Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2024, 15:15 UTC

General

  • Target

    f846a17e887260b81437d67109f82048_JaffaCakes118.pdf

  • Size

    90KB

  • MD5

    f846a17e887260b81437d67109f82048

  • SHA1

    11b6c708789d869c21f05acb9a5a9261e707fbb1

  • SHA256

    8795de4a3d0baebca789bc04caa411e4e2f73e559a033fa3e280448df020b379

  • SHA512

    6193d0beb5633d4ca97d9411e9a900c6633d76fa480d9b71fdc7627c725ea514cca899be89e43e5982792554c9378818e5b345f3b049675283e1bffdac3365a5

  • SSDEEP

    1536:rCos1V2nxgoYIguuJT7UMR40eBwRdtCdKxWY0yR6VquWOpOwrdJ01X7:eT22B/JvXdtCsR6VqDwrdOR

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f846a17e887260b81437d67109f82048_JaffaCakes118.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4380
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1540
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E302830B5CAF5C14F8FDF2D98D5A3A69 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:1304
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C66DF48E622C644A3D85889773D69E79 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C66DF48E622C644A3D85889773D69E79 --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:4680
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=01986A3580CCFFC6911784EDF5A0AA93 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=01986A3580CCFFC6911784EDF5A0AA93 --renderer-client-id=4 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job /prefetch:1
            3⤵
              PID:4352
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F40895BADDCDB9DA807EED4D1F86552D --mojo-platform-channel-handle=2344 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:4796
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C50E44D5A737CBE8696F960F4901842E --mojo-platform-channel-handle=2572 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:4732
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B23AFE761D0C44179FB57491131CFE41 --mojo-platform-channel-handle=2024 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:1716
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3836,i,7064649017625232947,17746804975634116675,262144 --variations-seed-version --mojo-platform-channel-handle=4128 /prefetch:8
                1⤵
                  PID:1060
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:4516

