Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    142s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 05:54 UTC

General

  • Target

    1077585519b7ea6a3d14262a7acb40cc.pdf

  • Size

    89KB

  • MD5

    1077585519b7ea6a3d14262a7acb40cc

  • SHA1

    8af72572392bb98100f1e6e3cd409d73d46d5ba5

  • SHA256

    feec538393ca5e7d297a17ca94943291629c2481335e90da9f2de2b9d300ad09

  • SHA512

    9a21ed5bf2e2364e5584e6533f76ed5fa883a73cda612f2e765505b58b2ae453f5553d07742cc43dc0c1eab85357de7844158fe82b5aa1c04dce1b1e890db9fd

  • SSDEEP

    1536:HZ6I3LqY6GVhKmPloPHpUfvzpW3V7AWWMBLEP2liWXpO/EWV/284obLsYbLXo:5h3LqO8mSfpaWDWMBVS/t1LsYQ

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1077585519b7ea6a3d14262a7acb40cc.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4524
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4828
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D7851AF76CF2458716597726D34F72A8 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:3940
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=626AAEDE04259791420CEA7153BE5A3C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=626AAEDE04259791420CEA7153BE5A3C --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:3500
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F09AB2744205ED817226765887BC5F71 --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            3⤵
              PID:3648
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=789C7991B81D130B33F0066563C3B9EB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=789C7991B81D130B33F0066563C3B9EB --renderer-client-id=5 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job /prefetch:1
              3⤵
                PID:1436
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0A033FBA5633ED93B45CB455E754D8F6 --mojo-platform-channel-handle=2556 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:2940
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F01AA3481119A1E1CC892AEE7FFD821F --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:1052

              Network

              • flag-us
                DNS
                84.177.190.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                84.177.190.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                0.205.248.87.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                0.205.248.87.in-addr.arpa
                IN PTR
                Response
                0.205.248.87.in-addr.arpa
                IN PTR
                https-87-248-205-0lgwllnwnet
              • flag-us
                DNS
                158.240.127.40.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                158.240.127.40.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                95.221.229.192.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                95.221.229.192.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                26.35.223.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                26.35.223.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                135.240.123.92.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                135.240.123.92.in-addr.arpa
                IN PTR
                Response
                135.240.123.92.in-addr.arpa
                IN PTR
                a92-123-240-135deploystaticakamaitechnologiescom
              • flag-us
                DNS
                211.135.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                211.135.221.88.in-addr.arpa
                IN PTR
                Response
                211.135.221.88.in-addr.arpa
                IN PTR
                a88-221-135-211deploystaticakamaitechnologiescom
              • flag-us
                DNS
                211.135.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                211.135.221.88.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                211.135.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                211.135.221.88.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                26.165.165.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                26.165.165.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                15.164.165.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                15.164.165.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                15.164.165.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                15.164.165.52.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                241.154.82.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                241.154.82.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                18.134.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                18.134.221.88.in-addr.arpa
                IN PTR
                Response
                18.134.221.88.in-addr.arpa
                IN PTR
                a88-221-134-18deploystaticakamaitechnologiescom
              • flag-us
                DNS
                41.110.16.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                41.110.16.96.in-addr.arpa
                IN PTR
                Response
                41.110.16.96.in-addr.arpa
                IN PTR
                a96-16-110-41deploystaticakamaitechnologiescom
              • flag-us
                DNS
                55.36.223.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                55.36.223.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                tse1.mm.bing.net
                Remote address:
                8.8.8.8:53
                Request
                tse1.mm.bing.net
                IN A
                Response
                tse1.mm.bing.net
                IN CNAME
                mm-mm.bing.net.trafficmanager.net
                mm-mm.bing.net.trafficmanager.net
                IN CNAME
                dual-a-0001.a-msedge.net
                dual-a-0001.a-msedge.net
                IN A
                204.79.197.200
                dual-a-0001.a-msedge.net
                IN A
                13.107.21.200
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239317301017_1IPT7UEBZFHNX407G&pid=21.2&w=1920&h=1080&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239317301017_1IPT7UEBZFHNX407G&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 275807
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: B3D6BA0318E449429C9134CBF3C2FCD7 Ref B: LON04EDGE1019 Ref C: 2024-01-01T03:13:18Z
                date: Mon, 01 Jan 2024 03:13:18 GMT
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239317300926_1VTZCQ3RYKOOL9YNI&pid=21.2&w=1920&h=1080&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239317300926_1VTZCQ3RYKOOL9YNI&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 241751
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: 033F8CCA121640B4B9C69ED37F36D910 Ref B: LON04EDGE1019 Ref C: 2024-01-01T03:13:18Z
                date: Mon, 01 Jan 2024 03:13:18 GMT
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239317301450_10IM7717UPOCUEQIR&pid=21.2&w=1080&h=1920&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239317301450_10IM7717UPOCUEQIR&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 223645
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: 9CE274E29BCD48BB9C7CEBDA07CF9172 Ref B: LON04EDGE1019 Ref C: 2024-01-01T03:13:19Z
                date: Mon, 01 Jan 2024 03:13:18 GMT
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239317301359_1MPAZ60VREACMMWNW&pid=21.2&w=1080&h=1920&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239317301359_1MPAZ60VREACMMWNW&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 396370
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: 917E5CDA480E4E7B8FB794B66E50035D Ref B: LON04EDGE1019 Ref C: 2024-01-01T03:13:19Z
                date: Mon, 01 Jan 2024 03:13:18 GMT
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239317301197_13N2PI9RULA3OK907&pid=21.2&w=1920&h=1080&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239317301197_13N2PI9RULA3OK907&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 183080
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: 8FA4C2D3815F4882AFFE10912CF3E021 Ref B: LON04EDGE1019 Ref C: 2024-01-01T03:13:19Z
                date: Mon, 01 Jan 2024 03:13:19 GMT
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239317301606_1T3TGU025891179QA&pid=21.2&w=1080&h=1920&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239317301606_1T3TGU025891179QA&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 200904
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: EE016158315C4B679004FFD72A43EDA6 Ref B: LON04EDGE1019 Ref C: 2024-01-01T03:13:57Z
                date: Mon, 01 Jan 2024 03:13:57 GMT
              • flag-us
                DNS
                206.23.85.13.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                206.23.85.13.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                104.241.123.92.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                104.241.123.92.in-addr.arpa
                IN PTR
                Response
                104.241.123.92.in-addr.arpa
                IN PTR
                a92-123-241-104deploystaticakamaitechnologiescom
              • flag-us
                DNS
                119.110.54.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                119.110.54.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                119.110.54.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                119.110.54.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                0.204.248.87.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                0.204.248.87.in-addr.arpa
                IN PTR
                Response
                0.204.248.87.in-addr.arpa
                IN PTR
                https-87-248-204-0lhrllnwnet
              • flag-us
                DNS
                32.134.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                32.134.221.88.in-addr.arpa
                IN PTR
                Response
                32.134.221.88.in-addr.arpa
                IN PTR
                a88-221-134-32deploystaticakamaitechnologiescom
              • flag-us
                DNS
                32.134.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                32.134.221.88.in-addr.arpa
                IN PTR
                Response
                32.134.221.88.in-addr.arpa
                IN PTR
                a88-221-134-32deploystaticakamaitechnologiescom
              • flag-us
                DNS
                11.227.111.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                11.227.111.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                11.227.111.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                11.227.111.52.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                176.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                176.178.17.96.in-addr.arpa
                IN PTR
                Response
                176.178.17.96.in-addr.arpa
                IN PTR
                a96-17-178-176deploystaticakamaitechnologiescom
              • flag-us
                DNS
                176.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                176.178.17.96.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                176.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                176.178.17.96.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                85.65.42.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                85.65.42.20.in-addr.arpa
                IN PTR
                Response
              • 204.79.197.200:443
                https://tse1.mm.bing.net/th?id=OADD2.10239317301606_1T3TGU025891179QA&pid=21.2&w=1080&h=1920&c=4
                tls, http2
                59.1kB
                1.7MB
                1231
                1224

