Analysis
-
max time kernel
150s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10/03/2024, 09:20 UTC
Behavioral task
behavioral1
Sample
be3e22523c1c17bff9aba6f0e42341cd.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
be3e22523c1c17bff9aba6f0e42341cd.pdf
Resource
win10v2004-20240226-en
General
-
Target
be3e22523c1c17bff9aba6f0e42341cd.pdf
-
Size
59KB
-
MD5
be3e22523c1c17bff9aba6f0e42341cd
-
SHA1
af1d19d148ff7fa0b0436b37519cd43a192c325d
-
SHA256
09aa72e93ea0a87b0fdff32017192eef8ba9d251c7a49161c2d5bfcd023626f4
-
SHA512
653dfebe6b3d43e0742e66be322ca09a3395aeae3ccd0acc7bb39ec81ad38c6ffdc4f2839dd96a236fdd03e6856fba84e47dc3746202422aea33e5a73f0cc257
-
SSDEEP
1536:7gWSKIq1oL/jUOqnM5DvIPj8xf1OMAE6ykq4JtQRw/vfsi:hS1jUclxf10Bq4JK2vfsi
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe 4836 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4836 wrote to memory of 2480 4836 AcroRd32.exe 93 PID 4836 wrote to memory of 2480 4836 AcroRd32.exe 93 PID 4836 wrote to memory of 2480 4836 AcroRd32.exe 93 PID 4836 wrote to memory of 3028 4836 AcroRd32.exe 98 PID 4836 wrote to memory of 3028 4836 AcroRd32.exe 98 PID 4836 wrote to memory of 3028 4836 AcroRd32.exe 98 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 3212 2480 RdrCEF.exe 99 PID 2480 wrote to memory of 4332 2480 RdrCEF.exe 100 PID 2480 wrote to memory of 4332 2480 RdrCEF.exe 100 PID 2480 wrote to memory of 4332 2480 RdrCEF.exe 100 PID 2480 wrote to memory of 4332 2480 RdrCEF.exe 100 PID 2480 wrote to memory of 4332 2480 RdrCEF.exe 100 PID 2480 wrote to memory of 4332 2480 RdrCEF.exe 100 PID 2480 wrote to memory of 4332 2480 RdrCEF.exe 100 PID 2480 wrote to memory of 4332 2480 RdrCEF.exe 100 PID 2480 wrote to memory of 4332 2480 RdrCEF.exe 100 PID 2480 wrote to memory of 4332 2480 RdrCEF.exe 100 PID 2480 wrote to memory of 4332 2480 RdrCEF.exe 100 PID 2480 wrote to memory of 4332 2480 RdrCEF.exe 100 PID 2480 wrote to memory of 4332 2480 RdrCEF.exe 100 PID 2480 wrote to memory of 4332 2480 RdrCEF.exe 100 PID 2480 wrote to memory of 4332 2480 RdrCEF.exe 100
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\be3e22523c1c17bff9aba6f0e42341cd.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4836 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2480 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6CFCAB73A33B558D17A8E35D02C871C7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6CFCAB73A33B558D17A8E35D02C871C7 --renderer-client-id=2 --mojo-platform-channel-handle=1708 --allow-no-sandbox-job /prefetch:13⤵PID:3212
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A6DBA0D48C19FF2753CC425CDF449F89 --mojo-platform-channel-handle=1824 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4332
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=883474095C2E69F8D8ABD2F64F1EBBB6 --mojo-platform-channel-handle=2268 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2356
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8166603CBCDAF68FE4523F66FCD0444C --mojo-platform-channel-handle=1764 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1396
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=974EBF1231064E81057146C8CF4598E9 --mojo-platform-channel-handle=2396 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3608
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=65A657E5E0110A1D192B3B918A661FBC --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=65A657E5E0110A1D192B3B918A661FBC --renderer-client-id=8 --mojo-platform-channel-handle=1836 --allow-no-sandbox-job /prefetch:13⤵PID:2240
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵PID:3028
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4012
Network
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request173.178.17.96.in-addr.arpaIN PTRResponse173.178.17.96.in-addr.arpaIN PTRa96-17-178-173deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request74.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.a-0001.a-msedge.netg-bing-com.a-0001.a-msedge.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1274699ffad84cbfa737548f899e7f39&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1274699ffad84cbfa737548f899e7f39&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=357F97DD7DE663E50FA383E37C0662F8; domain=.bing.com; expires=Fri, 04-Apr-2025 09:21:07 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8B779124B4BD493E9F124FFA8A4080FA Ref B: LON04EDGE1209 Ref C: 2024-03-10T09:21:07Z
