Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

37419d3a8a...5f.exe

windows7-x64

10

37419d3a8a...5f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/08/2024, 17:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37419d3a8a50d2e5bc0eef676a37d6757ba43a64eff868edb4af5c386900235f.exe

  • Size

    248KB

  • MD5

    1f243595efaa54f6c37a089ec7847c6d

  • SHA1

    83eb38d9f85bdcf12cb781fad34ceb1e31b34b5a

  • SHA256

    37419d3a8a50d2e5bc0eef676a37d6757ba43a64eff868edb4af5c386900235f

  • SHA512

    58e936e2c5b44a489c75494102228d11d6aa6d3e26e687f20923437c1d44b2e9af5533e3ea53c178c2bc70d656f913158dbc0f5cd8cdc7a3738cba8ad6cbff55

  • SSDEEP

    3072:IDGh7pXYLE2d5+8XTQhtetONYWO9jfBU393KySv53brCTxI:RpXYLEcfXT3hRfG3kyevCFI

Score
10/10
smokeloaderbackdoordiscoverytrojan

Malware Config

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\37419d3a8a50d2e5bc0eef676a37d6757ba43a64eff868edb4af5c386900235f.exe
    "C:\Users\Admin\AppData\Local\Temp\37419d3a8a50d2e5bc0eef676a37d6757ba43a64eff868edb4af5c386900235f.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Checks SCSI registry key(s)
    PID:4032
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 352
      2⤵
      • Program crash
      PID:3988
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4032 -ip 4032
    1⤵
      PID:4492

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.ax-0001.ax-msedge.net
      g-bing-com.ax-0001.ax-msedge.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea2e6ac480894393b7b97de46021c185&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=
      Remote address:
      150.171.27.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea2e6ac480894393b7b97de46021c185&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=2E62ECE849AC6DFF0727F801484C6CED; domain=.bing.com; expires=Mon, 22-Sep-2025 17:16:23 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 56785F6D9EE94CAE852B7DC31BCAE62A Ref B: LON04EDGE1114 Ref C: 2024-08-28T17:16:23Z
      date: Wed, 28 Aug 2024 17:16:23 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ea2e6ac480894393b7b97de46021c185&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=
      Remote address:
      150.171.27.10:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ea2e6ac480894393b7b97de46021c185&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2E62ECE849AC6DFF0727F801484C6CED
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=YKf-IPTcctG0S24VcbfNknYw4dNkPIvqBDG3NHDtuWA; domain=.bing.com; expires=Mon, 22-Sep-2025 17:16:23 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: D0A4A344DEEF4A2E86F62B264FAF0E83 Ref B: LON04EDGE1114 Ref C: 2024-08-28T17:16:23Z
      date: Wed, 28 Aug 2024 17:16:23 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea2e6ac480894393b7b97de46021c185&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=
      Remote address:
      150.171.27.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea2e6ac480894393b7b97de46021c185&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2E62ECE849AC6DFF0727F801484C6CED; MSPTC=YKf-IPTcctG0S24VcbfNknYw4dNkPIvqBDG3NHDtuWA
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 46217A032F4844E18BAE1C964C06A796 Ref B: LON04EDGE1114 Ref C: 2024-08-28T17:16:24Z
      date: Wed, 28 Aug 2024 17:16:23 GMT
    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      17.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      17.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      149.220.183.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      149.220.183.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      58.55.71.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.55.71.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      58.55.71.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.55.71.13.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      58.55.71.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.55.71.13.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      73.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.144.22.2.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      73.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.144.22.2.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      73.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.144.22.2.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      73.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.144.22.2.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      73.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.144.22.2.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      26.165.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.165.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      21.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      21.236.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      140.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      140.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      140.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      140.32.126.40.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      140.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      140.32.126.40.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      140.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      140.32.126.40.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301325_1YMIRALDGCWA4284D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239317301325_1YMIRALDGCWA4284D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 743817
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: C7CCD645BC4F4D6E8E38B2BB82F086A2 Ref B: LON04EDGE0920 Ref C: 2024-08-28T17:17:57Z
      date: Wed, 28 Aug 2024 17:17:57 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317300898_1DBNL24J8IPX8GJ6W&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239317300898_1DBNL24J8IPX8GJ6W&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 325509
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 5B04767D85114C2C8CA03D862097B20A Ref B: LON04EDGE0920 Ref C: 2024-08-28T17:17:57Z
      date: Wed, 28 Aug 2024 17:17:57 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301331_14SS4RCAUNH9168UR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239317301331_14SS4RCAUNH9168UR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 453688
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 540944033F5A4235B38EB2F46858C576 Ref B: LON04EDGE0920 Ref C: 2024-08-28T17:17:57Z
      date: Wed, 28 Aug 2024 17:17:57 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301734_1HIK8LLAATSP6A8ZA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239317301734_1HIK8LLAATSP6A8ZA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 344850
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: D8260F93057846D1B600187CB31F20D8 Ref B: LON04EDGE0920 Ref C: 2024-08-28T17:17:57Z
      date: Wed, 28 Aug 2024 17:17:57 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388048_1IVB13E27CUNQSQ2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239339388048_1IVB13E27CUNQSQ2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 501054
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: D591D1E03AF443A789859FE1DE764A89 Ref B: LON04EDGE0920 Ref C: 2024-08-28T17:17:57Z
      date: Wed, 28 Aug 2024 17:17:57 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388049_1JDWBDIID6LMBHM7O&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239339388049_1JDWBDIID6LMBHM7O&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 542702
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 05BB30E01ADB4FFDB9964CFD6C301D28 Ref B: LON04EDGE0920 Ref C: 2024-08-28T17:17:57Z
      date: Wed, 28 Aug 2024 17:17:57 GMT
    • flag-us
      DNS
      10.28.171.150.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.28.171.150.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      147.142.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      147.142.123.92.in-addr.arpa
      IN PTR
      Response
      147.142.123.92.in-addr.arpa
      IN PTR
      a92-123-142-147deploystaticakamaitechnologiescom
    • flag-us
      DNS
      147.142.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      147.142.123.92.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      147.142.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      147.142.123.92.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • 150.171.28.10:443
      g.bing.com
      156 B
       3
    • 150.171.27.10:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea2e6ac480894393b7b97de46021c185&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=
      tls, http2
      2.4kB
       9.8kB
       24
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea2e6ac480894393b7b97de46021c185&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ea2e6ac480894393b7b97de46021c185&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea2e6ac480894393b7b97de46021c185&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

