10937c3de6636123d9ed584a6beec4c09a4d28a504149a05b51e351485d1d79c

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 01:03 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HTCTL32.dll
Size

320KB
MD5

c94005d2dcd2a54e40510344e0bb9435
SHA1

55b4a1620c5d0113811242c20bd9870a1e31d542
SHA256

3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899
SHA512

2e6f673864a54b1dcad9532ef9b18a9c45c0844f1f53e699fade2f41e43fa5cbc9b8e45e6f37b95f84cf6935a96fba2950ee3e0e9542809fd288fefba34ddd6a
SSDEEP

6144:Hib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OKB:Hib5YbsXioEgULFpSzya9/lY5SilQCfR

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4604	1464	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 1464	3536	rundll32.exe	83
PID 3536 wrote to memory of 1464	3536	rundll32.exe	83
PID 3536 wrote to memory of 1464	3536	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\HTCTL32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\HTCTL32.dll,#1
  2⤵
  PID:1464
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 640
    3⤵
    - Program crash
    PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1464 -ip 1464
1⤵
PID:4248

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

13.107.21.237

dual-a-0034.a-msedge.net

IN A

204.79.197.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Vg5g-C_ZuBbv74wM7FSFpzVUCUxsE8S5hx4SjpNudKaU9JfTRXuAcJXd65MlQo9EDq7w1gmck9KmL4OIMTvHmfNM3vdzXVc8gx0xOFkr-j_IiBzv_JRcQqB4JUAOUQBph2eCWBXQl39QBX5INqRqi2cWBTj-3OvZRFyglKSD1KLp6ck_%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D3e399f2a276d150d8a9af94287ad61e2&TIME=20240611T190920Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Vg5g-C_ZuBbv74wM7FSFpzVUCUxsE8S5hx4SjpNudKaU9JfTRXuAcJXd65MlQo9EDq7w1gmck9KmL4OIMTvHmfNM3vdzXVc8gx0xOFkr-j_IiBzv_JRcQqB4JUAOUQBph2eCWBXQl39QBX5INqRqi2cWBTj-3OvZRFyglKSD1KLp6ck_%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D3e399f2a276d150d8a9af94287ad61e2&TIME=20240611T190920Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2AA1D4E084EF6E0317A8C04D850F6F4F; domain=.bing.com; expires=Thu, 24-Jul-2025 01:03:14 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 297D3EC78DF444BC9314381B6F68F904 Ref B: LON04EDGE1113 Ref C: 2024-06-29T01:03:14Z
date: Sat, 29 Jun 2024 01:03:14 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Vg5g-C_ZuBbv74wM7FSFpzVUCUxsE8S5hx4SjpNudKaU9JfTRXuAcJXd65MlQo9EDq7w1gmck9KmL4OIMTvHmfNM3vdzXVc8gx0xOFkr-j_IiBzv_JRcQqB4JUAOUQBph2eCWBXQl39QBX5INqRqi2cWBTj-3OvZRFyglKSD1KLp6ck_%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D3e399f2a276d150d8a9af94287ad61e2&TIME=20240611T190920Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Vg5g-C_ZuBbv74wM7FSFpzVUCUxsE8S5hx4SjpNudKaU9JfTRXuAcJXd65MlQo9EDq7w1gmck9KmL4OIMTvHmfNM3vdzXVc8gx0xOFkr-j_IiBzv_JRcQqB4JUAOUQBph2eCWBXQl39QBX5INqRqi2cWBTj-3OvZRFyglKSD1KLp6ck_%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D3e399f2a276d150d8a9af94287ad61e2&TIME=20240611T190920Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2AA1D4E084EF6E0317A8C04D850F6F4F; _EDGE_S=SID=1E2420EC358F65DF23B8344134256443

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=MhXoRGpI5iuU-2kN2-xTBX-Cv1ieBKVFXLso-y5F684; domain=.bing.com; expires=Thu, 24-Jul-2025 01:03:15 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ABC3A5B1D78C4A959FDB3AB1AC239355 Ref B: LON04EDGE1113 Ref C: 2024-06-29T01:03:15Z
date: Sat, 29 Jun 2024 01:03:14 GMT
GET

https://www.bing.com/aes/c.gif?RG=917a0b224bca482b940f5aec4eb50063&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T190920Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407

Remote address:

23.62.61.194:443

Request

GET /aes/c.gif?RG=917a0b224bca482b940f5aec4eb50063&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T190920Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2AA1D4E084EF6E0317A8C04D850F6F4F

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 41C7B28B5975411E954DBED270FCEE21 Ref B: DUS30EDGE0813 Ref C: 2024-06-29T01:03:15Z
content-length: 0
date: Sat, 29 Jun 2024 01:03:15 GMT
set-cookie: _EDGE_S=SID=1E2420EC358F65DF23B8344134256443; path=/; httponly; domain=bing.com
set-cookie: MUIDB=2AA1D4E084EF6E0317A8C04D850F6F4F; path=/; httponly; expires=Thu, 24-Jul-2025 01:03:15 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1719622995.6ed18f0
DNS

