Overview

overview

3

Static

static

3

245e550e72...18.exe

windows7-x64

1

245e550e72...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    132s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 02:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    245e550e7295d421882d5d525e5eefba_JaffaCakes118.exe

  • Size

    20KB

  • MD5

    245e550e7295d421882d5d525e5eefba

  • SHA1

    6bb278d924c200da3758378b019537b96a2e2db6

  • SHA256

    694e5e03cbc2b0ec6144b2cf0323546829821b96c7504585acc4a5a44d7965a5

  • SHA512

    d613c15a114288ff1b7fa4183055e220a76dfd88b54c2a9ea48d70c3c812fc08da43178ea3ac4dc17cd99b6d13c42711c40fe19e923d1f30c410115748f75250

  • SSDEEP

    96:/lxjrO7+L57em5M2UqIYJcfF274haDaDnaybbqXkAcCfMDNeX1kEys2:/TaykcrVafF2WaDmnaoqXkAcC0DNT9s

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\245e550e7295d421882d5d525e5eefba_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\245e550e7295d421882d5d525e5eefba_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1988

Network

  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    91.90.14.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    91.90.14.23.in-addr.arpa
    IN PTR
    Response
    91.90.14.23.in-addr.arpa
    IN PTR
    a23-14-90-91deploystaticakamaitechnologiescom
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8kt8fkLFGYTwjHSqpvCYaoTVUCUzT50lDGYHGJfgQ_QsvmEL2Ih7F12cdG4ls69PieDHb8jqjAyB9zXAyR46m0uTAATGKwyVoiPP4nyQtFhnwYFFJ0UvRohuR3jgr8MJ9dBdB8Nyi9iSzNihiNZLInFW0QU478GkRrihKbugNll3XHtuD%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D2507084ace8e1865a8376e226f46182e&TIME=20240611T191345Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321&muid=C1FAC51E94ABDC02D5235673D6AE25E6
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8kt8fkLFGYTwjHSqpvCYaoTVUCUzT50lDGYHGJfgQ_QsvmEL2Ih7F12cdG4ls69PieDHb8jqjAyB9zXAyR46m0uTAATGKwyVoiPP4nyQtFhnwYFFJ0UvRohuR3jgr8MJ9dBdB8Nyi9iSzNihiNZLInFW0QU478GkRrihKbugNll3XHtuD%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D2507084ace8e1865a8376e226f46182e&TIME=20240611T191345Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321&muid=C1FAC51E94ABDC02D5235673D6AE25E6 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=37BF181CF87A660D01020CAEF99A67A7; domain=.bing.com; expires=Tue, 29-Jul-2025 02:45:15 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A99989730ABE4D9DB5177C6F7909D105 Ref B: LON04EDGE1222 Ref C: 2024-07-04T02:45:15Z
    date: Thu, 04 Jul 2024 02:45:15 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8kt8fkLFGYTwjHSqpvCYaoTVUCUzT50lDGYHGJfgQ_QsvmEL2Ih7F12cdG4ls69PieDHb8jqjAyB9zXAyR46m0uTAATGKwyVoiPP4nyQtFhnwYFFJ0UvRohuR3jgr8MJ9dBdB8Nyi9iSzNihiNZLInFW0QU478GkRrihKbugNll3XHtuD%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D2507084ace8e1865a8376e226f46182e&TIME=20240611T191345Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321&muid=C1FAC51E94ABDC02D5235673D6AE25E6
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8kt8fkLFGYTwjHSqpvCYaoTVUCUzT50lDGYHGJfgQ_QsvmEL2Ih7F12cdG4ls69PieDHb8jqjAyB9zXAyR46m0uTAATGKwyVoiPP4nyQtFhnwYFFJ0UvRohuR3jgr8MJ9dBdB8Nyi9iSzNihiNZLInFW0QU478GkRrihKbugNll3XHtuD%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D2507084ace8e1865a8376e226f46182e&TIME=20240611T191345Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321&muid=C1FAC51E94ABDC02D5235673D6AE25E6 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=37BF181CF87A660D01020CAEF99A67A7; _EDGE_S=SID=109311BAC7FF60910CE40508C67C6192
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=sotVJBFQflINjeDzENtU2ur6nFVxXH2ctK3TYGJVB_w; domain=.bing.com; expires=Tue, 29-Jul-2025 02:45:15 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E9DC1EEDA63D42AE8E95AA4F9BD83A8E Ref B: LON04EDGE1222 Ref C: 2024-07-04T02:45:15Z
    date: Thu, 04 Jul 2024 02:45:15 GMT
  • flag-nl
    GET
    https://www.bing.com/aes/c.gif?RG=5a89964e35164c259d993d66bcb7990a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191345Z&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321
    Remote address:
    23.62.61.194:443
    Request
    GET /aes/c.gif?RG=5a89964e35164c259d993d66bcb7990a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191345Z&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=37BF181CF87A660D01020CAEF99A67A7
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D5338F1895D649F1826FC194787D552A Ref B: AMS04EDGE2714 Ref C: 2024-07-04T02:45:15Z
    content-length: 0
    date: Thu, 04 Jul 2024 02:45:15 GMT
    set-cookie: _EDGE_S=SID=109311BAC7FF60910CE40508C67C6192; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=37BF181CF87A660D01020CAEF99A67A7; path=/; httponly; expires=Tue, 29-Jul-2025 02:45:15 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.be3d3e17.1720061115.8952ba
  • flag-us
    DNS
    64.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    64.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.21.107.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.21.107.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    194.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.61.62.23.in-addr.arpa
    IN PTR
    Response
    194.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-194deploystaticakamaitechnologiescom
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    107.12.20.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    107.12.20.2.in-addr.arpa
    IN PTR
    Response
    107.12.20.2.in-addr.arpa
    IN PTR
    a2-20-12-107deploystaticakamaitechnologiescom
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.99.105.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.99.105.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 532141
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A43B1735CD3F4A64B4C74A47EA6C0419 Ref B: LON04EDGE1007 Ref C: 2024-07-04T02:46:52Z
    date: Thu, 04 Jul 2024 02:46:52 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239378035945_10T6FVURQVW5LVR96&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239378035945_10T6FVURQVW5LVR96&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 637660
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: DACBE0283A4943438CEEC009100D4E90 Ref B: LON04EDGE1007 Ref C: 2024-07-04T02:46:52Z
    date: Thu, 04 Jul 2024 02:46:52 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239378035944_1EHBGA1BYD4HZXZYE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239378035944_1EHBGA1BYD4HZXZYE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 634564
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 136B9EF9E9E74F7E85B10ACB1A6CD930 Ref B: LON04EDGE1007 Ref C: 2024-07-04T02:46:52Z
    date: Thu, 04 Jul 2024 02:46:52 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 592155
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 30C63C5DE5A24D2F81F6EB02A604D67D Ref B: LON04EDGE1007 Ref C: 2024-07-04T02:46:52Z
    date: Thu, 04 Jul 2024 02:46:52 GMT
  • flag-us
    DNS
    10.27.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.27.171.150.in-addr.arpa
    IN PTR
    Response
  • 13.107.21.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8kt8fkLFGYTwjHSqpvCYaoTVUCUzT50lDGYHGJfgQ_QsvmEL2Ih7F12cdG4ls69PieDHb8jqjAyB9zXAyR46m0uTAATGKwyVoiPP4nyQtFhnwYFFJ0UvRohuR3jgr8MJ9dBdB8Nyi9iSzNihiNZLInFW0QU478GkRrihKbugNll3XHtuD%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D2507084ace8e1865a8376e226f46182e&TIME=20240611T191345Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321&muid=C1FAC51E94ABDC02D5235673D6AE25E6
    tls, http2
    2.5kB
     9.1kB
     19
    17

