Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

6

139b070003...6d.pdf

windows7-x64

1

139b070003...6d.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 21:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    139b070003d5dae0b080f9e45b17946d.pdf

  • Size

    40KB

  • MD5

    139b070003d5dae0b080f9e45b17946d

  • SHA1

    1280945944de7d678a6b70db7688112af45336c4

  • SHA256

    3f6a528856438628fed777c3f76209f68a9b86c2c277b1b562030a41ad4b14a8

  • SHA512

    490b859c2a38e742eb029c7bea303be8975a13b96eaaf98223f57361320fdaf943f54cc8ddc5131fccc7eb040d0d321e7ddfee2ad9673ed17a3cf0e9a23f3ae2

  • SSDEEP

    768:Lan9igM4gG4mqvznRz0Q+uAm9oQ7IvOFIl4wZDqa/waxBB5pxKs:LMRd4DvZLxHImYWWbxp4s

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\139b070003d5dae0b080f9e45b17946d.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4812
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2260
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=91E246653404CB79F44FFC544ACA23DB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=91E246653404CB79F44FFC544ACA23DB --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
        3⤵
          PID:4500
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C347D02275FEF07A60D7E3175553A863 --mojo-platform-channel-handle=1712 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
          3⤵
            PID:3972
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=918537812AE03BDD98DA195CFEB84515 --mojo-platform-channel-handle=2268 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            3⤵
              PID:4572
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C17D6073720788D49C8B13173CE821F9 --mojo-platform-channel-handle=1932 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:1428
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=68C37DB20859DFA4C54C9B133460A147 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:3500

            Network

            • flag-us
              DNS
              2.159.190.20.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              2.159.190.20.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              2.159.190.20.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              2.159.190.20.in-addr.arpa
              IN PTR
            • flag-us
              DNS
              2.159.190.20.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              2.159.190.20.in-addr.arpa
              IN PTR
            • flag-us
              DNS
              g.bing.com
              Remote address:
              8.8.8.8:53
              Request
              g.bing.com
              IN A
              Response
              g.bing.com
              IN CNAME
              g-bing-com.a-0001.a-msedge.net
              g-bing-com.a-0001.a-msedge.net
              IN CNAME
              dual-a-0001.a-msedge.net
              dual-a-0001.a-msedge.net
              IN A
              204.79.197.200
              dual-a-0001.a-msedge.net
              IN A
              13.107.21.200
            • flag-us
              GET
              https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70c28223420240e890c5f92d824049b3&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=
              Remote address:
              204.79.197.200:443
              Request
              GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70c28223420240e890c5f92d824049b3&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid= HTTP/2.0
              host: g.bing.com
              accept-encoding: gzip, deflate
              user-agent: WindowsShellClient/9.0.40929.0 (Windows)
              Response
              HTTP/2.0 204
              cache-control: no-cache, must-revalidate
              pragma: no-cache
              expires: Fri, 01 Jan 1990 00:00:00 GMT
              set-cookie: MUID=2EB4F18FB9D862540B27E27DB838631C; domain=.bing.com; expires=Sat, 18-Jan-2025 03:12:23 GMT; path=/; SameSite=None; Secure; Priority=High;
              strict-transport-security: max-age=31536000; includeSubDomains; preload
              access-control-allow-origin: *
              x-cache: CONFIG_NOCACHE
              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
              x-msedge-ref: Ref A: 5D0470B180E24EACA2B3E4DDF28FE39A Ref B: LON04EDGE1218 Ref C: 2023-12-25T03:12:23Z
              date: Mon, 25 Dec 2023 03:12:23 GMT
            • flag-us
              GET
              https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=70c28223420240e890c5f92d824049b3&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=
              Remote address:
              204.79.197.200:443
              Request
              GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=70c28223420240e890c5f92d824049b3&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid= HTTP/2.0
              host: g.bing.com
              accept-encoding: gzip, deflate
              user-agent: WindowsShellClient/9.0.40929.0 (Windows)
              cookie: MUID=2EB4F18FB9D862540B27E27DB838631C
              Response
              HTTP/2.0 204
              cache-control: no-cache, must-revalidate
              pragma: no-cache
              expires: Fri, 01 Jan 1990 00:00:00 GMT
              set-cookie: MSPTC=LA3iiifjWcDHB_aJr2DsA6sRMdUk6YzdliYXFYSgDaU; domain=.bing.com; expires=Sat, 18-Jan-2025 03:12:23 GMT; path=/; Partitioned; secure; SameSite=None
              strict-transport-security: max-age=31536000; includeSubDomains; preload
              access-control-allow-origin: *
              x-cache: CONFIG_NOCACHE
              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
              x-msedge-ref: Ref A: 46188C24B8AE47AF87BFFC1CA0327FBC Ref B: LON04EDGE1218 Ref C: 2023-12-25T03:12:23Z
              date: Mon, 25 Dec 2023 03:12:23 GMT
            • flag-us
              GET
              https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70c28223420240e890c5f92d824049b3&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=
              Remote address:
              204.79.197.200:443
              Request
              GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70c28223420240e890c5f92d824049b3&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid= HTTP/2.0
              host: g.bing.com
              accept-encoding: gzip, deflate
              user-agent: WindowsShellClient/9.0.40929.0 (Windows)
              cookie: MUID=2EB4F18FB9D862540B27E27DB838631C; MSPTC=LA3iiifjWcDHB_aJr2DsA6sRMdUk6YzdliYXFYSgDaU
              Response
              HTTP/2.0 204
              cache-control: no-cache, must-revalidate
              pragma: no-cache
              expires: Fri, 01 Jan 1990 00:00:00 GMT
              strict-transport-security: max-age=31536000; includeSubDomains; preload
              access-control-allow-origin: *
              x-cache: CONFIG_NOCACHE
              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
              x-msedge-ref: Ref A: 059A9A3D53B445A09C4AABE3C79FA63A Ref B: LON04EDGE1218 Ref C: 2023-12-25T03:12:25Z
              date: Mon, 25 Dec 2023 03:12:25 GMT
            • flag-us
              DNS
              0.204.248.87.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              0.204.248.87.in-addr.arpa
              IN PTR
              Response
              0.204.248.87.in-addr.arpa
              IN PTR
              https-87-248-204-0lhrllnwnet
            • flag-us
              DNS
              0.204.248.87.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              0.204.248.87.in-addr.arpa
              IN PTR
            • flag-us
              DNS
