Overview
overview
10Static
static
3Resource/A...me.xml
windows10-2004-x64
1Resource/A...gs.xml
windows10-2004-x64
1Resource/T...r.admx
windows10-2004-x64
3Resource/T...r.admx
windows10-2004-x64
3Resource/T...r.admx
windows10-2004-x64
3Resource/inetres.xml
windows10-2004-x64
1Resource/kdc.admx
windows10-2004-x64
3Resource/msched.xml
windows10-2004-x64
1Resource/nca.admx
windows10-2004-x64
3Resource/pca.admx
windows10-2004-x64
3Resource/s...g.admx
windows10-2004-x64
3Resource/srm-fci.admx
windows10-2004-x64
3Resource/tcpip.xml
windows10-2004-x64
1Resource/wlansvc.xml
windows10-2004-x64
1Resource/wwansvc.xml
windows10-2004-x64
1Setup.exe
windows10-2004-x64
10cufflink.vcf
windows10-2004-x64
3madbasic_.dll
windows10-2004-x64
1maddisAsm_.dll
windows10-2004-x64
1madexcept_.dll
windows10-2004-x64
1quin.doc
windows10-2004-x64
1resources.pak
windows10-2004-x64
3rtl120.dll
windows10-2004-x64
1vcl120.dll
windows10-2004-x64
1vclx120.dll
windows10-2004-x64
3x64/Templa...te.htm
windows10-2004-x64
1x64/plugin...ns.dll
windows10-2004-x64
1x64/ripp.exe
windows10-2004-x64
1x64/tipa.exe
windows10-2004-x64
1x64/upd.exe
windows10-2004-x64
8x64/zlib.exe
windows10-2004-x64
18866 Passwords.txt
windows10-2004-x64
1Analysis
-
max time kernel
285s -
max time network
278s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
17-04-2024 06:33
Static task
static1
Behavioral task
behavioral1
Sample
Resource/AppXRuntime.xml
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
Resource/AuditSettings.xml
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
Resource/TaskScheduler.admx
Resource
win10v2004-20240412-en
Behavioral task
behavioral4
Sample
Resource/TerminalServer-Server.admx
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
Resource/TerminalServer.admx
Resource
win10v2004-20240412-en
Behavioral task
behavioral6
Sample
Resource/inetres.xml
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
Resource/kdc.admx
Resource
win10v2004-20240412-en
Behavioral task
behavioral8
Sample
Resource/msched.xml
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
Resource/nca.admx
Resource
win10v2004-20240412-en
Behavioral task
behavioral10
Sample
Resource/pca.admx
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
Resource/sdiageng.admx
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
Resource/srm-fci.admx
Resource
win10v2004-20240412-en
Behavioral task
behavioral13
Sample
Resource/tcpip.xml
Resource
win10v2004-20240412-en
Behavioral task
behavioral14
Sample
Resource/wlansvc.xml
Resource
win10v2004-20240412-en
Behavioral task
behavioral15
Sample
Resource/wwansvc.xml
Resource
win10v2004-20240412-en
Behavioral task
behavioral16
Sample
Setup.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral17
Sample
cufflink.vcf
Resource
win10v2004-20240412-en
Behavioral task
behavioral18
Sample
madbasic_.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral19
Sample
maddisAsm_.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral20
Sample
madexcept_.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral21
Sample
quin.doc
Resource
win10v2004-20240412-en
Behavioral task
behavioral22
Sample
resources.pak
Resource
win10v2004-20240412-en
Behavioral task
behavioral23
Sample
rtl120.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral24
Sample
vcl120.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral25
Sample
vclx120.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral26
Sample
x64/Templates/TemplateCorreoCliente.htm
Resource
win10v2004-20240412-en
Behavioral task
behavioral27
Sample
x64/plugins/MahApps.Metro.IconPacks.PixelartIcons.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral28
Sample
x64/ripp.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
x64/tipa.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral30
Sample
x64/upd.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral31
Sample
x64/zlib.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral32
Sample
8866 Passwords.txt
Resource
win10v2004-20240412-en
General
-
Target
x64/Templates/TemplateCorreoCliente.htm
-
Size
2KB
-
MD5
ce4c1f3ba9e690c4119e8ed39aa8eb78
-
SHA1
dc2da00c92b51431c01c5e598de4665c9989e856
-
SHA256
e17621dc67919e53a0d1be6a03fa0d97f01c8932f8d8912d556327e620310432
-
SHA512
daf95e6329b060fe230096fc7a594cf0a13801e2dcf9869affa5530a2d03bf6c0dd2d9340be5c312b82d41dad48057f86811a23b23fba93b0dc9a478986ac4ef
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4080 msedge.exe 4080 msedge.exe 8 msedge.exe 8 msedge.exe 3804 identity_helper.exe 3804 identity_helper.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 8 wrote to memory of 1736 8 msedge.exe 85 PID 8 wrote to memory of 1736 8 msedge.exe 85 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 5016 8 msedge.exe 86 PID 8 wrote to memory of 4080 8 msedge.exe 87 PID 8 wrote to memory of 4080 8 msedge.exe 87 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88 PID 8 wrote to memory of 3952 8 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\x64\Templates\TemplateCorreoCliente.htm1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:8 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd398046f8,0x7ffd39804708,0x7ffd398047182⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:82⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:82⤵PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:1400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵PID:3264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵PID:1364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2340
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2496
