Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/03/2024, 13:24 UTC

General

  • Target

    c8b823802cc2013e7651c10c28d5035b.pdf

  • Size

    88KB

  • MD5

    c8b823802cc2013e7651c10c28d5035b

  • SHA1

    12a7b42ad5e9ec5841be924683364b4045c51d5d

  • SHA256

    9420968113862e0ee2626c93a02795704978e599f50d8efff0dcc49089efda55

  • SHA512

    fc1c3c40f95e7c249ed95e180921a04730852bf1700b7e6f9ce08affe84b0338a62bc3b31607f44fd4a89f76425c9833c4ac7f1c9146c93b7459b3fdf7c8d90b

  • SSDEEP

    1536:PIKH9Tup87149PmLV1eVSqP3rLO20ZLuKBtx/tu/1aWHpOvTWDO2jfr9mEH1Rl8L:NdT6AK9+WP3rD0LPu0vOBr8y1RGNao

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\c8b823802cc2013e7651c10c28d5035b.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:532
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:428
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B280F3331C022059FF7A6C9BE06039C9 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:336
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D428B6D185ADE2FFE5250B0968F47D1E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D428B6D185ADE2FFE5250B0968F47D1E --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:4692
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0BA5979B479F445758FEDC4E0E3B687D --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            3⤵
              PID:3468
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=531EA591E294F32828B44E27D40EB554 --mojo-platform-channel-handle=1800 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:2896
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8AF77420A0015DE9585EAA13BEFA2B39 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8AF77420A0015DE9585EAA13BEFA2B39 --renderer-client-id=6 --mojo-platform-channel-handle=1932 --allow-no-sandbox-job /prefetch:1
                3⤵
                  PID:2056
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7DB4C75096F48495BD6520B2454AA89D --mojo-platform-channel-handle=2680 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:4512
                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8F2233B6A0DEBB2E840FAB1832C07F40 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8F2233B6A0DEBB2E840FAB1832C07F40 --renderer-client-id=10 --mojo-platform-channel-handle=2544 --allow-no-sandbox-job /prefetch:1
                    3⤵
                      PID:4036
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:4752

