Overview

overview

3

Static

static

3

2024-03-16...ia.exe

windows7-x64

1

2024-03-16...ia.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/03/2024, 02:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-16_1aa2e6d73684918a23b364848e24d744_mafia.exe

  • Size

    1.7MB

  • MD5

    1aa2e6d73684918a23b364848e24d744

  • SHA1

    d38703d3ed911ee685b33453b1324cf81bad415d

  • SHA256

    dfa6557938c72bac8609eff9da464d7ba117552b698873e7c8ff08843107d772

  • SHA512

    ec563f6dc092d3bc8503fce2839069b046986afe1da7111b42b6a8490a646495ab501f9c09dac3e261b86e75e9df562a361518b7c52f261da019bb1dca9c4174

  • SSDEEP

    49152:PK2fKnt6jqAN2jyGi5/fhKaKuNrnk5Q3iUtx1YcqeI+fx63dyeG5QIVjNeg:PHKnt6jZei5/QaKuBk5oiUtx1Ykf03dU

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-16_1aa2e6d73684918a23b364848e24d744_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-16_1aa2e6d73684918a23b364848e24d744_mafia.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4864

Network

  • flag-us
    DNS
    4.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.142.211.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.142.211.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    194.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.178.17.96.in-addr.arpa
    IN PTR
    Response
    194.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-194deploystaticakamaitechnologiescom
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e449e84a73f4ff58742f4d8c56dd691&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e449e84a73f4ff58742f4d8c56dd691&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=361ADB6277F6632421C8CF2676166280; domain=.bing.com; expires=Thu, 10-Apr-2025 02:24:09 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 04E7B3AD02BD4856A087103F1FC7BDC7 Ref B: LON04EDGE1216 Ref C: 2024-03-16T02:24:09Z
    date: Sat, 16 Mar 2024 02:24:08 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0e449e84a73f4ff58742f4d8c56dd691&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0e449e84a73f4ff58742f4d8c56dd691&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=361ADB6277F6632421C8CF2676166280
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=E0h7EnbAuV7FLpVXI9WCFvg7XEcbtLbos_AzGk58oPw; domain=.bing.com; expires=Thu, 10-Apr-2025 02:24:09 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A81D0ADE03DB46498123D3A9FAD050AE Ref B: LON04EDGE1216 Ref C: 2024-03-16T02:24:09Z
    date: Sat, 16 Mar 2024 02:24:08 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e449e84a73f4ff58742f4d8c56dd691&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e449e84a73f4ff58742f4d8c56dd691&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=361ADB6277F6632421C8CF2676166280; MSPTC=E0h7EnbAuV7FLpVXI9WCFvg7XEcbtLbos_AzGk58oPw
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5378F601D27C4645B12968EC17929AB5 Ref B: LON04EDGE1216 Ref C: 2024-03-16T02:24:09Z
    date: Sat, 16 Mar 2024 02:24:08 GMT
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.241.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.241.123.92.in-addr.arpa
    IN PTR
    Response
    104.241.123.92.in-addr.arpa
    IN PTR
    a92-123-241-104deploystaticakamaitechnologiescom
  • flag-us
    DNS
    104.241.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.241.123.92.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    www.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    92.123.241.137
  • flag-gb
    GET
    http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt
    Remote address:
    92.123.241.137:80
    Request
    GET /pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: www.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1126
    Content-Type: application/octet-stream
    Content-MD5: YAUaFgF7vUODUG8XQQW6BQ==
    Last-Modified: Fri, 28 Sep 2018 22:50:05 GMT
    ETag: 0x8D62594BC0C84D8
    x-ms-request-id: 9327f1ba-601e-004f-4648-1536e4000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 16 Mar 2024 02:24:43 GMT
    Connection: keep-alive
    TLS_version: UNKNOWN
    ms-cv: CASMicrosoftCV11f5299d.0
    ms-cv-esi: CASMicrosoftCV11f5299d.0
    X-RTag: RT
  • flag-gb
    GET
    http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt
    Remote address:
    92.123.241.137:80
    Request
    GET /pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: www.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1126
    Content-Type: application/octet-stream
    Content-MD5: YAUaFgF7vUODUG8XQQW6BQ==
    Last-Modified: Fri, 28 Sep 2018 22:50:05 GMT
    ETag: 0x8D62594BC0C84D8
    x-ms-request-id: 9327f1ba-601e-004f-4648-1536e4000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    X-EdgeConnect-Origin-MEX-Latency: 105
    X-EdgeConnect-Origin-MEX-Latency: 107
    Date: Sat, 16 Mar 2024 02:24:43 GMT
    Connection: keep-alive
    TLS_version: UNKNOWN
    ms-cv: CASMicrosoftCV12d08f5c.0
    ms-cv-esi: CASMicrosoftCV12d08f5c.0
    X-RTag: RT
  • flag-us
    DNS
    137.241.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    137.241.123.92.in-addr.arpa
    IN PTR
    Response
    137.241.123.92.in-addr.arpa
    IN PTR
    a92-123-241-137deploystaticakamaitechnologiescom
  • flag-us
    DNS
    34.56.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    34.56.20.217.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    176.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    176.178.17.96.in-addr.arpa
    IN PTR
    Response
    176.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-176deploystaticakamaitechnologiescom
  • flag-us
    DNS
    32.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    32.134.221.88.in-addr.arpa
    IN PTR
    Response
    32.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-32deploystaticakamaitechnologiescom
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
    Response
    180.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-180deploystaticakamaitechnologiescom
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    174.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    174.178.17.96.in-addr.arpa
    IN PTR
    Response
    174.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-174deploystaticakamaitechnologiescom
  • flag-us
    DNS
    174.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    174.178.17.96.in-addr.arpa
    IN PTR
    Response
    174.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-174deploystaticakamaitechnologiescom
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418562_1168Q5I7J0C0R4GX2&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340418562_1168Q5I7J0C0R4GX2&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 838057
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 703770A28B5F4AA59D105B472F4AF45A Ref B: LON04EDGE0615 Ref C: 2024-03-16T02:25:46Z
    date: Sat, 16 Mar 2024 02:25:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418561_1E2KGQS8IVJEZ1891&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340418561_1E2KGQS8IVJEZ1891&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 795976
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: FE808C41586945AE966D6A880A23D530 Ref B: LON04EDGE0615 Ref C: 2024-03-16T02:25:46Z
    date: Sat, 16 Mar 2024 02:25:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300959_1CHLLCV5W8JDLT6KD&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317300959_1CHLLCV5W8JDLT6KD&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 497382
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 92E6A81C51364872828E7E67CDF5E533 Ref B: LON04EDGE0615 Ref C: 2024-03-16T02:25:46Z
    date: Sat, 16 Mar 2024 02:25:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301479_1B5J1TO4152FZG9UG&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301479_1B5J1TO4152FZG9UG&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 318975
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8EB538D6EE20493681D87E842CF4BF1A Ref B: LON04EDGE0615 Ref C: 2024-03-16T02:25:46Z
    date: Sat, 16 Mar 2024 02:25:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301046_1KSHETZQ4R0V80CZF&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301046_1KSHETZQ4R0V80CZF&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 288248
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 714C2CD450B44E72831365FF2EB685B3 Ref B: LON04EDGE0615 Ref C: 2024-03-16T02:25:46Z
    date: Sat, 16 Mar 2024 02:25:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301392_16A1PHSUUMJZWR1FN&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301392_16A1PHSUUMJZWR1FN&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 294234
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 51365D02AD414E859147B0D1016E92EB Ref B: LON04EDGE0615 Ref C: 2024-03-16T02:25:49Z
    date: Sat, 16 Mar 2024 02:25:48 GMT
  • flag-us
    DNS
    213.143.182.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    213.143.182.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    213.143.182.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    213.143.182.52.in-addr.arpa
    IN PTR
  • 204.79.197.200:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e449e84a73f4ff58742f4d8c56dd691&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=
    tls, http2
    2.2kB
     9.2kB
     23
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e449e84a73f4ff58742f4d8c56dd691&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0e449e84a73f4ff58742f4d8c56dd691&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e449e84a73f4ff58742f4d8c56dd691&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

