Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

43eecc2d8d...ae.pdf

windows7-x64

1

43eecc2d8d...ae.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    3s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2024, 14:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43eecc2d8d8a1dffdf1ebbbce469cfae.pdf

  • Size

    88KB

  • MD5

    43eecc2d8d8a1dffdf1ebbbce469cfae

  • SHA1

    88f605ea98919c3fffa4ce26d9cc74313590ec5f

  • SHA256

    bc8198b2f5ae480bedc3f4a8ed85f77b6281730f9e7faa65b162f02a4cc6f521

  • SHA512

    e987fad6bf3d79f1680cec515f0bba0c1409ee86453312e43a5f701edf268815947725e9be78292165777e8bfb7e6b157a79576cf9899300106c04f237a5628c

  • SSDEEP

    1536:e0i55dqpC7WVVJMzvj0d2dsLdfhmUTeLhGpXd8WkK3ehWypOlWWxqlf4ez4u2wY8:34cpgWVvev4drrmUTRh3JlDqln8RwY8

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\43eecc2d8d8a1dffdf1ebbbce469cfae.pdf"
    1⤵
    • Checks processor information in registry
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:4864
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
        PID:2044
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=033545B2C31F2043C477153EA37F1806 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
          3⤵
            PID:4416
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=79D7C51E23EC2996475A636E2431EF5A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=79D7C51E23EC2996475A636E2431EF5A --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
            3⤵
              PID:4372
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8E03A5B375102B5776F01276BC795FDA --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:4888
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F9AF580E11C3BF85243CCD43F5E03766 --mojo-platform-channel-handle=2440 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:2908
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6E4FC402F597051A822CC8BEAC5E36DF --mojo-platform-channel-handle=2684 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:2292
                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=68F6C6CADB3827B6C7D07D2A58E5168E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=68F6C6CADB3827B6C7D07D2A58E5168E --renderer-client-id=5 --mojo-platform-channel-handle=1956 --allow-no-sandbox-job /prefetch:1
                    3⤵
                      PID:2076
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:1020

                  Network

                  • flag-us
                    DNS
                    g.bing.com
                    Remote address:
                    8.8.8.8:53
                    Request
                    g.bing.com
                    IN A
                    Response
                    g.bing.com
                    IN CNAME
                    g-bing-com.a-0001.a-msedge.net
                    g-bing-com.a-0001.a-msedge.net
                    IN CNAME
                    dual-a-0001.a-msedge.net
                    dual-a-0001.a-msedge.net
                    IN A
                    204.79.197.200
                    dual-a-0001.a-msedge.net
                    IN A
                    13.107.21.200
                  • flag-us
                    GET
                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid= HTTP/2.0
                    host: g.bing.com
                    accept-encoding: gzip, deflate
                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                    Response
                    HTTP/2.0 204
                    cache-control: no-cache, must-revalidate
                    pragma: no-cache
                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                    set-cookie: MUID=28958ABEC1A06F4731719943C01B6EA1; domain=.bing.com; expires=Wed, 29-Jan-2025 14:38:51 GMT; path=/; SameSite=None; Secure; Priority=High;
                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                    access-control-allow-origin: *
                    x-cache: CONFIG_NOCACHE
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: 21809FF2DF604D4C97D76A42C6B09EE4 Ref B: LON04EDGE0806 Ref C: 2024-01-05T14:38:51Z
                    date: Fri, 05 Jan 2024 14:38:50 GMT
                  • flag-us
                    GET
                    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid= HTTP/2.0
                    host: g.bing.com
                    accept-encoding: gzip, deflate
                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                    cookie: MUID=28958ABEC1A06F4731719943C01B6EA1
                    Response
                    HTTP/2.0 204
                    cache-control: no-cache, must-revalidate
                    pragma: no-cache
                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                    set-cookie: MSPTC=Q7T0TzXYbpIQyopudyaBkw7EnYLd29P01a0V6ts6gGg; domain=.bing.com; expires=Wed, 29-Jan-2025 14:38:51 GMT; path=/; Partitioned; secure; SameSite=None
                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                    access-control-allow-origin: *
                    x-cache: CONFIG_NOCACHE
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: 999715605FE44AA5BA75E97B8BA0BDFF Ref B: LON04EDGE0806 Ref C: 2024-01-05T14:38:51Z
                    date: Fri, 05 Jan 2024 14:38:50 GMT
                  • flag-us
                    GET
                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid= HTTP/2.0
                    host: g.bing.com
                    accept-encoding: gzip, deflate
                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                    cookie: MUID=28958ABEC1A06F4731719943C01B6EA1; MSPTC=Q7T0TzXYbpIQyopudyaBkw7EnYLd29P01a0V6ts6gGg
                    Response
                    HTTP/2.0 204
                    cache-control: no-cache, must-revalidate
                    pragma: no-cache
                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                    access-control-allow-origin: *
                    x-cache: CONFIG_NOCACHE
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: DF05AE9190A2407E976D5B06711D4AFC Ref B: LON04EDGE0806 Ref C: 2024-01-05T14:38:51Z
                    date: Fri, 05 Jan 2024 14:38:50 GMT
                  • flag-us
                    DNS
                    187.178.17.96.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    187.178.17.96.in-addr.arpa
                    IN PTR
                    Response
                    187.178.17.96.in-addr.arpa
                    IN PTR
                    a96-17-178-187deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    59.128.231.4.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    59.128.231.4.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    148.177.190.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    148.177.190.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    57.169.31.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    57.169.31.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    57.169.31.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    57.169.31.20.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    26.165.165.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    26.165.165.52.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    26.165.165.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    26.165.165.52.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    206.23.85.13.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    206.23.85.13.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    18.134.221.88.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    18.134.221.88.in-addr.arpa
                    IN PTR
                    Response
                    18.134.221.88.in-addr.arpa
                    IN PTR
                    a88-221-134-18deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    205.178.17.96.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    205.178.17.96.in-addr.arpa
                    IN PTR
                    Response
                    205.178.17.96.in-addr.arpa
                    IN PTR
                    a96-17-178-205deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    26.35.223.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    26.35.223.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    26.35.223.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    26.35.223.20.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    tse1.mm.bing.net
                    Remote address:
                    8.8.8.8:53
                    Request
                    tse1.mm.bing.net
                    IN A
                    Response
                    tse1.mm.bing.net
                    IN CNAME
                    mm-mm.bing.net.trafficmanager.net
                    mm-mm.bing.net.trafficmanager.net
                    IN CNAME
                    dual-a-0001.a-msedge.net
                    dual-a-0001.a-msedge.net
                    IN A
                    204.79.197.200
                    dual-a-0001.a-msedge.net
                    IN A
                    13.107.21.200
                  • flag-us
                    DNS
                    74.239.69.13.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    74.239.69.13.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    74.239.69.13.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    74.239.69.13.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    74.239.69.13.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    74.239.69.13.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    74.239.69.13.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    74.239.69.13.in-addr.arpa
                    IN PTR
                  • 204.79.197.200:443
                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=
                    tls, http2
                    2.0kB
                     9.4kB
                     22
                    19

