Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

6

4d0dddcd80...3d.pdf

windows7-x64

1

4d0dddcd80...3d.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    16s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/01/2024, 02:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d0dddcd808f81c70983f9b31980653d.pdf

  • Size

    24KB

  • MD5

    4d0dddcd808f81c70983f9b31980653d

  • SHA1

    36aee39b4deb4f4a557163377073b39be7123bf7

  • SHA256

    32a6abae5f223ccad1083095487cf7c3d61b35c800db12f187d48d948554dd86

  • SHA512

    7b1c997d15b8a76b3055aabe3bbdbeda78ef671f766eb17c18594d7d0259b2565872f7d0e03f2e7fdcbb07ac24b872e4d8fce6e0ce415356d102d68ab85b6c87

  • SSDEEP

    192:WysNxdd4OU7FJx9cW6VOpXu6ieQluIYs0/LkQoy9uIYs0/LkQyk4byCB+4yr5uAi:WysNu3vFkv/RKbZW5bwBGUq4Mz4E+

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\4d0dddcd808f81c70983f9b31980653d.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4896
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=22A0033DFF8333733C074A8D7B628DD6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=22A0033DFF8333733C074A8D7B628DD6 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
        3⤵
          PID:5000
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F6078F14F81BF5F185FE967C003B8DDF --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
          3⤵
            PID:2644
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=24C51B87E243155054431C5C286E76EB --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            3⤵
              PID:1780
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1DE864D4B803D53B8E4CB435FEA39736 --mojo-platform-channel-handle=2392 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:2624
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0BCE79161F119B2ECDE803B91EAFAB47 --mojo-platform-channel-handle=2432 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:540
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D93A56A99C8A2006FA216B44618DF159 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D93A56A99C8A2006FA216B44618DF159 --renderer-client-id=8 --mojo-platform-channel-handle=1956 --allow-no-sandbox-job /prefetch:1
                  3⤵
                    PID:2308

