7aee17fb3bf139a9d3adb330fad4

                SHA256

                b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                SHA512

                523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                56KB

                MD5

                752a1f26b18748311b691c7d8fc20633

                SHA1

                c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                SHA256

                111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                SHA512

                a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                Download Submit

              We care about your privacy.

              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.