Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
178s -
max time network
192s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
09/01/2024, 06:41 UTC
Behavioral task
behavioral1
Sample
4d9cfcc2918f88b3117c4a0f26993871.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4d9cfcc2918f88b3117c4a0f26993871.exe
Resource
win10v2004-20231215-en
General
-
Target
4d9cfcc2918f88b3117c4a0f26993871.exe
-
Size
115KB
-
MD5
4d9cfcc2918f88b3117c4a0f26993871
-
SHA1
62ad2cc7eee020573c9a03091c3ecace579d9b5f
-
SHA256
5cd7eabb41b5074ed5643baedac594859105f232eb8af3603b67c04372354410
-
SHA512
dcc4eb04e43c5792941bf5bd44d780c38694c1f73cbe80c52527f08d8e66a515e10eb02ef4ad30ad029f094b9fc7fddf40ec21a5a65de35aa23648039fe1eed7
-
SSDEEP
3072:SKcWmjRrz3ZKcWmjRrz3Cd7t3jP2QECPw9b:hGyGCHcCPk
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 2720 7T1hMOC0D60zb38.exe 4556 CTS.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral2/memory/2000-0-0x0000000000630000-0x0000000000647000-memory.dmp upx behavioral2/files/0x000b00000002311f-6.dat upx behavioral2/memory/4556-8-0x0000000000830000-0x0000000000847000-memory.dmp upx behavioral2/memory/2000-9-0x0000000000630000-0x0000000000647000-memory.dmp upx behavioral2/files/0x000400000001e6ff-13.dat upx behavioral2/memory/4556-41-0x0000000000830000-0x0000000000847000-memory.dmp upx -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" 4d9cfcc2918f88b3117c4a0f26993871.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" CTS.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\CTS.exe 4d9cfcc2918f88b3117c4a0f26993871.exe File created C:\Windows\CTS.exe CTS.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 dw20.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz dw20.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString dw20.exe -
Enumerates system info in registry 2 TTPs 2 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS dw20.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU dw20.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 2000 4d9cfcc2918f88b3117c4a0f26993871.exe Token: SeDebugPrivilege 4556 CTS.exe Token: SeBackupPrivilege 3144 dw20.exe Token: SeBackupPrivilege 3144 dw20.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2000 wrote to memory of 2720 2000 4d9cfcc2918f88b3117c4a0f26993871.exe 93 PID 2000 wrote to memory of 2720 2000 4d9cfcc2918f88b3117c4a0f26993871.exe 93 PID 2000 wrote to memory of 4556 2000 4d9cfcc2918f88b3117c4a0f26993871.exe 95 PID 2000 wrote to memory of 4556 2000 4d9cfcc2918f88b3117c4a0f26993871.exe 95 PID 2000 wrote to memory of 4556 2000 4d9cfcc2918f88b3117c4a0f26993871.exe 95 PID 2720 wrote to memory of 3144 2720 7T1hMOC0D60zb38.exe 97 PID 2720 wrote to memory of 3144 2720 7T1hMOC0D60zb38.exe 97
Processes
-
C:\Users\Admin\AppData\Local\Temp\4d9cfcc2918f88b3117c4a0f26993871.exe"C:\Users\Admin\AppData\Local\Temp\4d9cfcc2918f88b3117c4a0f26993871.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2000 -
C:\Users\Admin\AppData\Local\Temp\7T1hMOC0D60zb38.exeC:\Users\Admin\AppData\Local\Temp\7T1hMOC0D60zb38.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2720 -
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 8163⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:3144
-
-
-
C:\Windows\CTS.exe"C:\Windows\CTS.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4556
-
Network
-
Remote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request146.78.124.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request83.177.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.a-0001.a-msedge.netg-bing-com.a-0001.a-msedge.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7905e99a7775433981d3b1bb5ecf8419&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7905e99a7775433981d3b1bb5ecf8419&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=24721524BE8662BD14850125BF3D6396; domain=.bing.com; expires=Sun, 02-Feb-2025 08:11:56 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 128C7082239B46FA8252625CB416D902 Ref B: LON04EDGE0920 Ref C: 2024-01-09T08:11:56Z
