Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

dee253f018...93.pdf

windows7-x64

1

dee253f018...93.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2024, 09:58 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dee253f0180f17597f2250ab3fddb893.pdf

  • Size

    90KB

  • MD5

    dee253f0180f17597f2250ab3fddb893

  • SHA1

    92d413a98265abff2be1808bc71f7fac74380b11

  • SHA256

    092f9633255f8eb0cb8c8d2ded43d3aaaac362c3ed5daa3633fa9c8a9e685426

  • SHA512

    3478a0638b01977ba6fbc382519b2253f703bb1d5dede729e6f597036a0d7780040cf80f268013909a2c39fa6c97b63e94796314b691eb59fc178e2817a5f804

  • SSDEEP

    1536:2FaxbRkwBKxTo1SwLYlhl5gACeVeo3BvP6cdhHerJHhKWitUI6ilW6pOu2lwcPBy:a8bRNqTo15YTYjgFB6cdlOHhkUI6iWuN

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\dee253f0180f17597f2250ab3fddb893.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3732
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4460
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=17A62C9CA3BF030A31574DCAF51E32F0 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:1936
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AFA9E732F1DBE805DCFB4671496D71BB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AFA9E732F1DBE805DCFB4671496D71BB --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:1792
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=846B9D8C77639B63BD180A94D89DDB24 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=846B9D8C77639B63BD180A94D89DDB24 --renderer-client-id=4 --mojo-platform-channel-handle=2168 --allow-no-sandbox-job /prefetch:1
            3⤵
              PID:2496
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1D3C01626246D481B5BDED3AFEA18E86 --mojo-platform-channel-handle=2564 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:5160
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C02557DD195D5D17EB54B8CE6BC321BD --mojo-platform-channel-handle=1880 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:5252
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E602C388556EB46DF1B1C1A88C92BAA4 --mojo-platform-channel-handle=2736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:5348
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:2340
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3956 --field-trial-handle=2588,i,4353937220825226770,7138584070663735671,262144 --variations-seed-version /prefetch:8
                  1⤵
                    PID:5216