date: Sun, 10 Mar 2024 09:21:06 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=1274699ffad84cbfa737548f899e7f39&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=1274699ffad84cbfa737548f899e7f39&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=357F97DD7DE663E50FA383E37C0662F8
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=vCed6ylhfh24CHCFTB18ljoSyBkHSx-SurBPEYBtb_g; domain=.bing.com; expires=Fri, 04-Apr-2025 09:21:07 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7E374784124944539C5D269E16E5498C Ref B: LON04EDGE1209 Ref C: 2024-03-10T09:21:07Z
date: Sun, 10 Mar 2024 09:21:06 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1274699ffad84cbfa737548f899e7f39&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1274699ffad84cbfa737548f899e7f39&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=357F97DD7DE663E50FA383E37C0662F8; MSPTC=vCed6ylhfh24CHCFTB18ljoSyBkHSx-SurBPEYBtb_g
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 865B5AC700FB4AB9B40C81B7C633004F Ref B: LON04EDGE1209 Ref C: 2024-03-10T09:21:07Z
date: Sun, 10 Mar 2024 09:21:06 GMT
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request9.228.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request41.110.16.96.in-addr.arpaIN PTRResponse41.110.16.96.in-addr.arpaIN PTRa96-16-110-41deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388162_1MFS3CT3ZOVTF7TJA&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239339388162_1MFS3CT3ZOVTF7TJA&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 384162
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E0CBC809641540D296849620DC0D0131 Ref B: LON04EDGE0915 Ref C: 2024-03-10T09:21:12Z
date: Sun, 10 Mar 2024 09:21:12 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388106_1F0ISFAHTJZF5WFN1&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239339388106_1F0ISFAHTJZF5WFN1&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 464129
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7F93BBBC2BE7494F98E6652143FE8F8E Ref B: LON04EDGE0915 Ref C: 2024-03-10T09:21:12Z
date: Sun, 10 Mar 2024 09:21:12 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388161_17PDPNJBHCJYF0MEC&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239339388161_17PDPNJBHCJYF0MEC&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 555016
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 45CA031C350041A5B7DBE2DF16BE91BA Ref B: LON04EDGE0915 Ref C: 2024-03-10T09:21:12Z
date: Sun, 10 Mar 2024 09:21:12 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388105_129PTMAYKOFOO14GZ&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239339388105_129PTMAYKOFOO14GZ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 467466
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C2D6F82CDA414073BE4E5E5CE4A3CE51 Ref B: LON04EDGE0915 Ref C: 2024-03-10T09:21:14Z
date: Sun, 10 Mar 2024 09:21:13 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301162_1G7DYX5FX2938M3TM&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301162_1G7DYX5FX2938M3TM&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 316678
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E9C56AB821DA47EF83BC6F8544A483D5 Ref B: LON04EDGE0915 Ref C: 2024-03-10T09:21:14Z
date: Sun, 10 Mar 2024 09:21:14 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301571_1RETF70DD01UVNE0Z&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301571_1RETF70DD01UVNE0Z&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 239387
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ED26EB69183548D185EFFCAE1A1B9881 Ref B: LON04EDGE0915 Ref C: 2024-03-10T09:21:18Z
date: Sun, 10 Mar 2024 09:21:18 GMT