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301017_1IPT7UEBZFHNX407G&pid=21.2&w=1920&h=1080&c=4

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239317300926_1VTZCQ3RYKOOL9YNI&pid=21.2&w=1920&h=1080&c=4

                HTTP Response

                200

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301450_10IM7717UPOCUEQIR&pid=21.2&w=1080&h=1920&c=4

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301359_1MPAZ60VREACMMWNW&pid=21.2&w=1080&h=1920&c=4

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301197_13N2PI9RULA3OK907&pid=21.2&w=1920&h=1080&c=4

                HTTP Response

                200

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301606_1T3TGU025891179QA&pid=21.2&w=1080&h=1920&c=4

                HTTP Response

                200

                HTTP Response

                200

                HTTP Response

                200

                HTTP Response

                200
              • 204.79.197.200:443
                tse1.mm.bing.net
                tls, http2
                1.4kB
                8.3kB
                17
                14
              • 204.79.197.200:443
                tse1.mm.bing.net
                tls, http2
                1.3kB
                8.3kB
                17
                14
              • 204.79.197.200:443
                tse1.mm.bing.net
                tls, http2
                1.4kB
                8.3kB
                17
                14
              • 204.79.197.200:443
                tse1.mm.bing.net
                tls, http2
                1.6kB
                10.5kB
                18
                13
              • 8.8.8.8:53
                84.177.190.20.in-addr.arpa
                dns
                72 B
                158 B
                1
                1

                DNS Request

                84.177.190.20.in-addr.arpa

              • 8.8.8.8:53
                0.205.248.87.in-addr.arpa
                dns
                71 B
                116 B
                1
                1

                DNS Request

                0.205.248.87.in-addr.arpa

              • 8.8.8.8:53
                158.240.127.40.in-addr.arpa
                dns
                73 B
                147 B
                1
                1

                DNS Request

                158.240.127.40.in-addr.arpa

              • 8.8.8.8:53
                95.221.229.192.in-addr.arpa
                dns
                73 B
                144 B
                1
                1