              146.78.124.51.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              146.78.124.51.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              146.78.124.51.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              146.78.124.51.in-addr.arpa
              IN PTR
            • flag-us
              DNS
              2.136.104.51.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              2.136.104.51.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              241.154.82.20.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              241.154.82.20.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              26.165.165.52.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              26.165.165.52.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              43.58.199.20.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              43.58.199.20.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              135.240.123.92.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              135.240.123.92.in-addr.arpa
              IN PTR
              Response
              135.240.123.92.in-addr.arpa
              IN PTR
              a92-123-240-135deploystaticakamaitechnologiescom
            • flag-us
              DNS
              208.194.73.20.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              208.194.73.20.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              41.110.16.96.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              41.110.16.96.in-addr.arpa
              IN PTR
              Response
              41.110.16.96.in-addr.arpa
              IN PTR
              a96-16-110-41deploystaticakamaitechnologiescom
            • flag-us
              DNS
              32.134.221.88.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              32.134.221.88.in-addr.arpa
              IN PTR
              Response
              32.134.221.88.in-addr.arpa
              IN PTR
              a88-221-134-32deploystaticakamaitechnologiescom
            • flag-us
              DNS
              59.128.231.4.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              59.128.231.4.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              206.23.85.13.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              206.23.85.13.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              217.135.221.88.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              217.135.221.88.in-addr.arpa
              IN PTR
              Response
              217.135.221.88.in-addr.arpa
              IN PTR
              a88-221-135-217deploystaticakamaitechnologiescom
            • flag-us
              DNS
              180.178.17.96.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              180.178.17.96.in-addr.arpa
              IN PTR
              Response
              180.178.17.96.in-addr.arpa
              IN PTR
              a96-17-178-180deploystaticakamaitechnologiescom
            • flag-us
              DNS
              11.227.111.52.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              11.227.111.52.in-addr.arpa
              IN PTR
              Response
            • flag-us
              DNS
              tse1.mm.bing.net
              Remote address:
              8.8.8.8:53
              Request
              tse1.mm.bing.net
              IN A
              Response
              tse1.mm.bing.net
              IN CNAME
              mm-mm.bing.net.trafficmanager.net
              mm-mm.bing.net.trafficmanager.net
              IN CNAME
              dual-a-0001.a-msedge.net
              dual-a-0001.a-msedge.net
              IN A
              204.79.197.200
              dual-a-0001.a-msedge.net
              IN A
              13.107.21.200
            • flag-us
              DNS
              tse1.mm.bing.net
              Remote address:
              8.8.8.8:53
              Request
              tse1.mm.bing.net
              IN A
            • flag-us
              DNS
              55.36.223.20.in-addr.arpa
              Remote address:
              8.8.8.8:53
              Request
              55.36.223.20.in-addr.arpa
              IN PTR
              Response
            • flag-us
              GET
              https://tse1.mm.bing.net/th?id=OADD2.10239317301321_1WU4KPMKVNBS4UXRB&pid=21.2&w=1920&h=1080&c=4
              Remote address:
              204.79.197.200:443
              Request
              GET /th?id=OADD2.10239317301321_1WU4KPMKVNBS4UXRB&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
              host: tse1.mm.bing.net
              accept: */*
              accept-encoding: gzip, deflate, br
              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
              Response
              HTTP/2.0 200
              cache-control: public, max-age=2592000
              content-length: 291493
              content-type: image/jpeg
              x-cache: TCP_HIT
              access-control-allow-origin: *
              access-control-allow-headers: *
              access-control-allow-methods: GET, POST, OPTIONS
              timing-allow-origin: *
              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
              x-msedge-ref: Ref A: 815CF487E8394B409972AA79A87B6584 Ref B: LON04EDGE1108 Ref C: 2023-12-25T03:14:02Z
              date: Mon, 25 Dec 2023 03:14:02 GMT
            • flag-us
              GET
              https://tse1.mm.bing.net/th?id=OADD2.10239317300953_1D5LV5AQACOXD14DO&pid=21.2&w=1920&h=1080&c=4
              Remote address:
              204.79.197.200:443
              Request
              GET /th?id=OADD2.10239317300953_1D5LV5AQACOXD14DO&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
              host: tse1.mm.bing.net
              accept: */*
              accept-encoding: gzip, deflate, br
              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
              Response
              HTTP/2.0 200
              cache-control: public, max-age=2592000
              content-length: 260013
              content-type: image/jpeg
              x-cache: TCP_HIT
              access-control-allow-origin: *
              access-control-allow-headers: *
              access-control-allow-methods: GET, POST, OPTIONS
              timing-allow-origin: *
              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
              x-msedge-ref: Ref A: 7AA0A118087142888960832464E169C0 Ref B: LON04EDGE1108 Ref C: 2023-12-25T03:14:02Z
              date: Mon, 25 Dec 2023 03:14:02 GMT
            • flag-us
              GET
              https://tse1.mm.bing.net/th?id=OADD2.10239317300928_17TNF1GROQEVAAS47&pid=21.2&w=1920&h=1080&c=4
              Remote address:
              204.79.197.200:443
              Request
              GET /th?id=OADD2.10239317300928_17TNF1GROQEVAAS47&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
              host: tse1.mm.bing.net
              accept: */*
              accept-encoding: gzip, deflate, br
              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
              Response
              HTTP/2.0 200
              cache-control: public, max-age=2592000
              content-length: 321928
              content-type: image/jpeg
              x-cache: TCP_HIT
              access-control-allow-origin: *
              access-control-allow-headers: *
              access-control-allow-methods: GET, POST, OPTIONS
              timing-allow-origin: *
              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
              x-msedge-ref: Ref A: 3FFDD7B192FE4F008C988D1FEB0264AF Ref B: LON04EDGE1108 Ref C: 2023-12-25T03:14:02Z
              date: Mon, 25 Dec 2023 03:14:02 GMT
            • flag-us
              GET
              https://tse1.mm.bing.net/th?id=OADD2.10239317301386_1ULDF9WY67KMMWR8R&pid=21.2&w=1080&h=1920&c=4
              Remote address:
              204.79.197.200:443
              Request
              GET /th?id=OADD2.10239317301386_1ULDF9WY67KMMWR8R&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
              host: tse1.mm.bing.net
              accept: */*
              accept-encoding: gzip, deflate, br
              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
              Response
              HTTP/2.0 200
              cache-control: public, max-age=2592000
              content-length: 237369
              content-type: image/jpeg
              x-cache: TCP_HIT
              access-control-allow-origin: *
              access-control-allow-headers: *
              access-control-allow-methods: GET, POST, OPTIONS
              timing-allow-origin: *
              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
              x-msedge-ref: Ref A: E394369D798F4BD1932D995D7C69CFB7 Ref B: LON04EDGE1108 Ref C: 2023-12-25T03:14:02Z
              date: Mon, 25 Dec 2023 03:14:02 GMT
            • flag-us
              GET
              https://tse1.mm.bing.net/th?id=OADD2.10239317301730_1ZMY9W34LSLV14AW3&pid=21.2&w=1080&h=1920&c=4
              Remote address:
              204.79.197.200:443
              Request
              GET /th?id=OADD2.10239317301730_1ZMY9W34LSLV14AW3&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
              host: tse1.mm.bing.net
              accept: */*
              accept-encoding: gzip, deflate, br
              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
              Response
              HTTP/2.0 200
              cache-control: public, max-age=2592000
              content-length: 221908
              content-type: image/jpeg
              x-cache: TCP_HIT
              access-control-allow-origin: *
              access-control-allow-headers: *
              access-control-allow-methods: GET, POST, OPTIONS
              timing-allow-origin: *
              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
              x-msedge-ref: Ref A: DC9C6CC2D945437F880232CD69B5870E Ref B: LON04EDGE1108 Ref C: 2023-12-25T03:14:02Z
              date: Mon, 25 Dec 2023 03:14:02 GMT
            • flag-us
              GET
              https://tse1.mm.bing.net/th?id=OADD2.10239317301361_1A941B3C9LQ8KN2OI&pid=21.2&w=1080&h=1920&c=4
              Remote address:
              204.79.197.200:443
              Request
              GET /th?id=OADD2.10239317301361_1A941B3C9LQ8KN2OI&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
              host: tse1.mm.bing.net
              accept: */*
              accept-encoding: gzip, deflate, br
              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
              Response
              HTTP/2.0 200
              cache-control: public, max-age=2592000
              content-length: 294193
              content-type: image/jpeg
              x-cache: TCP_HIT
              access-control-allow-origin: *
              access-control-allow-headers: *
              access-control-allow-methods: GET, POST, OPTIONS
              timing-allow-origin: *
              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
              x-msedge-ref: Ref A: 3BFFC492B8234FC6A8D6EBAC7C8C52C8 Ref B: LON04EDGE1108 Ref C: 2023-12-25T03:14:02Z
              date: Mon, 25 Dec 2023 03:14:02 GMT
            • 204.79.197.200:443
              https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70c28223420240e890c5f92d824049b3&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=
              tls, http2
              2.5kB
               9.9kB
               26
              21