    HTTP Response

    204
  • 92.123.241.137:80
    http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt
    http
    470 B
     1.8kB
     6
    4

    HTTP Request

    GET http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt

    HTTP Response

    200
  • 92.123.241.137:80
    http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt
    http
    470 B
     1.9kB
     6
    5

    HTTP Request

    GET http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301392_16A1PHSUUMJZWR1FN&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    108.8kB
     3.2MB
     2303
    2301

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418562_1168Q5I7J0C0R4GX2&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418561_1E2KGQS8IVJEZ1891&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300959_1CHLLCV5W8JDLT6KD&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301479_1B5J1TO4152FZG9UG&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301046_1KSHETZQ4R0V80CZF&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301392_16A1PHSUUMJZWR1FN&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 8.8.8.8:53
    4.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    4.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    183.142.211.20.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    183.142.211.20.in-addr.arpa

  • 8.8.8.8:53
    194.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    194.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     158 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    140 B
     156 B
     2
    1

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    104.241.123.92.in-addr.arpa
    dns
    146 B
     139 B
     2
    1

    DNS Request

    104.241.123.92.in-addr.arpa

    DNS Request

    104.241.123.92.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    119.110.54.20.in-addr.arpa

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
    www.microsoft.com
    dns
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    92.123.241.137

  • 8.8.8.8:53
    137.241.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    137.241.123.92.in-addr.arpa

  • 8.8.8.8:53
    34.56.20.217.in-addr.arpa
    dns
    71 B
     131 B
     1
    1

    DNS Request

    34.56.20.217.in-addr.arpa

  • 8.8.8.8:53
    176.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    176.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    32.134.221.88.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    32.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    180.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    180.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    146 B
     288 B
     2
    2

    DNS Request

    240.221.184.93.in-addr.arpa

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    142 B
     314 B
     2
    2

    DNS Request

    205.47.74.20.in-addr.arpa

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    174.178.17.96.in-addr.arpa
    dns
    144 B
     274 B
     2
    2

    DNS Request

    174.178.17.96.in-addr.arpa

    DNS Request

    174.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    144 B
     292 B
     2
    2

    DNS Request

    15.164.165.52.in-addr.arpa

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    21.236.111.52.in-addr.arpa
    dns
    144 B
     316 B
     2
    2

    DNS Request

    21.236.111.52.in-addr.arpa

    DNS Request

    21.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
     346 B
     2
    2

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    213.143.182.52.in-addr.arpa
    dns
    146 B
     147 B
     2
    1

    DNS Request

    213.143.182.52.in-addr.arpa

    DNS Request

    213.143.182.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.