Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 05:54 UTC
Behavioral task
behavioral1
Sample
1077585519b7ea6a3d14262a7acb40cc.pdf
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1077585519b7ea6a3d14262a7acb40cc.pdf
Resource
win10v2004-20231215-en
General
-
Target
1077585519b7ea6a3d14262a7acb40cc.pdf
-
Size
89KB
-
MD5
1077585519b7ea6a3d14262a7acb40cc
-
SHA1
8af72572392bb98100f1e6e3cd409d73d46d5ba5
-
SHA256
feec538393ca5e7d297a17ca94943291629c2481335e90da9f2de2b9d300ad09
-
SHA512
9a21ed5bf2e2364e5584e6533f76ed5fa883a73cda612f2e765505b58b2ae453f5553d07742cc43dc0c1eab85357de7844158fe82b5aa1c04dce1b1e890db9fd
-
SSDEEP
1536:HZ6I3LqY6GVhKmPloPHpUfvzpW3V7AWWMBLEP2liWXpO/EWV/284obLsYbLXo:5h3LqO8mSfpaWDWMBVS/t1LsYQ
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4524 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe 4524 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4524 wrote to memory of 4828 4524 AcroRd32.exe 90 PID 4524 wrote to memory of 4828 4524 AcroRd32.exe 90 PID 4524 wrote to memory of 4828 4524 AcroRd32.exe 90 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3940 4828 RdrCEF.exe 91 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92 PID 4828 wrote to memory of 3500 4828 RdrCEF.exe 92
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1077585519b7ea6a3d14262a7acb40cc.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4524 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:4828 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D7851AF76CF2458716597726D34F72A8 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3940
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=626AAEDE04259791420CEA7153BE5A3C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=626AAEDE04259791420CEA7153BE5A3C --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:13⤵PID:3500
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F09AB2744205ED817226765887BC5F71 --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3648
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=789C7991B81D130B33F0066563C3B9EB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=789C7991B81D130B33F0066563C3B9EB --renderer-client-id=5 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job /prefetch:13⤵PID:1436
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0A033FBA5633ED93B45CB455E754D8F6 --mojo-platform-channel-handle=2556 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2940
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F01AA3481119A1E1CC892AEE7FFD821F --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1052
-
-
Network
-
Remote address:8.8.8.8:53Request84.177.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request0.205.248.87.in-addr.arpaIN PTRResponse0.205.248.87.in-addr.arpaIN PTRhttps-87-248-205-0lgwllnwnet
-
Remote address:8.8.8.8:53Request158.240.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request135.240.123.92.in-addr.arpaIN PTRResponse135.240.123.92.in-addr.arpaIN PTRa92-123-240-135deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request211.135.221.88.in-addr.arpaIN PTRResponse211.135.221.88.in-addr.arpaIN PTRa88-221-135-211deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request211.135.221.88.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request211.135.221.88.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.134.221.88.in-addr.arpaIN PTRResponse18.134.221.88.in-addr.arpaIN PTRa88-221-134-18deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request41.110.16.96.in-addr.arpaIN PTRResponse41.110.16.96.in-addr.arpaIN PTRa96-16-110-41deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request55.36.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301017_1IPT7UEBZFHNX407G&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301017_1IPT7UEBZFHNX407G&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 275807
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B3D6BA0318E449429C9134CBF3C2FCD7 Ref B: LON04EDGE1019 Ref C: 2024-01-01T03:13:18Z
date: Mon, 01 Jan 2024 03:13:18 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317300926_1VTZCQ3RYKOOL9YNI&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317300926_1VTZCQ3RYKOOL9YNI&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 241751
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 033F8CCA121640B4B9C69ED37F36D910 Ref B: LON04EDGE1019 Ref C: 2024-01-01T03:13:18Z
date: Mon, 01 Jan 2024 03:13:18 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301450_10IM7717UPOCUEQIR&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301450_10IM7717UPOCUEQIR&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 223645
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9CE274E29BCD48BB9C7CEBDA07CF9172 Ref B: LON04EDGE1019 Ref C: 2024-01-01T03:13:19Z
date: Mon, 01 Jan 2024 03:13:18 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301359_1MPAZ60VREACMMWNW&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301359_1MPAZ60VREACMMWNW&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 396370