              HTTP Request

              GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70c28223420240e890c5f92d824049b3&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=

              HTTP Response

              204

              HTTP Request

              GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=70c28223420240e890c5f92d824049b3&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=

              HTTP Response

              204

              HTTP Request

              GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=70c28223420240e890c5f92d824049b3&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=

              HTTP Response

              204
            • 52.142.223.178:80
              46 B
               1
            • 204.79.197.200:443
              tse1.mm.bing.net
              tls, http2
              1.2kB
               8.2kB
               16
              13
            • 204.79.197.200:443
              tse1.mm.bing.net
              tls, http2
              1.2kB
               8.3kB
               16
              14
            • 204.79.197.200:443
              tse1.mm.bing.net
              tls, http2
              1.2kB
               8.3kB
               16
              14
            • 204.79.197.200:443
              https://tse1.mm.bing.net/th?id=OADD2.10239317301361_1A941B3C9LQ8KN2OI&pid=21.2&w=1080&h=1920&c=4
              tls, http2
              64.4kB
               1.7MB
               1242
              1237

              HTTP Request

              GET https://tse1.mm.bing.net/th?id=OADD2.10239317301321_1WU4KPMKVNBS4UXRB&pid=21.2&w=1920&h=1080&c=4

              HTTP Request

              GET https://tse1.mm.bing.net/th?id=OADD2.10239317300953_1D5LV5AQACOXD14DO&pid=21.2&w=1920&h=1080&c=4

              HTTP Request

              GET https://tse1.mm.bing.net/th?id=OADD2.10239317300928_17TNF1GROQEVAAS47&pid=21.2&w=1920&h=1080&c=4

              HTTP Request

              GET https://tse1.mm.bing.net/th?id=OADD2.10239317301386_1ULDF9WY67KMMWR8R&pid=21.2&w=1080&h=1920&c=4

              HTTP Request

              GET https://tse1.mm.bing.net/th?id=OADD2.10239317301730_1ZMY9W34LSLV14AW3&pid=21.2&w=1080&h=1920&c=4

              HTTP Response

              200

              HTTP Response

              200

              HTTP Response

              200

              HTTP Response

              200

              HTTP Response

              200

              HTTP Request

              GET https://tse1.mm.bing.net/th?id=OADD2.10239317301361_1A941B3C9LQ8KN2OI&pid=21.2&w=1080&h=1920&c=4

              HTTP Response

              200
            • 204.79.197.200:443
              tse1.mm.bing.net
              tls, http2
              1.2kB
               8.3kB
               16
              14
            • 8.8.8.8:53
              2.159.190.20.in-addr.arpa
              dns
              213 B
               157 B
               3
              1

              DNS Request

              2.159.190.20.in-addr.arpa

              DNS Request

              2.159.190.20.in-addr.arpa

              DNS Request

              2.159.190.20.in-addr.arpa

            • 8.8.8.8:53
              g.bing.com
              dns
              56 B
               158 B
               1
              1

              DNS Request

              g.bing.com

              DNS Response

              204.79.197.200
              13.107.21.200

            • 8.8.8.8:53
              0.204.248.87.in-addr.arpa
              dns
              142 B
               116 B
               2
              1

              DNS Request

              0.204.248.87.in-addr.arpa

              DNS Request

              0.204.248.87.in-addr.arpa

            • 8.8.8.8:53
              146.78.124.51.in-addr.arpa
              dns
              144 B
               158 B
               2
              1

              DNS Request

              146.78.124.51.in-addr.arpa

              DNS Request

              146.78.124.51.in-addr.arpa

            • 8.8.8.8:53
              2.136.104.51.in-addr.arpa
              dns
              71 B
               157 B
               1
              1

              DNS Request

              2.136.104.51.in-addr.arpa

            • 8.8.8.8:53
              241.154.82.20.in-addr.arpa
              dns
              72 B
               158 B
               1
              1

