Source: global traffic |
HTTP traffic detected: GET /tn.jsp?f=001UR9DU5DWULSSQKRSbHmS5tW1BYzJdf5a5nCBJP8j6WTiQVP7-HJVYmCgrw0XB_uf_QV56Haa_M0mobYIQXKQSaOe6Xu-1xTkGHmKJGzfmmZ2amUpZf-ss1HRg0GxKivYopLHGEV8UEW0_6cIw3aFuQi_2vwTONr1CLcH72kMluSyn6F3FeMZ-MnNHeyuCyEwaUdYWjqc4gJLjgQuRM_rdz9h3O3GIfxNvpPnSjOOSeM=&c=5vPu-3Qs9yW2IEWn1dtOMdgOR2JdmjhB8RamT_IPEu6k3Sz7qp1rDA==&ch=t9Qhnt_2hiJ7oXunOWnQpfuylRuTM4kuFHw1DTZGabFSxZ_AG1kZXw== HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: r20.rs6.netConnection: Keep-Alive |
Source: msapplication.xml0.1.dr |
String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xecdb2ec1,0x01d72fe9</date><accdate>0xecdb2ec1,0x01d72fe9</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook) |
Source: msapplication.xml0.1.dr |
String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xecdb2ec1,0x01d72fe9</date><accdate>0xecdb2ec1,0x01d72fe9</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook) |
Source: msapplication.xml5.1.dr |
String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xecdff36b,0x01d72fe9</date><accdate>0xecdff36b,0x01d72fe9</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter) |
Source: msapplication.xml5.1.dr |
String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xecdff36b,0x01d72fe9</date><accdate>0xecdff36b,0x01d72fe9</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter) |
Source: msapplication.xml7.1.dr |
String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xece255ab,0x01d72fe9</date><accdate>0xece255ab,0x01d72fe9</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube) |
Source: msapplication.xml7.1.dr |
String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xece255ab,0x01d72fe9</date><accdate>0xece255ab,0x01d72fe9</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube) |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0 |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0 |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07 |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0H |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0I |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: msapplication.xml.1.dr |
String found in binary or memory: http://www.amazon.com/ |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: msapplication.xml1.1.dr |
String found in binary or memory: http://www.google.com/ |
Source: msapplication.xml2.1.dr |
String found in binary or memory: http://www.live.com/ |
Source: msapplication.xml3.1.dr |
String found in binary or memory: http://www.nytimes.com/ |
Source: AcroRd32.exe, 00000005.00000002.1672938210.0000000007430000.00000002.00000001.sdmp |
String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default |
Source: AcroRd32.exe, 00000005.00000002.1672938210.0000000007430000.00000002.00000001.sdmp |
String found in binary or memory: http://www.osmf.org/drm/default |
Source: AcroRd32.exe, 00000005.00000002.1672938210.0000000007430000.00000002.00000001.sdmp |
String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn |
Source: AcroRd32.exe, 00000005.00000002.1672938210.0000000007430000.00000002.00000001.sdmp |
String found in binary or memory: http://www.osmf.org/layout/anchor |
Source: AcroRd32.exe, 00000005.00000002.1672938210.0000000007430000.00000002.00000001.sdmp |
String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes |
Source: AcroRd32.exe, 00000005.00000002.1672938210.0000000007430000.00000002.00000001.sdmp |
String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs |
Source: AcroRd32.exe, 00000005.00000002.1672938210.0000000007430000.00000002.00000001.sdmp |
String found in binary or memory: http://www.osmf.org/subclip/1.0 |
Source: AcroRd32.exe, 00000005.00000002.1672938210.0000000007430000.00000002.00000001.sdmp |
String found in binary or memory: http://www.quicktime.com.Acrobat |
Source: msapplication.xml4.1.dr |
String found in binary or memory: http://www.reddit.com/ |
Source: msapplication.xml5.1.dr |
String found in binary or memory: http://www.twitter.com/ |
Source: msapplication.xml6.1.dr |
String found in binary or memory: http://www.wikipedia.com/ |
Source: msapplication.xml7.1.dr |
String found in binary or memory: http://www.youtube.com/ |
Source: ~DF0BE9630EA18F6468.TMP.1.dr |
String found in binary or memory: https://files.constantcontact.com/54e1b5c9701/a2191b8c-25d2-4fe8-aff0-8b4735afdc69.pdf |
Source: {168DA7A3-9BDD-11EB-90E5-ECF4BB570DC9}.dat.1.dr |
String found in binary or memory: https://files.constantcontact.com/54e1b5c9701/a2191b8c-25d2-4fe8-aff0-8b4735afdc69.pdfRoot |
Source: AcroRd32.exe, 00000005.00000002.1678278264.0000000008B45000.00000004.00000001.sdmp |
String found in binary or memory: https://ims-na1.adobelogin.com |
Source: AcroRd32.exe, 00000005.00000002.1677471128.00000000082ED000.00000002.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: unknown |
Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding |
|
Source: C:\Program Files\internet explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5620 CREDAT:17410 /prefetch:2 |
|
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 5904 |
|
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 5904 |
|
Source: C:\Program Files\internet explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5620 CREDAT:17410 /prefetch:2 |
Jump to behavior |
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 5904 |
Jump to behavior |
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 5904 |
Jump to behavior |
Source: AcroRd32.exe, 00000005.00000002.1670559694.0000000005160000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: AcroRd32.exe, 00000005.00000002.1670559694.0000000005160000.00000002.00000001.sdmp |
Binary or memory string: Progman |
Source: AcroRd32.exe, 00000005.00000002.1670559694.0000000005160000.00000002.00000001.sdmp |
Binary or memory string: SProgram Managerl |
Source: AcroRd32.exe, 00000005.00000002.1670559694.0000000005160000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd, |
Source: AcroRd32.exe, 00000005.00000002.1670559694.0000000005160000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |