Resubmissions

03-07-2024 22:59

240703-2yn7wszhlp 10

03-07-2024 16:13

240703-tn93lsyglf 10

03-07-2024 16:11

240703-tm84xsyfma 10

10-05-2024 16:25

240510-tw1h5shh47 10

24-08-2023 11:16

230824-nda8msdf8z 10

Analysis

  • max time kernel
    1785s
  • max time network
    1804s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-07-2024 16:13

General

  • Target

    95560f1a465e8ba87a73f8e60a6657545073d55c3b5cfc2ffdaf3d69d46afcf9.dll

  • Size

    260KB

  • MD5

    9e9719483cc24dc0ab94b31f76981f42

  • SHA1

    dad2cbcedfa94a2d2f0fde521d6f57a094d7c85b

  • SHA256

    95560f1a465e8ba87a73f8e60a6657545073d55c3b5cfc2ffdaf3d69d46afcf9

  • SHA512

    83cff2d55df7d40aea1357515cc673792b367718e57624a2eedd531fd51c49ff165e5e69065efa09148d550644ea1106f54dea35aaadcebaa9ed911532c44309

  • SSDEEP

    6144:HP2sOvpPfQUH6+SqpcH1lH0CIuK8AWaULcka:HPXOv9RH6fEcH1h0vuLNyk

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\95560f1a465e8ba87a73f8e60a6657545073d55c3b5cfc2ffdaf3d69d46afcf9.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3920
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\95560f1a465e8ba87a73f8e60a6657545073d55c3b5cfc2ffdaf3d69d46afcf9.dll
      2⤵
        PID:3460
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4428,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:8
      1⤵
        PID:2152

