Resubmissions

27/05/2024, 12:54 UTC

240527-p5cq8ada7v 3

27/05/2024, 12:52 UTC

240527-p36arach6x 3

Analysis

  • max time kernel
    1487s
  • max time network
    1458s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27/05/2024, 12:54 UTC

General

  • Target

    ED62B6BD122.exe

  • Size

    22.1MB

  • MD5

    68eca888cb479f840503bcdbda3acc88

  • SHA1

    609c73cd16d6a483dafb76179b21f329ea1fef00

  • SHA256

    0f7ff1dda72f7da756a8efb610c9bba0a574442a8a8b48413dda54981d28c4af

  • SHA512

    557b9c3743e5286ab3f21026dfab97c2608f47855a456aaf7cc893b39cfa57dc0df3000715b5da1f0993c4e6d06e84713329e2b190fd10f0d5a67b045da344db

  • SSDEEP

    393216:H7UhQ5zzPiYfcLYnzjbLYg/GXv2pXpH9P3il/gsHoEl8h/lt8/QH:EQpKYf+CLHGm9PggsHzylt8i

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\ED62B6BD122.exe
    "C:\Users\Admin\AppData\Local\Temp\ED62B6BD122.exe"
    1⤵
      PID:3556

    Network

    • flag-us
      DNS
      browser.pipe.aria.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      browser.pipe.aria.microsoft.com
      IN A
      Response
      browser.pipe.aria.microsoft.com
      IN CNAME
      browser.events.data.trafficmanager.net
      browser.events.data.trafficmanager.net
      IN CNAME
      onedscolprdwus10.westus.cloudapp.azure.com
      onedscolprdwus10.westus.cloudapp.azure.com
      IN A
      20.189.173.11
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
      Response
      ctldl.windowsupdate.com
      IN CNAME
      ctldl.windowsupdate.com.delivery.microsoft.com
      ctldl.windowsupdate.com.delivery.microsoft.com
      IN CNAME
      wu-b-net.trafficmanager.net
      wu-b-net.trafficmanager.net
      IN CNAME
      wu.azureedge.net
      wu.azureedge.net
      IN CNAME
      wu.ec.azureedge.net
      wu.ec.azureedge.net
      IN CNAME
      bg.apr-52dd2-0503.edgecastdns.net
      bg.apr-52dd2-0503.edgecastdns.net
      IN CNAME
      hlb.apr-52dd2-0.edgecastdns.net
      hlb.apr-52dd2-0.edgecastdns.net
      IN CNAME
      cs11.wpc.v0cdn.net
      cs11.wpc.v0cdn.net
      IN A
      93.184.221.240
    • flag-us
      DNS
      ocsp.digicert.com
      Remote address:
      8.8.8.8:53
      Request
      ocsp.digicert.com
      IN A
      Response
      ocsp.digicert.com
      IN CNAME
      ocsp.edge.digicert.com
      ocsp.edge.digicert.com
      IN CNAME
      fp2e7a.wpc.2be4.phicdn.net
      fp2e7a.wpc.2be4.phicdn.net
      IN CNAME
      fp2e7a.wpc.phicdn.net
      fp2e7a.wpc.phicdn.net
      IN A
      192.229.221.95
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      r.bing.com
      Remote address:
      8.8.8.8:53
      Request
      r.bing.com
      IN A
      Response
      r.bing.com
      IN CNAME
      p-static.bing.trafficmanager.net
      p-static.bing.trafficmanager.net
      IN CNAME
      r.bing.com.edgekey.net
      r.bing.com.edgekey.net
      IN CNAME
      e86303.dscx.akamaiedge.net
      e86303.dscx.akamaiedge.net
      IN A
      23.62.61.113
      e86303.dscx.akamaiedge.net
      IN A
      23.62.61.185
      e86303.dscx.akamaiedge.net
      IN A
      23.62.61.171
      e86303.dscx.akamaiedge.net
      IN A
      23.62.61.160
      e86303.dscx.akamaiedge.net
      IN A
      23.62.61.75
      e86303.dscx.akamaiedge.net
      IN A
      23.62.61.99
      e86303.dscx.akamaiedge.net
      IN A
      23.62.61.121
      e86303.dscx.akamaiedge.net
      IN A
      23.62.61.106
    • flag-us
      DNS
      64.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      64.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.173.189.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.173.189.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      11.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.173.189.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      login.live.com
      Remote address:
      8.8.8.8:53
      Request
      login.live.com
      IN A
      Response
      login.live.com
      IN CNAME
      login.msa.msidentity.com
      login.msa.msidentity.com
      IN CNAME
      www.tm.lg.prod.aadmsa.trafficmanager.net
      www.tm.lg.prod.aadmsa.trafficmanager.net
      IN CNAME
      prdv4a.aadg.msidentity.com
      prdv4a.aadg.msidentity.com
      IN CNAME
      www.tm.v4.a.prd.aadg.trafficmanager.net
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.159.64
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.159.71
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.31.71
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.159.73
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.31.73
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.159.23
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.31.69
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.159.2
    • flag-us
      DNS
      self.events.data.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      self.events.data.microsoft.com
      IN A
      Response
      self.events.data.microsoft.com
      IN CNAME
      self-events-data.trafficmanager.net
      self-events-data.trafficmanager.net
      IN CNAME
      onedscolprdwus08.westus.cloudapp.azure.com
      onedscolprdwus08.westus.cloudapp.azure.com
      IN A
      20.189.173.9
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-weu-b.westeurope.cloudapp.azure.com
      iris-de-prod-azsc-v2-weu-b.westeurope.cloudapp.azure.com
      IN A
      20.31.169.57
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      205.47.74.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      205.47.74.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      54.120.234.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      54.120.234.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      ris.api.iris.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      ris.api.iris.microsoft.com
      IN A
      Response
      ris.api.iris.microsoft.com
