4ee85019c1ae4d1abf8ea1908f635339d0a4af88ba185dc30e1104e68c7c902e

Resubmissions

10/07/2024, 02:30 UTC

240710-czl2gstcke 10

20/06/2024, 12:39 UTC

240620-pvzs1axflf 10

20/06/2024, 12:36 UTC

240620-pswcss1hrr 7

20/06/2024, 12:35 UTC

240620-psqgjs1hrm 10

20/06/2024, 12:33 UTC

240620-prd25axdpg 10

Analysis

max time kernel
1794s
max time network
1804s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 12:33 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

spoofers/serial_checker.bat
Size

437B
MD5

0c088b6adc55c20fc375badef6f7e9a7
SHA1

37c865ebfe537b94534844281e9086462f3e2462
SHA256

51f783d41ad3a807344eb9550d65cb4638793aac71f4eb4a1a11414b24e339e1
SHA512

7f82c647413f997a537148ab7d1e8a5cff9fef18561783f329485dbb67ab76a2a8defa0a7304feb7e1e79645b50b8cb2d4a069ff3ec668542fdefb1adbde6f5d

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2576	WMIC.exe
Token: SeSecurityPrivilege	2576	WMIC.exe
Token: SeTakeOwnershipPrivilege	2576	WMIC.exe
Token: SeLoadDriverPrivilege	2576	WMIC.exe
Token: SeSystemProfilePrivilege	2576	WMIC.exe
Token: SeSystemtimePrivilege	2576	WMIC.exe
Token: SeProfSingleProcessPrivilege	2576	WMIC.exe
Token: SeIncBasePriorityPrivilege	2576	WMIC.exe
Token: SeCreatePagefilePrivilege	2576	WMIC.exe
Token: SeBackupPrivilege	2576	WMIC.exe
Token: SeRestorePrivilege	2576	WMIC.exe
Token: SeShutdownPrivilege	2576	WMIC.exe
Token: SeDebugPrivilege	2576	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2576	WMIC.exe
Token: SeRemoteShutdownPrivilege	2576	WMIC.exe
Token: SeUndockPrivilege	2576	WMIC.exe
Token: SeManageVolumePrivilege	2576	WMIC.exe
Token: 33	2576	WMIC.exe
Token: 34	2576	WMIC.exe
Token: 35	2576	WMIC.exe
Token: 36	2576	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2576	WMIC.exe
Token: SeSecurityPrivilege	2576	WMIC.exe
Token: SeTakeOwnershipPrivilege	2576	WMIC.exe
Token: SeLoadDriverPrivilege	2576	WMIC.exe
Token: SeSystemProfilePrivilege	2576	WMIC.exe
Token: SeSystemtimePrivilege	2576	WMIC.exe
Token: SeProfSingleProcessPrivilege	2576	WMIC.exe
Token: SeIncBasePriorityPrivilege	2576	WMIC.exe
Token: SeCreatePagefilePrivilege	2576	WMIC.exe
Token: SeBackupPrivilege	2576	WMIC.exe
Token: SeRestorePrivilege	2576	WMIC.exe
Token: SeShutdownPrivilege	2576	WMIC.exe
Token: SeDebugPrivilege	2576	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2576	WMIC.exe
Token: SeRemoteShutdownPrivilege	2576	WMIC.exe
Token: SeUndockPrivilege	2576	WMIC.exe
Token: SeManageVolumePrivilege	2576	WMIC.exe
Token: 33	2576	WMIC.exe
Token: 34	2576	WMIC.exe
Token: 35	2576	WMIC.exe
Token: 36	2576	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2432	WMIC.exe
Token: SeSecurityPrivilege	2432	WMIC.exe
Token: SeTakeOwnershipPrivilege	2432	WMIC.exe
Token: SeLoadDriverPrivilege	2432	WMIC.exe
Token: SeSystemProfilePrivilege	2432	WMIC.exe
Token: SeSystemtimePrivilege	2432	WMIC.exe
Token: SeProfSingleProcessPrivilege	2432	WMIC.exe
Token: SeIncBasePriorityPrivilege	2432	WMIC.exe
Token: SeCreatePagefilePrivilege	2432	WMIC.exe
Token: SeBackupPrivilege	2432	WMIC.exe
Token: SeRestorePrivilege	2432	WMIC.exe
Token: SeShutdownPrivilege	2432	WMIC.exe
Token: SeDebugPrivilege	2432	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2432	WMIC.exe
Token: SeRemoteShutdownPrivilege	2432	WMIC.exe
Token: SeUndockPrivilege	2432	WMIC.exe
Token: SeManageVolumePrivilege	2432	WMIC.exe
Token: 33	2432	WMIC.exe
Token: 34	2432	WMIC.exe
Token: 35	2432	WMIC.exe
Token: 36	2432	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2432	WMIC.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 2576	2944	cmd.exe	91
PID 2944 wrote to memory of 2576	2944	cmd.exe	91
PID 2944 wrote to memory of 2432	2944	cmd.exe	93
PID 2944 wrote to memory of 2432	2944	cmd.exe	93
PID 2944 wrote to memory of 5040	2944	cmd.exe	94
PID 2944 wrote to memory of 5040	2944	cmd.exe	94
PID 2944 wrote to memory of 4460	2944	cmd.exe	96
PID 2944 wrote to memory of 4460	2944	cmd.exe	96
PID 2944 wrote to memory of 1920	2944	cmd.exe	97
PID 2944 wrote to memory of 1920	2944	cmd.exe	97
PID 2944 wrote to memory of 4164	2944	cmd.exe	99
PID 2944 wrote to memory of 4164	2944	cmd.exe	99

