Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 05:54 UTC

General

  • Target

    a9d7c9ecfac263279b5db80e36cfa2b5_JaffaCakes118.exe

  • Size

    610KB

  • MD5

    a9d7c9ecfac263279b5db80e36cfa2b5

  • SHA1

    9692b1385fb7ef2b056ca92f06de7916e3ae325d

  • SHA256

    98e4cbbbb065cfc9e4638db9997a035813b69dbd7f6de485abb0048d88f16d5b

  • SHA512

    61447f5f4ade8787a5e21ad882f172a22cb8963e844b594485396b672cc3d4dcf67bc9e104ec7f5f5498cf3df87bec9daf680bce85d60a536def5fa5eb1f4b64

  • SSDEEP

    12288:U0/zSknQgmbFlXTPhvHA7azeJNrBRaMF7Yi8yR41VnUAqh1R:8RbFR9A7aCsc76U43UAqh/

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Drops file in Program Files directory 11 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 1 IoCs

Processes

  • C:\Windows\system32\fontdrvhost.exe
    "fontdrvhost.exe"
    1⤵
      PID:800
    • C:\Windows\system32\fontdrvhost.exe
      "fontdrvhost.exe"
      1⤵
        PID:792
      • C:\Windows\system32\dwm.exe
        "dwm.exe"
        1⤵
          PID:64
        • C:\Windows\system32\sihost.exe
          sihost.exe
          1⤵
            PID:620
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
            1⤵
              PID:768
            • C:\Windows\system32\taskhostw.exe
              taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
              1⤵
                PID:3120
              • C:\Windows\Explorer.EXE
                C:\Windows\Explorer.EXE
                1⤵
                  PID:3384
                  • C:\Users\Admin\AppData\Local\Temp\a9d7c9ecfac263279b5db80e36cfa2b5_JaffaCakes118.exe
                    "C:\Users\Admin\AppData\Local\Temp\a9d7c9ecfac263279b5db80e36cfa2b5_JaffaCakes118.exe"
                    2⤵
                    • UAC bypass
                    • Checks whether UAC is enabled
                    • Drops file in Program Files directory
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    • System policy modification
                    PID:1272
                    • C:\Windows\SysWOW64\NOTEPAD.EXE
                      "C:\Windows\system32\NOTEPAD.EXE"
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:4404
                    • C:\Windows\SysWOW64\NOTEPAD.EXE
                      "C:\Windows\system32\NOTEPAD.EXE"
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:4480
                    • C:\Windows\SysWOW64\NOTEPAD.EXE
                      "C:\Windows\system32\NOTEPAD.EXE"
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:1800
                    • C:\Windows\SysWOW64\NOTEPAD.EXE
                      "C:\Windows\system32\NOTEPAD.EXE"
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:4784
                    • C:\Windows\SysWOW64\NOTEPAD.EXE
                      "C:\Windows\system32\NOTEPAD.EXE"
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:2816
                    • C:\Windows\SysWOW64\NOTEPAD.EXE
                      "C:\Windows\system32\NOTEPAD.EXE"
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:1388
                    • C:\Windows\SysWOW64\NOTEPAD.EXE
                      "C:\Windows\system32\NOTEPAD.EXE"
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:116
                    • C:\Windows\SysWOW64\NOTEPAD.EXE
                      "C:\Windows\system32\NOTEPAD.EXE"
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:3692
                    • C:\Windows\SysWOW64\NOTEPAD.EXE
                      "C:\Windows\system32\NOTEPAD.EXE"
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:752
                    • C:\Windows\SysWOW64\NOTEPAD.EXE
                      "C:\Windows\system32\NOTEPAD.EXE"
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:3648
                    • C:\Windows\SysWOW64\NOTEPAD.EXE
                      "C:\Windows\system32\NOTEPAD.EXE"
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:5044
                    • C:\Windows\SysWOW64\NOTEPAD.EXE
                      "C:\Windows\system32\NOTEPAD.EXE"
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:2808
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                  1⤵
                    PID:3564
                  • C:\Windows\system32\DllHost.exe
                    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                    1⤵
                      PID:3748
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3840
                      • C:\Windows\System32\RuntimeBroker.exe
                        C:\Windows\System32\RuntimeBroker.exe -Embedding
                        1⤵
                          PID:3908
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:3996
                          • C:\Windows\System32\RuntimeBroker.exe
                            C:\Windows\System32\RuntimeBroker.exe -Embedding
                            1⤵
                              PID:3584
                            • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
                              "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
                              1⤵
                                PID:952
                              • C:\Windows\System32\RuntimeBroker.exe
                                C:\Windows\System32\RuntimeBroker.exe -Embedding
                                1⤵
                                  PID:1980
                                • C:\Windows\system32\backgroundTaskHost.exe
                                  "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca
                                  1⤵
                                    PID:5092
                                  • C:\Windows\system32\backgroundTaskHost.exe
                                    "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
                                    1⤵
                                      PID:3300
                                    • C:\Windows\System32\RuntimeBroker.exe
                                      C:\Windows\System32\RuntimeBroker.exe -Embedding
                                      1⤵
                                        PID:4968
                                      • C:\Windows\System32\RuntimeBroker.exe
                                        C:\Windows\System32\RuntimeBroker.exe -Embedding
                                        1⤵
                                          PID:5048
                                        • C:\Windows\system32\AUDIODG.EXE
                                          C:\Windows\system32\AUDIODG.EXE 0x4a4 0x41c
                                          1⤵
                                            PID:3928
                                          • C:\Windows\system32\backgroundTaskHost.exe
                                            "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
                                            1⤵
                                              PID:1768
                                            • C:\Windows\system32\DllHost.exe
                                              C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                              1⤵
                                                PID:748

