Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 22:52 UTC

General

  • Target

    fb57353dab00d274d36e677a0c962bfe_JaffaCakes118.pdf

  • Size

    80KB

  • MD5

    fb57353dab00d274d36e677a0c962bfe

  • SHA1

    af41e04480361a2bf17c59a4f87aba150cff27db

  • SHA256

    a3f397d44f5c4a1c56b37b709fd0088d53276dc89c6d59982a29b699b2c0bbff

  • SHA512

    5bfb00c9741c7ebe1136ff43855e59fa7456a91f7f1b5277d916111d6913f4678e72dff431c5f70c449674833fe7913a355a6dd597221e07da42ce7db066479f

  • SSDEEP

    1536:cjRqXVEI9xtwjknnE5e/PpEF1c1frr0/vqg0ggR9W5I1FlZWbpONFUp:wklv9hnCGp81wfU0nR86lbNw

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fb57353dab00d274d36e677a0c962bfe_JaffaCakes118.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4996
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4032
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9A68F7F7C18EE0C425007861AC50FB35 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:724
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4A271199793F5E9E6532044F06058C53 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4A271199793F5E9E6532044F06058C53 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:1956
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B85864EBD94C0152DF48BC88D965D339 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B85864EBD94C0152DF48BC88D965D339 --renderer-client-id=4 --mojo-platform-channel-handle=2184 --allow-no-sandbox-job /prefetch:1
            3⤵
              PID:4720
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D042904AA2C4262256BEC176EF64F506 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D042904AA2C4262256BEC176EF64F506 --renderer-client-id=5 --mojo-platform-channel-handle=2556 --allow-no-sandbox-job /prefetch:1
              3⤵
                PID:2916
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EF711EE673D26F19563B1D05BA9F057F --mojo-platform-channel-handle=2992 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:3336
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=08873BDB993A51AB7436D088A4F95796 --mojo-platform-channel-handle=1864 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:4744
                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A2F90554EBFD50E2C0C06452756F1531 --mojo-platform-channel-handle=2964 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                    3⤵
                      PID:3348

