Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

bfaeeec6a0...dc.pdf

windows7-x64

1

bfaeeec6a0...dc.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 03:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bfaeeec6a0eee2276b80e9867110b1dc.pdf

  • Size

    160KB

  • MD5

    bfaeeec6a0eee2276b80e9867110b1dc

  • SHA1

    afbd0351de4b2b699e73eade7d4bea24a70498fc

  • SHA256

    19c4bfd4d6b6c2bfd83456498eedd00e5573fa0097bdb4e78e391b63c4b5aafa

  • SHA512

    b1412060f0596e94ca4fd5b0a89a000b34e4c03931d352562345c4ecc8309fd41ee69d77979521600ae10fd12f3c753f2a6b56bcf0ddb3ed93c3e9c0ddc64fdd

  • SSDEEP

    3072:vR33PYzC/Gk95mk4VAWkD/QSmDz6uMMa+SexjDl9R8L/etQDp6pTvmMdS:x3PYzCjKNnK/Q4uXaxeRl9RQ/badQ

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\bfaeeec6a0eee2276b80e9867110b1dc.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1284
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=62790649360B8038D861B4BEE5472825 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:2384
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=76B84CD88F42166228F496DCF848790B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=76B84CD88F42166228F496DCF848790B --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:3276
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=17CEC707503403544B423F34762B6200 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            3⤵
              PID:4688
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8A3A1097DAC9D22DA01E7D81189E914F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8A3A1097DAC9D22DA01E7D81189E914F --renderer-client-id=5 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1
              3⤵
                PID:4048
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8AF5F3581D87C5916488F98A6799F7FA --mojo-platform-channel-handle=2444 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:4992
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=299329C906705375EE324ECD7E03A963 --mojo-platform-channel-handle=2400 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:2116