                  Network

                  • flag-us
                    DNS
                    84.177.190.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    84.177.190.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    241.154.82.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    241.154.82.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    g.bing.com
                    Remote address:
                    8.8.8.8:53
                    Request
                    g.bing.com
                    IN A
                    Response
                    g.bing.com
                    IN CNAME
                    g-bing-com.dual-a-0034.a-msedge.net
                    g-bing-com.dual-a-0034.a-msedge.net
                    IN CNAME
                    dual-a-0034.a-msedge.net
                    dual-a-0034.a-msedge.net
                    IN A
                    204.79.197.237
                    dual-a-0034.a-msedge.net
                    IN A
                    13.107.21.237
                  • flag-us
                    GET
                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=823b3240659e44cdab5102720f3b4ec6&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid=
                    Remote address:
                    204.79.197.237:443
                    Request
                    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=823b3240659e44cdab5102720f3b4ec6&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid= HTTP/2.0
                    host: g.bing.com
                    accept-encoding: gzip, deflate
                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                    Response
                    HTTP/2.0 204
                    cache-control: no-cache, must-revalidate
                    pragma: no-cache
                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                    set-cookie: MUID=0252F52459BC621F23DAE141589B6351; domain=.bing.com; expires=Tue, 13-May-2025 15:15:54 GMT; path=/; SameSite=None; Secure; Priority=High;
                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                    access-control-allow-origin: *
                    x-cache: CONFIG_NOCACHE
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: 89C7C4F502D141C097EA0DCA83715E26 Ref B: LON04EDGE0616 Ref C: 2024-04-18T15:15:54Z
                    date: Thu, 18 Apr 2024 15:15:53 GMT
                  • flag-us
                    GET
                    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=823b3240659e44cdab5102720f3b4ec6&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid=
                    Remote address:
                    204.79.197.237:443
                    Request
                    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=823b3240659e44cdab5102720f3b4ec6&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid= HTTP/2.0
                    host: g.bing.com
                    accept-encoding: gzip, deflate
                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                    cookie: MUID=0252F52459BC621F23DAE141589B6351
                    Response
                    HTTP/2.0 204
                    cache-control: no-cache, must-revalidate
                    pragma: no-cache
                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                    set-cookie: MSPTC=QtvaOWNiWQTpYlYLoUYkkvgv4jJ3txT2HNCS54Rjsp0; domain=.bing.com; expires=Tue, 13-May-2025 15:15:54 GMT; path=/; Partitioned; secure; SameSite=None
                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                    access-control-allow-origin: *
                    x-cache: CONFIG_NOCACHE
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: F7BAE30158394B8F989F90C13DDD3D99 Ref B: LON04EDGE0616 Ref C: 2024-04-18T15:15:54Z
                    date: Thu, 18 Apr 2024 15:15:53 GMT
                  • flag-us
                    GET
                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=823b3240659e44cdab5102720f3b4ec6&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid=
                    Remote address:
                    204.79.197.237:443
                    Request
                    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=823b3240659e44cdab5102720f3b4ec6&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid= HTTP/2.0
                    host: g.bing.com
                    accept-encoding: gzip, deflate
                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                    cookie: MUID=0252F52459BC621F23DAE141589B6351; MSPTC=QtvaOWNiWQTpYlYLoUYkkvgv4jJ3txT2HNCS54Rjsp0
                    Response
                    HTTP/2.0 204
                    cache-control: no-cache, must-revalidate
                    pragma: no-cache
                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                    access-control-allow-origin: *
                    x-cache: CONFIG_NOCACHE
                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    x-msedge-ref: Ref A: 74615716F148406BB6D0703FA79CECDF Ref B: LON04EDGE0616 Ref C: 2024-04-18T15:15:54Z
                    date: Thu, 18 Apr 2024 15:15:53 GMT
                  • flag-us
                    DNS
                    237.197.79.204.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    237.197.79.204.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    206.221.208.4.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    206.221.208.4.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    21.114.53.23.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    21.114.53.23.in-addr.arpa
                    IN PTR
                    Response
                    21.114.53.23.in-addr.arpa
                    IN PTR
                    a23-53-114-21deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    57.169.31.20.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    57.169.31.20.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    152.172.246.72.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    152.172.246.72.in-addr.arpa
                    IN PTR
                    Response
                    152.172.246.72.in-addr.arpa
                    IN PTR
                    a72-246-172-152deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    8.139.73.23.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    8.139.73.23.in-addr.arpa
                    IN PTR
                    Response
                    8.139.73.23.in-addr.arpa
                    IN PTR
                    a23-73-139-8deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    157.123.68.40.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    157.123.68.40.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    206.23.85.13.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    206.23.85.13.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    24.139.73.23.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    24.139.73.23.in-addr.arpa
                    IN PTR
                    Response
                    24.139.73.23.in-addr.arpa
                    IN PTR
                    a23-73-139-24deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    43.229.111.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    43.229.111.52.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    106.246.116.51.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    106.246.116.51.in-addr.arpa
                    IN PTR
                    Response
                  • 204.79.197.237:443
                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=823b3240659e44cdab5102720f3b4ec6&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid=
                    tls, http2
                    2.0kB
                    9.2kB
                    22
                    19

                    HTTP Request

                    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=823b3240659e44cdab5102720f3b4ec6&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid=

                    HTTP Response

                    204

                    HTTP Request

                    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=823b3240659e44cdab5102720f3b4ec6&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid=

                    HTTP Response

                    204

                    HTTP Request

                    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=823b3240659e44cdab5102720f3b4ec6&localId=w:85A6E0B8-9F32-4971-7E29-E0DEDD0017CA&deviceId=6755467521974275&anid=

                    HTTP Response

                    204
                  • 8.8.8.8:53
                    84.177.190.20.in-addr.arpa
                    dns
                    72 B
                    158 B
                    1
                    1