              Network

              • flag-us
                DNS
                158.240.127.40.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                158.240.127.40.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                158.240.127.40.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                158.240.127.40.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                84.177.190.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                84.177.190.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                84.177.190.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                84.177.190.20.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                g.bing.com
                Remote address:
                8.8.8.8:53
                Request
                g.bing.com
                IN A
                Response
                g.bing.com
                IN CNAME
                g-bing-com.a-0001.a-msedge.net
                g-bing-com.a-0001.a-msedge.net
                IN CNAME
                dual-a-0001.a-msedge.net
                dual-a-0001.a-msedge.net
                IN A
                204.79.197.200
                dual-a-0001.a-msedge.net
                IN A
                13.107.21.200
              • flag-us
                GET
                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=36f49617f89a4c93b73a35e565775fb1&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
                Remote address:
                204.79.197.200:443
                Request
                GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=36f49617f89a4c93b73a35e565775fb1&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
                host: g.bing.com
                accept-encoding: gzip, deflate
                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                Response
                HTTP/2.0 204
                cache-control: no-cache, must-revalidate
                pragma: no-cache
                expires: Fri, 01 Jan 1990 00:00:00 GMT
                set-cookie: MUID=33B31FC6A5E660E60ABD0BC7A4C161C7; domain=.bing.com; expires=Sun, 02-Feb-2025 02:03:40 GMT; path=/; SameSite=None; Secure; Priority=High;
                strict-transport-security: max-age=31536000; includeSubDomains; preload
                access-control-allow-origin: *
                x-cache: CONFIG_NOCACHE
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: 66EC3E95B9F24FB0B474CD757EC28894 Ref B: LON04EDGE0722 Ref C: 2024-01-09T02:03:40Z
                date: Tue, 09 Jan 2024 02:03:39 GMT
              • flag-us
                GET
                https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=36f49617f89a4c93b73a35e565775fb1&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
                Remote address:
                204.79.197.200:443
                Request
                GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=36f49617f89a4c93b73a35e565775fb1&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
                host: g.bing.com
                accept-encoding: gzip, deflate
                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                cookie: MUID=33B31FC6A5E660E60ABD0BC7A4C161C7
                Response
                HTTP/2.0 204
                cache-control: no-cache, must-revalidate
                pragma: no-cache
                expires: Fri, 01 Jan 1990 00:00:00 GMT
                set-cookie: MSPTC=pitGQuS29KPYCvpZ8uRpndaRP9HP2PdQqrf4WKqLir8; domain=.bing.com; expires=Sun, 02-Feb-2025 02:03:40 GMT; path=/; Partitioned; secure; SameSite=None
                strict-transport-security: max-age=31536000; includeSubDomains; preload
                access-control-allow-origin: *
                x-cache: CONFIG_NOCACHE
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: A3E6E34185534C868091C9BB787CD669 Ref B: LON04EDGE0722 Ref C: 2024-01-09T02:03:40Z
                date: Tue, 09 Jan 2024 02:03:39 GMT
              • flag-us
                GET
                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=36f49617f89a4c93b73a35e565775fb1&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
                Remote address:
                204.79.197.200:443
                Request
                GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=36f49617f89a4c93b73a35e565775fb1&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
                host: g.bing.com
                accept-encoding: gzip, deflate
                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                cookie: MUID=33B31FC6A5E660E60ABD0BC7A4C161C7; MSPTC=pitGQuS29KPYCvpZ8uRpndaRP9HP2PdQqrf4WKqLir8
                Response
                HTTP/2.0 204
                cache-control: no-cache, must-revalidate
                pragma: no-cache
                expires: Fri, 01 Jan 1990 00:00:00 GMT
                strict-transport-security: max-age=31536000; includeSubDomains; preload
                access-control-allow-origin: *
                x-cache: CONFIG_NOCACHE
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: 35D3CF910F2C44BBBF779E94E53D3D6A Ref B: LON04EDGE0722 Ref C: 2024-01-09T02:03:40Z
                date: Tue, 09 Jan 2024 02:03:39 GMT
              • flag-us
                DNS
                194.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                194.178.17.96.in-addr.arpa
                IN PTR
                Response
                194.178.17.96.in-addr.arpa
                IN PTR
                a96-17-178-194deploystaticakamaitechnologiescom
              • flag-us
                DNS
                95.221.229.192.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                95.221.229.192.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                200.197.79.204.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                200.197.79.204.in-addr.arpa
                IN PTR
                Response
                200.197.79.204.in-addr.arpa
                IN PTR
                a-0001a-msedgenet
              • flag-us
                DNS
                9.228.82.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                9.228.82.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                43.58.199.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                43.58.199.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                183.59.114.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                183.59.114.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                41.110.16.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                41.110.16.96.in-addr.arpa
                IN PTR
                Response
                41.110.16.96.in-addr.arpa
                IN PTR
                a96-16-110-41deploystaticakamaitechnologiescom
              • flag-us
                DNS
                146.78.124.51.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                146.78.124.51.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                135.240.123.92.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                135.240.123.92.in-addr.arpa
                IN PTR
                Response
                135.240.123.92.in-addr.arpa
                IN PTR
                a92-123-240-135deploystaticakamaitechnologiescom
              • flag-us
                DNS
                206.23.85.13.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                206.23.85.13.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                50.134.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                50.134.221.88.in-addr.arpa
                IN PTR
                Response
                50.134.221.88.in-addr.arpa
                IN PTR
                a88-221-134-50deploystaticakamaitechnologiescom
              • flag-us
                DNS
                50.134.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                50.134.221.88.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                104.241.123.92.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                104.241.123.92.in-addr.arpa
                IN PTR
                Response
                104.241.123.92.in-addr.arpa
                IN PTR
                a92-123-241-104deploystaticakamaitechnologiescom
              • flag-us
                DNS
                119.110.54.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                119.110.54.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                0.204.248.87.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                0.204.248.87.in-addr.arpa
                IN PTR
                Response
                0.204.248.87.in-addr.arpa
                IN PTR
                https-87-248-204-0lhrllnwnet
              • flag-us
                DNS
                240.221.184.93.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                240.221.184.93.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                18.134.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                18.134.221.88.in-addr.arpa
                IN PTR
                Response
                18.134.221.88.in-addr.arpa
                IN PTR
                a88-221-134-18deploystaticakamaitechnologiescom
              • flag-us
                DNS
                18.134.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                18.134.221.88.in-addr.arpa
                IN PTR
                Response
                18.134.221.88.in-addr.arpa
                IN PTR
                a88-221-134-18deploystaticakamaitechnologiescom
              • flag-us
                DNS
                88.156.103.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                88.156.103.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                88.156.103.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                88.156.103.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                18.31.95.13.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                18.31.95.13.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                18.31.95.13.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                18.31.95.13.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                176.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                176.178.17.96.in-addr.arpa
                IN PTR
                Response
                176.178.17.96.in-addr.arpa
                IN PTR
                a96-17-178-176deploystaticakamaitechnologiescom
              • flag-us
                DNS
                176.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                176.178.17.96.in-addr.arpa
                IN PTR
                Response
                176.178.17.96.in-addr.arpa
                IN PTR
                a96-17-178-176deploystaticakamaitechnologiescom
              • flag-us
                DNS
                43.229.111.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                43.229.111.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                43.229.111.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                43.229.111.52.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                178.223.142.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                178.223.142.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                178.223.142.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                178.223.142.52.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                178.223.142.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                178.223.142.52.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                10.179.89.13.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                10.179.89.13.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                10.179.89.13.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                10.179.89.13.in-addr.arpa
                IN PTR
                Response
              • 204.79.197.200:443
                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=36f49617f89a4c93b73a35e565775fb1&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
                tls, http2
                2.2kB
                 9.4kB
                 23
                19