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8kt8fkLFGYTwjHSqpvCYaoTVUCUzT50lDGYHGJfgQ_QsvmEL2Ih7F12cdG4ls69PieDHb8jqjAyB9zXAyR46m0uTAATGKwyVoiPP4nyQtFhnwYFFJ0UvRohuR3jgr8MJ9dBdB8Nyi9iSzNihiNZLInFW0QU478GkRrihKbugNll3XHtuD%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D2507084ace8e1865a8376e226f46182e&TIME=20240611T191345Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321&muid=C1FAC51E94ABDC02D5235673D6AE25E6

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8kt8fkLFGYTwjHSqpvCYaoTVUCUzT50lDGYHGJfgQ_QsvmEL2Ih7F12cdG4ls69PieDHb8jqjAyB9zXAyR46m0uTAATGKwyVoiPP4nyQtFhnwYFFJ0UvRohuR3jgr8MJ9dBdB8Nyi9iSzNihiNZLInFW0QU478GkRrihKbugNll3XHtuD%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D2507084ace8e1865a8376e226f46182e&TIME=20240611T191345Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321&muid=C1FAC51E94ABDC02D5235673D6AE25E6

    HTTP Response

    204
  • 23.62.61.194:443
    https://www.bing.com/aes/c.gif?RG=5a89964e35164c259d993d66bcb7990a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191345Z&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321
    tls, http2
    1.5kB
     5.4kB
     17
    15

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=5a89964e35164c259d993d66bcb7990a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191345Z&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321

    HTTP Response

    200
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    89.5kB
     2.5MB
     1816
    1812

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239378035945_10T6FVURQVW5LVR96&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239378035944_1EHBGA1BYD4HZXZYE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    91.90.14.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    91.90.14.23.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    13.107.21.237
    204.79.197.237

  • 8.8.8.8:53
    64.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    64.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    237.21.107.13.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    237.21.107.13.in-addr.arpa

  • 8.8.8.8:53
    194.61.62.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    194.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    107.12.20.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    107.12.20.2.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    58.99.105.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    58.99.105.20.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    146 B
     144 B
     2
    1

    DNS Request

    240.221.184.93.in-addr.arpa

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    10.27.171.150.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    10.27.171.150.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.