Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

f87c9d5ee4...18.pdf

windows7-x64

1

f87c9d5ee4...18.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2024, 17:58 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f87c9d5ee44d45f97fdab794e26b9bf2_JaffaCakes118.pdf

  • Size

    88KB

  • MD5

    f87c9d5ee44d45f97fdab794e26b9bf2

  • SHA1

    f73f38474fca4cc80089d245a4962a476df8952a

  • SHA256

    3b22548531a7e23c93fd8094e39880ec7b0818ecfa7c0cf263392243873679ed

  • SHA512

    c2d3c11dfcc2135ceb2cd8c15d2186199fdd3dc9c3101e2de9f2a8e31ccd33ce37a7000706270eb3559ca8b0e8c6fcee559083f926e31b78624b07559a878693

  • SSDEEP

    1536:1iQ8Scr5bK/kInc64bq8JuBfBc0UHUDACM7kSKAwmtPrD6WGpOKCW/nZxD9g5wMN:CrskWc6TR7q0DA1kSjwo7KZ/9gNN

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f87c9d5ee44d45f97fdab794e26b9bf2_JaffaCakes118.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4748
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A09CC88B25B54A02916D5BD450812FF2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:544
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=79D1390CBD68A9E2FB23C7725E04B7F5 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=79D1390CBD68A9E2FB23C7725E04B7F5 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:840
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=260259B3577D51B9D642A0ED80AFECFB --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            3⤵
              PID:2512
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0254A0A9614A8EA686F65A62273B2907 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0254A0A9614A8EA686F65A62273B2907 --renderer-client-id=5 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job /prefetch:1
              3⤵
                PID:624
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EC88DE6C839F0873F199B119E93E13CD --mojo-platform-channel-handle=1912 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:1516
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=160126BB116F4E59533A0531AEA344D7 --mojo-platform-channel-handle=1988 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:2388
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:2696

                Network

                • flag-us
                  DNS
                  152.172.246.72.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  152.172.246.72.in-addr.arpa
                  IN PTR
                  Response
                  152.172.246.72.in-addr.arpa
                  IN PTR
                  a72-246-172-152deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  172.210.232.199.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  172.210.232.199.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  29.143.109.104.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  29.143.109.104.in-addr.arpa
                  IN PTR
                  Response
                  29.143.109.104.in-addr.arpa
                  IN PTR
                  a104-109-143-29deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  g.bing.com
                  Remote address:
                  8.8.8.8:53
                  Request
                  g.bing.com
                  IN A
                  Response
                  g.bing.com
                  IN CNAME
                  g-bing-com.dual-a-0034.a-msedge.net
                  g-bing-com.dual-a-0034.a-msedge.net
                  IN CNAME
                  dual-a-0034.a-msedge.net
                  dual-a-0034.a-msedge.net
                  IN A
                  204.79.197.237
                  dual-a-0034.a-msedge.net
                  IN A
                  13.107.21.237
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f4659b1c0a924beeb583486266d271b8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=
                  Remote address:
                  204.79.197.237:443
                  Request
                  GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f4659b1c0a924beeb583486266d271b8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  set-cookie: MUID=320DEF072D3368BF327BFB622CD36932; domain=.bing.com; expires=Tue, 13-May-2025 17:59:04 GMT; path=/; SameSite=None; Secure; Priority=High;
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 4027D1781C7A49CD8E2AA120FA482DD8 Ref B: LON04EDGE1112 Ref C: 2024-04-18T17:59:04Z
                  date: Thu, 18 Apr 2024 17:59:03 GMT
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f4659b1c0a924beeb583486266d271b8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=
                  Remote address:
                  204.79.197.237:443
                  Request
                  GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f4659b1c0a924beeb583486266d271b8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  cookie: MUID=320DEF072D3368BF327BFB622CD36932
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  set-cookie: MSPTC=0Q0FnVXRTEoEKsYatrWd2brA-5VpKSudjBH8eGHGZhQ; domain=.bing.com; expires=Tue, 13-May-2025 17:59:04 GMT; path=/; Partitioned; secure; SameSite=None
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 5EB9EA61418344B180FCDC50D1775635 Ref B: LON04EDGE1112 Ref C: 2024-04-18T17:59:04Z
                  date: Thu, 18 Apr 2024 17:59:03 GMT
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f4659b1c0a924beeb583486266d271b8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=
                  Remote address:
                  204.79.197.237:443
                  Request
                  GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f4659b1c0a924beeb583486266d271b8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  cookie: MUID=320DEF072D3368BF327BFB622CD36932; MSPTC=0Q0FnVXRTEoEKsYatrWd2brA-5VpKSudjBH8eGHGZhQ
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 7ADCB37A835C4F4CA12F2C75FFC6BCA1 Ref B: LON04EDGE1112 Ref C: 2024-04-18T17:59:04Z
                  date: Thu, 18 Apr 2024 17:59:03 GMT
                • flag-nl
                  GET
                  https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                  Remote address:
                  23.62.61.129:443
                  Request
                  GET /th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
                  host: www.bing.com
                  accept: */*
                  cookie: MUID=320DEF072D3368BF327BFB622CD36932; MSPTC=0Q0FnVXRTEoEKsYatrWd2brA-5VpKSudjBH8eGHGZhQ
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-type: image/png
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  content-length: 1678
                  date: Thu, 18 Apr 2024 17:59:05 GMT
                  alt-svc: h3=":443"; ma=93600
                  x-cdn-traceid: 0.7d3d3e17.1713463145.f9ed749
                • flag-us
                  DNS
                  133.32.126.40.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  133.32.126.40.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  237.197.79.204.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  237.197.79.204.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  241.154.82.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  241.154.82.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  67.32.209.4.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  67.32.209.4.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  129.61.62.23.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  129.61.62.23.in-addr.arpa
                  IN PTR
                  Response
                  129.61.62.23.in-addr.arpa
                  IN PTR
                  a23-62-61-129deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  21.114.53.23.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  21.114.53.23.in-addr.arpa
                  IN PTR
                  Response
                  21.114.53.23.in-addr.arpa
                  IN PTR
                  a23-53-114-21deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  159.113.53.23.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  159.113.53.23.in-addr.arpa
                  IN PTR
                  Response
                  159.113.53.23.in-addr.arpa
                  IN PTR
                  a23-53-113-159deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  103.169.127.40.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  103.169.127.40.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  171.39.242.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  171.39.242.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  17.143.109.104.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  17.143.109.104.in-addr.arpa
                  IN PTR
                  Response
                  17.143.109.104.in-addr.arpa
                  IN PTR
                  a104-109-143-17deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  79.121.231.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  79.121.231.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  11.227.111.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  11.227.111.52.in-addr.arpa
                  IN PTR
                  Response
                • 204.79.197.237:443
                  https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f4659b1c0a924beeb583486266d271b8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=
                  tls, http2
                  2.0kB
                   9.2kB
                   22
                  19