date: Tue, 09 Jan 2024 08:11:55 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7905e99a7775433981d3b1bb5ecf8419&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7905e99a7775433981d3b1bb5ecf8419&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=24721524BE8662BD14850125BF3D6396
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=5Hl1CfBW1r5NDP29tYKO7MJG6LTWw5An0d53MbM1nQY; domain=.bing.com; expires=Sun, 02-Feb-2025 08:11:56 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B4CCA5FBE1584A2680FF5DD52A6DA1F5 Ref B: LON04EDGE0920 Ref C: 2024-01-09T08:11:56Z
date: Tue, 09 Jan 2024 08:11:56 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7905e99a7775433981d3b1bb5ecf8419&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7905e99a7775433981d3b1bb5ecf8419&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=24721524BE8662BD14850125BF3D6396; MSPTC=5Hl1CfBW1r5NDP29tYKO7MJG6LTWw5An0d53MbM1nQY
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AAC2F598B654483296042FA8033AF222 Ref B: LON04EDGE0920 Ref C: 2024-01-09T08:11:56Z
date: Tue, 09 Jan 2024 08:11:56 GMT
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request56.126.166.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.134.221.88.in-addr.arpaIN PTRResponse18.134.221.88.in-addr.arpaIN PTRa88-221-134-18deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request41.110.16.96.in-addr.arpaIN PTRResponse41.110.16.96.in-addr.arpaIN PTRa96-16-110-41deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request158.240.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request104.241.123.92.in-addr.arpaIN PTRResponse104.241.123.92.in-addr.arpaIN PTRa92-123-241-104deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301613_1EA2C0C0DT61W8IZ8&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301613_1EA2C0C0DT61W8IZ8&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 303976
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2D9B813A4B134A7BAB373BE10B2EEF6F Ref B: LON04EDGE0921 Ref C: 2024-01-09T08:12:37Z
date: Tue, 09 Jan 2024 08:12:36 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317300998_1VQZSKOQ4GB7QD9KL&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317300998_1VQZSKOQ4GB7QD9KL&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 459590
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4FDCA6989B27497CBDE61EE0D1915D1C Ref B: LON04EDGE0921 Ref C: 2024-01-09T08:12:37Z
date: Tue, 09 Jan 2024 08:12:36 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301094_1ZX0523MAABCARXR5&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301094_1ZX0523MAABCARXR5&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 311015
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 863E1E13B0CA44C0BB95137BA8398EA7 Ref B: LON04EDGE0921 Ref C: 2024-01-09T08:12:37Z
date: Tue, 09 Jan 2024 08:12:36 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301431_1VDBP7BM4DABZY935&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301431_1VDBP7BM4DABZY935&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 248383
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BF792DA2EEC94F30A2EFE7C89803A565 Ref B: LON04EDGE0921 Ref C: 2024-01-09T08:12:37Z
date: Tue, 09 Jan 2024 08:12:36 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301204_13RTRWWMWPI5PA61W&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301204_13RTRWWMWPI5PA61W&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 392590
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D11918F5FDC04F2BB685B0DC82163E90 Ref B: LON04EDGE0921 Ref C: 2024-01-09T08:12:37Z
date: Tue, 09 Jan 2024 08:12:36 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301527_1R0WB31C7EYYSTJK4&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301527_1R0WB31C7EYYSTJK4&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
-