                DNS Request

                95.221.229.192.in-addr.arpa

              • 8.8.8.8:53
                26.35.223.20.in-addr.arpa
                dns
                71 B
                157 B
                1
                1

                DNS Request

                26.35.223.20.in-addr.arpa

              • 8.8.8.8:53
                135.240.123.92.in-addr.arpa
                dns
                73 B
                139 B
                1
                1

                DNS Request

                135.240.123.92.in-addr.arpa

              • 8.8.8.8:53
                211.135.221.88.in-addr.arpa
                dns
                219 B
                139 B
                3
                1

                DNS Request

                211.135.221.88.in-addr.arpa

                DNS Request

                211.135.221.88.in-addr.arpa

                DNS Request

                211.135.221.88.in-addr.arpa

              • 8.8.8.8:53
                26.165.165.52.in-addr.arpa
                dns
                72 B
                146 B
                1
                1

                DNS Request

                26.165.165.52.in-addr.arpa

              • 8.8.8.8:53
                15.164.165.52.in-addr.arpa
                dns
                144 B
                146 B
                2
                1

                DNS Request

                15.164.165.52.in-addr.arpa

                DNS Request

                15.164.165.52.in-addr.arpa

              • 8.8.8.8:53
                241.154.82.20.in-addr.arpa
                dns
                72 B
                158 B
                1
                1

                DNS Request

                241.154.82.20.in-addr.arpa

              • 8.8.8.8:53
                18.134.221.88.in-addr.arpa
                dns
                72 B
                137 B
                1
                1

                DNS Request

                18.134.221.88.in-addr.arpa

              • 8.8.8.8:53
                41.110.16.96.in-addr.arpa
                dns
                71 B
                135 B
                1
                1

                DNS Request

                41.110.16.96.in-addr.arpa

              • 8.8.8.8:53
                55.36.223.20.in-addr.arpa
                dns
                71 B
                157 B
                1
                1

                DNS Request

                55.36.223.20.in-addr.arpa

              • 8.8.8.8:53
                tse1.mm.bing.net
                dns
                62 B
                173 B
                1
                1

                DNS Request

                tse1.mm.bing.net

                DNS Response

                204.79.197.200
                13.107.21.200

              • 8.8.8.8:53
                206.23.85.13.in-addr.arpa
                dns
                71 B
                145 B
                1
                1

                DNS Request

                206.23.85.13.in-addr.arpa

              • 8.8.8.8:53
                104.241.123.92.in-addr.arpa
                dns
                73 B
                139 B
                1
                1

                DNS Request

                104.241.123.92.in-addr.arpa

              • 8.8.8.8:53
                119.110.54.20.in-addr.arpa
                dns
                144 B
                316 B
                2
                2

                DNS Request

                119.110.54.20.in-addr.arpa

                DNS Request

                119.110.54.20.in-addr.arpa

              • 8.8.8.8:53
                0.204.248.87.in-addr.arpa
                dns
                71 B
                116 B
                1
                1

                DNS Request

                0.204.248.87.in-addr.arpa

              • 8.8.8.8:53
                32.134.221.88.in-addr.arpa
                dns
                144 B
                274 B
                2
                2

                DNS Request

                32.134.221.88.in-addr.arpa

                DNS Request

                32.134.221.88.in-addr.arpa

              • 8.8.8.8:53
                11.227.111.52.in-addr.arpa
                dns
                144 B
                158 B
                2
                1

                DNS Request

                11.227.111.52.in-addr.arpa

                DNS Request

                11.227.111.52.in-addr.arpa

              • 8.8.8.8:53
                176.178.17.96.in-addr.arpa
                dns
                216 B
                137 B
                3
                1

                DNS Request

                176.178.17.96.in-addr.arpa

                DNS Request

                176.178.17.96.in-addr.arpa

                DNS Request

                176.178.17.96.in-addr.arpa

              • 8.8.8.8:53
                85.65.42.20.in-addr.arpa
                dns
                70 B
                156 B
                1
                1

                DNS Request

                85.65.42.20.in-addr.arpa

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                Filesize

                64KB

                MD5

                6ad0acb738c29e2d008dcb13272b226b

                SHA1

                76b1e7ce5dd38a36222811d141dd0e777a7ff0e2

                SHA256

                b6533ba893d845e677f3bde3bb929cb7f20e6adf5e6fe1e3fa4b7ac3551e0403

                SHA512

                af5912000c5f24af47178a17ea90f7ccbb3e7c720c7a5831e6fcc8fb2fd66fb926bd0bcab4b432d8e73554a222e1a68da977139d43b7e04ce76f228d8007ad4c

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                Filesize

                36KB

                MD5

                b30d3becc8731792523d599d949e63f5

                SHA1

                19350257e42d7aee17fb3bf139a9d3adb330fad4

                SHA256

                b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                SHA512

                523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                Filesize

                56KB

                MD5

                752a1f26b18748311b691c7d8fc20633

                SHA1

                c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                SHA256

                111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                SHA512

                a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

              • memory/4524-28-0x0000000008E30000-0x0000000008E51000-memory.dmp

                Filesize

                132KB

              We care about your privacy.

              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.