                Network

                • flag-us
                  DNS
                  g.bing.com
                  Remote address:
                  8.8.8.8:53
                  Request
                  g.bing.com
                  IN A
                  Response
                  g.bing.com
                  IN CNAME
                  g-bing-com.dual-a-0034.a-msedge.net
                  g-bing-com.dual-a-0034.a-msedge.net
                  IN CNAME
                  dual-a-0034.a-msedge.net
                  dual-a-0034.a-msedge.net
                  IN A
                  204.79.197.237
                  dual-a-0034.a-msedge.net
                  IN A
                  13.107.21.237
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=da1ae7e203d9450badd98fde8ac1c189&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=
                  Remote address:
                  204.79.197.237:443
                  Request
                  GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=da1ae7e203d9450badd98fde8ac1c189&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid= HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  set-cookie: MUID=091D9D4F2858622424DF892929E3631A; domain=.bing.com; expires=Wed, 14-May-2025 22:52:21 GMT; path=/; SameSite=None; Secure; Priority=High;
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: F40B3547BB314066890797783BEBE719 Ref B: LON04EDGE0816 Ref C: 2024-04-19T22:52:21Z
                  date: Fri, 19 Apr 2024 22:52:20 GMT
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=da1ae7e203d9450badd98fde8ac1c189&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=
                  Remote address:
                  204.79.197.237:443
                  Request
                  GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=da1ae7e203d9450badd98fde8ac1c189&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid= HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  cookie: MUID=091D9D4F2858622424DF892929E3631A
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  set-cookie: MSPTC=YIcIjPVjQdokZKgBiNk97Gk8XyGUcUQGBBctczzM2Xw; domain=.bing.com; expires=Wed, 14-May-2025 22:52:21 GMT; path=/; Partitioned; secure; SameSite=None
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 1DCA4156F9484731AE121F10B9EF22DC Ref B: LON04EDGE0816 Ref C: 2024-04-19T22:52:21Z
                  date: Fri, 19 Apr 2024 22:52:21 GMT
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=da1ae7e203d9450badd98fde8ac1c189&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=
                  Remote address:
                  204.79.197.237:443
                  Request
                  GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=da1ae7e203d9450badd98fde8ac1c189&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid= HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  cookie: MUID=091D9D4F2858622424DF892929E3631A; MSPTC=YIcIjPVjQdokZKgBiNk97Gk8XyGUcUQGBBctczzM2Xw
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: C795647E3A3140278AFF918C634539F1 Ref B: LON04EDGE0816 Ref C: 2024-04-19T22:52:21Z
                  date: Fri, 19 Apr 2024 22:52:21 GMT
                • flag-us
                  DNS
                  58.55.71.13.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  58.55.71.13.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  73.31.126.40.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  73.31.126.40.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  240.221.184.93.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  240.221.184.93.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  237.197.79.204.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  237.197.79.204.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  95.221.229.192.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  95.221.229.192.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  241.150.49.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  241.150.49.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  152.172.246.72.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  152.172.246.72.in-addr.arpa
                  IN PTR
                  Response
                  152.172.246.72.in-addr.arpa
                  IN PTR
                  a72-246-172-152deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  9.228.82.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  9.228.82.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  208.14.97.104.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  208.14.97.104.in-addr.arpa
                  IN PTR
                  Response
                  208.14.97.104.in-addr.arpa
                  IN PTR
                  a104-97-14-208deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  103.169.127.40.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  103.169.127.40.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  156.33.209.4.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  156.33.209.4.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  21.114.53.23.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  21.114.53.23.in-addr.arpa
                  IN PTR
                  Response
                  21.114.53.23.in-addr.arpa
                  IN PTR
                  a23-53-114-21deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  241.154.82.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  241.154.82.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  56.126.166.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  56.126.166.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  217.14.97.104.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  217.14.97.104.in-addr.arpa
                  IN PTR
                  Response
                  217.14.97.104.in-addr.arpa
                  IN PTR
                  a104-97-14-217deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  154.173.246.72.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  154.173.246.72.in-addr.arpa
                  IN PTR
                  Response
                  154.173.246.72.in-addr.arpa
                  IN PTR
                  a72-246-173-154deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  119.110.54.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  119.110.54.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  240.197.17.2.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  240.197.17.2.in-addr.arpa
                  IN PTR
                  Response
                  240.197.17.2.in-addr.arpa
                  IN PTR
                  a2-17-197-240deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  48.251.17.2.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  48.251.17.2.in-addr.arpa
                  IN PTR
                  Response
                  48.251.17.2.in-addr.arpa
                  IN PTR
                  a2-17-251-48deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  48.251.17.2.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  48.251.17.2.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  23.236.111.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  23.236.111.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  23.236.111.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  23.236.111.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  tse1.mm.bing.net
                  Remote address:
                  8.8.8.8:53
                  Request
                  tse1.mm.bing.net
                  IN A
                  Response
                  tse1.mm.bing.net
                  IN CNAME
                  mm-mm.bing.net.trafficmanager.net
                  mm-mm.bing.net.trafficmanager.net
                  IN CNAME
                  dual-a-0001.a-msedge.net
                  dual-a-0001.a-msedge.net
                  IN A
                  204.79.197.200
                  dual-a-0001.a-msedge.net
                  IN A
                  13.107.21.200
                • flag-us
                  DNS
                  tse1.mm.bing.net
                  Remote address:
                  8.8.8.8:53
                  Request
                  tse1.mm.bing.net
                  IN A
                  Response
                  tse1.mm.bing.net
                  IN CNAME
                  mm-mm.bing.net.trafficmanager.net
                  mm-mm.bing.net.trafficmanager.net
                  IN CNAME
                  dual-a-0001.a-msedge.net
                  dual-a-0001.a-msedge.net
                  IN A
                  204.79.197.200
                  dual-a-0001.a-msedge.net
                  IN A
                  13.107.21.200
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 543854
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 7BD1926C165943119C3CC7735E88ED0A Ref B: LON04EDGE1114 Ref C: 2024-04-19T22:54:11Z
                  date: Fri, 19 Apr 2024 22:54:10 GMT
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 496166
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 83338E49296E4912A82282320DFC009E Ref B: LON04EDGE1114 Ref C: 2024-04-19T22:54:11Z
                  date: Fri, 19 Apr 2024 22:54:10 GMT
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239379019164_1DBDX3CJXSDC8PX7N&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239379019164_1DBDX3CJXSDC8PX7N&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 583094
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 927D0C42B86F4EDF8E8F051BD4619BF3 Ref B: LON04EDGE1114 Ref C: 2024-04-19T22:54:11Z
                  date: Fri, 19 Apr 2024 22:54:10 GMT
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 497954
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 8780F5BA209249499CB9ACBB8A84CD7B Ref B: LON04EDGE1114 Ref C: 2024-04-19T22:54:11Z
                  date: Fri, 19 Apr 2024 22:54:11 GMT
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239379019160_1CYVPZ2UN6QMEATU2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239379019160_1CYVPZ2UN6QMEATU2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 565422
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 07241C7583CA413ABF8DAC3A532279A7 Ref B: LON04EDGE1114 Ref C: 2024-04-19T22:54:11Z
                  date: Fri, 19 Apr 2024 22:54:10 GMT
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 496229
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: A5F3F00CA6954F80BA9775C612AB2F76 Ref B: LON04EDGE1114 Ref C: 2024-04-19T22:54:16Z
                  date: Fri, 19 Apr 2024 22:54:16 GMT
                • flag-us
                  DNS
                  88.156.103.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  88.156.103.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  88.156.103.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  88.156.103.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  200.197.79.204.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  200.197.79.204.in-addr.arpa
                  IN PTR
                  Response
                  200.197.79.204.in-addr.arpa
                  IN PTR
                  a-0001a-msedgenet
                • flag-us
                  DNS
                  200.197.79.204.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  200.197.79.204.in-addr.arpa
                  IN PTR
                  Response
                  200.197.79.204.in-addr.arpa
                  IN PTR
                  a-0001a-msedgenet
                • 204.79.197.237:443
                  https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=da1ae7e203d9450badd98fde8ac1c189&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=
                  tls, http2
                  2.6kB
                  9.4kB
                  25
                  19