      IN CNAME
      ris-prod.trafficmanager.net
      ris-prod.trafficmanager.net
      IN CNAME
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      IN A
      20.234.120.54
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      113.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      113.61.62.23.in-addr.arpa
      IN PTR
      Response
      113.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-113deploystaticakamaitechnologiescom
    • flag-us
      DNS
      nexusrules.officeapps.live.com
      Remote address:
      8.8.8.8:53
      Request
      nexusrules.officeapps.live.com
      IN A
      Response
      nexusrules.officeapps.live.com
      IN CNAME
      prod.nexusrules.live.com.akadns.net
      prod.nexusrules.live.com.akadns.net
      IN A
      52.111.229.43
    • flag-us
      DNS
      login.live.com
      Remote address:
      8.8.8.8:53
      Request
      login.live.com
      IN A
      Response
      login.live.com
      IN CNAME
      login.msa.msidentity.com
      login.msa.msidentity.com
      IN CNAME
      www.tm.lg.prod.aadmsa.trafficmanager.net
      www.tm.lg.prod.aadmsa.trafficmanager.net
      IN CNAME
      prdv4a.aadg.msidentity.com
      prdv4a.aadg.msidentity.com
      IN CNAME
      www.tm.v4.a.prd.aadg.trafficmanager.net
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.32.134
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.32.136
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.32.140
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.160.22
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.160.14
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.32.72
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.32.133
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.32.138
    • flag-us
      DNS
      134.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      134.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.com
      iris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.com
      IN A
      20.74.47.205
    • flag-us
      DNS
      ris.api.iris.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      ris.api.iris.microsoft.com
      IN A
      Response
      ris.api.iris.microsoft.com
      IN CNAME
      ris-prod.trafficmanager.net
      ris-prod.trafficmanager.net
      IN CNAME
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      IN A
      20.234.120.54
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com
      iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com
      IN A
      20.199.58.43
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 659775
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: A8A3918033EB421483A96EC82EF78299 Ref B: LON04EDGE1008 Ref C: 2024-05-27T13:18:40Z
      date: Mon, 27 May 2024 13:18:39 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 627437
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: C745F4B093AB4FE688262AC995547FED Ref B: LON04EDGE1008 Ref C: 2024-05-27T13:18:40Z
      date: Mon, 27 May 2024 13:18:39 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 415458
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 66D66994D2A44F4D87463B16A2EC2A08 Ref B: LON04EDGE1008 Ref C: 2024-05-27T13:18:40Z
      date: Mon, 27 May 2024 13:18:39 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 792794
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E47CFE1F099245FDA37122C6F7416748 Ref B: LON04EDGE1008 Ref C: 2024-05-27T13:18:40Z
      date: Mon, 27 May 2024 13:18:39 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 621794
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 13E282A0A87B4B9BB9E6A8418CE0EF5D Ref B: LON04EDGE1008 Ref C: 2024-05-27T13:18:40Z
      date: Mon, 27 May 2024 13:18:39 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 430689
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 7322D47628B04DF882EA43D4CEA907F8 Ref B: LON04EDGE1008 Ref C: 2024-05-27T13:18:40Z
      date: Mon, 27 May 2024 13:18:40 GMT
    • 184.25.204.50:443
      www.bing.com
      tls
      25.7kB
      145.1kB
      157
      147
    • 20.189.173.11:443
      browser.pipe.aria.microsoft.com
      tls
      4.8kB
      7.6kB
      26
      16
    • 23.62.61.113:443
      r.bing.com
      tls
      57.6kB
      1.5MB
      1142
      1113
    • 23.62.61.113:443
      r.bing.com
      tls
      1.2kB
      5.3kB
      17
      14
    • 23.62.61.113:443
      r.bing.com
      tls
      1.2kB
      5.3kB
      17
      14
    • 23.62.61.113:443
      r.bing.com
      tls
      1.2kB
      5.3kB
      17
      14
    • 23.62.61.113:443
      r.bing.com
      tls
      1.2kB
      5.3kB
      17
      14
    • 23.62.61.113:443
      r.bing.com
      tls
      1.2kB
      5.3kB
      17
      14
    • 23.62.61.113:443
      r.bing.com
      tls
      1.4kB
      1.1kB
      14
      11
    • 23.62.61.113:443
      r.bing.com
      tls
      1.4kB
      1.1kB
      14
      11
    • 23.62.61.113:443
      r.bing.com
      tls
      1.4kB
      1.1kB
      14
      11
    • 23.62.61.113:443
      r.bing.com
      tls
      1.4kB
      1.1kB
      14
      11
    • 23.62.61.113:443
      r.bing.com
      tls
      1.4kB
      1.1kB
      14
      11
    • 23.62.61.113:443
      r.bing.com
      tls
      1.4kB
      1.1kB
      14
      11
    • 23.62.61.113:443
      r.bing.com
      tls
      1.4kB
      1.1kB
      14
      11
    • 23.62.61.113:443
      r.bing.com
      tls
      1.4kB
      1.1kB
      14
      11
    • 23.62.61.113:443
      r.bing.com
      tls
      1.4kB
      1.1kB
      14
      11
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.3kB
      8.1kB
      16
      13
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.3kB
      8.1kB
      16
      14
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      tls, http2
      125.3kB
      3.7MB
      2666
      2658