                    HTTP Request

                    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=

                    HTTP Response

                    204

                    HTTP Request

                    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=

                    HTTP Response

                    204

                    HTTP Request

                    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=

                    HTTP Response

                    204
                  • 51.104.136.2:443
                    46 B
                     40 B
                     1
                    1
                  • 52.142.223.178:80
                    104 B
                     2
                  • 204.79.197.200:443
                    tse1.mm.bing.net
                    tls
                    1.2kB
                     8.3kB
                     15
                    14
                  • 204.79.197.200:443
                    tse1.mm.bing.net
                    tls
                    1.2kB
                     8.3kB
                     15
                    14
                  • 204.79.197.200:443
                    tse1.mm.bing.net
                    tls
                    1.2kB
                     8.3kB
                     15
                    14
                  • 204.79.197.200:443
                    tse1.mm.bing.net
                    tls
                    69.1kB
                     1.9MB
                     1399
                    1396
                  • 204.79.197.200:443
                    tse1.mm.bing.net
                    tls
                    1.2kB
                     8.3kB
                     15
                    14
                  • 8.8.8.8:53
                    g.bing.com
                    dns
                    56 B
                     158 B
                     1
                    1

                    DNS Request

                    g.bing.com

                    DNS Response

                    204.79.197.200
                    13.107.21.200

                  • 8.8.8.8:53
                    187.178.17.96.in-addr.arpa
                    dns
                    72 B
                     137 B
                     1
                    1

                    DNS Request

                    187.178.17.96.in-addr.arpa

                  • 8.8.8.8:53
                    59.128.231.4.in-addr.arpa
                    dns
                    71 B
                     157 B
                     1
                    1

                    DNS Request

                    59.128.231.4.in-addr.arpa

                  • 8.8.8.8:53
                    148.177.190.20.in-addr.arpa
                    dns
                    73 B
                     159 B
                     1
                    1

                    DNS Request

                    148.177.190.20.in-addr.arpa

                  • 8.8.8.8:53
                    57.169.31.20.in-addr.arpa
                    dns
                    142 B
                     157 B
                     2
                    1

                    DNS Request

                    57.169.31.20.in-addr.arpa

                    DNS Request

                    57.169.31.20.in-addr.arpa

                  • 8.8.8.8:53
                    26.165.165.52.in-addr.arpa
                    dns
                    144 B
                     146 B
                     2
                    1

                    DNS Request

                    26.165.165.52.in-addr.arpa

                    DNS Request

                    26.165.165.52.in-addr.arpa

                  • 8.8.8.8:53
                    206.23.85.13.in-addr.arpa
                    dns
                    71 B
                     145 B
                     1
                    1

                    DNS Request

                    206.23.85.13.in-addr.arpa

                  • 8.8.8.8:53
                    18.134.221.88.in-addr.arpa
                    dns
                    72 B
                     137 B
                     1
                    1

                    DNS Request

                    18.134.221.88.in-addr.arpa

                  • 8.8.8.8:53
                    205.178.17.96.in-addr.arpa
                    dns
                    72 B
                     137 B
                     1
                    1

                    DNS Request

                    205.178.17.96.in-addr.arpa

                  • 8.8.8.8:53
                    26.35.223.20.in-addr.arpa
                    dns
                    142 B
                     157 B
                     2
                    1

                    DNS Request

                    26.35.223.20.in-addr.arpa

                    DNS Request

                    26.35.223.20.in-addr.arpa

                  • 8.8.8.8:53
                    tse1.mm.bing.net
                    dns
                    62 B
                     173 B
                     1
                    1

                    DNS Request

                    tse1.mm.bing.net

                    DNS Response

                    204.79.197.200
                    13.107.21.200

                  • 8.8.8.8:53
                    74.239.69.13.in-addr.arpa
                    dns
                    284 B
                     145 B
                     4
                    1

                    DNS Request

                    74.239.69.13.in-addr.arpa

                    DNS Request

                    74.239.69.13.in-addr.arpa

                    DNS Request

                    74.239.69.13.in-addr.arpa

                    DNS Request

                    74.239.69.13.in-addr.arpa

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  We care about your privacy.

                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.