              DNS Request

              241.154.82.20.in-addr.arpa

            • 8.8.8.8:53
              26.165.165.52.in-addr.arpa
              dns
              72 B
               146 B
               1
              1

              DNS Request

              26.165.165.52.in-addr.arpa

            • 8.8.8.8:53
              43.58.199.20.in-addr.arpa
              dns
              71 B
               157 B
               1
              1

              DNS Request

              43.58.199.20.in-addr.arpa

            • 8.8.8.8:53
              135.240.123.92.in-addr.arpa
              dns
              73 B
               139 B
               1
              1

              DNS Request

              135.240.123.92.in-addr.arpa

            • 8.8.8.8:53
              208.194.73.20.in-addr.arpa
              dns
              72 B
               158 B
               1
              1

              DNS Request

              208.194.73.20.in-addr.arpa

            • 8.8.8.8:53
              41.110.16.96.in-addr.arpa
              dns
              71 B
               135 B
               1
              1

              DNS Request

              41.110.16.96.in-addr.arpa

            • 8.8.8.8:53
              32.134.221.88.in-addr.arpa
              dns
              72 B
               137 B
               1
              1

              DNS Request

              32.134.221.88.in-addr.arpa

            • 8.8.8.8:53
              59.128.231.4.in-addr.arpa
              dns
              71 B
               157 B
               1
              1

              DNS Request

              59.128.231.4.in-addr.arpa

            • 8.8.8.8:53
              206.23.85.13.in-addr.arpa
              dns
              71 B
               145 B
               1
              1

              DNS Request

              206.23.85.13.in-addr.arpa

            • 8.8.8.8:53
              217.135.221.88.in-addr.arpa
              dns
              73 B
               139 B
               1
              1

              DNS Request

              217.135.221.88.in-addr.arpa

            • 8.8.8.8:53
              180.178.17.96.in-addr.arpa
              dns
              72 B
               137 B
               1
              1

              DNS Request

              180.178.17.96.in-addr.arpa

            • 8.8.8.8:53
              11.227.111.52.in-addr.arpa
              dns
              72 B
               158 B
               1
              1

              DNS Request

              11.227.111.52.in-addr.arpa

            • 8.8.8.8:53
              tse1.mm.bing.net
              dns
              124 B
               173 B
               2
              1

              DNS Request

              tse1.mm.bing.net

              DNS Request

              tse1.mm.bing.net

              DNS Response

              204.79.197.200
              13.107.21.200

            • 8.8.8.8:53
              55.36.223.20.in-addr.arpa
              dns
              71 B
               157 B
               1
              1

              DNS Request

              55.36.223.20.in-addr.arpa

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
              Filesize

              64KB

              MD5

              211c1920ab788d2609518096e6bf7bc5

              SHA1

              8b561457fa393c352c6e820f418698d985fc47ca

              SHA256

              f66f75ff1def65929678e1efd52d7cf9cb70fdf71f27376b9a444ac181d2f5f6

              SHA512

              667e7316087f5519b27e3cd48509d550042427a5d40e9c4575db46a7851577ae0d329722b2dc6d54c0a0116540a1b202d11408b40c205a5680fbc5cbd77f41aa

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
              Filesize

              56KB

              MD5

              c26ed30e7d5ab440480838636efc41db

              SHA1

              c66e0d00b56abebfb60d2fcc5cf85ad31a0d6591

              SHA256

              6a3c5c4a8e57f77ecc22078fbf603ecc31fb82d429bd87b7b4b9261447092aef

              SHA512

              96cdb78bca3e01d4513c31661987e5646e6a8ff24708918aa0d66dfa3ca5d98af4862c9f38c4f41f933c345d2d3adfb1d34d1430b33f45f916f41a9872a030df

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
              Filesize

              56KB

              MD5

              752a1f26b18748311b691c7d8fc20633

              SHA1

              c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

              SHA256

              111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

              SHA512

              a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

              Download Submit

            We care about your privacy.

            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.