Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

36b008f6e9...c0.pdf

windows7-x64

1

36b008f6e9...c0.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 12:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36b008f6e9a413c4601fc1bfadda56c0.pdf

  • Size

    33KB

  • MD5

    36b008f6e9a413c4601fc1bfadda56c0

  • SHA1

    99e8c6059ee3117eceddde54236198754f9d4880

  • SHA256

    b5edf019d99b5162b704a034537b4f014812217c50e82c8a25acaafd31e71212

  • SHA512

    a664eedfaba2d2ff6b791dea6e3c8ecd6b90766415ae28f614b9696d16641d151ed956a3107b33c9e7d47bbcf69dbaf0cbed24122d8138c1d3b4ff399f342db4

  • SSDEEP

    768:Wi21iYssGjb6WsWxMLCQ8GQaVw2wWWm+tuh/TGQ:Wi2MNjb6VWaLw2rWm+ITGQ

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\36b008f6e9a413c4601fc1bfadda56c0.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4328
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3464
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=066252C98C3C511BB9B105E1638FF311 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:3644
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=BBED57593816A522F8C923C3F509FB14 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=BBED57593816A522F8C923C3F509FB14 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:1336
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5244DAF09F4C6E3D65AA154918D5D5BF --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            3⤵
              PID:5044
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FB7FB13B3544AA9E8846FCB23BDF7152 --mojo-platform-channel-handle=2020 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:3740
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BB20195213C3184A2ACD1944766F93B6 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:1428
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=600FCC37F56F23CEA2A20A077ACE995D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=600FCC37F56F23CEA2A20A077ACE995D --renderer-client-id=8 --mojo-platform-channel-handle=2020 --allow-no-sandbox-job /prefetch:1
                  3⤵
                    PID:5100
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                  2⤵
                    PID:3232
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:4588