                HTTP Request

                GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=36f49617f89a4c93b73a35e565775fb1&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

                HTTP Response

                204

                HTTP Request

                GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=36f49617f89a4c93b73a35e565775fb1&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

                HTTP Response

                204

                HTTP Request

                GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=36f49617f89a4c93b73a35e565775fb1&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

                HTTP Response

                204
              • 204.79.197.200:443
                g.bing.com
                tls
                92 B
                 118 B
                 2
                2
              • 204.79.197.200:443
                g.bing.com
                tls
                92 B
                 118 B
                 2
                2
              • 204.79.197.200:443
                g.bing.com
                32.9kB
                 950.2kB
                 684
                689
              • 204.79.197.200:443
                g.bing.com
                tls
                92 B
                 118 B
                 2
                2
              • 204.79.197.200:443
                g.bing.com
                tls
                92 B
                 118 B
                 2
                2
              • 8.8.8.8:53
                158.240.127.40.in-addr.arpa
                dns
                146 B
                 147 B
                 2
                1

                DNS Request

                158.240.127.40.in-addr.arpa

                DNS Request

                158.240.127.40.in-addr.arpa

              • 8.8.8.8:53
                84.177.190.20.in-addr.arpa
                dns
                144 B
                 158 B
                 2
                1

                DNS Request

                84.177.190.20.in-addr.arpa

                DNS Request

                84.177.190.20.in-addr.arpa

              • 8.8.8.8:53
                g.bing.com
                dns
                56 B
                 158 B
                 1
                1

                DNS Request

                g.bing.com

                DNS Response

                204.79.197.200
                13.107.21.200

              • 8.8.8.8:53
                194.178.17.96.in-addr.arpa
                dns
                72 B
                 137 B
                 1
                1

                DNS Request

                194.178.17.96.in-addr.arpa

              • 8.8.8.8:53
                95.221.229.192.in-addr.arpa
                dns
                73 B
                 144 B
                 1
                1

                DNS Request

                95.221.229.192.in-addr.arpa

              • 8.8.8.8:53
                200.197.79.204.in-addr.arpa
                dns
                73 B
                 106 B
                 1
                1

                DNS Request

                200.197.79.204.in-addr.arpa

              • 8.8.8.8:53
                9.228.82.20.in-addr.arpa
                dns
                70 B
                 156 B
                 1
                1

                DNS Request

                9.228.82.20.in-addr.arpa

              • 8.8.8.8:53
                43.58.199.20.in-addr.arpa
                dns
                71 B
                 157 B
                 1
                1

                DNS Request

                43.58.199.20.in-addr.arpa

              • 8.8.8.8:53
                183.59.114.20.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                183.59.114.20.in-addr.arpa

              • 8.8.8.8:53
                41.110.16.96.in-addr.arpa
                dns
                71 B
                 135 B
                 1
                1

                DNS Request

                41.110.16.96.in-addr.arpa

              • 8.8.8.8:53
                146.78.124.51.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                146.78.124.51.in-addr.arpa

              • 8.8.8.8:53
                135.240.123.92.in-addr.arpa
                dns
                73 B
                 139 B
                 1
                1