      HTTP Response

      204
    • 52.111.229.43:443
      322 B
       7
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.8kB
       7.0kB
       18
      14
    • 150.171.28.10:443
      https://tse1.mm.bing.net/th?id=OADD2.10239339388049_1JDWBDIID6LMBHM7O&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      tls, http2
      109.5kB
       3.0MB
       2199
      2192

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301325_1YMIRALDGCWA4284D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317300898_1DBNL24J8IPX8GJ6W&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301331_14SS4RCAUNH9168UR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301734_1HIK8LLAATSP6A8ZA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388048_1IVB13E27CUNQSQ2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388049_1JDWBDIID6LMBHM7O&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.3kB
       7.0kB
       17
      13
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.3kB
       7.0kB
       17
      13
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.3kB
       6.9kB
       17
      13
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       148 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      150.171.28.10
      150.171.27.10

    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      17.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      17.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      149.220.183.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      149.220.183.52.in-addr.arpa

    • 8.8.8.8:53
      58.55.71.13.in-addr.arpa
      dns
      210 B
       144 B
       3
      1

      DNS Request

      58.55.71.13.in-addr.arpa

      DNS Request

      58.55.71.13.in-addr.arpa

      DNS Request

      58.55.71.13.in-addr.arpa

    • 8.8.8.8:53
      26.165.165.52.in-addr.arpa
      dns
      144 B
       146 B
       2
      1

      DNS Request

      26.165.165.52.in-addr.arpa

      DNS Request

      26.165.165.52.in-addr.arpa

    • 8.8.8.8:53
      73.144.22.2.in-addr.arpa
      dns
      350 B
       5

      DNS Request

      73.144.22.2.in-addr.arpa

      DNS Request

      73.144.22.2.in-addr.arpa

      DNS Request

      73.144.22.2.in-addr.arpa

      DNS Request

      73.144.22.2.in-addr.arpa

      DNS Request

      73.144.22.2.in-addr.arpa

    • 8.8.8.8:53
      26.165.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      26.165.165.52.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      21.236.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      21.236.111.52.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      140.32.126.40.in-addr.arpa
      dns
      288 B
       158 B
       4
      1

      DNS Request

      140.32.126.40.in-addr.arpa

      DNS Request

      140.32.126.40.in-addr.arpa

      DNS Request

      140.32.126.40.in-addr.arpa

      DNS Request

      140.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       170 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      150.171.28.10
      150.171.27.10

    • 8.8.8.8:53
      10.28.171.150.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      10.28.171.150.in-addr.arpa

    • 8.8.8.8:53
      147.142.123.92.in-addr.arpa
      dns
      219 B
       139 B
       3
      1

      DNS Request

      147.142.123.92.in-addr.arpa

      DNS Request

      147.142.123.92.in-addr.arpa

      DNS Request

      147.142.123.92.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      240.221.184.93.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4032-2-0x0000000002570000-0x0000000002579000-memory.dmp

      Filesize

      36KB

      Download

    • memory/4032-3-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/4032-1-0x0000000000BA0000-0x0000000000CA0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4032-4-0x0000000000400000-0x0000000000826000-memory.dmp

      Filesize

      4.1MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.