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\spoofers\serial_checker.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Windows\System32\Wbem\WMIC.exe
  wmic diskdrive get model, serialnumber
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2576
- C:\Windows\System32\Wbem\WMIC.exe
  wmic cpu get serialnumber
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2432
- C:\Windows\System32\Wbem\WMIC.exe
  wmic bios get serialnumber
  2⤵
  PID:5040
- C:\Windows\System32\Wbem\WMIC.exe
  wmic baseboard get serialnumber
  2⤵
  PID:4460
- C:\Windows\System32\Wbem\WMIC.exe
  wmic path win32_computersystemproduct get uuid
  2⤵
  PID:1920
- C:\Windows\system32\getmac.exe
  getmac
  2⤵
  PID:4164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4064,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:8
1⤵
PID:3004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1312,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=1292 /prefetch:8
1⤵
PID:180

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

13.107.21.237

dual-a-0034.a-msedge.net

IN A

204.79.197.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8SylKEwePhXOaEZfomOwkgTVUCUwNwdXeuPSiBfwuKQ0XxVeMy2lXiVkKPuyEfB1hWj533Fbz_KJdUVAW9zcdDs5CScd2ZrpcBUrF5zcbb2E0xKuRpwFgaUtxpKOxmTyMdkJobkl5KFtwhSoDo2nU3tJC5FYxWr2IQ0vx-zEUEnMgxAOG%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dd77cbd3a015518c962a1db52cf864013&TIME=20240611T222549Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8SylKEwePhXOaEZfomOwkgTVUCUwNwdXeuPSiBfwuKQ0XxVeMy2lXiVkKPuyEfB1hWj533Fbz_KJdUVAW9zcdDs5CScd2ZrpcBUrF5zcbb2E0xKuRpwFgaUtxpKOxmTyMdkJobkl5KFtwhSoDo2nU3tJC5FYxWr2IQ0vx-zEUEnMgxAOG%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dd77cbd3a015518c962a1db52cf864013&TIME=20240611T222549Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=379991B5A89A63A809438511A9216258; domain=.bing.com; expires=Tue, 15-Jul-2025 12:33:49 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9E71177C6BDB48FC928A8BB67C4448FE Ref B: LON04EDGE0910 Ref C: 2024-06-20T12:33:49Z
date: Thu, 20 Jun 2024 12:33:49 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8SylKEwePhXOaEZfomOwkgTVUCUwNwdXeuPSiBfwuKQ0XxVeMy2lXiVkKPuyEfB1hWj533Fbz_KJdUVAW9zcdDs5CScd2ZrpcBUrF5zcbb2E0xKuRpwFgaUtxpKOxmTyMdkJobkl5KFtwhSoDo2nU3tJC5FYxWr2IQ0vx-zEUEnMgxAOG%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dd77cbd3a015518c962a1db52cf864013&TIME=20240611T222549Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8SylKEwePhXOaEZfomOwkgTVUCUwNwdXeuPSiBfwuKQ0XxVeMy2lXiVkKPuyEfB1hWj533Fbz_KJdUVAW9zcdDs5CScd2ZrpcBUrF5zcbb2E0xKuRpwFgaUtxpKOxmTyMdkJobkl5KFtwhSoDo2nU3tJC5FYxWr2IQ0vx-zEUEnMgxAOG%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dd77cbd3a015518c962a1db52cf864013&TIME=20240611T222549Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=379991B5A89A63A809438511A9216258; _EDGE_S=SID=20B6203F37F46E880496349B36F26FD2