                DNS Request

                135.240.123.92.in-addr.arpa

              • 8.8.8.8:53
                206.23.85.13.in-addr.arpa
                dns
                71 B
                 145 B
                 1
                1

                DNS Request

                206.23.85.13.in-addr.arpa

              • 8.8.8.8:53
                50.134.221.88.in-addr.arpa
                dns
                144 B
                 137 B
                 2
                1

                DNS Request

                50.134.221.88.in-addr.arpa

                DNS Request

                50.134.221.88.in-addr.arpa

              • 8.8.8.8:53
                104.241.123.92.in-addr.arpa
                dns
                73 B
                 139 B
                 1
                1

                DNS Request

                104.241.123.92.in-addr.arpa

              • 8.8.8.8:53
                119.110.54.20.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                119.110.54.20.in-addr.arpa

              • 8.8.8.8:53
                0.204.248.87.in-addr.arpa
                dns
                71 B
                 116 B
                 1
                1

                DNS Request

                0.204.248.87.in-addr.arpa

              • 8.8.8.8:53
                240.221.184.93.in-addr.arpa
                dns
                73 B
                 144 B
                 1
                1

                DNS Request

                240.221.184.93.in-addr.arpa

              • 8.8.8.8:53
                18.134.221.88.in-addr.arpa
                dns
                144 B
                 274 B
                 2
                2

                DNS Request

                18.134.221.88.in-addr.arpa

                DNS Request

                18.134.221.88.in-addr.arpa

              • 8.8.8.8:53
                88.156.103.20.in-addr.arpa
                dns
                144 B
                 316 B
                 2
                2

                DNS Request

                88.156.103.20.in-addr.arpa

                DNS Request

                88.156.103.20.in-addr.arpa

              • 8.8.8.8:53
                18.31.95.13.in-addr.arpa
                dns
                140 B
                 144 B
                 2
                1

                DNS Request

                18.31.95.13.in-addr.arpa

                DNS Request

                18.31.95.13.in-addr.arpa

              • 8.8.8.8:53
                176.178.17.96.in-addr.arpa
                dns
                144 B
                 274 B
                 2
                2

                DNS Request

                176.178.17.96.in-addr.arpa

                DNS Request

                176.178.17.96.in-addr.arpa

              • 8.8.8.8:53
                43.229.111.52.in-addr.arpa
                dns
                144 B
                 158 B
                 2
                1

                DNS Request

                43.229.111.52.in-addr.arpa

                DNS Request

                43.229.111.52.in-addr.arpa

              • 8.8.8.8:53
                178.223.142.52.in-addr.arpa
                dns
                219 B
                 147 B
                 3
                1

                DNS Request

                178.223.142.52.in-addr.arpa

                DNS Request

                178.223.142.52.in-addr.arpa

                DNS Request

                178.223.142.52.in-addr.arpa

              • 8.8.8.8:53
                10.179.89.13.in-addr.arpa
                dns
                142 B
                 290 B
                 2
                2

                DNS Request

                10.179.89.13.in-addr.arpa

                DNS Request

                10.179.89.13.in-addr.arpa

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                64KB

                MD5

                69a52188dbb193d448d2750ffa060b9c

                SHA1

                516cd1817b66415d0996b50e1335c66fe6212475

                SHA256

                ccc2b9c8fa80060da59939f2e74f396b280da2f015b291c69dc790ca47909506

                SHA512

                e2188a837abe63e3560bfd73d3f0a66790f3791eae8a04048099256642c8d0524805eb779744070377d7fe9b249cfbaa711d9d6cc0c30eba697dc72c87393108

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                56KB

                MD5

                c26ed30e7d5ab440480838636efc41db

                SHA1

                c66e0d00b56abebfb60d2fcc5cf85ad31a0d6591

                SHA256

                6a3c5c4a8e57f77ecc22078fbf603ecc31fb82d429bd87b7b4b9261447092aef

                SHA512

                96cdb78bca3e01d4513c31661987e5646e6a8ff24708918aa0d66dfa3ca5d98af4862c9f38c4f41f933c345d2d3adfb1d34d1430b33f45f916f41a9872a030df

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                56KB

                MD5

                752a1f26b18748311b691c7d8fc20633

                SHA1

                c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                SHA256

                111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                SHA512

                a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                Download Submit

              We care about your privacy.

              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.