                                              Network

                                              • flag-us
                                                DNS
                                                8.8.8.8.in-addr.arpa
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                8.8.8.8.in-addr.arpa
                                                IN PTR
                                                Response
                                                8.8.8.8.in-addr.arpa
                                                IN PTR
                                                dnsgoogle
                                              • flag-us
                                                DNS
                                                58.55.71.13.in-addr.arpa
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                58.55.71.13.in-addr.arpa
                                                IN PTR
                                                Response
                                              • flag-us
                                                DNS
                                                172.214.232.199.in-addr.arpa
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                172.214.232.199.in-addr.arpa
                                                IN PTR
                                                Response
                                              • flag-us
                                                DNS
                                                g.bing.com
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                g.bing.com
                                                IN A
                                                Response
                                                g.bing.com
                                                IN CNAME
                                                g-bing-com.dual-a-0034.a-msedge.net
                                                g-bing-com.dual-a-0034.a-msedge.net
                                                IN CNAME
                                                dual-a-0034.a-msedge.net
                                                dual-a-0034.a-msedge.net
                                                IN A
                                                204.79.197.237
                                                dual-a-0034.a-msedge.net
                                                IN A
                                                13.107.21.237
                                              • flag-us
                                                GET
                                                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=af1e49dd338e40bd905cb206d43e155f&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=
                                                backgroundTaskHost.exe
                                                Remote address:
                                                204.79.197.237:443
                                                Request
                                                GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=af1e49dd338e40bd905cb206d43e155f&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid= HTTP/2.0
                                                host: g.bing.com
                                                accept-encoding: gzip, deflate
                                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                Response
                                                HTTP/2.0 204
                                                cache-control: no-cache, must-revalidate
                                                pragma: no-cache
                                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                set-cookie: MUID=1D7395E0B9FC63B51F878100B81C622B; domain=.bing.com; expires=Sat, 13-Sep-2025 05:54:34 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                access-control-allow-origin: *
                                                x-cache: CONFIG_NOCACHE
                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                x-msedge-ref: Ref A: 8BFC5D533D7248FDA415EFD34DC551B6 Ref B: LON04EDGE1219 Ref C: 2024-08-19T05:54:34Z
                                                date: Mon, 19 Aug 2024 05:54:33 GMT
                                              • flag-us
                                                GET
                                                https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=af1e49dd338e40bd905cb206d43e155f&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=
                                                backgroundTaskHost.exe
                                                Remote address:
                                                204.79.197.237:443
                                                Request
                                                GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=af1e49dd338e40bd905cb206d43e155f&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid= HTTP/2.0
                                                host: g.bing.com
                                                accept-encoding: gzip, deflate
                                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                cookie: MUID=1D7395E0B9FC63B51F878100B81C622B
                                                Response
                                                HTTP/2.0 204
                                                cache-control: no-cache, must-revalidate
                                                pragma: no-cache
                                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                set-cookie: MSPTC=Ot3ltcqvufAmfjZP9Auc3HGVEBb5_1EUaXEaZB5HWJw; domain=.bing.com; expires=Sat, 13-Sep-2025 05:54:34 GMT; path=/; Partitioned; secure; SameSite=None
                                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                access-control-allow-origin: *
                                                x-cache: CONFIG_NOCACHE
                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                x-msedge-ref: Ref A: F1331566D1B54D4AA570D348B5D778F6 Ref B: LON04EDGE1219 Ref C: 2024-08-19T05:54:34Z
                                                date: Mon, 19 Aug 2024 05:54:33 GMT
                                              • flag-us
                                                GET
                                                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=af1e49dd338e40bd905cb206d43e155f&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=
                                                backgroundTaskHost.exe
                                                Remote address:
                                                204.79.197.237:443
                                                Request
