Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

4393c483d0...39.pdf

windows7-x64

1

4393c483d0...39.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2024, 11:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4393c483d07509f728f6d618204f7f39.pdf

  • Size

    42KB

  • MD5

    4393c483d07509f728f6d618204f7f39

  • SHA1

    24064935dd3f07629277dd3d73b49c8370ad144a

  • SHA256

    5b6930fb236de341abac6c0d08f926c0612d276d1521b9792d2565ea7d21e765

  • SHA512

    a790bf2c5d937e7ee16c4f28534eaccb793e3af4a64b7c048f1273f8508e62f5fe7f38476bba7bef13ddaf9bb17a3acd56f06e18c52d7f6f959bcb2795858139

  • SSDEEP

    768:EtmhRKrJ+Bw4i1KD+pHOeGC3H4qHZiA80aM4tRzkTc15DlE:EETgJDVpHooFJH4tBgczlE

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\4393c483d07509f728f6d618204f7f39.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4692
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2656
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E9BBFA6BBC93D9146770A9A47E917214 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E9BBFA6BBC93D9146770A9A47E917214 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
        3⤵
          PID:2268
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B66E3EC6D96B17FBECEB360730B53CF9 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
          3⤵
            PID:3000
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D0B9AA367CE9882506E21F48081D61F8 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            3⤵
              PID:2568
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AF16FF461E2DBAD203320FCA58CEE57A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AF16FF461E2DBAD203320FCA58CEE57A --renderer-client-id=5 --mojo-platform-channel-handle=2124 --allow-no-sandbox-job /prefetch:1
              3⤵
                PID:3124
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B35E18F9687AAEC658B53D98321AB840 --mojo-platform-channel-handle=2568 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:2196
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D9185C6A57EEFBCC2674FF42262E804D --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:1260