                  Network

                  • flag-us
                    DNS
                    149.177.190.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    149.177.190.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    158.240.127.40.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    158.240.127.40.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    95.221.229.192.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    95.221.229.192.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    241.154.82.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    241.154.82.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    16.234.44.23.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    16.234.44.23.in-addr.arpa
                    IN PTR
                    Response
                    16.234.44.23.in-addr.arpa
                    IN PTR
                    a23-44-234-16deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    16.234.44.23.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    16.234.44.23.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    26.165.165.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    26.165.165.52.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    56.126.166.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    56.126.166.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    g.bing.com
                    Remote address:
                    8.8.8.8:53
                    Request
                    g.bing.com
                    IN A
                    Response
                    g.bing.com
                    IN CNAME
                    g-bing-com.a-0001.a-msedge.net
                    g-bing-com.a-0001.a-msedge.net
                    IN CNAME
                    dual-a-0001.a-msedge.net
                    dual-a-0001.a-msedge.net
                    IN A
                    204.79.197.200
                    dual-a-0001.a-msedge.net
                    IN A
                    13.107.21.200
                  • flag-us
                    GET
                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3577c8f7416e4fe38f545d286e1261cd&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid=
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3577c8f7416e4fe38f545d286e1261cd&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid= HTTP/2.0
                    host: g.bing.com
                    accept-encoding: gzip, deflate
                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                    Response
                    HTTP/2.0 204
                    cache-control: no-cache, must-revalidate
                    pragma: no-cache
                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                    set-cookie: MUID=045B188788AD69F107E50B7B891668EB; domain=.bing.com; expires=Tue, 28-Jan-2025 17:03:31 GMT; path=/; SameSite=None; Secure; Priority=High;
                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                    access-control-allow-origin: *
                    x-cache: CONFIG_NOCACHE
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: F03A73DC719D4E4A94DF75EDE967846A Ref B: LON04EDGE0922 Ref C: 2024-01-04T17:03:31Z
                    date: Thu, 04 Jan 2024 17:03:30 GMT
                  • flag-us
                    GET
                    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3577c8f7416e4fe38f545d286e1261cd&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid=
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3577c8f7416e4fe38f545d286e1261cd&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid= HTTP/2.0
                    host: g.bing.com
                    accept-encoding: gzip, deflate
                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                    cookie: MUID=045B188788AD69F107E50B7B891668EB
                    Response
                    HTTP/2.0 204
                    cache-control: no-cache, must-revalidate
                    pragma: no-cache
                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                    set-cookie: MSPTC=VLZLZxUvdoDpsq9JtJM9iQcavVXmjE1XtWz0oKx-hkU; domain=.bing.com; expires=Tue, 28-Jan-2025 17:03:43 GMT; path=/; Partitioned; secure; SameSite=None
                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                    access-control-allow-origin: *
                    x-cache: CONFIG_NOCACHE
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: 2849281C0A5B4DF5B279F459C7A9DDCD Ref B: LON04EDGE0922 Ref C: 2024-01-04T17:03:43Z
                    date: Thu, 04 Jan 2024 17:03:42 GMT
                  • flag-us
                    GET
                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3577c8f7416e4fe38f545d286e1261cd&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid=
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3577c8f7416e4fe38f545d286e1261cd&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid= HTTP/2.0
                    host: g.bing.com
                    accept-encoding: gzip, deflate
                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                    cookie: MUID=045B188788AD69F107E50B7B891668EB; MSPTC=VLZLZxUvdoDpsq9JtJM9iQcavVXmjE1XtWz0oKx-hkU
                    Response
                    HTTP/2.0 204
                    cache-control: no-cache, must-revalidate
                    pragma: no-cache
                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                    access-control-allow-origin: *
                    x-cache: CONFIG_NOCACHE
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: 642418D9DD804D41B4A786708F2B866E Ref B: LON04EDGE0922 Ref C: 2024-01-04T17:03:43Z
                    date: Thu, 04 Jan 2024 17:03:42 GMT
                  • flag-us
                    DNS
                    tse1.mm.bing.net
                    Remote address:
                    8.8.8.8:53
                    Request
                    tse1.mm.bing.net
                    IN A
                    Response
                    tse1.mm.bing.net
                    IN CNAME
                    mm-mm.bing.net.trafficmanager.net
                    mm-mm.bing.net.trafficmanager.net
                    IN CNAME
                    dual-a-0001.a-msedge.net
                    dual-a-0001.a-msedge.net
                    IN A
                    204.79.197.200
                    dual-a-0001.a-msedge.net
                    IN A
                    13.107.21.200
                  • flag-us
                    GET
                    https://tse1.mm.bing.net/th?id=OADD2.10239317301177_16YAE1SE4HL4IACWN&pid=21.2&w=1920&h=1080&c=4
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /th?id=OADD2.10239317301177_16YAE1SE4HL4IACWN&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                    host: tse1.mm.bing.net
                    accept: */*
                    accept-encoding: gzip, deflate, br
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                    Response
                    HTTP/2.0 200
                    cache-control: public, max-age=2592000
                    content-length: 142516
                    content-type: image/jpeg
                    x-cache: TCP_HIT
                    access-control-allow-origin: *
                    access-control-allow-headers: *
                    access-control-allow-methods: GET, POST, OPTIONS
                    timing-allow-origin: *
                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: 9F05649C9F9240B99685961136B83343 Ref B: LON04EDGE0914 Ref C: 2024-01-04T17:03:28Z
                    date: Thu, 04 Jan 2024 17:03:28 GMT
                  • flag-us
                    GET
                    https://tse1.mm.bing.net/th?id=OADD2.10239317301309_1JFFGJ64L9I4K3JMP&pid=21.2&w=1920&h=1080&c=4
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /th?id=OADD2.10239317301309_1JFFGJ64L9I4K3JMP&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                    host: tse1.mm.bing.net
                    accept: */*
                    accept-encoding: gzip, deflate, br