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=da1ae7e203d9450badd98fde8ac1c189&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=

                  HTTP Response

                  204

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=da1ae7e203d9450badd98fde8ac1c189&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=

                  HTTP Response

                  204

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=da1ae7e203d9450badd98fde8ac1c189&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=

                  HTTP Response

                  204
                • 20.231.121.79:80
                  46 B
                  1
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls, http2
                  1.4kB
                  8.0kB
                  15
                  11
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls, http2
                  1.4kB
                  8.0kB
                  15
                  11
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls, http2
                  1.4kB
                  8.0kB
                  15
                  11
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls, http2
                  1.4kB
                  8.0kB
                  15
                  11
                • 204.79.197.200:443
                  https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                  tls, http2
                  116.4kB
                  3.3MB
                  2443
                  2428

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239379019164_1DBDX3CJXSDC8PX7N&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239379019160_1CYVPZ2UN6QMEATU2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                  HTTP Response

                  200

                  HTTP Response

                  200

                  HTTP Response

                  200

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                  HTTP Response

                  200

                  HTTP Response

                  200

                  HTTP Response

                  200
                • 2.17.197.240:80
                • 8.8.8.8:53
                  g.bing.com
                  dns
                  56 B
                  151 B
                  1
                  1

                  DNS Request

                  g.bing.com

                  DNS Response

                  204.79.197.237
                  13.107.21.237

                • 8.8.8.8:53
                  58.55.71.13.in-addr.arpa
                  dns
                  70 B
                  144 B
                  1
                  1

                  DNS Request

                  58.55.71.13.in-addr.arpa

                • 8.8.8.8:53
                  73.31.126.40.in-addr.arpa
                  dns
                  71 B
                  157 B
                  1
                  1

                  DNS Request

                  73.31.126.40.in-addr.arpa

                • 8.8.8.8:53
                  240.221.184.93.in-addr.arpa
                  dns
                  73 B
                  144 B
                  1
                  1

                  DNS Request

                  240.221.184.93.in-addr.arpa

                • 8.8.8.8:53
                  237.197.79.204.in-addr.arpa
                  dns
                  73 B
                  143 B
                  1
                  1

                  DNS Request

                  237.197.79.204.in-addr.arpa

                • 8.8.8.8:53
                  95.221.229.192.in-addr.arpa
                  dns
                  73 B
                  144 B
                  1
                  1

                  DNS Request

                  95.221.229.192.in-addr.arpa

                • 8.8.8.8:53
                  241.150.49.20.in-addr.arpa
                  dns
                  72 B
                  158 B
                  1
                  1

                  DNS Request

                  241.150.49.20.in-addr.arpa

                • 8.8.8.8:53
                  152.172.246.72.in-addr.arpa
                  dns
                  73 B
                  139 B
                  1
                  1

                  DNS Request

                  152.172.246.72.in-addr.arpa

                • 8.8.8.8:53
                  9.228.82.20.in-addr.arpa
                  dns
                  70 B
                  156 B
                  1
                  1

                  DNS Request

                  9.228.82.20.in-addr.arpa

                • 8.8.8.8:53
                  208.14.97.104.in-addr.arpa
                  dns
                  72 B
                  137 B
                  1
                  1

                  DNS Request

                  208.14.97.104.in-addr.arpa

                • 8.8.8.8:53
                  103.169.127.40.in-addr.arpa
                  dns
                  73 B
                  147 B
                  1
                  1