      Network

      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-us
        DNS
        183.142.211.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        183.142.211.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        82.90.14.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        82.90.14.23.in-addr.arpa
        IN PTR
        Response
        82.90.14.23.in-addr.arpa
        IN PTR
        a23-14-90-82deploystaticakamaitechnologiescom
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86N2EjzGtxPkxzYOVPYojcDVUCUwoTzf4YAjfFQancvkQ2xn7zF4BEp6O30WafIU9ejQf7tFouutJ44Qp8DbmDv_MlNB3UUbsXWnf_a0uEUjwe1mTyZoM9dtXs_6uETPuU0ug9kSS4EGKTEtBHJUA9D1XbUObBUEW1I6E9UeHW8SzfpBb%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZmFwcHMubWljcm9zb2Z0LmNvbSUyZnN0b3JlJTJmZGV0YWlsJTJmb3V0bG9vay1mb3Itd2luZG93cyUyZjlOUlg2MzIwOVI3QiUzZmhsJTNkZW4tdXMlMjZnbCUzZHVzJTI2T0NJRCUzZGNtbXE2bWdvamxlJTI2Rk9STSUzZE01MDA2WA%26rlid%3Df9206a94feca182e57b40cfc35f9c223&TIME=20240611T221026Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86N2EjzGtxPkxzYOVPYojcDVUCUwoTzf4YAjfFQancvkQ2xn7zF4BEp6O30WafIU9ejQf7tFouutJ44Qp8DbmDv_MlNB3UUbsXWnf_a0uEUjwe1mTyZoM9dtXs_6uETPuU0ug9kSS4EGKTEtBHJUA9D1XbUObBUEW1I6E9UeHW8SzfpBb%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZmFwcHMubWljcm9zb2Z0LmNvbSUyZnN0b3JlJTJmZGV0YWlsJTJmb3V0bG9vay1mb3Itd2luZG93cyUyZjlOUlg2MzIwOVI3QiUzZmhsJTNkZW4tdXMlMjZnbCUzZHVzJTI2T0NJRCUzZGNtbXE2bWdvamxlJTI2Rk9STSUzZE01MDA2WA%26rlid%3Df9206a94feca182e57b40cfc35f9c223&TIME=20240611T221026Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=0DB02217BFED69C225BB36A6BE0D6865; domain=.bing.com; expires=Mon, 28-Jul-2025 19:59:45 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 81DF595236214CD1ACEA59FA7EF33D3F Ref B: LON04EDGE1122 Ref C: 2024-07-03T19:59:45Z
        date: Wed, 03 Jul 2024 19:59:45 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86N2EjzGtxPkxzYOVPYojcDVUCUwoTzf4YAjfFQancvkQ2xn7zF4BEp6O30WafIU9ejQf7tFouutJ44Qp8DbmDv_MlNB3UUbsXWnf_a0uEUjwe1mTyZoM9dtXs_6uETPuU0ug9kSS4EGKTEtBHJUA9D1XbUObBUEW1I6E9UeHW8SzfpBb%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZmFwcHMubWljcm9zb2Z0LmNvbSUyZnN0b3JlJTJmZGV0YWlsJTJmb3V0bG9vay1mb3Itd2luZG93cyUyZjlOUlg2MzIwOVI3QiUzZmhsJTNkZW4tdXMlMjZnbCUzZHVzJTI2T0NJRCUzZGNtbXE2bWdvamxlJTI2Rk9STSUzZE01MDA2WA%26rlid%3Df9206a94feca182e57b40cfc35f9c223&TIME=20240611T221026Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86N2EjzGtxPkxzYOVPYojcDVUCUwoTzf4YAjfFQancvkQ2xn7zF4BEp6O30WafIU9ejQf7tFouutJ44Qp8DbmDv_MlNB3UUbsXWnf_a0uEUjwe1mTyZoM9dtXs_6uETPuU0ug9kSS4EGKTEtBHJUA9D1XbUObBUEW1I6E9UeHW8SzfpBb%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZmFwcHMubWljcm9zb2Z0LmNvbSUyZnN0b3JlJTJmZGV0YWlsJTJmb3V0bG9vay1mb3Itd2luZG93cyUyZjlOUlg2MzIwOVI3QiUzZmhsJTNkZW4tdXMlMjZnbCUzZHVzJTI2T0NJRCUzZGNtbXE2bWdvamxlJTI2Rk9STSUzZE01MDA2WA%26rlid%3Df9206a94feca182e57b40cfc35f9c223&TIME=20240611T221026Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=0DB02217BFED69C225BB36A6BE0D6865; _EDGE_S=SID=2CDE15703630648C295601C1379A656F
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=hTt21RL9YM68fk-sFOvrp726hw5bWTAn6GHQGygk-mM; domain=.bing.com; expires=Mon, 28-Jul-2025 19:59:46 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 22C3F5C5CAA545DDA2B814C7F26AC047 Ref B: LON04EDGE1122 Ref C: 2024-07-03T19:59:45Z
        date: Wed, 03 Jul 2024 19:59:46 GMT
      • flag-nl
        GET
        https://www.bing.com/aes/c.gif?RG=ae886827c1854ebd96afbaf8e8a25b9a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221026Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640
        Remote address:
        23.62.61.129:443
        Request
        GET /aes/c.gif?RG=ae886827c1854ebd96afbaf8e8a25b9a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221026Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640 HTTP/2.0
        host: www.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=0DB02217BFED69C225BB36A6BE0D6865
        Response
        HTTP/2.0 200
        cache-control: private,no-store
        pragma: no-cache
        vary: Origin
        p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 4D6FC23AE2A24190821CFDD220D0CCB5 Ref B: DUS30EDGE0912 Ref C: 2024-07-03T19:59:45Z
        content-length: 0
        date: Wed, 03 Jul 2024 19:59:45 GMT
        set-cookie: _EDGE_S=SID=2CDE15703630648C295601C1379A656F; path=/; httponly; domain=bing.com
        set-cookie: MUIDB=0DB02217BFED69C225BB36A6BE0D6865; path=/; httponly; expires=Mon, 28-Jul-2025 19:59:45 GMT
        alt-svc: h3=":443"; ma=93600
        x-cdn-traceid: 0.7d3d3e17.1720036785.e7f8e76
      • flag-us
        DNS
        138.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        138.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        237.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.197.79.204.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        129.61.62.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        129.61.62.23.in-addr.arpa
        IN PTR
        Response
        129.61.62.23.in-addr.arpa
        IN PTR
        a23-62-61-129deploystaticakamaitechnologiescom
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        209.205.72.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        209.205.72.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        50.23.12.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        50.23.12.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        92.12.20.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        92.12.20.2.in-addr.arpa
        IN PTR
        Response
        92.12.20.2.in-addr.arpa
        IN PTR
        a2-20-12-92deploystaticakamaitechnologiescom
      • flag-us
        DNS
        22.236.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        22.236.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        88.156.103.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        88.156.103.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        91.90.14.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        91.90.14.23.in-addr.arpa
        IN PTR
        Response
        91.90.14.23.in-addr.arpa
        IN PTR
        a23-14-90-91deploystaticakamaitechnologiescom
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        ax-0001.ax-msedge.net
        ax-0001.ax-msedge.net
        IN A
        150.171.28.10
        ax-0001.ax-msedge.net
        IN A
        150.171.27.10
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 329579
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 2472F346758D45BBB8880CFBBF6E3656 Ref B: LON04EDGE1007 Ref C: 2024-07-03T20:01:20Z
        date: Wed, 03 Jul 2024 20:01:20 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239356671167_19HPP7IIREEX4KA57&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239356671167_19HPP7IIREEX4KA57&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 606526
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: AF797E74736242589D2F1673874061A6 Ref B: LON04EDGE1007 Ref C: 2024-07-03T20:01:20Z
        date: Wed, 03 Jul 2024 20:01:20 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 381531
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 8DC05BDBA26F4FD48C0C7B99B42F8FCC Ref B: LON04EDGE1007 Ref C: 2024-07-03T20:01:20Z
        date: Wed, 03 Jul 2024 20:01:20 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239356671168_16FGHU1WN2XYJHSC0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239356671168_16FGHU1WN2XYJHSC0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 414304
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 80D1F48A4F744AC49E2BB0AC07DE36E3 Ref B: LON04EDGE1007 Ref C: 2024-07-03T20:01:20Z
        date: Wed, 03 Jul 2024 20:01:20 GMT
      • flag-us
        DNS
        10.28.171.150.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        10.28.171.150.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.73.42.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.73.42.20.in-addr.arpa
        IN PTR
        Response
      • 204.79.197.237:443
        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86N2EjzGtxPkxzYOVPYojcDVUCUwoTzf4YAjfFQancvkQ2xn7zF4BEp6O30WafIU9ejQf7tFouutJ44Qp8DbmDv_MlNB3UUbsXWnf_a0uEUjwe1mTyZoM9dtXs_6uETPuU0ug9kSS4EGKTEtBHJUA9D1XbUObBUEW1I6E9UeHW8SzfpBb%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZmFwcHMubWljcm9zb2Z0LmNvbSUyZnN0b3JlJTJmZGV0YWlsJTJmb3V0bG9vay1mb3Itd2luZG93cyUyZjlOUlg2MzIwOVI3QiUzZmhsJTNkZW4tdXMlMjZnbCUzZHVzJTI2T0NJRCUzZGNtbXE2bWdvamxlJTI2Rk9STSUzZE01MDA2WA%26rlid%3Df9206a94feca182e57b40cfc35f9c223&TIME=20240611T221026Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E
        tls, http2
        2.7kB
        9.1kB
        20
        17