131.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.83.221.88.in-addr.arpa

IN PTR

Response

131.83.221.88.in-addr.arpa

IN PTR

a88-221-83-131deploystaticakamaitechnologiescom
DNS

134.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.32.126.40.in-addr.arpa

IN PTR

Response
DNS

194.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.61.62.23.in-addr.arpa

IN PTR

Response

194.61.62.23.in-addr.arpa

IN PTR

a23-62-61-194deploystaticakamaitechnologiescom
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

107.12.20.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

107.12.20.2.in-addr.arpa

IN PTR

Response

107.12.20.2.in-addr.arpa

IN PTR

a2-20-12-107deploystaticakamaitechnologiescom
DNS

145.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

145.83.221.88.in-addr.arpa

IN PTR

Response

145.83.221.88.in-addr.arpa

IN PTR

a88-221-83-145deploystaticakamaitechnologiescom
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 634564
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B0DE7C5DF43F4A8C98323382E6D6A382 Ref B: LON04EDGE1220 Ref C: 2024-06-29T01:04:52Z
date: Sat, 29 Jun 2024 01:04:52 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 565422
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9437E9892D6C4C2EBE5D6EAA4F10A67C Ref B: LON04EDGE1220 Ref C: 2024-06-29T01:04:52Z
date: Sat, 29 Jun 2024 01:04:52 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 583094
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 82546E2A94EC40C0B58DB60AF67C4AE8 Ref B: LON04EDGE1220 Ref C: 2024-06-29T01:04:52Z
date: Sat, 29 Jun 2024 01:04:52 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 637660
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 708B439DFD794E8881C91248853F8DE5 Ref B: LON04EDGE1220 Ref C: 2024-06-29T01:04:52Z
date: Sat, 29 Jun 2024 01:04:52 GMT
DNS

10.27.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.27.171.150.in-addr.arpa

IN PTR

Response
DNS

122.10.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

122.10.44.20.in-addr.arpa

IN PTR

Response

13.107.21.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Vg5g-C_ZuBbv74wM7FSFpzVUCUxsE8S5hx4SjpNudKaU9JfTRXuAcJXd65MlQo9EDq7w1gmck9KmL4OIMTvHmfNM3vdzXVc8gx0xOFkr-j_IiBzv_JRcQqB4JUAOUQBph2eCWBXQl39QBX5INqRqi2cWBTj-3OvZRFyglKSD1KLp6ck_%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D3e399f2a276d150d8a9af94287ad61e2&TIME=20240611T190920Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

tls, http2

2.4kB
9.0kB
19
16

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Vg5g-C_ZuBbv74wM7FSFpzVUCUxsE8S5hx4SjpNudKaU9JfTRXuAcJXd65MlQo9EDq7w1gmck9KmL4OIMTvHmfNM3vdzXVc8gx0xOFkr-j_IiBzv_JRcQqB4JUAOUQBph2eCWBXQl39QBX5INqRqi2cWBTj-3OvZRFyglKSD1KLp6ck_%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D3e399f2a276d150d8a9af94287ad61e2&TIME=20240611T190920Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Vg5g-C_ZuBbv74wM7FSFpzVUCUxsE8S5hx4SjpNudKaU9JfTRXuAcJXd65MlQo9EDq7w1gmck9KmL4OIMTvHmfNM3vdzXVc8gx0xOFkr-j_IiBzv_JRcQqB4JUAOUQBph2eCWBXQl39QBX5INqRqi2cWBTj-3OvZRFyglKSD1KLp6ck_%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D3e399f2a276d150d8a9af94287ad61e2&TIME=20240611T190920Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

HTTP Response

204
23.62.61.194:443

https://www.bing.com/aes/c.gif?RG=917a0b224bca482b940f5aec4eb50063&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T190920Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407

tls, http2

1.5kB
5.4kB
17
14

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=917a0b224bca482b940f5aec4eb50063&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T190920Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

86.3kB
2.5MB
1815
1812

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

13.107.21.237

204.79.197.237
8.8.8.8:53

131.83.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

131.83.221.88.in-addr.arpa
8.8.8.8:53

134.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

134.32.126.40.in-addr.arpa
8.8.8.8:53

194.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

194.61.62.23.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

107.12.20.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

107.12.20.2.in-addr.arpa
8.8.8.8:53

145.83.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

145.83.221.88.in-addr.arpa
8.8.8.8:53

31.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

31.243.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

10.27.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.27.171.150.in-addr.arpa
8.8.8.8:53

122.10.44.20.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

122.10.44.20.in-addr.arpa

Windows 7 deprecation

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.