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 917E5CDA480E4E7B8FB794B66E50035D Ref B: LON04EDGE1019 Ref C: 2024-01-01T03:13:19Z
date: Mon, 01 Jan 2024 03:13:18 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301197_13N2PI9RULA3OK907&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301197_13N2PI9RULA3OK907&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 183080
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8FA4C2D3815F4882AFFE10912CF3E021 Ref B: LON04EDGE1019 Ref C: 2024-01-01T03:13:19Z
date: Mon, 01 Jan 2024 03:13:19 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301606_1T3TGU025891179QA&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301606_1T3TGU025891179QA&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 200904
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EE016158315C4B679004FFD72A43EDA6 Ref B: LON04EDGE1019 Ref C: 2024-01-01T03:13:57Z
date: Mon, 01 Jan 2024 03:13:57 GMT
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request104.241.123.92.in-addr.arpaIN PTRResponse104.241.123.92.in-addr.arpaIN PTRa92-123-241-104deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request119.110.54.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request119.110.54.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request0.204.248.87.in-addr.arpaIN PTRResponse0.204.248.87.in-addr.arpaIN PTRhttps-87-248-204-0lhrllnwnet
-
Remote address:8.8.8.8:53Request32.134.221.88.in-addr.arpaIN PTRResponse32.134.221.88.in-addr.arpaIN PTRa88-221-134-32deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request32.134.221.88.in-addr.arpaIN PTRResponse32.134.221.88.in-addr.arpaIN PTRa88-221-134-32deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request11.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request11.227.111.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request176.178.17.96.in-addr.arpaIN PTRResponse176.178.17.96.in-addr.arpaIN PTRa96-17-178-176deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request176.178.17.96.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request176.178.17.96.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request85.65.42.20.in-addr.arpaIN PTRResponse
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317301606_1T3TGU025891179QA&pid=21.2&w=1080&h=1920&c=4tls, http259.1kB 1.7MB 1231 1224
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301017_1IPT7UEBZFHNX407G&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317300926_1VTZCQ3RYKOOL9YNI&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301450_10IM7717UPOCUEQIR&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301359_1MPAZ60VREACMMWNW&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301197_13N2PI9RULA3OK907&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301606_1T3TGU025891179QA&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200 -
1.4kB 8.3kB 17 14
-
1.3kB 8.3kB 17 14
-
1.4kB 8.3kB 17 14
-
1.6kB 10.5kB 18 13
-
72 B 158 B 1 1
DNS Request
84.177.190.20.in-addr.arpa
-
71 B 116 B 1 1
DNS Request
0.205.248.87.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
158.240.127.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
26.35.223.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
135.240.123.92.in-addr.arpa
-
219 B 139 B 3 1
DNS Request
211.135.221.88.in-addr.arpa
DNS Request
211.135.221.88.in-addr.arpa
DNS Request
211.135.221.88.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
26.165.165.52.in-addr.arpa
-
144 B 146 B 2 1
DNS Request
15.164.165.52.in-addr.arpa
DNS Request
15.164.165.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
241.154.82.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
18.134.221.88.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
41.110.16.96.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
55.36.223.20.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
104.241.123.92.in-addr.arpa
-
144 B 316 B 2 2
DNS Request
119.110.54.20.in-addr.arpa
DNS Request
119.110.54.20.in-addr.arpa
-
71 B 116 B 1 1
DNS Request
0.204.248.87.in-addr.arpa
-
144 B 274 B 2 2
DNS Request
32.134.221.88.in-addr.arpa
DNS Request
32.134.221.88.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
11.227.111.52.in-addr.arpa
DNS Request
11.227.111.52.in-addr.arpa
-
216 B 137 B 3 1
DNS Request
176.178.17.96.in-addr.arpa
DNS Request
176.178.17.96.in-addr.arpa
DNS Request
176.178.17.96.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
85.65.42.20.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD56ad0acb738c29e2d008dcb13272b226b
SHA176b1e7ce5dd38a36222811d141dd0e777a7ff0e2
SHA256b6533ba893d845e677f3bde3bb929cb7f20e6adf5e6fe1e3fa4b7ac3551e0403
SHA512af5912000c5f24af47178a17ea90f7ccbb3e7c720c7a5831e6fcc8fb2fd66fb926bd0bcab4b432d8e73554a222e1a68da977139d43b7e04ce76f228d8007ad4c
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5