              Network

              • flag-us
                DNS
                71.31.126.40.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                71.31.126.40.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                240.221.184.93.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                240.221.184.93.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                9.228.82.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                9.228.82.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                58.55.71.13.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                58.55.71.13.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                55.36.223.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                55.36.223.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                41.110.16.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                41.110.16.96.in-addr.arpa
                IN PTR
                Response
                41.110.16.96.in-addr.arpa
                IN PTR
                a96-16-110-41deploystaticakamaitechnologiescom
              • flag-us
                DNS
                103.169.127.40.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                103.169.127.40.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                206.23.85.13.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                206.23.85.13.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                135.240.123.92.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                135.240.123.92.in-addr.arpa
                IN PTR
                Response
                135.240.123.92.in-addr.arpa
                IN PTR
                a92-123-240-135deploystaticakamaitechnologiescom
              • flag-us
                DNS
                196.249.167.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                196.249.167.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                32.134.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                32.134.221.88.in-addr.arpa
                IN PTR
                Response
                32.134.221.88.in-addr.arpa
                IN PTR
                a88-221-134-32deploystaticakamaitechnologiescom
              • flag-us
                DNS
                119.110.54.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                119.110.54.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                104.241.123.92.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                104.241.123.92.in-addr.arpa
                IN PTR
                Response
                104.241.123.92.in-addr.arpa
                IN PTR
                a92-123-241-104deploystaticakamaitechnologiescom
              • flag-us
                DNS
                217.135.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                217.135.221.88.in-addr.arpa
                IN PTR
                Response
                217.135.221.88.in-addr.arpa
                IN PTR
                a88-221-135-217deploystaticakamaitechnologiescom
              • flag-us
                DNS
                174.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                174.178.17.96.in-addr.arpa
                IN PTR
                Response
                174.178.17.96.in-addr.arpa
                IN PTR
                a96-17-178-174deploystaticakamaitechnologiescom
              • flag-us
                DNS
                26.35.223.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                26.35.223.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                tse1.mm.bing.net
                Remote address:
                8.8.8.8:53
                Request
                tse1.mm.bing.net
                IN A
                Response
                tse1.mm.bing.net
                IN CNAME
                mm-mm.bing.net.trafficmanager.net
                mm-mm.bing.net.trafficmanager.net
                IN CNAME
                dual-a-0001.a-msedge.net
                dual-a-0001.a-msedge.net
                IN A
                204.79.197.200
                dual-a-0001.a-msedge.net
                IN A
                13.107.21.200
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239317301158_1FQ7QMDIC6MPGAP86&pid=21.2&w=1920&h=1080&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239317301158_1FQ7QMDIC6MPGAP86&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 461668
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: CD5CD67B5C15493EA5ED9EB5A393D366 Ref B: LON04EDGE0908 Ref C: 2024-03-11T03:09:19Z
                date: Mon, 11 Mar 2024 03:09:18 GMT
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239317300938_116Z84FUP3EYXI7L6&pid=21.2&w=1920&h=1080&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239317300938_116Z84FUP3EYXI7L6&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 390420
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: 4C8E3C99433746C0BBF63A49EB5F710F Ref B: LON04EDGE0908 Ref C: 2024-03-11T03:09:19Z
                date: Mon, 11 Mar 2024 03:09:18 GMT
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239317301567_1E1JC2NVSTDWA0SVH&pid=21.2&w=1080&h=1920&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239317301567_1E1JC2NVSTDWA0SVH&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 422514
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: 4521C67527054894804F5C067020B474 Ref B: LON04EDGE0908 Ref C: 2024-03-11T03:09:19Z
                date: Mon, 11 Mar 2024 03:09:18 GMT
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239340418577_1YCPJO6YBYEE06VWA&pid=21.2&w=1080&h=1920&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239340418577_1YCPJO6YBYEE06VWA&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 344990
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: C70C6999BA4C45CDAEA1A224E209D67D Ref B: LON04EDGE0908 Ref C: 2024-03-11T03:09:19Z
                date: Mon, 11 Mar 2024 03:09:18 GMT
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239317301371_18ZL52TJ0W1845BME&pid=21.2&w=1080&h=1920&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239317301371_18ZL52TJ0W1845BME&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 531870
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: 1282D6DDB45F429C9D651597DA0F3DE5 Ref B: LON04EDGE0908 Ref C: 2024-03-11T03:09:19Z
                date: Mon, 11 Mar 2024 03:09:18 GMT
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239340418578_1AMTWIX1RFG5EZ1V6&pid=21.2&w=1920&h=1080&c=4
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239340418578_1AMTWIX1RFG5EZ1V6&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 600567
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: BA55227D8E3C4855958BAB571AC618E5 Ref B: LON04EDGE0908 Ref C: 2024-03-11T03:09:19Z
                date: Mon, 11 Mar 2024 03:09:18 GMT
              • flag-us
                DNS
                200.197.79.204.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                200.197.79.204.in-addr.arpa
                IN PTR
                Response
                200.197.79.204.in-addr.arpa
                IN PTR
                a-0001a-msedgenet
              • flag-us
                DNS
                11.227.111.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                11.227.111.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                11.227.111.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                11.227.111.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                56.126.166.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                56.126.166.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                56.126.166.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                56.126.166.20.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                18.134.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                18.134.221.88.in-addr.arpa
                IN PTR
                Response
                18.134.221.88.in-addr.arpa
                IN PTR
                a88-221-134-18deploystaticakamaitechnologiescom
              • flag-us
                DNS
                18.134.221.88.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                18.134.221.88.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                176.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                176.178.17.96.in-addr.arpa
                IN PTR
                Response
                176.178.17.96.in-addr.arpa
                IN PTR
                a96-17-178-176deploystaticakamaitechnologiescom
              • flag-us
                DNS
                176.178.17.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                176.178.17.96.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                18.173.189.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                18.173.189.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                18.173.189.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                18.173.189.20.in-addr.arpa
                IN PTR
                Response
              • 204.79.197.200:443
                tse1.mm.bing.net
                tls, http2
                1.5kB
                 8.1kB
                 17
                13
              • 204.79.197.200:443
                tse1.mm.bing.net
                tls, http2
                1.5kB
                 8.1kB
                 17
                13
              • 204.79.197.200:443
                tse1.mm.bing.net
                tls, http2
                1.5kB
                 8.1kB
                 17
                13
              • 204.79.197.200:443
                tse1.mm.bing.net
                tls, http2
                1.5kB
                 8.1kB
                 17
                13
              • 204.79.197.200:443
                https://tse1.mm.bing.net/th?id=OADD2.10239340418578_1AMTWIX1RFG5EZ1V6&pid=21.2&w=1920&h=1080&c=4
                tls, http2
                101.0kB
                 2.9MB
                 2079
                2070