                  Network

                  • flag-us
                    DNS
                    17.160.190.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    17.160.190.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    209.205.72.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    209.205.72.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    9.228.82.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    9.228.82.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    209.178.17.96.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    209.178.17.96.in-addr.arpa
                    IN PTR
                    Response
                    209.178.17.96.in-addr.arpa
                    IN PTR
                    a96-17-178-209deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    41.110.16.96.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    41.110.16.96.in-addr.arpa
                    IN PTR
                    Response
                    41.110.16.96.in-addr.arpa
                    IN PTR
                    a96-16-110-41deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    57.169.31.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    57.169.31.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    97.17.167.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    97.17.167.52.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    97.17.167.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    97.17.167.52.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    132.4.17.2.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    132.4.17.2.in-addr.arpa
                    IN PTR
                    Response
                    132.4.17.2.in-addr.arpa
                    IN PTR
                    a2-17-4-132deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    24.134.221.88.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    24.134.221.88.in-addr.arpa
                    IN PTR
                    Response
                    24.134.221.88.in-addr.arpa
                    IN PTR
                    a88-221-134-24deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    23.236.111.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    23.236.111.52.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    23.236.111.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    23.236.111.52.in-addr.arpa
                    IN PTR
                  • flag-us
                    DNS
                    103.169.127.40.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    103.169.127.40.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    56.126.166.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    56.126.166.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    217.135.221.88.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    217.135.221.88.in-addr.arpa
                    IN PTR
                    Response
                    217.135.221.88.in-addr.arpa
                    IN PTR
                    a88-221-135-217deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    0.205.248.87.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    0.205.248.87.in-addr.arpa
                    IN PTR
                    Response
                    0.205.248.87.in-addr.arpa
                    IN PTR
                    https-87-248-205-0lgwllnwnet
                  • flag-us
                    DNS
                    tse1.mm.bing.net
                    Remote address:
                    8.8.8.8:53
                    Request
                    tse1.mm.bing.net
                    IN A
                    Response
                    tse1.mm.bing.net
                    IN CNAME
                    mm-mm.bing.net.trafficmanager.net
                    mm-mm.bing.net.trafficmanager.net
                    IN CNAME
                    dual-a-0001.a-msedge.net
                    dual-a-0001.a-msedge.net
                    IN A
                    204.79.197.200
                    dual-a-0001.a-msedge.net
                    IN A
                    13.107.21.200
                  • flag-us
                    GET
                    https://tse1.mm.bing.net/th?id=OADD2.10239317300959_1CHLLCV5W8JDLT6KD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /th?id=OADD2.10239317300959_1CHLLCV5W8JDLT6KD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                    host: tse1.mm.bing.net
                    accept: */*
                    accept-encoding: gzip, deflate, br
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                    Response
                    HTTP/2.0 200
                    cache-control: public, max-age=2592000
                    content-length: 241999
                    content-type: image/jpeg
                    x-cache: TCP_HIT
                    access-control-allow-origin: *
                    access-control-allow-headers: *
                    access-control-allow-methods: GET, POST, OPTIONS
                    timing-allow-origin: *
                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: A11F6400DC33469F97AFDF2278FB5797 Ref B: LON04EDGE0815 Ref C: 2024-03-26T10:00:35Z
                    date: Tue, 26 Mar 2024 10:00:34 GMT
                  • flag-us
                    GET
                    https://tse1.mm.bing.net/th?id=OADD2.10239317301392_16A1PHSUUMJZWR1FN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /th?id=OADD2.10239317301392_16A1PHSUUMJZWR1FN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                    host: tse1.mm.bing.net
                    accept: */*
                    accept-encoding: gzip, deflate, br
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                    Response
                    HTTP/2.0 200
                    cache-control: public, max-age=2592000
                    content-length: 903944
                    content-type: image/jpeg
                    x-cache: TCP_HIT
                    access-control-allow-origin: *
                    access-control-allow-headers: *
                    access-control-allow-methods: GET, POST, OPTIONS
                    timing-allow-origin: *
                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: CA7CF49059624204A8319D4AA981F1B1 Ref B: LON04EDGE0815 Ref C: 2024-03-26T10:00:35Z
                    date: Tue, 26 Mar 2024 10:00:34 GMT
                  • flag-us
                    GET
                    https://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                    host: tse1.mm.bing.net
                    accept: */*
                    accept-encoding: gzip, deflate, br
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                    Response
                    HTTP/2.0 200
                    cache-control: public, max-age=2592000
                    content-length: 553976
                    content-type: image/jpeg
                    x-cache: TCP_HIT
                    access-control-allow-origin: *
                    access-control-allow-headers: *
                    access-control-allow-methods: GET, POST, OPTIONS
                    timing-allow-origin: *
                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: 8069B2426BDB41F68B4649296ABF8977 Ref B: LON04EDGE0815 Ref C: 2024-03-26T10:00:35Z
                    date: Tue, 26 Mar 2024 10:00:34 GMT
                  • flag-us
                    GET
                    https://tse1.mm.bing.net/th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                    Remote address:
                    204.79.197.200:443
                    Request
                    GET /th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                    host: tse1.mm.bing.net
                    accept: */*
                    accept-encoding: gzip, deflate, br
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                    Response
                    HTTP/2.0 200
                    cache-control: public, max-age=2592000
                    content-length: 315631
                    content-type: image/jpeg
                    x-cache: TCP_HIT
                    access-control-allow-origin: *
                    access-control-allow-headers: *
                    access-control-allow-methods: GET, POST, OPTIONS
                    timing-allow-origin: *
                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: FA6DCF3D20FA435F8F8E504028E1E284 Ref B: LON04EDGE0815 Ref C: 2024-03-26T10:00:35Z
                    date: Tue, 26 Mar 2024 10:00:34 GMT
                  • 13.107.246.64:443
                    46 B
                     40 B
                     1
                    1
                  • 52.142.223.178:80
                    46 B
                     1
                  • 204.79.197.200:443
                    tse1.mm.bing.net
                    tls, http2
                    1.2kB
                     9.5kB
                     16
                    14
                  • 204.79.197.200:443
                    tse1.mm.bing.net
                    tls, http2
                    1.2kB
                     8.1kB
                     15
                    14
                  • 204.79.197.200:443
                    tse1.mm.bing.net
                    tls, http2
                    1.2kB
                     8.1kB
                     15
                    14
                  • 204.79.197.200:443
                    https://tse1.mm.bing.net/th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                    tls, http2
                    43.5kB
                     1.2MB
                     880
                    876

                    HTTP Request

                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300959_1CHLLCV5W8JDLT6KD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                    HTTP Request

                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301392_16A1PHSUUMJZWR1FN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                    HTTP Request

                    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                    HTTP Request

                    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                    HTTP Response

                    200

                    HTTP Response

                    200

                    HTTP Response

                    200

                    HTTP Response

                    200
                  • 8.8.8.8:53
                    17.160.190.20.in-addr.arpa
                    dns
                    72 B
                     158 B
                     1
                    1