                  DNS Request

                  103.169.127.40.in-addr.arpa

                • 8.8.8.8:53
                  156.33.209.4.in-addr.arpa
                  dns
                  71 B
                  157 B
                  1
                  1

                  DNS Request

                  156.33.209.4.in-addr.arpa

                • 8.8.8.8:53
                  21.114.53.23.in-addr.arpa
                  dns
                  71 B
                  135 B
                  1
                  1

                  DNS Request

                  21.114.53.23.in-addr.arpa

                • 8.8.8.8:53
                  241.154.82.20.in-addr.arpa
                  dns
                  72 B
                  158 B
                  1
                  1

                  DNS Request

                  241.154.82.20.in-addr.arpa

                • 8.8.8.8:53
                  56.126.166.20.in-addr.arpa
                  dns
                  72 B
                  158 B
                  1
                  1

                  DNS Request

                  56.126.166.20.in-addr.arpa

                • 8.8.8.8:53
                  217.14.97.104.in-addr.arpa
                  dns
                  72 B
                  137 B
                  1
                  1

                  DNS Request

                  217.14.97.104.in-addr.arpa

                • 8.8.8.8:53
                  154.173.246.72.in-addr.arpa
                  dns
                  73 B
                  139 B
                  1
                  1

                  DNS Request

                  154.173.246.72.in-addr.arpa

                • 8.8.8.8:53
                  119.110.54.20.in-addr.arpa
                  dns
                  72 B
                  158 B
                  1
                  1

                  DNS Request

                  119.110.54.20.in-addr.arpa

                • 8.8.8.8:53
                  240.197.17.2.in-addr.arpa
                  dns
                  71 B
                  135 B
                  1
                  1

                  DNS Request

                  240.197.17.2.in-addr.arpa

                • 8.8.8.8:53
                  48.251.17.2.in-addr.arpa
                  dns
                  140 B
                  133 B
                  2
                  1

                  DNS Request

                  48.251.17.2.in-addr.arpa

                  DNS Request

                  48.251.17.2.in-addr.arpa

                • 8.8.8.8:53
                  23.236.111.52.in-addr.arpa
                  dns
                  144 B
                  316 B
                  2
                  2

                  DNS Request

                  23.236.111.52.in-addr.arpa

                  DNS Request

                  23.236.111.52.in-addr.arpa

                • 8.8.8.8:53
                  tse1.mm.bing.net
                  dns
                  124 B
                  346 B
                  2
                  2

                  DNS Request

                  tse1.mm.bing.net

                  DNS Request

                  tse1.mm.bing.net

                  DNS Response

                  204.79.197.200
                  13.107.21.200

                  DNS Response

                  204.79.197.200
                  13.107.21.200

                • 8.8.8.8:53
                  88.156.103.20.in-addr.arpa
                  dns
                  144 B
                  316 B
                  2
                  2

                  DNS Request

                  88.156.103.20.in-addr.arpa

                  DNS Request

                  88.156.103.20.in-addr.arpa

                • 8.8.8.8:53
                  200.197.79.204.in-addr.arpa
                  dns
                  146 B
                  212 B
                  2
                  2

                  DNS Request

                  200.197.79.204.in-addr.arpa

                  DNS Request

                  200.197.79.204.in-addr.arpa

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                  Filesize

                  64KB

                  MD5

                  4085df90ec531357a596bd6d6d1a64c6

                  SHA1

                  b02ff39ef293f53a0e5582866a2fa9a4e799cbc9

                  SHA256

                  89144238a0d291c956f1583d99ad1d3c98242178a37c051228c5db4e4e5374d2

                  SHA512

                  1c2412384417ac3dba4540c8172c2bdecafca8725c15ab83fefcbdde876c27f79b010475c8a7183ae902c5f1150ca9680eca34c9ff797a002117f0b71b8dec50

                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                  Filesize

                  64KB

                  MD5

                  6e5e02954a9159b56977e90b6bcc4079

                  SHA1

                  57d724ebb7e9783031a48a30902bfd9833b5330e

                  SHA256

                  f1742a85e21b2127af372f8ffda8b648ec8fba925ece325716bfbd520bb55d38

                  SHA512

                  d71130ee471240cbef602fb22377d299f819c7f859131d8609ccb133bf1c811e1fd99cad8ebd71e1a66f6beab70337750c1faf8339f27c14ce1c3e7033ffe8ec

                • memory/4996-34-0x000000000AD80000-0x000000000ADA1000-memory.dmp

                  Filesize

                  132KB

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.