                                                GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=af1e49dd338e40bd905cb206d43e155f&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid= HTTP/2.0
                                                host: g.bing.com
                                                accept-encoding: gzip, deflate
                                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                cookie: MUID=1D7395E0B9FC63B51F878100B81C622B; MSPTC=Ot3ltcqvufAmfjZP9Auc3HGVEBb5_1EUaXEaZB5HWJw
                                                Response
                                                HTTP/2.0 204
                                                cache-control: no-cache, must-revalidate
                                                pragma: no-cache
                                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                access-control-allow-origin: *
                                                x-cache: CONFIG_NOCACHE
                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                x-msedge-ref: Ref A: 888EA2F282294E11B2F102CC847CD574 Ref B: LON04EDGE1219 Ref C: 2024-08-19T05:54:34Z
                                                date: Mon, 19 Aug 2024 05:54:33 GMT
                                              • flag-us
                                                DNS
                                                74.32.126.40.in-addr.arpa
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                74.32.126.40.in-addr.arpa
                                                IN PTR
                                                Response
                                              • flag-us
                                                DNS
                                                95.221.229.192.in-addr.arpa
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                95.221.229.192.in-addr.arpa
                                                IN PTR
                                                Response
                                              • flag-us
                                                DNS
                                                237.197.79.204.in-addr.arpa
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                237.197.79.204.in-addr.arpa
                                                IN PTR
                                                Response
                                              • flag-us
                                                DNS
                                                57.169.31.20.in-addr.arpa
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                57.169.31.20.in-addr.arpa
                                                IN PTR
                                                Response
                                              • flag-us
                                                DNS
                                                57.169.31.20.in-addr.arpa
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                57.169.31.20.in-addr.arpa
                                                IN PTR
                                              • flag-gb
                                                GET
                                                https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                                                Remote address:
                                                92.123.142.186:443
                                                Request
                                                GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
                                                host: www.bing.com
                                                accept: */*
                                                cookie: MUID=1D7395E0B9FC63B51F878100B81C622B; MSPTC=Ot3ltcqvufAmfjZP9Auc3HGVEBb5_1EUaXEaZB5HWJw
                                                accept-encoding: gzip, deflate, br
                                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                Response
                                                HTTP/2.0 200
                                                cache-control: public, max-age=2592000
                                                content-type: image/png
                                                access-control-allow-origin: *
                                                access-control-allow-headers: *
                                                access-control-allow-methods: GET, POST, OPTIONS
                                                timing-allow-origin: *
                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                content-length: 1107
                                                date: Mon, 19 Aug 2024 05:54:36 GMT
                                                alt-svc: h3=":443"; ma=93600
                                                x-cdn-traceid: 0.9c8e7b5c.1724046876.b93bd02
                                              • flag-us
                                                DNS
                                                186.142.123.92.in-addr.arpa
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                186.142.123.92.in-addr.arpa
                                                IN PTR
                                                Response
                                                186.142.123.92.in-addr.arpa
                                                IN PTR
                                                a92-123-142-186deploystaticakamaitechnologiescom
                                              • flag-us
                                                DNS
                                                186.142.123.92.in-addr.arpa
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                186.142.123.92.in-addr.arpa
                                                IN PTR
                                              • flag-us
                                                DNS
                                                232.168.11.51.in-addr.arpa
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                232.168.11.51.in-addr.arpa
                                                IN PTR
                                                Response
                                              • flag-us
                                                DNS
                                                26.165.165.52.in-addr.arpa
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                26.165.165.52.in-addr.arpa
                                                IN PTR
                                                Response
                                              • flag-us
                                                DNS
                                                198.187.3.20.in-addr.arpa
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                198.187.3.20.in-addr.arpa
                                                IN PTR