                  Network

                  • flag-us
                    DNS
                    23.177.190.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    23.177.190.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    23.177.190.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    23.177.190.20.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    104.219.191.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    104.219.191.52.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    104.219.191.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    104.219.191.52.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    186.178.17.96.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    186.178.17.96.in-addr.arpa
                    IN PTR
                    Response
                    186.178.17.96.in-addr.arpa
                    IN PTR
                    a96-17-178-186deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    241.154.82.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    241.154.82.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    241.154.82.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    241.154.82.20.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    57.169.31.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    57.169.31.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    41.110.16.96.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    41.110.16.96.in-addr.arpa
                    IN PTR
                    Response
                    41.110.16.96.in-addr.arpa
                    IN PTR
                    a96-16-110-41deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    86.23.85.13.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    86.23.85.13.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    241.150.49.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    241.150.49.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    135.240.123.92.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    135.240.123.92.in-addr.arpa
                    IN PTR
                    Response
                    135.240.123.92.in-addr.arpa
                    IN PTR
                    a92-123-240-135deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    56.126.166.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    56.126.166.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    203.135.221.88.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    203.135.221.88.in-addr.arpa
                    IN PTR
                    Response
                    203.135.221.88.in-addr.arpa
                    IN PTR
                    a88-221-135-203deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    104.241.123.92.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    104.241.123.92.in-addr.arpa
                    IN PTR
                    Response
                    104.241.123.92.in-addr.arpa
                    IN PTR
                    a92-123-241-104deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    119.110.54.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    119.110.54.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    195.178.17.96.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    195.178.17.96.in-addr.arpa
                    IN PTR
                    Response
                    195.178.17.96.in-addr.arpa
                    IN PTR
                    a96-17-178-195deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    18.134.221.88.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    18.134.221.88.in-addr.arpa
                    IN PTR
                    Response
                    18.134.221.88.in-addr.arpa
                    IN PTR
                    a88-221-134-18deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    210.135.221.88.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    210.135.221.88.in-addr.arpa
                    IN PTR
                    Response
                    210.135.221.88.in-addr.arpa
                    IN PTR
                    a88-221-135-210deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    217.135.221.88.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    217.135.221.88.in-addr.arpa
                    IN PTR
                    Response
                    217.135.221.88.in-addr.arpa
                    IN PTR
                    a88-221-135-217deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    217.135.221.88.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    217.135.221.88.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    178.178.17.96.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    178.178.17.96.in-addr.arpa
                    IN PTR
                    Response
                    178.178.17.96.in-addr.arpa
                    IN PTR
                    a96-17-178-178deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    205.178.17.96.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    205.178.17.96.in-addr.arpa
                    IN PTR
                    Response
                    205.178.17.96.in-addr.arpa
                    IN PTR
                    a96-17-178-205deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    26.35.223.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    26.35.223.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    202.178.17.96.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    202.178.17.96.in-addr.arpa
                    IN PTR
                    Response
                    202.178.17.96.in-addr.arpa
                    IN PTR
                    a96-17-178-202deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    31.243.111.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    31.243.111.52.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    tse1.mm.bing.net
                    Remote address:
                    8.8.8.8:53
                    Request
                    tse1.mm.bing.net
                    IN A
                    Response
                    tse1.mm.bing.net
                    IN CNAME
                    mm-mm.bing.net.trafficmanager.net
                    mm-mm.bing.net.trafficmanager.net
                    IN CNAME
                    dual-a-0001.a-msedge.net
                    dual-a-0001.a-msedge.net
                    IN A
                    204.79.197.200
                    dual-a-0001.a-msedge.net
                    IN A
                    13.107.21.200
                  • flag-us
                    DNS
                    tse1.mm.bing.net
                    Remote address:
                    8.8.8.8:53
                    Request
                    tse1.mm.bing.net
                    IN A
                    Response
                    tse1.mm.bing.net
                    IN CNAME
                    mm-mm.bing.net.trafficmanager.net
                    mm-mm.bing.net.trafficmanager.net
                    IN CNAME
                    dual-a-0001.a-msedge.net
                    dual-a-0001.a-msedge.net
                    IN A
                    204.79.197.200
                    dual-a-0001.a-msedge.net
                    IN A
                    13.107.21.200
                  • flag-us
                    GET
                    https://tse1.mm.bing.net/th?id=OADD2.10239317300938_116Z84FUP3EYXI7L6&pid=21.2&w=1920&h=1080&c=4
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /th?id=OADD2.10239317300938_116Z84FUP3EYXI7L6&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                    host: tse1.mm.bing.net
                    accept: */*