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                    Response
                    HTTP/2.0 200
                    cache-control: public, max-age=2592000
                    content-length: 396695
                    content-type: image/jpeg
                    x-cache: TCP_HIT
                    access-control-allow-origin: *
                    access-control-allow-headers: *
                    access-control-allow-methods: GET, POST, OPTIONS
                    timing-allow-origin: *
                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: 7227C7E0B18842B88E14BABBF88F763C Ref B: LON04EDGE0914 Ref C: 2024-01-04T17:03:28Z
                    date: Thu, 04 Jan 2024 17:03:28 GMT
                  • flag-us
                    GET
                    https://tse1.mm.bing.net/th?id=OADD2.10239317301718_1O49LH3F36Y9OZ53W&pid=21.2&w=1080&h=1920&c=4
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /th?id=OADD2.10239317301718_1O49LH3F36Y9OZ53W&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                    host: tse1.mm.bing.net
                    accept: */*
                    accept-encoding: gzip, deflate, br
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                    Response
                    HTTP/2.0 200
                    cache-control: public, max-age=2592000
                    content-length: 130982
                    content-type: image/jpeg
                    x-cache: TCP_HIT
                    access-control-allow-origin: *
                    access-control-allow-headers: *
                    access-control-allow-methods: GET, POST, OPTIONS
                    timing-allow-origin: *
                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: 26897530E4B8463793F93ACD006ADA16 Ref B: LON04EDGE0914 Ref C: 2024-01-04T17:03:32Z
                    date: Thu, 04 Jan 2024 17:03:31 GMT
                  • flag-us
                    GET
                    https://tse1.mm.bing.net/th?id=OADD2.10239317301586_18O1A0ED10HUC74L1&pid=21.2&w=1080&h=1920&c=4
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /th?id=OADD2.10239317301586_18O1A0ED10HUC74L1&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                    host: tse1.mm.bing.net
                    accept: */*
                    accept-encoding: gzip, deflate, br
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                    Response
                    HTTP/2.0 200
                    cache-control: public, max-age=2592000
                    content-length: 382310
                    content-type: image/jpeg
                    x-cache: TCP_HIT
                    access-control-allow-origin: *
                    access-control-allow-headers: *
                    access-control-allow-methods: GET, POST, OPTIONS
                    timing-allow-origin: *
                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: ECA9BFD243AE44FF8B3F7083748C197E Ref B: LON04EDGE0914 Ref C: 2024-01-04T17:03:35Z
                    date: Thu, 04 Jan 2024 17:03:35 GMT
                  • flag-us
                    GET
                    https://tse1.mm.bing.net/th?id=OADD2.10239317301095_1DVS21CWR8N49JQ44&pid=21.2&w=1920&h=1080&c=4
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /th?id=OADD2.10239317301095_1DVS21CWR8N49JQ44&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                    host: tse1.mm.bing.net
                    accept: */*
                    accept-encoding: gzip, deflate, br
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                    Response
                    HTTP/2.0 200
                    cache-control: public, max-age=2592000
                    content-length: 475808
                    content-type: image/jpeg
                    x-cache: TCP_HIT
                    access-control-allow-origin: *
                    access-control-allow-headers: *
                    access-control-allow-methods: GET, POST, OPTIONS
                    timing-allow-origin: *
                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: D040B2437F8D4D5EA3CE081D59CFF0FA Ref B: LON04EDGE0914 Ref C: 2024-01-04T17:03:35Z
                    date: Thu, 04 Jan 2024 17:03:35 GMT
                  • flag-us
                    GET
                    https://tse1.mm.bing.net/th?id=OADD2.10239317301528_1GXBJ11CWSVGL69Z6&pid=21.2&w=1080&h=1920&c=4
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /th?id=OADD2.10239317301528_1GXBJ11CWSVGL69Z6&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                    host: tse1.mm.bing.net
                    accept: */*
                    accept-encoding: gzip, deflate, br
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                    Response
                    HTTP/2.0 200
                    cache-control: public, max-age=2592000
                    content-length: 328898
                    content-type: image/jpeg
                    x-cache: TCP_HIT
                    access-control-allow-origin: *
                    access-control-allow-headers: *
                    access-control-allow-methods: GET, POST, OPTIONS
                    timing-allow-origin: *
                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: 0DDDBC6EA29F4DD6A8475A6BBB536E3D Ref B: LON04EDGE0914 Ref C: 2024-01-04T17:03:49Z
                    date: Thu, 04 Jan 2024 17:03:49 GMT
                  • flag-us
                    DNS
                    41.110.16.96.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    41.110.16.96.in-addr.arpa
                    IN PTR
                    Response
                    41.110.16.96.in-addr.arpa
                    IN PTR
                    a96-16-110-41deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    41.110.16.96.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    41.110.16.96.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    41.110.16.96.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    41.110.16.96.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    200.197.79.204.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    200.197.79.204.in-addr.arpa
                    IN PTR
                    Response
                    200.197.79.204.in-addr.arpa
                    IN PTR
                    a-0001a-msedgenet
                  • flag-us
                    DNS
                    232.135.221.88.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    232.135.221.88.in-addr.arpa
                    IN PTR
                    Response
                    232.135.221.88.in-addr.arpa
                    IN PTR
                    a88-221-135-232deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    169.0.37.23.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    169.0.37.23.in-addr.arpa
                    IN PTR
                    Response
                    169.0.37.23.in-addr.arpa
                    IN PTR
                    a23-37-0-169deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    2.136.104.51.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    2.136.104.51.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    59.128.231.4.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    59.128.231.4.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    26.35.223.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    26.35.223.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    11.227.111.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    11.227.111.52.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    2.173.189.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    2.173.189.20.in-addr.arpa
                    IN PTR
                    Response
                  • 138.91.171.81:80
                    52 B
                     1
                  • 204.79.197.200:443
                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3577c8f7416e4fe38f545d286e1261cd&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid=
                    tls, http2
                    2.2kB
                     9.8kB
                     24
                    18