        HTTP Request

        GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86N2EjzGtxPkxzYOVPYojcDVUCUwoTzf4YAjfFQancvkQ2xn7zF4BEp6O30WafIU9ejQf7tFouutJ44Qp8DbmDv_MlNB3UUbsXWnf_a0uEUjwe1mTyZoM9dtXs_6uETPuU0ug9kSS4EGKTEtBHJUA9D1XbUObBUEW1I6E9UeHW8SzfpBb%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZmFwcHMubWljcm9zb2Z0LmNvbSUyZnN0b3JlJTJmZGV0YWlsJTJmb3V0bG9vay1mb3Itd2luZG93cyUyZjlOUlg2MzIwOVI3QiUzZmhsJTNkZW4tdXMlMjZnbCUzZHVzJTI2T0NJRCUzZGNtbXE2bWdvamxlJTI2Rk9STSUzZE01MDA2WA%26rlid%3Df9206a94feca182e57b40cfc35f9c223&TIME=20240611T221026Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86N2EjzGtxPkxzYOVPYojcDVUCUwoTzf4YAjfFQancvkQ2xn7zF4BEp6O30WafIU9ejQf7tFouutJ44Qp8DbmDv_MlNB3UUbsXWnf_a0uEUjwe1mTyZoM9dtXs_6uETPuU0ug9kSS4EGKTEtBHJUA9D1XbUObBUEW1I6E9UeHW8SzfpBb%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZmFwcHMubWljcm9zb2Z0LmNvbSUyZnN0b3JlJTJmZGV0YWlsJTJmb3V0bG9vay1mb3Itd2luZG93cyUyZjlOUlg2MzIwOVI3QiUzZmhsJTNkZW4tdXMlMjZnbCUzZHVzJTI2T0NJRCUzZGNtbXE2bWdvamxlJTI2Rk9STSUzZE01MDA2WA%26rlid%3Df9206a94feca182e57b40cfc35f9c223&TIME=20240611T221026Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