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301158_1FQ7QMDIC6MPGAP86&pid=21.2&w=1920&h=1080&c=4

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239317300938_116Z84FUP3EYXI7L6&pid=21.2&w=1920&h=1080&c=4

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301567_1E1JC2NVSTDWA0SVH&pid=21.2&w=1080&h=1920&c=4

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239340418577_1YCPJO6YBYEE06VWA&pid=21.2&w=1080&h=1920&c=4

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301371_18ZL52TJ0W1845BME&pid=21.2&w=1080&h=1920&c=4

                HTTP Response

                200

                HTTP Response

                200

                HTTP Response

                200

                HTTP Response

                200

                HTTP Response

                200

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239340418578_1AMTWIX1RFG5EZ1V6&pid=21.2&w=1920&h=1080&c=4

                HTTP Response

                200
              • 8.8.8.8:53
                71.31.126.40.in-addr.arpa
                dns
                71 B
                 157 B
                 1
                1

                DNS Request

                71.31.126.40.in-addr.arpa

              • 8.8.8.8:53
                240.221.184.93.in-addr.arpa
                dns
                73 B
                 144 B
                 1
                1

                DNS Request

                240.221.184.93.in-addr.arpa

              • 8.8.8.8:53
                9.228.82.20.in-addr.arpa
                dns
                70 B
                 156 B
                 1
                1

                DNS Request

                9.228.82.20.in-addr.arpa

              • 8.8.8.8:53
                58.55.71.13.in-addr.arpa
                dns
                70 B
                 144 B
                 1
                1

                DNS Request

                58.55.71.13.in-addr.arpa

              • 8.8.8.8:53
                55.36.223.20.in-addr.arpa
                dns
                71 B
                 157 B
                 1
                1

                DNS Request

                55.36.223.20.in-addr.arpa

              • 8.8.8.8:53
                41.110.16.96.in-addr.arpa
                dns
                71 B
                 135 B
                 1
                1

                DNS Request

                41.110.16.96.in-addr.arpa

              • 8.8.8.8:53
                103.169.127.40.in-addr.arpa
                dns
                73 B
                 147 B
                 1
                1

                DNS Request

                103.169.127.40.in-addr.arpa

              • 8.8.8.8:53
                206.23.85.13.in-addr.arpa
                dns
                71 B
                 145 B
                 1
                1

                DNS Request

                206.23.85.13.in-addr.arpa

              • 8.8.8.8:53
                135.240.123.92.in-addr.arpa
                dns
                73 B
                 139 B
                 1
                1

                DNS Request

                135.240.123.92.in-addr.arpa

              • 8.8.8.8:53
                196.249.167.52.in-addr.arpa
                dns
                73 B
                 147 B
                 1
                1

                DNS Request

                196.249.167.52.in-addr.arpa

              • 8.8.8.8:53
                32.134.221.88.in-addr.arpa
                dns
                72 B
                 137 B
                 1
                1

                DNS Request

                32.134.221.88.in-addr.arpa

              • 8.8.8.8:53
                119.110.54.20.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                119.110.54.20.in-addr.arpa

              • 8.8.8.8:53
                104.241.123.92.in-addr.arpa
                dns
                73 B
                 139 B
                 1
                1