Remote address:8.8.8.8:53Request119.110.54.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request217.135.221.88.in-addr.arpaIN PTRResponse217.135.221.88.in-addr.arpaIN PTRa88-221-135-217deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request174.178.17.96.in-addr.arpaIN PTRResponse174.178.17.96.in-addr.arpaIN PTRa96-17-178-174deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request42.134.221.88.in-addr.arpaIN PTRResponse42.134.221.88.in-addr.arpaIN PTRa88-221-134-42deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request42.134.221.88.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request211.178.17.96.in-addr.arpaIN PTRResponse211.178.17.96.in-addr.arpaIN PTRa96-17-178-211deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request139.136.73.23.in-addr.arpaIN PTRResponse139.136.73.23.in-addr.arpaIN PTRa23-73-136-139deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request35.197.79.40.in-addr.arpaIN PTRResponse
-
46 B 1
-
204.79.197.200:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7905e99a7775433981d3b1bb5ecf8419&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid=tls, http22.3kB 10.1kB 24 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7905e99a7775433981d3b1bb5ecf8419&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7905e99a7775433981d3b1bb5ecf8419&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7905e99a7775433981d3b1bb5ecf8419&localId=w:63729BF2-40B5-0542-60A9-A222D854C0D2&deviceId=6896190262937755&anid=HTTP Response
204 -
1.2kB 8.3kB 15 14
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317301527_1R0WB31C7EYYSTJK4&pid=21.2&w=1080&h=1920&c=4tls, http241.8kB 1.2MB 860 855
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301613_1EA2C0C0DT61W8IZ8&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317300998_1VQZSKOQ4GB7QD9KL&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301094_1ZX0523MAABCARXR5&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301431_1VDBP7BM4DABZY935&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301204_13RTRWWMWPI5PA61W&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301527_1R0WB31C7EYYSTJK4&pid=21.2&w=1080&h=1920&c=4 -
1.2kB 8.3kB 15 14
-
1.2kB 8.3kB 16 14
-
1.2kB 8.3kB 16 14
-
72 B 146 B 1 1
DNS Request
26.165.165.52.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
146.78.124.51.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
83.177.190.20.in-addr.arpa
-
56 B 158 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.20013.107.21.200
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
56.126.166.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
18.134.221.88.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
241.154.82.20.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
41.110.16.96.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
158.240.127.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
19.229.111.52.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
104.241.123.92.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
43.58.199.20.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
72 B 158 B 1 1
DNS Request
119.110.54.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
217.135.221.88.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
174.178.17.96.in-addr.arpa
-
144 B 137 B 2 1
DNS Request
42.134.221.88.in-addr.arpa
DNS Request
42.134.221.88.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
211.178.17.96.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
139.136.73.23.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
35.197.79.40.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
382KB
MD58292610621bd75ca684e7a001b4d129a
SHA1175682e8f39409991880ffff1498eed47bc77ebd
SHA256879f3ed326262db8a766a388aa174c7482a9267aebe7225cf9bb257eb22cdab0
SHA512fbd82de1d4b323b1600eac9acf67a9b1f5259610d0af2535c99ceea189f5cf36872bda2e4eb6268f0ea246552fa2826dca3788b9aa3c4e0e622e6a5c43751bee
-
Filesize
56KB
MD5e115521ba14b75f53dcdff087ec6898f
SHA187103a892bb514a93d485fba221bacb9da3aae25
SHA25659b284d0ad4c2634938e70fae67d9048bd98422d052fbd745a9b80b5fae7ae29
SHA512ab3d097bcf11bf7327a28124052b210f5fb13b9bfb9b7376cae1ba5c30182a330506935288a7fe06b7e3fdd82b57f5c31638f1c301738342819c772b346fa35a
-
Filesize
59KB
MD55efd390d5f95c8191f5ac33c4db4b143
SHA142d81b118815361daa3007f1a40f1576e9a9e0bc
SHA2566028434636f349d801465f77af3a1e387a9c5032942ca6cadb6506d0800f2a74
SHA512720fbe253483dc034307a57a2860c8629a760f883603198d1213f5290b7f236bf0f5f237728ebed50962be83dc7dc4abe61a1e9a55218778495fc6580eb20b3d