Analysis

  • max time kernel
    102s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2024, 11:12 UTC

General

  • Target

    58d4a47a6c61276b8a77b4b141ad66d0N.exe

  • Size

    885KB

  • MD5

    58d4a47a6c61276b8a77b4b141ad66d0

  • SHA1

    04154c6a1446b2860878f00351d1b5029396c1cc

  • SHA256

    9a46e925a3455b196a79960ee08acb17c42192c229566f949d943ec501bf9508

  • SHA512

    363000be838efe353f229df143218a97262193b2e8e880000c6a994d482d2dbe78d2fb8f91e9b25f42fbb9caef0a2f9ec33c51b2d53c99132200c85c243f3e28

  • SSDEEP

    24576:J5gmjwYTGj40f4I0+SZONtu+/OCIFAh+UfdkNcrav5:J5gPY84U03YOCIFA8SgcWv5

Malware Config

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58d4a47a6c61276b8a77b4b141ad66d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\58d4a47a6c61276b8a77b4b141ad66d0N.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Users\Admin\AppData\Local\Temp\58d4a47a6c61276b8a77b4b141ad66d0N.exe
      "C:\Users\Admin\AppData\Local\Temp\58d4a47a6c61276b8a77b4b141ad66d0N.exe"
      2⤵
      • Checks SCSI registry key(s)
      PID:1964

Network

  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    233.143.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    233.143.123.92.in-addr.arpa
    IN PTR
    Response
    233.143.123.92.in-addr.arpa
    IN PTR
    a92-123-143-233deploystaticakamaitechnologiescom
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=62680cd31003429fbea555b600499520&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=62680cd31003429fbea555b600499520&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=05D9F4923A3B66B70E3FE0733BDB6709; domain=.bing.com; expires=Sun, 14-Sep-2025 11:12:59 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E10901EE42C74781AAF69620E49D8000 Ref B: LON04EDGE1116 Ref C: 2024-08-20T11:12:59Z
    date: Tue, 20 Aug 2024 11:12:58 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=62680cd31003429fbea555b600499520&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=62680cd31003429fbea555b600499520&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=05D9F4923A3B66B70E3FE0733BDB6709
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=Q3RGn320FVjSWxhaOVJL53DmsBLNAfeufx14SywmKAw; domain=.bing.com; expires=Sun, 14-Sep-2025 11:12:59 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 443AAF34406D4ABEB9355481F66B273E Ref B: LON04EDGE1116 Ref C: 2024-08-20T11:12:59Z
    date: Tue, 20 Aug 2024 11:12:59 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=62680cd31003429fbea555b600499520&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=62680cd31003429fbea555b600499520&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=05D9F4923A3B66B70E3FE0733BDB6709; MSPTC=Q3RGn320FVjSWxhaOVJL53DmsBLNAfeufx14SywmKAw
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C14912845AB14F87BDB13327A984ABFE Ref B: LON04EDGE1116 Ref C: 2024-08-20T11:12:59Z
    date: Tue, 20 Aug 2024 11:12:59 GMT
  • flag-us
    DNS
    85.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    85.177.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.21.107.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.21.107.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    25.140.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    25.140.123.92.in-addr.arpa
    IN PTR
    Response
    25.140.123.92.in-addr.arpa
    IN PTR
    a92-123-140-25deploystaticakamaitechnologiescom
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    203.142.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    203.142.123.92.in-addr.arpa
    IN PTR
    Response
    203.142.123.92.in-addr.arpa
    IN PTR
    a92-123-142-203deploystaticakamaitechnologiescom
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301290_1IGRZL9QG2RVKOW2C&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301290_1IGRZL9QG2RVKOW2C&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 431275
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E4128CEF1A0A4D23951CA1E84647AC4C Ref B: LON04EDGE1209 Ref C: 2024-08-20T11:14:34Z
    date: Tue, 20 Aug 2024 11:14:34 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300897_1II1YIPQNQ7MCYUAK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317300897_1II1YIPQNQ7MCYUAK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 356644
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9139E5F0DDEE427584872B6D177AFA5E Ref B: LON04EDGE1209 Ref C: 2024-08-20T11:14:34Z
    date: Tue, 20 Aug 2024 11:14:34 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360504960_1PLAHYZB4JQO28JRC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239360504960_1PLAHYZB4JQO28JRC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 605417
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3974D785376146BFA930E8390844ACC2 Ref B: LON04EDGE1209 Ref C: 2024-08-20T11:14:34Z
    date: Tue, 20 Aug 2024 11:14:34 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360505011_123FH55PMWQ5EA6JP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239360505011_123FH55PMWQ5EA6JP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 540156
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5A0AC5AB68584399AAFB4C9722C5EC42 Ref B: LON04EDGE1209 Ref C: 2024-08-20T11:14:34Z
    date: Tue, 20 Aug 2024 11:14:34 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301330_16DHBP5UB5EI8DA4M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301330_16DHBP5UB5EI8DA4M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 306374
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: BD985000ADD64AD2A95E785AEAFFB340 Ref B: LON04EDGE1209 Ref C: 2024-08-20T11:14:34Z
    date: Tue, 20 Aug 2024 11:14:34 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301699_12NV8Y4ZR4ST0I53H&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301699_12NV8Y4ZR4ST0I53H&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 517021
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 69B12A8EBEE74692869D3A687F3BC0A5 Ref B: LON04EDGE1209 Ref C: 2024-08-20T11:14:35Z
    date: Tue, 20 Aug 2024 11:14:35 GMT
  • 13.107.21.237:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=62680cd31003429fbea555b600499520&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=
    tls, http2
    2.0kB
    9.3kB
    22
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=62680cd31003429fbea555b600499520&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=62680cd31003429fbea555b600499520&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=62680cd31003429fbea555b600499520&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=