                    accept-encoding: gzip, deflate, br
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                    Response
                    HTTP/2.0 200
                    cache-control: public, max-age=2592000
                    content-length: 461668
                    content-type: image/jpeg
                    x-cache: TCP_HIT
                    access-control-allow-origin: *
                    access-control-allow-headers: *
                    access-control-allow-methods: GET, POST, OPTIONS
                    timing-allow-origin: *
                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: ECA9A696E0C9449A982C955B0BEF1777 Ref B: LON04EDGE0714 Ref C: 2024-03-14T13:26:31Z
                    date: Thu, 14 Mar 2024 13:26:31 GMT
                  • flag-us
                    GET
                    https://tse1.mm.bing.net/th?id=OADD2.10239317301020_14A3TVXX0O1AF1LY0&pid=21.2&w=1920&h=1080&c=4
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /th?id=OADD2.10239317301020_14A3TVXX0O1AF1LY0&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                    host: tse1.mm.bing.net
                    accept: */*
                    accept-encoding: gzip, deflate, br
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                    Response
                    HTTP/2.0 200
                    cache-control: public, max-age=2592000
                    content-length: 422514
                    content-type: image/jpeg
                    x-cache: TCP_HIT
                    access-control-allow-origin: *
                    access-control-allow-headers: *
                    access-control-allow-methods: GET, POST, OPTIONS
                    timing-allow-origin: *
                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: F2FA6E87AD1D49E79C8134CF42ABABF9 Ref B: LON04EDGE0714 Ref C: 2024-03-14T13:26:31Z
                    date: Thu, 14 Mar 2024 13:26:31 GMT
                  • flag-us
                    GET
                    https://tse1.mm.bing.net/th?id=OADD2.10239317301371_18ZL52TJ0W1845BME&pid=21.2&w=1080&h=1920&c=4
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /th?id=OADD2.10239317301371_18ZL52TJ0W1845BME&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                    host: tse1.mm.bing.net
                    accept: */*
                    accept-encoding: gzip, deflate, br
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                    Response
                    HTTP/2.0 200
                    cache-control: public, max-age=2592000
                    content-length: 233452
                    content-type: image/jpeg
                    x-cache: TCP_HIT
                    access-control-allow-origin: *
                    access-control-allow-headers: *
                    access-control-allow-methods: GET, POST, OPTIONS
                    timing-allow-origin: *
                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: F257E6C27E0349D59C02FA748AB99D42 Ref B: LON04EDGE0714 Ref C: 2024-03-14T13:26:31Z
                    date: Thu, 14 Mar 2024 13:26:31 GMT
                  • flag-us
                    GET
                    https://tse1.mm.bing.net/th?id=OADD2.10239317301453_1HOUYPI9NYZFL407Y&pid=21.2&w=1080&h=1920&c=4
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /th?id=OADD2.10239317301453_1HOUYPI9NYZFL407Y&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                    host: tse1.mm.bing.net
                    accept: */*
                    accept-encoding: gzip, deflate, br
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                    Response
                    HTTP/2.0 200
                    cache-control: public, max-age=2592000
                    content-length: 174745
                    content-type: image/jpeg
                    x-cache: TCP_HIT
                    access-control-allow-origin: *
                    access-control-allow-headers: *
                    access-control-allow-methods: GET, POST, OPTIONS
                    timing-allow-origin: *
                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: D1DB5EE984F44D2196C6C89E6A0F4C56 Ref B: LON04EDGE0714 Ref C: 2024-03-14T13:26:31Z
                    date: Thu, 14 Mar 2024 13:26:31 GMT
                  • flag-us
                    GET
                    https://tse1.mm.bing.net/th?id=OADD2.10239340418537_1WA44EQA64JN0VKE0&pid=21.2&w=1080&h=1920&c=4
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /th?id=OADD2.10239340418537_1WA44EQA64JN0VKE0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                    host: tse1.mm.bing.net
                    accept: */*
                    accept-encoding: gzip, deflate, br
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                    Response
                    HTTP/2.0 200
                    cache-control: public, max-age=2592000
                    content-length: 366461
                    content-type: image/jpeg
                    x-cache: TCP_HIT
                    access-control-allow-origin: *
                    access-control-allow-headers: *
                    access-control-allow-methods: GET, POST, OPTIONS
                    timing-allow-origin: *
                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: C2411534F96143BFA5A949896D7F1F3F Ref B: LON04EDGE0714 Ref C: 2024-03-14T13:26:31Z
                    date: Thu, 14 Mar 2024 13:26:31 GMT
                  • flag-us
                    GET
                    https://tse1.mm.bing.net/th?id=OADD2.10239340418538_115TEFRTVWJF1SFIA&pid=21.2&w=1920&h=1080&c=4
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /th?id=OADD2.10239340418538_115TEFRTVWJF1SFIA&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                    host: tse1.mm.bing.net
                    accept: */*
                    accept-encoding: gzip, deflate, br
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                    Response
                    HTTP/2.0 200
                    cache-control: public, max-age=2592000
                    content-length: 435260
                    content-type: image/jpeg
                    x-cache: TCP_HIT
                    access-control-allow-origin: *
                    access-control-allow-headers: *
                    access-control-allow-methods: GET, POST, OPTIONS
                    timing-allow-origin: *
                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: 38EA573B6C124B6FB5D9D176E8859598 Ref B: LON04EDGE0714 Ref C: 2024-03-14T13:26:32Z
                    date: Thu, 14 Mar 2024 13:26:32 GMT
                  • flag-us
                    DNS
                    200.197.79.204.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    200.197.79.204.in-addr.arpa
                    IN PTR
                    Response
                    200.197.79.204.in-addr.arpa
                    IN PTR
                    a-0001a-msedgenet
                  • 204.79.197.200:443
                    tse1.mm.bing.net
                    tls, http2
                    1.3kB
                    8.3kB
                    18
                    16
                  • 204.79.197.200:443
                    tse1.mm.bing.net
                    tls, http2
                    1.3kB
                    8.2kB
                    18
                    15
                  • 204.79.197.200:443
                    https://tse1.mm.bing.net/th?id=OADD2.10239340418538_115TEFRTVWJF1SFIA&pid=21.2&w=1920&h=1080&c=4
                    tls, http2
                    76.7kB
                    2.2MB
                    1583
                    1580

                    HTTP Request

                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300938_116Z84FUP3EYXI7L6&pid=21.2&w=1920&h=1080&c=4

                    HTTP Request

                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301020_14A3TVXX0O1AF1LY0&pid=21.2&w=1920&h=1080&c=4

                    HTTP Request

                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301371_18ZL52TJ0W1845BME&pid=21.2&w=1080&h=1920&c=4

                    HTTP Request

                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301453_1HOUYPI9NYZFL407Y&pid=21.2&w=1080&h=1920&c=4

                    HTTP Request

                    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418537_1WA44EQA64JN0VKE0&pid=21.2&w=1080&h=1920&c=4

                    HTTP Response

                    200

                    HTTP Response

                    200

                    HTTP Response

                    200

                    HTTP Response

                    200

                    HTTP Response

                    200

                    HTTP Request

                    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418538_115TEFRTVWJF1SFIA&pid=21.2&w=1920&h=1080&c=4

                    HTTP Response

                    200
                  • 204.79.197.200:443
                    tse1.mm.bing.net
                    tls, http2
                    1.3kB
                    8.2kB
                    17
                    15
                  • 204.79.197.200:443
                    tse1.mm.bing.net
                    tls, http2
                    1.3kB
                    8.2kB
                    17
                    15
                  • 96.17.178.202:80
                  • 8.8.8.8:53
                    23.177.190.20.in-addr.arpa
                    dns
                    144 B
                    158 B
                    2
                    1

                    DNS Request

                    23.177.190.20.in-addr.arpa

                    DNS Request

                    23.177.190.20.in-addr.arpa

                  • 8.8.8.8:53
                    104.219.191.52.in-addr.arpa
                    dns
                    146 B
                    147 B
                    2
                    1

                    DNS Request

                    104.219.191.52.in-addr.arpa

                    DNS Request

                    104.219.191.52.in-addr.arpa

                  • 8.8.8.8:53
                    186.178.17.96.in-addr.arpa
                    dns
                    72 B
                    137 B
                    1
                    1

                    DNS Request

                    186.178.17.96.in-addr.arpa

                  • 8.8.8.8:53
                    241.154.82.20.in-addr.arpa
                    dns
                    144 B
                    158 B
                    2
                    1

                    DNS Request

                    241.154.82.20.in-addr.arpa

                    DNS Request

                    241.154.82.20.in-addr.arpa

                  • 8.8.8.8:53
                    57.169.31.20.in-addr.arpa
                    dns
                    71 B
                    157 B
                    1
                    1

                    DNS Request

                    57.169.31.20.in-addr.arpa

                  • 8.8.8.8:53
                    41.110.16.96.in-addr.arpa
                    dns
                    71 B
                    135 B
                    1
                    1

                    DNS Request

                    41.110.16.96.in-addr.arpa

                  • 8.8.8.8:53
                    86.23.85.13.in-addr.arpa
                    dns
                    70 B
                    144 B
                    1
                    1

                    DNS Request

                    86.23.85.13.in-addr.arpa

                  • 8.8.8.8:53
                    241.150.49.20.in-addr.arpa
                    dns
                    72 B
                    158 B
                    1
                    1

                    DNS Request

                    241.150.49.20.in-addr.arpa

                  • 8.8.8.8:53
                    135.240.123.92.in-addr.arpa
                    dns
                    73 B
                    139 B
                    1
                    1

                    DNS Request

                    135.240.123.92.in-addr.arpa

                  • 8.8.8.8:53
                    56.126.166.20.in-addr.arpa
                    dns
                    72 B
                    158 B
                    1
                    1

                    DNS Request

                    56.126.166.20.in-addr.arpa

                  • 8.8.8.8:53
                    203.135.221.88.in-addr.arpa
                    dns
                    73 B
                    139 B
                    1
                    1