                    HTTP Request

                    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3577c8f7416e4fe38f545d286e1261cd&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid=

                    HTTP Response

                    204

                    HTTP Request

                    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3577c8f7416e4fe38f545d286e1261cd&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid=

                    HTTP Response

                    204

                    HTTP Request

                    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3577c8f7416e4fe38f545d286e1261cd&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid=

                    HTTP Response

                    204
                  • 204.79.197.200:443
                    tse1.mm.bing.net
                    tls, http2
                    1.6kB
                     8.3kB
                     18
                    14
                  • 204.79.197.200:443
                    tse1.mm.bing.net
                    tls, http2
                    2.3kB
                     9.8kB
                     22
                    17
                  • 204.79.197.200:443
                    tse1.mm.bing.net
                    156 B
                     3
                  • 204.79.197.200:443
                    tse1.mm.bing.net
                    tls, http2
                    1.3kB
                     8.3kB
                     17
                    14
                  • 204.79.197.200:443
                    https://tse1.mm.bing.net/th?id=OADD2.10239317301528_1GXBJ11CWSVGL69Z6&pid=21.2&w=1080&h=1920&c=4
                    tls, http2
                    70.9kB
                     2.0MB
                     1487
                    1481

                    HTTP Request

                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301177_16YAE1SE4HL4IACWN&pid=21.2&w=1920&h=1080&c=4

                    HTTP Request

                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301309_1JFFGJ64L9I4K3JMP&pid=21.2&w=1920&h=1080&c=4

                    HTTP Response

                    200

                    HTTP Request

                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301718_1O49LH3F36Y9OZ53W&pid=21.2&w=1080&h=1920&c=4

                    HTTP Response

                    200

                    HTTP Request

                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301586_18O1A0ED10HUC74L1&pid=21.2&w=1080&h=1920&c=4

                    HTTP Request

                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301095_1DVS21CWR8N49JQ44&pid=21.2&w=1920&h=1080&c=4

                    HTTP Response

                    200

                    HTTP Response

                    200

                    HTTP Request

                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301528_1GXBJ11CWSVGL69Z6&pid=21.2&w=1080&h=1920&c=4

                    HTTP Response

                    200

                    HTTP Response

                    200
                  • 13.107.21.200:443
                    tse1.mm.bing.net
                    tls, http2
                    1.3kB
                     521 B
                     11
                    6
                  • 8.8.8.8:53
                    149.177.190.20.in-addr.arpa
                    dns
                    73 B
                     159 B
                     1
                    1

                    DNS Request

                    149.177.190.20.in-addr.arpa

                  • 8.8.8.8:53
                    158.240.127.40.in-addr.arpa
                    dns
                    73 B
                     147 B
                     1
                    1

                    DNS Request

                    158.240.127.40.in-addr.arpa

                  • 8.8.8.8:53
                    95.221.229.192.in-addr.arpa
                    dns
                    73 B
                     144 B
                     1
                    1

                    DNS Request

                    95.221.229.192.in-addr.arpa

                  • 8.8.8.8:53
                    241.154.82.20.in-addr.arpa
                    dns
                    72 B
                     158 B
                     1
                    1

                    DNS Request

                    241.154.82.20.in-addr.arpa

                  • 8.8.8.8:53
                    16.234.44.23.in-addr.arpa
                    dns
                    142 B
                     135 B
                     2
                    1