                DNS Request

                104.241.123.92.in-addr.arpa

              • 8.8.8.8:53
                217.135.221.88.in-addr.arpa
                dns
                73 B
                 139 B
                 1
                1

                DNS Request

                217.135.221.88.in-addr.arpa

              • 8.8.8.8:53
                174.178.17.96.in-addr.arpa
                dns
                72 B
                 137 B
                 1
                1

                DNS Request

                174.178.17.96.in-addr.arpa

              • 8.8.8.8:53
                26.35.223.20.in-addr.arpa
                dns
                71 B
                 157 B
                 1
                1

                DNS Request

                26.35.223.20.in-addr.arpa

              • 8.8.8.8:53
                tse1.mm.bing.net
                dns
                62 B
                 173 B
                 1
                1

                DNS Request

                tse1.mm.bing.net

                DNS Response

                204.79.197.200
                13.107.21.200

              • 8.8.8.8:53
                200.197.79.204.in-addr.arpa
                dns
                73 B
                 106 B
                 1
                1

                DNS Request

                200.197.79.204.in-addr.arpa

              • 8.8.8.8:53
                11.227.111.52.in-addr.arpa
                dns
                144 B
                 316 B
                 2
                2

                DNS Request

                11.227.111.52.in-addr.arpa

                DNS Request

                11.227.111.52.in-addr.arpa

              • 8.8.8.8:53
                56.126.166.20.in-addr.arpa
                dns
                144 B
                 158 B
                 2
                1

                DNS Request

                56.126.166.20.in-addr.arpa

                DNS Request

                56.126.166.20.in-addr.arpa

              • 8.8.8.8:53
                18.134.221.88.in-addr.arpa
                dns
                144 B
                 137 B
                 2
                1

                DNS Request

                18.134.221.88.in-addr.arpa

                DNS Request

                18.134.221.88.in-addr.arpa

              • 8.8.8.8:53
                176.178.17.96.in-addr.arpa
                dns
                144 B
                 137 B
                 2
                1

                DNS Request

                176.178.17.96.in-addr.arpa

                DNS Request

                176.178.17.96.in-addr.arpa

              • 8.8.8.8:53
                18.173.189.20.in-addr.arpa
                dns
                144 B
                 316 B
                 2
                2

                DNS Request

                18.173.189.20.in-addr.arpa

                DNS Request

                18.173.189.20.in-addr.arpa

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                64KB

                MD5

                c9ed84d4a1bf273313d2e93bc623a8eb

                SHA1

                5e3c433161a41487f37a7565cfe28fb6895d8c65

                SHA256

                fbe2f16547ff801d90dd9b52a470d645c938d502e0a2ac63d0d7f0f592dfeb41

                SHA512

                0eff3f2ef0db67423c888cf57c5cbef7cfb52fad1c4c960ae1937ee7a69a22bf5bcf541bbe60ade325d1bb6c284f9a3aa9bbffb21fb8101b00fe8e8d7c7a6665

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                36KB

                MD5

                b30d3becc8731792523d599d949e63f5

                SHA1

                19350257e42d7aee17fb3bf139a9d3adb330fad4

                SHA256

                b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                SHA512

                523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                56KB

                MD5

                752a1f26b18748311b691c7d8fc20633

                SHA1

                c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                SHA256

                111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                SHA512

                a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                Download Submit

              • C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
                Filesize

                12KB

                MD5

                0a28ce9e2895e7fc5838f93676898b6a

                SHA1

                5932acb2e9f7f9c5f5e0ebc9a0e72bb136c99136

                SHA256

                8873838505f23020c6bbf3be79c3593dccd8b0f8985c3bc3638f04ad8a5688a1

                SHA512

                4524d51dd2a17ac99cc529819ea7dc1521b384242f37b14320c73c0f330ee2a351861b85a5b20729d0e3fb5dd7eb46e35010479653933e415d10e70e07899dab

                Download Submit

              We care about your privacy.

              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.