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=PaITo1yGDorzJV2VDuxFXoJvtvWj6Uu1DTE_w90u_rw; domain=.bing.com; expires=Tue, 15-Jul-2025 12:33:50 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F82BEC892E504DEF90400F1BAA64FC3B Ref B: LON04EDGE0910 Ref C: 2024-06-20T12:33:50Z
date: Thu, 20 Jun 2024 12:33:49 GMT
GET

https://www.bing.com/aes/c.gif?RG=33d4af2ad68f4be6b1eb22a86bae5e60&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T222549Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640

Remote address:

23.62.61.155:443

Request

GET /aes/c.gif?RG=33d4af2ad68f4be6b1eb22a86bae5e60&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T222549Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=379991B5A89A63A809438511A9216258

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7CD4A79A7B814403B5DC74A8E26CB8FA Ref B: LON212050701047 Ref C: 2024-06-20T12:33:50Z
content-length: 0
date: Thu, 20 Jun 2024 12:33:50 GMT
set-cookie: _EDGE_S=SID=20B6203F37F46E880496349B36F26FD2; path=/; httponly; domain=bing.com
set-cookie: MUIDB=379991B5A89A63A809438511A9216258; path=/; httponly; expires=Tue, 15-Jul-2025 12:33:50 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.973d3e17.1718886830.e542237
DNS

73.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.159.190.20.in-addr.arpa

IN PTR

Response
DNS

237.21.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.21.107.13.in-addr.arpa

IN PTR

Response
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

155.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.61.62.23.in-addr.arpa

IN PTR

Response

155.61.62.23.in-addr.arpa

IN PTR

a23-62-61-155deploystaticakamaitechnologiescom
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 612524
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2B6D370391DC418BB25E8BC96D22EE5C Ref B: LON04EDGE1114 Ref C: 2024-06-20T12:35:28Z
date: Thu, 20 Jun 2024 12:35:28 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 664170
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7200B50481064B6A800025AB6B76A2C1 Ref B: LON04EDGE1114 Ref C: 2024-06-20T12:35:28Z
date: Thu, 20 Jun 2024 12:35:28 GMT
DNS

10.28.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.28.171.150.in-addr.arpa

IN PTR

Response
DNS

4.73.50.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.73.50.20.in-addr.arpa

IN PTR

Response

13.107.21.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8SylKEwePhXOaEZfomOwkgTVUCUwNwdXeuPSiBfwuKQ0XxVeMy2lXiVkKPuyEfB1hWj533Fbz_KJdUVAW9zcdDs5CScd2ZrpcBUrF5zcbb2E0xKuRpwFgaUtxpKOxmTyMdkJobkl5KFtwhSoDo2nU3tJC5FYxWr2IQ0vx-zEUEnMgxAOG%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dd77cbd3a015518c962a1db52cf864013&TIME=20240611T222549Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

tls, http2

2.5kB
9.1kB
19
17

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8SylKEwePhXOaEZfomOwkgTVUCUwNwdXeuPSiBfwuKQ0XxVeMy2lXiVkKPuyEfB1hWj533Fbz_KJdUVAW9zcdDs5CScd2ZrpcBUrF5zcbb2E0xKuRpwFgaUtxpKOxmTyMdkJobkl5KFtwhSoDo2nU3tJC5FYxWr2IQ0vx-zEUEnMgxAOG%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dd77cbd3a015518c962a1db52cf864013&TIME=20240611T222549Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8SylKEwePhXOaEZfomOwkgTVUCUwNwdXeuPSiBfwuKQ0XxVeMy2lXiVkKPuyEfB1hWj533Fbz_KJdUVAW9zcdDs5CScd2ZrpcBUrF5zcbb2E0xKuRpwFgaUtxpKOxmTyMdkJobkl5KFtwhSoDo2nU3tJC5FYxWr2IQ0vx-zEUEnMgxAOG%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dd77cbd3a015518c962a1db52cf864013&TIME=20240611T222549Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

HTTP Response

204
23.62.61.155:443

https://www.bing.com/aes/c.gif?RG=33d4af2ad68f4be6b1eb22a86bae5e60&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T222549Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640

tls, http2

1.4kB
5.5kB
16
14

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=33d4af2ad68f4be6b1eb22a86bae5e60&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T222549Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640

HTTP Response

200
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

49.5kB
1.3MB
973
970

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

13.107.21.237

204.79.197.237
8.8.8.8:53

73.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

73.159.190.20.in-addr.arpa
8.8.8.8:53

237.21.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

237.21.107.13.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

155.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

155.61.62.23.in-addr.arpa
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

31.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

31.243.111.52.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

10.28.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.28.171.150.in-addr.arpa
8.8.8.8:53

4.73.50.20.in-addr.arpa

dns

69 B
155 B
1
1

DNS Request

4.73.50.20.in-addr.arpa

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.