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3452
Network
-
Remote address:8.8.8.8:53Request71.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request82.90.14.23.in-addr.arpaIN PTRResponse82.90.14.23.in-addr.arpaIN PTRa23-14-90-82deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request9.228.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0A7A3336761A6B373602275277A16A3F; domain=.bing.com; expires=Mon, 12-May-2025 06:38:26 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AC93F7C619DC4F3BBA652D909C972E34 Ref B: LON04EDGE0909 Ref C: 2024-04-17T06:38:26Z
date: Wed, 17 Apr 2024 06:38:25 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0A7A3336761A6B373602275277A16A3F
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=Xr8DTO14JC8RJYphgJjwllkh28zR8ZgTptr00rGY6gE; domain=.bing.com; expires=Mon, 12-May-2025 06:38:26 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 750C84380C5A4A31B498D69D9798F38F Ref B: LON04EDGE0909 Ref C: 2024-04-17T06:38:26Z
date: Wed, 17 Apr 2024 06:38:26 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0A7A3336761A6B373602275277A16A3F; MSPTC=Xr8DTO14JC8RJYphgJjwllkh28zR8ZgTptr00rGY6gE
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9C614BAE55CD4FAE9D011FE2C15F374E Ref B: LON04EDGE0909 Ref C: 2024-04-17T06:38:26Z
date: Wed, 17 Apr 2024 06:38:26 GMT
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request21.114.53.23.in-addr.arpaIN PTRResponse21.114.53.23.in-addr.arpaIN PTRa23-53-114-21deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 565422
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7E782537603841DF91BA8F8D39B6F0B8 Ref B: LON04EDGE0915 Ref C: 2024-04-17T06:38:27Z
date: Wed, 17 Apr 2024 06:38:27 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 583094
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A1981521B6724498A265F23DC2CEA611 Ref B: LON04EDGE0915 Ref C: 2024-04-17T06:38:27Z
date: Wed, 17 Apr 2024 06:38:27 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 496229
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E8A1DC624E16440A80DBCFEA9913EC19 Ref B: LON04EDGE0915 Ref C: 2024-04-17T06:38:27Z
date: Wed, 17 Apr 2024 06:38:27 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 496166
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2CC232CEB1924CEE92FA84E23572D81B Ref B: LON04EDGE0915 Ref C: 2024-04-17T06:38:27Z
date: Wed, 17 Apr 2024 06:38:27 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 442324
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A7EFEF5AF97148BB83092AC194E3C309 Ref B: LON04EDGE0915 Ref C: 2024-04-17T06:38:27Z
date: Wed, 17 Apr 2024 06:38:27 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 394521
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 412E3A74CCF3423DA25B634795DE40AF Ref B: LON04EDGE0915 Ref C: 2024-04-17T06:38:28Z
date: Wed, 17 Apr 2024 06:38:28 GMT
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request91.90.14.23.in-addr.arpaIN PTRResponse91.90.14.23.in-addr.arpaIN PTRa23-14-90-91deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request22.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request41.173.79.40.in-addr.arpaIN PTRResponse
-
204.79.197.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=tls, http22.0kB 9.2kB 21 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=HTTP Response
204 -
1.2kB 8.1kB 16 14
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http2107.9kB 3.1MB 2252 2247
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 8.1kB 16 14
-
72 B 158 B 1 1
DNS Request
71.159.190.20.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
82.90.14.23.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
9.228.82.20.in-addr.arpa
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
21.114.53.23.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
73 B 106 B 1 1
DNS Request
200.197.79.204.in-addr.arpa
-
397 B 6
-
70 B 144 B 1 1
DNS Request
18.31.95.13.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
91.90.14.23.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.236.111.52.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
41.173.79.40.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5120a75f233314ba1fe34e9d6c09f30b9
SHA1a9f92f2d3f111eaadd9bcf8fceb3c9553753539c
SHA256e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0
SHA5123c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3
-
Filesize
152B
MD5bc2edd0741d97ae237e9f00bf3244144
SHA17c1e5d324f5c7137a3c4ec85146659f026c11782
SHA256dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041
SHA51200f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093
-
Filesize
6KB
MD525f6e7c23ba47e3e018f081328a22650
SHA12d86f2131941ba1f65ea56d43f3949177807218f
SHA2562dcc0d14ade3d84dac6ac167f6bbc249b3677ee57f9a0497251f07e08a2abeb8
SHA5120570f7ee6ef2be9a5c122308da3460ed5a8a30046d8e53e4d30106fc27e6f897e56a6d5cd38f442864ff127fe40e0d208ca232b04f54957e7704dc7e5675a2f4
-
Filesize
6KB
MD5f072e772a7e8ba73111a7e1b5f14a817
SHA1151b54fffa3043befb358fe2c640b684e63b81e4
SHA256cb68a6c014224127f75272785c067864e648b1110a23b68a59f7576c93c7a6c4
SHA512ae12febbb8f27f71a6ee45374b7f44f213dd61d8d77fd9c3c3001951c2d1934afead02e9993c34489693fbde9fb887c2edcde9aab7ee495fbe9c7356ecf45f68
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52d594535146e021b3e5273dca5d0eaf4
SHA13a6c8ada9e4a9982ba203d3dc2e362356c3bb806
SHA256e21f5e277d1b8c20eb0f947a2f9aa09ccf373380cc6e69c4f0fe66281521d69a
SHA512eda09dfc5fc6f9daf3667056dc2b8e5fdf7bb2280271381d08383883e3aa3cb688bb87102ba7346b11f5a81755cbf739eeffe77acb53cabb3b4a5ae7845a6974