Analysis

  • max time kernel
    268s
  • max time network
    307s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-01-2024 15:35

General

  • Target

    UltimMC/imageformats/qjpeg.dll

  • Size

    246KB

  • MD5

    c228c1486e203d48d9c7d84d0b631e15

  • SHA1

    1ccdd75d6cd473d00aa17686ec98f509b1e8e360

  • SHA256

    a55cb801a07932d263c980b14abdb464acd8150b9258260efdf535634bfe9811

  • SHA512

    a649078738e69572276a37431c495582f933b04701deded8b5f6dd5b3c6d5b9d338ddb242b71659038d324ca74c2a8f2b229c7beba6f16ddea238f2bcbfae870

  • SSDEEP

    6144:jutAUtpjvlyaX8XZ99bkBRSMArBPkfB917Wu:jutAavlqJMArBPkf

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\UltimMC\imageformats\qjpeg.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1880
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\UltimMC\imageformats\qjpeg.dll,#1
      2⤵
        PID:2956

    Network

    • flag-us
      DNS
      178.223.142.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      178.223.142.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      158.240.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.240.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      20.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      20.177.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      182.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      182.178.17.96.in-addr.arpa
      IN PTR
      Response
      182.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-182deploystaticakamaitechnologiescom
    • flag-us
      DNS
      182.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      182.178.17.96.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      30.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      30.243.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      204.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      204.178.17.96.in-addr.arpa
      IN PTR
      Response
      204.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-204deploystaticakamaitechnologiescom
    • flag-us
      DNS
      204.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      204.178.17.96.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      193.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      193.178.17.96.in-addr.arpa
      IN PTR
      Response
      193.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-193deploystaticakamaitechnologiescom
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      217.135.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.135.221.88.in-addr.arpa
      IN PTR
      Response
      217.135.221.88.in-addr.arpa
      IN PTR
      a88-221-135-217deploystaticakamaitechnologiescom
    • flag-us
      DNS
      83.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      83.177.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=3FB3BB74F7BB669E3F92A88AF6006758; domain=.bing.com; expires=Thu, 30-Jan-2025 15:40:51 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E331138D2C4E42C89058E931EF1EA6C4 Ref B: LON04EDGE0911 Ref C: 2024-01-06T15:40:51Z
      date: Sat, 06 Jan 2024 15:40:51 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3FB3BB74F7BB669E3F92A88AF6006758
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=7GVYFkH3y27ubYb7LzVFMd-6L2u4DHaQ9spYbYk9jmc; domain=.bing.com; expires=Thu, 30-Jan-2025 15:40:53 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 440208B7670047A58DACA3656DF335D3 Ref B: LON04EDGE0911 Ref C: 2024-01-06T15:40:53Z
      date: Sat, 06 Jan 2024 15:40:53 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3FB3BB74F7BB669E3F92A88AF6006758; MSPTC=7GVYFkH3y27ubYb7LzVFMd-6L2u4DHaQ9spYbYk9jmc
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 708AD18391824E59BDDD05C612830696 Ref B: LON04EDGE0911 Ref C: 2024-01-06T15:40:53Z
      date: Sat, 06 Jan 2024 15:40:53 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=33f32f0cc8d14694a45670982501b415&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=33f32f0cc8d14694a45670982501b415&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3FB3BB74F7BB669E3F92A88AF6006758; MSPTC=7GVYFkH3y27ubYb7LzVFMd-6L2u4DHaQ9spYbYk9jmc
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: A6D46C2916A842789538AF6E144C4261 Ref B: LON04EDGE0911 Ref C: 2024-01-06T15:41:13Z
      date: Sat, 06 Jan 2024 15:41:13 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=33f32f0cc8d14694a45670982501b415&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=33f32f0cc8d14694a45670982501b415&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3FB3BB74F7BB669E3F92A88AF6006758; MSPTC=7GVYFkH3y27ubYb7LzVFMd-6L2u4DHaQ9spYbYk9jmc
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 5F17AC22F79E460085E01A14E3B53A35 Ref B: LON04EDGE0911 Ref C: 2024-01-06T15:41:13Z
      date: Sat, 06 Jan 2024 15:41:13 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=33f32f0cc8d14694a45670982501b415&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=33f32f0cc8d14694a45670982501b415&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3FB3BB74F7BB669E3F92A88AF6006758; MSPTC=7GVYFkH3y27ubYb7LzVFMd-6L2u4DHaQ9spYbYk9jmc
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 622AE9E800854C529254C487715EE5F3 Ref B: LON04EDGE0911 Ref C: 2024-01-06T15:41:13Z
      date: Sat, 06 Jan 2024 15:41:13 GMT
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      88.156.103.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.156.103.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
    • flag-us
      DNS
      11.2.37.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.2.37.23.in-addr.arpa
      IN PTR
      Response
      11.2.37.23.in-addr.arpa
      IN PTR
      a23-37-2-11deploystaticakamaitechnologiescom
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 488784
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 43164F03C3A44E9C9D64496F49BCC0A4 Ref B: LON04EDGE0711 Ref C: 2024-01-06T15:41:14Z
      date: Sat, 06 Jan 2024 15:41:13 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301168_16G64C18QUW861YM2&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301168_16G64C18QUW861YM2&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 535868
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: B73B37E588004314829807BDA761E856 Ref B: LON04EDGE0711 Ref C: 2024-01-06T15:41:14Z
      date: Sat, 06 Jan 2024 15:41:13 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301073_18LC40ETNMF8SEVBD&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301073_18LC40ETNMF8SEVBD&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 347909
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 662A33E5DC684BB7AA3DB28D60909FD5 Ref B: LON04EDGE0711 Ref C: 2024-01-06T15:41:14Z
      date: Sat, 06 Jan 2024 15:41:13 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 547436
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: D016E2291F6D4CDF8C247B228B35A110 Ref B: LON04EDGE0711 Ref C: 2024-01-06T15:41:14Z
      date: Sat, 06 Jan 2024 15:41:13 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301506_1F0FLOT3FW11VH0B0&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301506_1F0FLOT3FW11VH0B0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 317587
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 97925564F4854B379F52AC99BF9C1D1E Ref B: LON04EDGE0711 Ref C: 2024-01-06T15:41:14Z
      date: Sat, 06 Jan 2024 15:41:13 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301577_1B5OIQ9XH8JLMH3HW&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301577_1B5OIQ9XH8JLMH3HW&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 450187
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 7E143D960C7D4871B47645A34DE8F902 Ref B: LON04EDGE0711 Ref C: 2024-01-06T15:41:43Z
      date: Sat, 06 Jan 2024 15:41:42 GMT
    • flag-us
      DNS
      82.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      82.177.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      2.136.104.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.136.104.51.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=33f32f0cc8d14694a45670982501b415&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
      tls, http2
      2.9kB
      10.1kB
      30
      25