        HTTP Response

        204
      • 23.62.61.129:443
        https://www.bing.com/aes/c.gif?RG=ae886827c1854ebd96afbaf8e8a25b9a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221026Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640
        tls, http2
        1.5kB
        5.4kB
        17
        15

        HTTP Request

        GET https://www.bing.com/aes/c.gif?RG=ae886827c1854ebd96afbaf8e8a25b9a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221026Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640

        HTTP Response

        200
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        6.9kB
        15
        13
      • 150.171.28.10:443
        https://tse1.mm.bing.net/th?id=OADD2.10239356671168_16FGHU1WN2XYJHSC0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        tls, http2
        63.4kB
        1.8MB
        1318
        1315

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239356671167_19HPP7IIREEX4KA57&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239356671168_16FGHU1WN2XYJHSC0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        6.9kB
        15
        13
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        6.9kB
        15
        13
      • 8.8.8.8:53
        8.8.8.8.in-addr.arpa
        dns
        66 B
        90 B
        1
        1

        DNS Request

        8.8.8.8.in-addr.arpa

      • 8.8.8.8:53
        183.142.211.20.in-addr.arpa
        dns
        73 B
        159 B
        1
        1

        DNS Request

        183.142.211.20.in-addr.arpa

      • 8.8.8.8:53
        82.90.14.23.in-addr.arpa
        dns
        70 B
        133 B
        1
        1

        DNS Request

        82.90.14.23.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
        151 B
        1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.237
        13.107.21.237

      • 8.8.8.8:53
        138.32.126.40.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        138.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        237.197.79.204.in-addr.arpa
        dns
        73 B
        143 B
        1
        1

        DNS Request

        237.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        129.61.62.23.in-addr.arpa
        dns
        71 B
        135 B
        1
        1

        DNS Request

        129.61.62.23.in-addr.arpa

      • 8.8.8.8:53
        26.35.223.20.in-addr.arpa
        dns
        71 B
        157 B
        1
        1

        DNS Request

        26.35.223.20.in-addr.arpa

      • 8.8.8.8:53
        209.205.72.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        209.205.72.20.in-addr.arpa

      • 8.8.8.8:53
        50.23.12.20.in-addr.arpa
        dns
        70 B
        156 B
        1
        1

        DNS Request

        50.23.12.20.in-addr.arpa

      • 8.8.8.8:53
        56.126.166.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        56.126.166.20.in-addr.arpa

      • 8.8.8.8:53
        92.12.20.2.in-addr.arpa
        dns
        69 B
        131 B
        1
        1

        DNS Request

        92.12.20.2.in-addr.arpa

      • 8.8.8.8:53
        22.236.111.52.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        22.236.111.52.in-addr.arpa

      • 8.8.8.8:53
        88.156.103.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        88.156.103.20.in-addr.arpa

      • 8.8.8.8:53
        91.90.14.23.in-addr.arpa
        dns
        70 B
        133 B
        1
        1

        DNS Request

        91.90.14.23.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
        170 B
        1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        150.171.28.10
        150.171.27.10

      • 8.8.8.8:53
        10.28.171.150.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        10.28.171.150.in-addr.arpa

      • 8.8.8.8:53
        26.73.42.20.in-addr.arpa
        dns
        70 B
        156 B
        1
        1

        DNS Request

        26.73.42.20.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.