              Network

              • flag-us
                DNS
                16.53.126.40.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                16.53.126.40.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                16.53.126.40.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                16.53.126.40.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                95.221.229.192.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                95.221.229.192.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                187.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                187.178.17.96.in-addr.arpa
                IN PTR
                Response
                187.178.17.96.in-addr.arpa
                IN PTR
                a96-17-178-187deploystaticakamaitechnologiescom
              • flag-us
                DNS
                158.240.127.40.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                158.240.127.40.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                241.154.82.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                241.154.82.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                41.110.16.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                41.110.16.96.in-addr.arpa
                IN PTR
                Response
                41.110.16.96.in-addr.arpa
                IN PTR
                a96-16-110-41deploystaticakamaitechnologiescom
              • flag-us
                DNS
                26.165.165.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                26.165.165.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                2.136.104.51.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                2.136.104.51.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                132.4.17.2.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                132.4.17.2.in-addr.arpa
                IN PTR
                Response
                132.4.17.2.in-addr.arpa
                IN PTR
                a2-17-4-132deploystaticakamaitechnologiescom
              • flag-us
                DNS
                211.135.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                211.135.221.88.in-addr.arpa
                IN PTR
                Response
                211.135.221.88.in-addr.arpa
                IN PTR
                a88-221-135-211deploystaticakamaitechnologiescom
              • flag-us
                DNS
                206.23.85.13.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                206.23.85.13.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                tse1.mm.bing.net
                Remote address:
                8.8.8.8:53
                Request
                tse1.mm.bing.net
                IN A
                Response
                tse1.mm.bing.net
                IN CNAME
                mm-mm.bing.net.trafficmanager.net
                mm-mm.bing.net.trafficmanager.net
                IN CNAME
                dual-a-0001.a-msedge.net
                dual-a-0001.a-msedge.net
                IN A
                204.79.197.200
                dual-a-0001.a-msedge.net
                IN A
                13.107.21.200
              • flag-us
                DNS
                tse1.mm.bing.net
                Remote address:
                8.8.8.8:53
                Request
                tse1.mm.bing.net
                IN A
              • flag-us
                DNS
                81.171.91.138.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                81.171.91.138.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                81.171.91.138.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                81.171.91.138.in-addr.arpa
                IN PTR
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239317301062_1YRK09DTP2RQZ3JKC&pid=21.2&w=1920&h=1080&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239317301062_1YRK09DTP2RQZ3JKC&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 430642
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: D7CCE2D0CAE54110B4C5EB818793367A Ref B: LON04EDGE0918 Ref C: 2024-01-05T11:35:59Z
                date: Fri, 05 Jan 2024 11:35:59 GMT
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239317301357_1M7VV0SOSJXWEGMMP&pid=21.2&w=1080&h=1920&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239317301357_1M7VV0SOSJXWEGMMP&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 390067
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: 5F41646327BF40AC9C89C6FA8CBB91BE Ref B: LON04EDGE0918 Ref C: 2024-01-05T11:35:59Z
                date: Fri, 05 Jan 2024 11:35:59 GMT
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239317301078_1O81E4QM35DM2EN4A&pid=21.2&w=1920&h=1080&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239317301078_1O81E4QM35DM2EN4A&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 414919
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: 6E4EB41E966B4CB8996A77E4334B01FF Ref B: LON04EDGE0918 Ref C: 2024-01-05T11:35:59Z
                date: Fri, 05 Jan 2024 11:35:59 GMT
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239317300924_1N7S5A2UISE5XQ4TY&pid=21.2&w=1920&h=1080&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239317300924_1N7S5A2UISE5XQ4TY&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239317301511_14RJSOYL5IFIBQQUL&pid=21.2&w=1080&h=1920&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239317301511_14RJSOYL5IFIBQQUL&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239317301495_158WBQ8BORDOZPCUY&pid=21.2&w=1080&h=1920&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239317301495_158WBQ8BORDOZPCUY&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
              • flag-us
                DNS
                217.135.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                217.135.221.88.in-addr.arpa
                IN PTR
                Response
                217.135.221.88.in-addr.arpa
                IN PTR
                a88-221-135-217deploystaticakamaitechnologiescom
              • flag-us
                DNS
                217.135.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                217.135.221.88.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                209.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                209.178.17.96.in-addr.arpa
                IN PTR
                Response
                209.178.17.96.in-addr.arpa
                IN PTR
                a96-17-178-209deploystaticakamaitechnologiescom
              • flag-us
                DNS
                209.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                209.178.17.96.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                100.5.17.2.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                100.5.17.2.in-addr.arpa
                IN PTR
                Response
                100.5.17.2.in-addr.arpa
                IN PTR
                a2-17-5-100deploystaticakamaitechnologiescom
              • flag-us
                DNS
                194.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                194.178.17.96.in-addr.arpa
                IN PTR
                Response
                194.178.17.96.in-addr.arpa
                IN PTR
                a96-17-178-194deploystaticakamaitechnologiescom
              • flag-us
                DNS
                194.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                194.178.17.96.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                190.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                190.178.17.96.in-addr.arpa
                IN PTR
                Response
                190.178.17.96.in-addr.arpa
                IN PTR
                a96-17-178-190deploystaticakamaitechnologiescom
              • flag-us
                DNS
                119.110.54.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                119.110.54.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                14.227.111.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                14.227.111.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                14.227.111.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                14.227.111.52.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                176.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                176.178.17.96.in-addr.arpa
                IN PTR
                Response
                176.178.17.96.in-addr.arpa
                IN PTR
                a96-17-178-176deploystaticakamaitechnologiescom
              • flag-us
                DNS
                32.134.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                32.134.221.88.in-addr.arpa
                IN PTR
                Response
                32.134.221.88.in-addr.arpa
                IN PTR
                a88-221-134-32deploystaticakamaitechnologiescom
              • flag-us
                DNS
                196.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                196.178.17.96.in-addr.arpa
                IN PTR
                Response
                196.178.17.96.in-addr.arpa
                IN PTR
                a96-17-178-196deploystaticakamaitechnologiescom
              • flag-us
                DNS
                85.65.42.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                85.65.42.20.in-addr.arpa
                IN PTR
                Response
              • 204.79.197.200:443
                https://tse1.mm.bing.net/th?id=OADD2.10239317301495_158WBQ8BORDOZPCUY&pid=21.2&w=1080&h=1920&c=4
                tls, http2
                43.5kB
                 1.2MB
                 900
                896