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.3kB
      8.1kB
      16
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.3kB
      8.1kB
      16
      14
    • 8.8.8.8:53
      browser.pipe.aria.microsoft.com
      dns
      545 B
      1.4kB
      8
      7

      DNS Request

      browser.pipe.aria.microsoft.com

      DNS Response

      20.189.173.11

      DNS Request

      ctldl.windowsupdate.com

      DNS Response

      93.184.221.240

      DNS Request

      ocsp.digicert.com

      DNS Response

      192.229.221.95

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      r.bing.com

      DNS Response

      23.62.61.113
      23.62.61.185
      23.62.61.171
      23.62.61.160
      23.62.61.75
      23.62.61.99
      23.62.61.121
      23.62.61.106

      DNS Request

      64.159.190.20.in-addr.arpa

      DNS Request

      9.173.189.20.in-addr.arpa

      DNS Request

      9.173.189.20.in-addr.arpa

    • 8.8.8.8:53
      11.173.189.20.in-addr.arpa
      dns
      613 B
      1.7kB
      9
      9

      DNS Request

      11.173.189.20.in-addr.arpa

      DNS Request

      login.live.com

      DNS Response

      20.190.159.64
      20.190.159.71
      40.126.31.71
      20.190.159.73
      40.126.31.73
      20.190.159.23
      40.126.31.69
      20.190.159.2

      DNS Request

      self.events.data.microsoft.com

      DNS Response

      20.189.173.9

      DNS Request

      arc.msn.com

      DNS Response

      20.31.169.57

      DNS Request

      57.169.31.20.in-addr.arpa

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

      DNS Request

      205.47.74.20.in-addr.arpa

      DNS Request

      54.120.234.20.in-addr.arpa

      DNS Request

      ris.api.iris.microsoft.com

      DNS Response

      20.234.120.54

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      682 B
      1.7kB
      10
      10

      DNS Request

      240.221.184.93.in-addr.arpa

      DNS Request

      113.61.62.23.in-addr.arpa

      DNS Request

      nexusrules.officeapps.live.com

      DNS Response

      52.111.229.43

      DNS Request

      login.live.com

      DNS Response

      40.126.32.134
      40.126.32.136
      40.126.32.140
      20.190.160.22
      20.190.160.14
      40.126.32.72
      40.126.32.133
      40.126.32.138

      DNS Request

      134.32.126.40.in-addr.arpa

      DNS Request

      arc.msn.com

      DNS Response

      20.74.47.205

      DNS Request

      ris.api.iris.microsoft.com

      DNS Response

      20.234.120.54

      DNS Request

      200.197.79.204.in-addr.arpa

      DNS Request

      arc.msn.com

      DNS Response

      20.199.58.43

      DNS Request

      43.58.199.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.