                    DNS Request

                    16.234.44.23.in-addr.arpa

                    DNS Request

                    16.234.44.23.in-addr.arpa

                  • 8.8.8.8:53
                    26.165.165.52.in-addr.arpa
                    dns
                    72 B
                     146 B
                     1
                    1

                    DNS Request

                    26.165.165.52.in-addr.arpa

                  • 8.8.8.8:53
                    56.126.166.20.in-addr.arpa
                    dns
                    72 B
                     158 B
                     1
                    1

                    DNS Request

                    56.126.166.20.in-addr.arpa

                  • 8.8.8.8:53
                    g.bing.com
                    dns
                    56 B
                     158 B
                     1
                    1

                    DNS Request

                    g.bing.com

                    DNS Response

                    204.79.197.200
                    13.107.21.200

                  • 8.8.8.8:53
                    tse1.mm.bing.net
                    dns
                    62 B
                     173 B
                     1
                    1

                    DNS Request

                    tse1.mm.bing.net

                    DNS Response

                    204.79.197.200
                    13.107.21.200

                  • 8.8.8.8:53
                    41.110.16.96.in-addr.arpa
                    dns
                    213 B
                     135 B
                     3
                    1

                    DNS Request

                    41.110.16.96.in-addr.arpa

                    DNS Request

                    41.110.16.96.in-addr.arpa

                    DNS Request

                    41.110.16.96.in-addr.arpa

                  • 8.8.8.8:53
                    200.197.79.204.in-addr.arpa
                    dns
                    73 B
                     106 B
                     1
                    1

                    DNS Request

                    200.197.79.204.in-addr.arpa

                  • 8.8.8.8:53
                    232.135.221.88.in-addr.arpa
                    dns
                    73 B
                     139 B
                     1
                    1

                    DNS Request

                    232.135.221.88.in-addr.arpa

                  • 8.8.8.8:53
                    169.0.37.23.in-addr.arpa
                    dns
                    70 B
                     133 B
                     1
                    1

                    DNS Request

                    169.0.37.23.in-addr.arpa

                  • 8.8.8.8:53
                    2.136.104.51.in-addr.arpa
                    dns
                    71 B
                     157 B
                     1
                    1

                    DNS Request

                    2.136.104.51.in-addr.arpa

                  • 8.8.8.8:53
                    59.128.231.4.in-addr.arpa
                    dns
                    71 B
                     157 B
                     1
                    1

                    DNS Request

                    59.128.231.4.in-addr.arpa

                  • 8.8.8.8:53
                    26.35.223.20.in-addr.arpa
                    dns
                    71 B
                     157 B
                     1
                    1

                    DNS Request

                    26.35.223.20.in-addr.arpa

                  • 8.8.8.8:53
                    11.227.111.52.in-addr.arpa
                    dns
                    72 B
                     158 B
                     1
                    1

                    DNS Request

                    11.227.111.52.in-addr.arpa

                  • 8.8.8.8:53
                    2.173.189.20.in-addr.arpa
                    dns
                    71 B
                     157 B
                     1
                    1

                    DNS Request

                    2.173.189.20.in-addr.arpa

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                    Filesize

                    64KB

                    MD5

                    04e942d99187a115bfa099a5cf2191cc

                    SHA1

                    831c6aa9f13463941f1aeb5ce73e36290d8c7e7b

                    SHA256

                    fe28a32e0810d4cecc7795b24061c4d2ec723b6cd41ce126b11cfe7e8f040f9b

                    SHA512

                    0aff5f5b3b47a8d53cf506c91d76877a31a80519a626fda0353b0b4a14674b50075230b0974365180b8f01ddd78caf7cafc169cae33ef0f1f92837c592ced210

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                    Filesize

                    56KB

                    MD5

                    752a1f26b18748311b691c7d8fc20633

                    SHA1

                    c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                    SHA256

                    111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                    SHA512

                    a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                    Filesize

                    36KB

                    MD5

                    b30d3becc8731792523d599d949e63f5

                    SHA1

                    19350257e42d7aee17fb3bf139a9d3adb330fad4

                    SHA256

                    b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                    SHA512

                    523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                    Download Submit

                  • memory/4328-164-0x000000000A350000-0x000000000A37A000-memory.dmp

                    Filesize

                    168KB

                    Download

                  We care about your privacy.

                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.