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301062_1YRK09DTP2RQZ3JKC&pid=21.2&w=1920&h=1080&c=4

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301357_1M7VV0SOSJXWEGMMP&pid=21.2&w=1080&h=1920&c=4

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301078_1O81E4QM35DM2EN4A&pid=21.2&w=1920&h=1080&c=4

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239317300924_1N7S5A2UISE5XQ4TY&pid=21.2&w=1920&h=1080&c=4

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301511_14RJSOYL5IFIBQQUL&pid=21.2&w=1080&h=1920&c=4

                HTTP Response

                200

                HTTP Response

                200

                HTTP Response

                200

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301495_158WBQ8BORDOZPCUY&pid=21.2&w=1080&h=1920&c=4
              • 204.79.197.200:443
                tse1.mm.bing.net
                tls, http2
                1.4kB
                 10.1kB
                 19
                15
              • 204.79.197.200:443
                tse1.mm.bing.net
                tls, http2
                1.4kB
                 8.7kB
                 18
                14
              • 204.79.197.200:443
                tse1.mm.bing.net
                tls, http2
                1.2kB
                 9.6kB
                 15
                12
              • 204.79.197.200:443
                tse1.mm.bing.net
                tls, http2
                1.4kB
                 9.2kB
                 19
                15
              • 88.221.134.32:80
              • 88.221.134.32:80
              • 96.16.110.114:80
              • 88.221.134.32:80
              • 88.221.134.32:80
              • 88.221.134.32:80
              • 88.221.134.32:80
              • 88.221.134.32:80
              • 8.8.8.8:53
                16.53.126.40.in-addr.arpa
                dns
                142 B
                 157 B
                 2
                1

                DNS Request

                16.53.126.40.in-addr.arpa

                DNS Request

                16.53.126.40.in-addr.arpa

              • 8.8.8.8:53
                95.221.229.192.in-addr.arpa
                dns
                73 B
                 144 B
                 1
                1

                DNS Request

                95.221.229.192.in-addr.arpa

              • 8.8.8.8:53
                187.178.17.96.in-addr.arpa
                dns
                72 B
                 137 B
                 1
                1

                DNS Request

                187.178.17.96.in-addr.arpa

              • 8.8.8.8:53
                158.240.127.40.in-addr.arpa
                dns
                73 B
                 147 B
                 1
                1

                DNS Request

                158.240.127.40.in-addr.arpa

              • 8.8.8.8:53
                241.154.82.20.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                241.154.82.20.in-addr.arpa

              • 8.8.8.8:53
                41.110.16.96.in-addr.arpa
                dns
                71 B
                 135 B
                 1
                1

                DNS Request

                41.110.16.96.in-addr.arpa

              • 8.8.8.8:53
                26.165.165.52.in-addr.arpa
                dns
                72 B
                 146 B
                 1
                1

                DNS Request

                26.165.165.52.in-addr.arpa

              • 8.8.8.8:53
                2.136.104.51.in-addr.arpa
                dns
                71 B
                 157 B
                 1
                1

                DNS Request

                2.136.104.51.in-addr.arpa

              • 8.8.8.8:53
                132.4.17.2.in-addr.arpa
                dns
                69 B
                 131 B
                 1
                1

                DNS Request

                132.4.17.2.in-addr.arpa

              • 8.8.8.8:53
                211.135.221.88.in-addr.arpa
                dns
                73 B
                 139 B
                 1
                1

                DNS Request

                211.135.221.88.in-addr.arpa

              • 8.8.8.8:53
                206.23.85.13.in-addr.arpa
                dns
                71 B
                 145 B
                 1
                1

