bbe77eb3a05d29b10ad21cf884c06a8429e0549625a093f22cbfb5ca58303b48

Analysis

max time kernel
138s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 21:42 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

asf.exe
Size

13KB
MD5

a9ece0c59f3cd12697c93bb06923fd5a
SHA1

d32f8a0144a5ce24fab90460d40e67916eab21e5
SHA256

2045c1489cfc83a34f44f82f636cbd5e5970be5db021a1546d059d869d3678a0
SHA512

798dcd7ab83a937dd77d9bef08ba024593afb3d6d2d430704d6b72e0a7d353aba567d4cff408c3427c08d261dd414578b921526cbe9d77bea30221ca324caefa
SSDEEP

192:L2M9dBH9j/sAac1tHQen27LDxdjB7ylRr9ZCspE+TMwrRmK+vhOr6h:3zac1twr7HxdleM4mN

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral4/memory/808-0-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral4/memory/808-2-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asf.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
808	asf.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 1312	808	asf.exe	92
PID 808 wrote to memory of 1312	808	asf.exe	92

C:\Users\Admin\AppData\Local\Temp\asf.exe
"C:\Users\Admin\AppData\Local\Temp\asf.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ads.alpha00001.com/cgi-bin/advert/getads?did=1075
  2⤵
  PID:1312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4084,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=4004 /prefetch:1
1⤵
PID:3832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4960,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=5216 /prefetch:1
1⤵
PID:2024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5396,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=5416 /prefetch:1
1⤵
PID:1780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5556,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:8
1⤵
PID:1628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5580,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:8
1⤵
PID:3800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6064,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:1
1⤵
PID:2428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6292,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1
1⤵
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6348,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:1
1⤵
PID:2684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6588,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:1
1⤵
PID:3468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=5780,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=5768 /prefetch:1
1⤵
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6620,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=6640 /prefetch:8
1⤵
PID:3764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=6340,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=6688 /prefetch:1
1⤵
PID:2156

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

api.edgeoffer.microsoft.com

Remote address:

8.8.8.8:53

Request

api.edgeoffer.microsoft.com

IN A

Response

api.edgeoffer.microsoft.com

IN CNAME

bingadsedgeextension-prod.trafficmanager.net

bingadsedgeextension-prod.trafficmanager.net

IN CNAME

bingadsedgeextension-prod-europe.azurewebsites.net

bingadsedgeextension-prod-europe.azurewebsites.net

IN CNAME

ssl.bingadsedgeextension-prod-europe.azurewebsites.net

ssl.bingadsedgeextension-prod-europe.azurewebsites.net

IN A

94.245.104.56
DNS

api.edgeoffer.microsoft.com

Remote address:

8.8.8.8:53

Request

api.edgeoffer.microsoft.com

IN Unknown

Response

api.edgeoffer.microsoft.com

IN CNAME

bingadsedgeextension-prod.trafficmanager.net

bingadsedgeextension-prod.trafficmanager.net

IN CNAME

bingadsedgeextension-prod-europe.azurewebsites.net

bingadsedgeextension-prod-europe.azurewebsites.net

IN CNAME

ssl.bingadsedgeextension-prod-europe.azurewebsites.net
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN Unknown

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN Unknown

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN Unknown

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN Unknown

Response
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

88.221.134.75

a416.dscd.akamai.net

IN A

88.221.135.81
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

56.104.245.94.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.104.245.94.in-addr.arpa

IN PTR

Response
DNS

57.166.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.166.221.88.in-addr.arpa

IN PTR

Response

57.166.221.88.in-addr.arpa

IN PTR

a88-221-166-57deploystaticakamaitechnologiescom
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN Unknown

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net
DNS

75.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.134.221.88.in-addr.arpa

IN PTR

Response

75.134.221.88.in-addr.arpa

IN PTR

a88-221-134-75deploystaticakamaitechnologiescom
DNS

144.245.100.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

144.245.100.95.in-addr.arpa

IN PTR

Response

144.245.100.95.in-addr.arpa

IN PTR

a95-100-245-144deploystaticakamaitechnologiescom
DNS

0.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.159.190.20.in-addr.arpa

IN PTR

Response
DNS

34.56.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.56.20.217.in-addr.arpa

IN PTR

Response
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown
DNS

google.com

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.75.238
DNS

google.com

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.75.238
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-uw-3.ukwest.cloudapp.azure.com

prod-agic-uw-3.ukwest.cloudapp.azure.com

IN A

51.11.108.188
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-uw-1.ukwest.cloudapp.azure.com
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN Unknown

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

188.108.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

188.108.11.51.in-addr.arpa

IN PTR

Response
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN A

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN Unknown

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN A

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net

e13678.dscg.akamaiedge.net

IN A

88.221.165.159
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN Unknown

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN Unknown

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN Unknown

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

137.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.142.123.92.in-addr.arpa

IN PTR

Response

137.142.123.92.in-addr.arpa

IN PTR

a92-123-142-137deploystaticakamaitechnologiescom
DNS

137.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.142.123.92.in-addr.arpa

IN PTR
DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN Unknown

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response
DNS

35.56.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.56.20.217.in-addr.arpa

IN PTR

Response
DNS

44.56.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

44.56.20.217.in-addr.arpa

IN PTR

Response
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

176.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

176.142.123.92.in-addr.arpa

IN PTR

Response

176.142.123.92.in-addr.arpa

IN PTR

a92-123-142-176deploystaticakamaitechnologiescom
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388103_1CSWF230IMLBJ1BZH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239339388103_1CSWF230IMLBJ1BZH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 659067
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CF62082AA0BE457A968AE6664E9AEEC3 Ref B: LON04EDGE1207 Ref C: 2024-08-22T21:44:20Z
date: Thu, 22 Aug 2024 21:44:20 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388104_1WOMQSFLGSNQV3AH1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239339388104_1WOMQSFLGSNQV3AH1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 594481
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8F6B4CEF3BB64CB0914B01F90958B3C9 Ref B: LON04EDGE1207 Ref C: 2024-08-22T21:44:20Z
date: Thu, 22 Aug 2024 21:44:20 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 714240
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C906FE800C3D40E38FBAD8C50108317D Ref B: LON04EDGE1207 Ref C: 2024-08-22T21:44:20Z
date: Thu, 22 Aug 2024 21:44:20 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 663065
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5435CB98D85546A680A61D48D5BD54D4 Ref B: LON04EDGE1207 Ref C: 2024-08-22T21:44:20Z
date: Thu, 22 Aug 2024 21:44:20 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418559_1LXGGCLQWFST3067K&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418559_1LXGGCLQWFST3067K&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 540045
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B6E37BDC022D4D009D589A010AA5A81D Ref B: LON04EDGE1207 Ref C: 2024-08-22T21:44:20Z
date: Thu, 22 Aug 2024 21:44:20 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418560_12H05GS2AXF1O4KMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418560_12H05GS2AXF1O4KMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 512342
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 443B36F36FA24E6089AFBE2A60C2D1DF Ref B: LON04EDGE1207 Ref C: 2024-08-22T21:44:21Z
date: Thu, 22 Aug 2024 21:44:20 GMT
DNS

10.28.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.28.171.150.in-addr.arpa

IN PTR

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN Unknown

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response
DNS

ads.alpha00001.com

Remote address:

8.8.8.8:53

Request

ads.alpha00001.com

IN A

Response

94.245.104.56:443

api.edgeoffer.microsoft.com

tls

4.1kB
8.9kB
16
15
13.107.6.158:443

business.bing.com

tls

3.7kB
10.0kB
19
21
88.221.134.75:443

bzib.nelreports.net

tls

3.8kB
5.9kB
14
17
95.100.245.144:443

www.microsoft.com

tls

6.4kB
22.5kB
29
38
51.11.108.188:443

nav-edge.smartscreen.microsoft.com

tls

21.5kB
18.6kB
48
41
13.107.246.64:443

edgestatic.azureedge.net

tls

3.0kB
7.6kB
14
12
13.107.246.64:443

edgestatic.azureedge.net

tls

3.0kB
7.6kB
14
11
13.107.246.64:443

edgestatic.azureedge.net

tls

104.4kB
3.9MB
2028
2837
13.107.246.64:443

edgestatic.azureedge.net

tls

10.2kB
272.3kB
140
209
13.107.246.64:443

wcpstatic.microsoft.com

tls

5.7kB
91.1kB
59
79
92.123.142.137:443

www.bing.com

tls

2.3kB
5.1kB
10
12
92.123.142.176:443

www.bing.com

tls

2.7kB
986 B
10
9
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239340418560_12H05GS2AXF1O4KMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

132.7kB
3.8MB
2770
2765

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388103_1CSWF230IMLBJ1BZH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388104_1WOMQSFLGSNQV3AH1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418559_1LXGGCLQWFST3067K&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418560_12H05GS2AXF1O4KMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

api.edgeoffer.microsoft.com

dns

73 B
226 B
1
1

DNS Request

api.edgeoffer.microsoft.com

DNS Response

94.245.104.56
8.8.8.8:53

api.edgeoffer.microsoft.com

dns

73 B
271 B
1
1

DNS Request

api.edgeoffer.microsoft.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
185 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

88.221.134.75

88.221.135.81
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

56.104.245.94.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

56.104.245.94.in-addr.arpa
8.8.8.8:53

57.166.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

57.166.221.88.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144
8.8.8.8:53

www.microsoft.com

dns

63 B
275 B
1
1

DNS Request

www.microsoft.com
8.8.8.8:53

75.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

75.134.221.88.in-addr.arpa
8.8.8.8:53

144.245.100.95.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

144.245.100.95.in-addr.arpa
8.8.8.8:53

0.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

0.159.190.20.in-addr.arpa
8.8.8.8:53

34.56.20.217.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

34.56.20.217.in-addr.arpa
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

google.com

dns

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.75.238
8.8.8.8:53

google.com

dns

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.75.238
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

146 B
144 B
2
1

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

43.58.199.20.in-addr.arpa

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
197 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

51.11.108.188
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
241 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

188.108.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

188.108.11.51.in-addr.arpa
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
231 B
1
1

DNS Request

edgestatic.azureedge.net

DNS Response

13.107.246.64
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
275 B
1
1

DNS Request

edgestatic.azureedge.net
8.8.8.8:53

c.s-microsoft.com

dns

63 B
193 B
1
1

DNS Request

c.s-microsoft.com

DNS Response

88.221.165.159
8.8.8.8:53

c.s-microsoft.com

dns

63 B
238 B
1
1

DNS Request

c.s-microsoft.com
224.0.0.251:5353

204 B
3
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
251 B
1
1

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.64
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
282 B
1
1

DNS Request

wcpstatic.microsoft.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

137.142.123.92.in-addr.arpa

dns

146 B
139 B
2
1

DNS Request

137.142.123.92.in-addr.arpa

DNS Request

137.142.123.92.in-addr.arpa
8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa
8.8.8.8:53

35.56.20.217.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

35.56.20.217.in-addr.arpa
8.8.8.8:53

44.56.20.217.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

44.56.20.217.in-addr.arpa
8.8.8.8:53

205.47.74.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

205.47.74.20.in-addr.arpa
8.8.8.8:53

176.142.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

176.142.123.92.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

10.28.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.28.171.150.in-addr.arpa
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com
8.8.8.8:53

ads.alpha00001.com

dns

64 B
137 B
1
1

DNS Request

ads.alpha00001.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/808-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/808-2-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response