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=33f32f0cc8d14694a45670982501b415&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=33f32f0cc8d14694a45670982501b415&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=33f32f0cc8d14694a45670982501b415&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

      HTTP Response

      204
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.4kB
      10.1kB
      18
      15
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239317301577_1B5OIQ9XH8JLMH3HW&pid=21.2&w=1080&h=1920&c=4
      tls, http2
      63.4kB
      1.8MB
      1273
      1270

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301168_16G64C18QUW861YM2&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301073_18LC40ETNMF8SEVBD&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301506_1F0FLOT3FW11VH0B0&pid=21.2&w=1080&h=1920&c=4

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301577_1B5OIQ9XH8JLMH3HW&pid=21.2&w=1080&h=1920&c=4

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.6kB
      9.7kB
      19
      15
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.5kB
      9.7kB
      18
      15
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.6kB
      9.6kB
      18
      14
    • 8.8.8.8:53
      178.223.142.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      178.223.142.52.in-addr.arpa

    • 8.8.8.8:53
      158.240.127.40.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      158.240.127.40.in-addr.arpa

    • 8.8.8.8:53
      20.177.190.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      20.177.190.20.in-addr.arpa

    • 8.8.8.8:53
      182.178.17.96.in-addr.arpa
      dns
      144 B
      137 B
      2
      1

      DNS Request

      182.178.17.96.in-addr.arpa

      DNS Request

      182.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      219 B
      144 B
      3
      1

      DNS Request

      95.221.229.192.in-addr.arpa

      DNS Request

      95.221.229.192.in-addr.arpa

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      30.243.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      30.243.111.52.in-addr.arpa

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      204.178.17.96.in-addr.arpa
      dns
      144 B
      137 B
      2
      1

      DNS Request

      204.178.17.96.in-addr.arpa

      DNS Request

      204.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      146 B
      147 B
      2
      1

      DNS Request

      103.169.127.40.in-addr.arpa

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      193.178.17.96.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      193.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      284 B
      157 B
      4
      1

      DNS Request

      198.187.3.20.in-addr.arpa

      DNS Request

      198.187.3.20.in-addr.arpa

      DNS Request

      198.187.3.20.in-addr.arpa

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      217.135.221.88.in-addr.arpa
      dns
      73 B
      139 B
      1
      1

      DNS Request

      217.135.221.88.in-addr.arpa

    • 8.8.8.8:53
      83.177.190.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      83.177.190.20.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      158 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      73 B
      106 B
      1
      1

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      88.156.103.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      88.156.103.20.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      124 B
      173 B
      2
      1

      DNS Request

      tse1.mm.bing.net

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      11.2.37.23.in-addr.arpa
      dns
      69 B
      131 B
      1
      1

      DNS Request

      11.2.37.23.in-addr.arpa

    • 8.8.8.8:53
      82.177.190.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      82.177.190.20.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      210 B
      156 B
      3
      1

      DNS Request

      9.228.82.20.in-addr.arpa

      DNS Request

      9.228.82.20.in-addr.arpa

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      2.136.104.51.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      2.136.104.51.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.