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f4659b1c0a924beeb583486266d271b8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

                  HTTP Response

                  204

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f4659b1c0a924beeb583486266d271b8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

                  HTTP Response

                  204

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f4659b1c0a924beeb583486266d271b8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

                  HTTP Response

                  204
                • 23.62.61.129:443
                  https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                  tls, http2
                  1.6kB
                   7.0kB
                   18
                  13

                  HTTP Request

                  GET https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

                  HTTP Response

                  200
                • 8.8.8.8:53
                  152.172.246.72.in-addr.arpa
                  dns
                  73 B
                   139 B
                   1
                  1

                  DNS Request

                  152.172.246.72.in-addr.arpa

                • 8.8.8.8:53
                  172.210.232.199.in-addr.arpa
                  dns
                  74 B
                   128 B
                   1
                  1

                  DNS Request

                  172.210.232.199.in-addr.arpa

                • 8.8.8.8:53
                  29.143.109.104.in-addr.arpa
                  dns
                  73 B
                   139 B
                   1
                  1

                  DNS Request

                  29.143.109.104.in-addr.arpa

                • 8.8.8.8:53
                  g.bing.com
                  dns
                  56 B
                   151 B
                   1
                  1

                  DNS Request

                  g.bing.com

                  DNS Response

                  204.79.197.237
                  13.107.21.237

                • 8.8.8.8:53
                  133.32.126.40.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  133.32.126.40.in-addr.arpa

                • 8.8.8.8:53
                  237.197.79.204.in-addr.arpa
                  dns
                  73 B
                   143 B
                   1
                  1

                  DNS Request

                  237.197.79.204.in-addr.arpa

                • 8.8.8.8:53
                  241.154.82.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  241.154.82.20.in-addr.arpa

                • 8.8.8.8:53
                  67.32.209.4.in-addr.arpa
                  dns
                  70 B
                   156 B
                   1
                  1

                  DNS Request

                  67.32.209.4.in-addr.arpa

                • 8.8.8.8:53
                  129.61.62.23.in-addr.arpa
                  dns
                  71 B
                   135 B
                   1
                  1

                  DNS Request

                  129.61.62.23.in-addr.arpa

                • 8.8.8.8:53
                  21.114.53.23.in-addr.arpa
                  dns
                  71 B
                   135 B
                   1
                  1

                  DNS Request

                  21.114.53.23.in-addr.arpa

                • 8.8.8.8:53
                  159.113.53.23.in-addr.arpa
                  dns
                  72 B
                   137 B
                   1
                  1

                  DNS Request

                  159.113.53.23.in-addr.arpa

                • 8.8.8.8:53
                  103.169.127.40.in-addr.arpa
                  dns
                  73 B
                   147 B
                   1
                  1

                  DNS Request

                  103.169.127.40.in-addr.arpa

                • 8.8.8.8:53
                  171.39.242.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  171.39.242.20.in-addr.arpa

                • 8.8.8.8:53
                  17.143.109.104.in-addr.arpa
                  dns
                  73 B
                   139 B
                   1
                  1

                  DNS Request

                  17.143.109.104.in-addr.arpa

                • 8.8.8.8:53
                  79.121.231.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  79.121.231.20.in-addr.arpa

                • 8.8.8.8:53
                  11.227.111.52.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  11.227.111.52.in-addr.arpa

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                  Filesize

                  64KB

                  MD5

                  868b59fed51b9f82b86864a1fa5d6423

                  SHA1

                  a51384b860dca0f3f0e5f44c5ad1e577cbcd0a49

                  SHA256

                  8008afc5392cfdbe6e97e00482274d3b9e034ee01f7e59a21ceb9d8ba8d17e45

                  SHA512

                  0586b20a33f5158f236a78c1a8b0655469a5466d7733131e2df5df195c32f9fb3d2c8ec2c196a529bd5ce8d8f4c0fe85a341e3c116d4be9a02b54aa61d2b2481

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                  Filesize

                  36KB

                  MD5

                  b30d3becc8731792523d599d949e63f5

                  SHA1

                  19350257e42d7aee17fb3bf139a9d3adb330fad4

                  SHA256

                  b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                  SHA512

                  523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                  Filesize

                  56KB

                  MD5

                  752a1f26b18748311b691c7d8fc20633

                  SHA1

                  c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                  SHA256

                  111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                  SHA512

                  a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                  Download Submit

                • memory/1380-27-0x000000000B7A0000-0x000000000B7C1000-memory.dmp

                  Filesize

                  132KB

                  Download

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.