    HTTP Response

    204
  • 52.111.243.31:443
    322 B
    7
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301699_12NV8Y4ZR4ST0I53H&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    106.9kB
    3.0MB
    2166
    2162

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301290_1IGRZL9QG2RVKOW2C&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300897_1II1YIPQNQ7MCYUAK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360504960_1PLAHYZB4JQO28JRC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360505011_123FH55PMWQ5EA6JP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301330_16DHBP5UB5EI8DA4M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301699_12NV8Y4ZR4ST0I53H&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.8kB
    15
    12
  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    233.143.123.92.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    233.143.123.92.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    151 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    13.107.21.237
    204.79.197.237

  • 8.8.8.8:53
    85.177.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    85.177.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    237.21.107.13.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    237.21.107.13.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    25.140.123.92.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    25.140.123.92.in-addr.arpa

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    23.236.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    23.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    203.142.123.92.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    203.142.123.92.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    170 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1964-1089-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2632-22-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-40-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-34-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-32-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-66-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-62-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-60-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-58-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-56-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-54-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-52-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-48-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-46-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-44-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-42-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-18-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-38-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-36-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-30-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-28-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-26-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-0-0x000000007478E000-0x000000007478F000-memory.dmp

    Filesize

    4KB

  • memory/2632-2-0x0000000005070000-0x0000000005152000-memory.dmp

    Filesize

    904KB

  • memory/2632-20-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-1078-0x0000000074780000-0x0000000074F30000-memory.dmp

    Filesize

    7.7MB

  • memory/2632-12-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-10-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-8-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-64-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-4-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-50-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-3-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-24-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-14-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-6-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-1075-0x0000000074780000-0x0000000074F30000-memory.dmp

    Filesize

    7.7MB

  • memory/2632-1076-0x0000000005180000-0x00000000051DC000-memory.dmp

    Filesize

    368KB

  • memory/2632-1077-0x00000000051F0000-0x000000000523C000-memory.dmp

    Filesize

    304KB

  • memory/2632-16-0x0000000005070000-0x000000000514C000-memory.dmp

    Filesize

    880KB

  • memory/2632-1079-0x0000000005BB0000-0x0000000006154000-memory.dmp

    Filesize

    5.6MB

  • memory/2632-1080-0x0000000005300000-0x0000000005354000-memory.dmp

    Filesize

    336KB

  • memory/2632-1084-0x0000000074780000-0x0000000074F30000-memory.dmp

    Filesize

    7.7MB

  • memory/2632-1085-0x0000000074780000-0x0000000074F30000-memory.dmp

    Filesize

    7.7MB

  • memory/2632-1088-0x0000000074780000-0x0000000074F30000-memory.dmp

    Filesize

    7.7MB

  • memory/2632-1087-0x0000000074780000-0x0000000074F30000-memory.dmp

    Filesize

    7.7MB

  • memory/2632-1-0x00000000005B0000-0x0000000000694000-memory.dmp

    Filesize

    912KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.