                DNS Request

                206.23.85.13.in-addr.arpa

              • 8.8.8.8:53
                tse1.mm.bing.net
                dns
                124 B
                 173 B
                 2
                1

                DNS Request

                tse1.mm.bing.net

                DNS Request

                tse1.mm.bing.net

                DNS Response

                204.79.197.200
                13.107.21.200

              • 8.8.8.8:53
                81.171.91.138.in-addr.arpa
                dns
                144 B
                 146 B
                 2
                1

                DNS Request

                81.171.91.138.in-addr.arpa

                DNS Request

                81.171.91.138.in-addr.arpa

              • 8.8.8.8:53
                217.135.221.88.in-addr.arpa
                dns
                146 B
                 139 B
                 2
                1

                DNS Request

                217.135.221.88.in-addr.arpa

                DNS Request

                217.135.221.88.in-addr.arpa

              • 8.8.8.8:53
                209.178.17.96.in-addr.arpa
                dns
                144 B
                 137 B
                 2
                1

                DNS Request

                209.178.17.96.in-addr.arpa

                DNS Request

                209.178.17.96.in-addr.arpa

              • 8.8.8.8:53
                100.5.17.2.in-addr.arpa
                dns
                69 B
                 131 B
                 1
                1

                DNS Request

                100.5.17.2.in-addr.arpa

              • 8.8.8.8:53
                194.178.17.96.in-addr.arpa
                dns
                144 B
                 137 B
                 2
                1

                DNS Request

                194.178.17.96.in-addr.arpa

                DNS Request

                194.178.17.96.in-addr.arpa

              • 8.8.8.8:53
                190.178.17.96.in-addr.arpa
                dns
                72 B
                 137 B
                 1
                1

                DNS Request

                190.178.17.96.in-addr.arpa

              • 8.8.8.8:53
                119.110.54.20.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                119.110.54.20.in-addr.arpa

              • 8.8.8.8:53
                14.227.111.52.in-addr.arpa
                dns
                144 B
                 158 B
                 2
                1

                DNS Request

                14.227.111.52.in-addr.arpa

                DNS Request

                14.227.111.52.in-addr.arpa

              • 8.8.8.8:53
                176.178.17.96.in-addr.arpa
                dns
                72 B
                 137 B
                 1
                1

                DNS Request

                176.178.17.96.in-addr.arpa

              • 8.8.8.8:53
                32.134.221.88.in-addr.arpa
                dns
                72 B
                 137 B
                 1
                1

                DNS Request

                32.134.221.88.in-addr.arpa

              • 8.8.8.8:53
                196.178.17.96.in-addr.arpa
                dns
                72 B
                 137 B
                 1
                1

                DNS Request

                196.178.17.96.in-addr.arpa

              • 8.8.8.8:53
              • 8.8.8.8:53
                85.65.42.20.in-addr.arpa
                dns
                70 B
                 156 B
                 1
                1

                DNS Request

                85.65.42.20.in-addr.arpa

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                64KB

                MD5

                cea9c1f41f22a3c4f231b8ac4fd1ca9d

                SHA1

                13c59c9ed631f7fd1a6b2fbab7fd5f8bccf3a3b7

                SHA256

                bda06f4b96e7072947c5b12ce5a3a5848738786924a347f75e198c62504d65a9

                SHA512

                82b84a5194f8c5d771bb8d6f4479e92d6c21fd44d716385797f7fee4c9179df24fa0023cda5c764d01c013eba44aa44f3549dd45690132eea5d943478ad5777f

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                36KB

                MD5

                b30d3becc8731792523d599d949e63f5

                SHA1

                19350257e42d7aee17fb3bf139a9d3adb330fad4

                SHA256

                b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                SHA512

                523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                56KB

                MD5

                752a1f26b18748311b691c7d8fc20633

                SHA1

                c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                SHA256

                111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                SHA512

                a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                Download Submit

              • memory/4692-39-0x000000000A720000-0x000000000A741000-memory.dmp

                Filesize

                132KB

                Download

              We care about your privacy.

              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.