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request135.240.123.92.in-addr.arpaIN PTRResponse135.240.123.92.in-addr.arpaIN PTRa92-123-240-135deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request32.134.221.88.in-addr.arpaIN PTRResponse32.134.221.88.in-addr.arpaIN PTRa88-221-134-32deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request56.126.166.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request183.142.211.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request104.241.123.92.in-addr.arpaIN PTRResponse104.241.123.92.in-addr.arpaIN PTRa92-123-241-104deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request119.110.54.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request211.178.17.96.in-addr.arpaIN PTRResponse211.178.17.96.in-addr.arpaIN PTRa96-17-178-211deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request211.135.221.88.in-addr.arpaIN PTRResponse211.135.221.88.in-addr.arpaIN PTRa88-221-135-211deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request211.135.221.88.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request180.178.17.96.in-addr.arpaIN PTRResponse180.178.17.96.in-addr.arpaIN PTRa96-17-178-180deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request174.178.17.96.in-addr.arpaIN PTRResponse174.178.17.96.in-addr.arpaIN PTRa96-17-178-174deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request22.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request42.134.221.88.in-addr.arpaIN PTRResponse42.134.221.88.in-addr.arpaIN PTRa88-221-134-42deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request55.36.223.20.in-addr.arpaIN PTRResponse
-
204.79.197.200:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1274699ffad84cbfa737548f899e7f39&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid=tls, http22.0kB 9.2kB 21 18
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1274699ffad84cbfa737548f899e7f39&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=1274699ffad84cbfa737548f899e7f39&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1274699ffad84cbfa737548f899e7f39&localId=w:B10FE29E-1693-3A9A-DEA4-AA0A4C8C3099&deviceId=6825825924576770&anid=HTTP Response
204 -
1.2kB 8.1kB 16 14
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317301571_1RETF70DD01UVNE0Z&pid=21.2&w=1080&h=1920&c=4tls, http291.4kB 2.5MB 1850 1842
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388162_1MFS3CT3ZOVTF7TJA&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388106_1F0ISFAHTJZF5WFN1&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388161_17PDPNJBHCJYF0MEC&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388105_129PTMAYKOFOO14GZ&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301162_1G7DYX5FX2938M3TM&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301571_1RETF70DD01UVNE0Z&pid=21.2&w=1080&h=1920&c=4HTTP Response
200 -
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
173.178.17.96.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
74.32.126.40.in-addr.arpa
-
56 B 158 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.20013.107.21.200
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
9.228.82.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
205.47.74.20.in-addr.arpa
-
73 B 106 B 1 1
DNS Request
200.197.79.204.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
41.110.16.96.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
135.240.123.92.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
32.134.221.88.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
56.126.166.20.in-addr.arpa
-
73 B 159 B 1 1
DNS Request
183.142.211.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
104.241.123.92.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
119.110.54.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
211.178.17.96.in-addr.arpa
-
146 B 139 B 2 1
DNS Request
211.135.221.88.in-addr.arpa
DNS Request
211.135.221.88.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
180.178.17.96.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
174.178.17.96.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.236.111.52.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
42.134.221.88.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
55.36.223.20.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD58922ea91f98bd47591b321322755d814
SHA142096d00f662fb8daab341940ecb57e3b5fc9b64
SHA256c988a4ad0f8b04a27d448a3e9b19b6ee8d81f5a3b93ca4795db8f122b38007bc
SHA51235ee8669c4ff097bacaaa7b9ac73f253b12848072476b6740c45422b6f5b172bf7dbf3343bfda7623ee2672c67d6bc02fe0dd37c873e794feb973b32ab79242c
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
Filesize
12KB
MD57a8fd2ee827d042a70710c30329bf9af
SHA1fe2c278b5d7e52de8bc32544b3e6914f91f63fe5
SHA256385e0ec07769006aca5d5ebf14a3a257ed25fbe8e33dc69fd4db3eaa937c3a5c
SHA5124977705d58415a508bf0896ddfa3a7dfe70465ccdc548c2937c68d0c335dca327258a9e8dba872645813a07b0f4b19f1e2f87411b9eab832c6c648d4ecc46fa9