                    DNS Request

                    17.160.190.20.in-addr.arpa

                  • 8.8.8.8:53
                    209.205.72.20.in-addr.arpa
                    dns
                    72 B
                     158 B
                     1
                    1

                    DNS Request

                    209.205.72.20.in-addr.arpa

                  • 8.8.8.8:53
                    9.228.82.20.in-addr.arpa
                    dns
                    70 B
                     156 B
                     1
                    1

                    DNS Request

                    9.228.82.20.in-addr.arpa

                  • 8.8.8.8:53
                    209.178.17.96.in-addr.arpa
                    dns
                    72 B
                     137 B
                     1
                    1

                    DNS Request

                    209.178.17.96.in-addr.arpa

                  • 8.8.8.8:53
                    41.110.16.96.in-addr.arpa
                    dns
                    71 B
                     135 B
                     1
                    1

                    DNS Request

                    41.110.16.96.in-addr.arpa

                  • 8.8.8.8:53
                    57.169.31.20.in-addr.arpa
                    dns
                    71 B
                     157 B
                     1
                    1

                    DNS Request

                    57.169.31.20.in-addr.arpa

                  • 8.8.8.8:53
                    97.17.167.52.in-addr.arpa
                    dns
                    142 B
                     145 B
                     2
                    1

                    DNS Request

                    97.17.167.52.in-addr.arpa

                    DNS Request

                    97.17.167.52.in-addr.arpa

                  • 8.8.8.8:53
                    132.4.17.2.in-addr.arpa
                    dns
                    69 B
                     131 B
                     1
                    1

                    DNS Request

                    132.4.17.2.in-addr.arpa

                  • 8.8.8.8:53
                    24.134.221.88.in-addr.arpa
                    dns
                    72 B
                     137 B
                     1
                    1

                    DNS Request

                    24.134.221.88.in-addr.arpa

                  • 8.8.8.8:53
                    23.236.111.52.in-addr.arpa
                    dns
                    144 B
                     158 B
                     2
                    1

                    DNS Request

                    23.236.111.52.in-addr.arpa

                    DNS Request

                    23.236.111.52.in-addr.arpa

                  • 8.8.8.8:53
                    103.169.127.40.in-addr.arpa
                    dns
                    73 B
                     147 B
                     1
                    1

                    DNS Request

                    103.169.127.40.in-addr.arpa

                  • 8.8.8.8:53
                    56.126.166.20.in-addr.arpa
                    dns
                    72 B
                     158 B
                     1
                    1

                    DNS Request

                    56.126.166.20.in-addr.arpa

                  • 8.8.8.8:53
                    217.135.221.88.in-addr.arpa
                    dns
                    73 B
                     139 B
                     1
                    1

                    DNS Request

                    217.135.221.88.in-addr.arpa

                  • 8.8.8.8:53
                    0.205.248.87.in-addr.arpa
                    dns
                    71 B
                     116 B
                     1
                    1

                    DNS Request

                    0.205.248.87.in-addr.arpa

                  • 8.8.8.8:53
                    tse1.mm.bing.net
                    dns
                    62 B
                     173 B
                     1
                    1

                    DNS Request

                    tse1.mm.bing.net

                    DNS Response

                    204.79.197.200
                    13.107.21.200

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                    Filesize

                    64KB

                    MD5

                    b43aec59ea0789942581a772b7cf020f

                    SHA1

                    e144789b746233e3c363c3c105a5f2b0072ba6c1

                    SHA256

                    34c27baf285ecf7e6c38211160aab4e226c569951539d4236fadbc115ab36995

                    SHA512

                    2dc30748a6a315fb1aba069285ed8602b53b55e32a2d3153ba3452a8f65b8ef9c32e6e1508f97ab917fd8012a76aa19da109490fc904f28b363547bf0c587d4b

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                    Filesize

                    36KB

                    MD5

                    b30d3becc8731792523d599d949e63f5

                    SHA1

                    19350257e42d7aee17fb3bf139a9d3adb330fad4

                    SHA256

                    b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                    SHA512

                    523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                    Filesize

                    56KB

                    MD5

                    752a1f26b18748311b691c7d8fc20633

                    SHA1

                    c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                    SHA256

                    111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                    SHA512

                    a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                    Download Submit

                  • memory/3732-28-0x000000000C300000-0x000000000C321000-memory.dmp

                    Filesize

                    132KB

                    Download

                  We care about your privacy.

                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.