                    DNS Request

                    203.135.221.88.in-addr.arpa

                  • 8.8.8.8:53
                    104.241.123.92.in-addr.arpa
                    dns
                    73 B
                    139 B
                    1
                    1

                    DNS Request

                    104.241.123.92.in-addr.arpa

                  • 8.8.8.8:53
                    119.110.54.20.in-addr.arpa
                    dns
                    72 B
                    158 B
                    1
                    1

                    DNS Request

                    119.110.54.20.in-addr.arpa

                  • 8.8.8.8:53
                    195.178.17.96.in-addr.arpa
                    dns
                    72 B
                    137 B
                    1
                    1

                    DNS Request

                    195.178.17.96.in-addr.arpa

                  • 8.8.8.8:53
                    18.134.221.88.in-addr.arpa
                    dns
                    72 B
                    137 B
                    1
                    1

                    DNS Request

                    18.134.221.88.in-addr.arpa

                  • 8.8.8.8:53
                    210.135.221.88.in-addr.arpa
                    dns
                    73 B
                    139 B
                    1
                    1

                    DNS Request

                    210.135.221.88.in-addr.arpa

                  • 8.8.8.8:53
                    217.135.221.88.in-addr.arpa
                    dns
                    146 B
                    139 B
                    2
                    1

                    DNS Request

                    217.135.221.88.in-addr.arpa

                    DNS Request

                    217.135.221.88.in-addr.arpa

                  • 8.8.8.8:53
                    178.178.17.96.in-addr.arpa
                    dns
                    72 B
                    137 B
                    1
                    1

                    DNS Request

                    178.178.17.96.in-addr.arpa

                  • 8.8.8.8:53
                    205.178.17.96.in-addr.arpa
                    dns
                    72 B
                    137 B
                    1
                    1

                    DNS Request

                    205.178.17.96.in-addr.arpa

                  • 8.8.8.8:53
                    26.35.223.20.in-addr.arpa
                    dns
                    71 B
                    157 B
                    1
                    1

                    DNS Request

                    26.35.223.20.in-addr.arpa

                  • 8.8.8.8:53
                    202.178.17.96.in-addr.arpa
                    dns
                    72 B
                    137 B
                    1
                    1

                    DNS Request

                    202.178.17.96.in-addr.arpa

                  • 8.8.8.8:53
                    31.243.111.52.in-addr.arpa
                    dns
                    72 B
                    158 B
                    1
                    1

                    DNS Request

                    31.243.111.52.in-addr.arpa

                  • 8.8.8.8:53
                    tse1.mm.bing.net
                    dns
                    124 B
                    346 B
                    2
                    2

                    DNS Request

                    tse1.mm.bing.net

                    DNS Request

                    tse1.mm.bing.net

                    DNS Response

                    204.79.197.200
                    13.107.21.200

                    DNS Response

                    204.79.197.200
                    13.107.21.200

                  • 8.8.8.8:53
                    200.197.79.204.in-addr.arpa
                    dns
                    73 B
                    106 B
                    1
                    1

                    DNS Request

                    200.197.79.204.in-addr.arpa

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                    Filesize

                    64KB

                    MD5

                    ca686440078a99ce552858c9ff0a0173

                    SHA1

                    e5b2c36b124e7be2785308164d72ac2dc84cd6a3

                    SHA256

                    9756f91cef932754af5aa75c76d5c7e6f86f84b9543a98dbd0a389379bf89182

                    SHA512

                    366debd173b9cf8299f5e92d707d391b3b11a1b670452ef26dfc16a6a1c64ca9755dd1258100ee445ba22b1a8c79fedb72d49e20cf2f20267d15306f7eb309d5

                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                    Filesize

                    36KB

                    MD5

                    b30d3becc8731792523d599d949e63f5

                    SHA1

                    19350257e42d7aee17fb3bf139a9d3adb330fad4

                    SHA256

                    b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                    SHA512

                    523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                    Filesize

                    56KB

                    MD5

                    752a1f26b18748311b691c7d8fc20633

                    SHA1

                    c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                    SHA256

                    111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                    SHA512

                    a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                  • memory/532-33-0x000000000BB50000-0x000000000BBA0000-memory.dmp

                    Filesize

                    320KB

                  We care about your privacy.

                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.