                    DNS Request

                    84.177.190.20.in-addr.arpa

                  • 8.8.8.8:53
                    241.154.82.20.in-addr.arpa
                    dns
                    72 B
                    158 B
                    1
                    1

                    DNS Request

                    241.154.82.20.in-addr.arpa

                  • 8.8.8.8:53
                    g.bing.com
                    dns
                    56 B
                    151 B
                    1
                    1

                    DNS Request

                    g.bing.com

                    DNS Response

                    204.79.197.237
                    13.107.21.237

                  • 8.8.8.8:53
                    237.197.79.204.in-addr.arpa
                    dns
                    73 B
                    143 B
                    1
                    1

                    DNS Request

                    237.197.79.204.in-addr.arpa

                  • 8.8.8.8:53
                    206.221.208.4.in-addr.arpa
                    dns
                    72 B
                    158 B
                    1
                    1

                    DNS Request

                    206.221.208.4.in-addr.arpa

                  • 8.8.8.8:53
                    21.114.53.23.in-addr.arpa
                    dns
                    71 B
                    135 B
                    1
                    1

                    DNS Request

                    21.114.53.23.in-addr.arpa

                  • 8.8.8.8:53
                    57.169.31.20.in-addr.arpa
                    dns
                    71 B
                    157 B
                    1
                    1

                    DNS Request

                    57.169.31.20.in-addr.arpa

                  • 8.8.8.8:53
                    152.172.246.72.in-addr.arpa
                    dns
                    73 B
                    139 B
                    1
                    1

                    DNS Request

                    152.172.246.72.in-addr.arpa

                  • 8.8.8.8:53
                    8.139.73.23.in-addr.arpa
                    dns
                    70 B
                    133 B
                    1
                    1

                    DNS Request

                    8.139.73.23.in-addr.arpa

                  • 8.8.8.8:53
                    157.123.68.40.in-addr.arpa
                    dns
                    72 B
                    146 B
                    1
                    1

                    DNS Request

                    157.123.68.40.in-addr.arpa

                  • 8.8.8.8:53
                    206.23.85.13.in-addr.arpa
                    dns
                    71 B
                    145 B
                    1
                    1

                    DNS Request

                    206.23.85.13.in-addr.arpa

                  • 8.8.8.8:53
                    24.139.73.23.in-addr.arpa
                    dns
                    71 B
                    135 B
                    1
                    1

                    DNS Request

                    24.139.73.23.in-addr.arpa

                  • 8.8.8.8:53
                    43.229.111.52.in-addr.arpa
                    dns
                    72 B
                    158 B
                    1
                    1

                    DNS Request

                    43.229.111.52.in-addr.arpa

                  • 8.8.8.8:53
                    106.246.116.51.in-addr.arpa
                    dns
                    73 B
                    159 B
                    1
                    1

                    DNS Request

                    106.246.116.51.in-addr.arpa

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                    Filesize

                    64KB

                    MD5

                    389628830954add803d78809d23a8200

                    SHA1

                    57b856a1858911e7ec26b430b1335d2492595bfc

                    SHA256

                    95e8c14939b3f9f70fae771818745bc92162b4ef635ca381632b8325080f3e28

                    SHA512

                    de64a8126ca5567b6e3b22d6a190bd279c575aae00a5610353467c45c79f3c3fca7628a27fe4954700035e9dce3a6a678d799eb8f95bb161b94eecd622b19108

                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                    Filesize

                    36KB

                    MD5

                    b30d3becc8731792523d599d949e63f5

                    SHA1

                    19350257e42d7aee17fb3bf139a9d3adb330fad4

                    SHA256

                    b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                    SHA512

                    523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                    Filesize

                    56KB

                    MD5

                    752a1f26b18748311b691c7d8fc20633

                    SHA1

                    c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                    SHA256

                    111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                    SHA512

                    a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                  We care about your privacy.

                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.