                                                Response
                                              • flag-us
                                                DNS
                                                172.210.232.199.in-addr.arpa
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                172.210.232.199.in-addr.arpa
                                                IN PTR
                                                Response
                                              • flag-us
                                                DNS
                                                13.227.111.52.in-addr.arpa
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                13.227.111.52.in-addr.arpa
                                                IN PTR
                                                Response
                                              • flag-us
                                                DNS
                                                tse1.mm.bing.net
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                tse1.mm.bing.net
                                                IN A
                                                Response
                                                tse1.mm.bing.net
                                                IN CNAME
                                                mm-mm.bing.net.trafficmanager.net
                                                mm-mm.bing.net.trafficmanager.net
                                                IN CNAME
                                                ax-0001.ax-msedge.net
                                                ax-0001.ax-msedge.net
                                                IN A
                                                150.171.27.10
                                                ax-0001.ax-msedge.net
                                                IN A
                                                150.171.28.10
                                              • flag-us
                                                GET
                                                https://tse1.mm.bing.net/th?id=OADD2.10239360284735_1J9G8ZRD0Q7KNETKQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                                Remote address:
                                                150.171.27.10:443
                                                Request
                                                GET /th?id=OADD2.10239360284735_1J9G8ZRD0Q7KNETKQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                                host: tse1.mm.bing.net
                                                accept: */*
                                                accept-encoding: gzip, deflate, br
                                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                Response
                                                HTTP/2.0 200
                                                cache-control: public, max-age=2592000
                                                content-length: 666327
                                                content-type: image/jpeg
                                                x-cache: TCP_HIT
                                                access-control-allow-origin: *
                                                access-control-allow-headers: *
                                                access-control-allow-methods: GET, POST, OPTIONS
                                                timing-allow-origin: *
                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                x-msedge-ref: Ref A: F07D090360844B119A21E861A1B61C7F Ref B: LON04EDGE0706 Ref C: 2024-08-19T05:56:08Z
                                                date: Mon, 19 Aug 2024 05:56:07 GMT
                                              • flag-us
                                                GET
                                                https://tse1.mm.bing.net/th?id=OADD2.10239317301060_1R4MHRP0LUJX09GMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                                Remote address:
                                                150.171.27.10:443
                                                Request
                                                GET /th?id=OADD2.10239317301060_1R4MHRP0LUJX09GMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                                host: tse1.mm.bing.net
                                                accept: */*
                                                accept-encoding: gzip, deflate, br
                                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                Response
                                                HTTP/2.0 200
                                                cache-control: public, max-age=2592000
                                                content-length: 665717
                                                content-type: image/jpeg
                                                x-cache: TCP_HIT
                                                access-control-allow-origin: *
                                                access-control-allow-headers: *
                                                access-control-allow-methods: GET, POST, OPTIONS
                                                timing-allow-origin: *
                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                x-msedge-ref: Ref A: E52C900090C8404B9A5D40E4375FCB2B Ref B: LON04EDGE0706 Ref C: 2024-08-19T05:56:08Z
                                                date: Mon, 19 Aug 2024 05:56:07 GMT
                                              • flag-us
                                                GET
                                                https://tse1.mm.bing.net/th?id=OADD2.10239340418591_10FJHPMA48A1P20JW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                                Remote address:
                                                150.171.27.10:443
                                                Request
                                                GET /th?id=OADD2.10239340418591_10FJHPMA48A1P20JW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                                host: tse1.mm.bing.net
                                                accept: */*
                                                accept-encoding: gzip, deflate, br
                                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                Response
                                                HTTP/2.0 200
                                                cache-control: public, max-age=2592000
                                                content-length: 325315
                                                content-type: image/jpeg
                                                x-cache: TCP_HIT
                                                access-control-allow-origin: *
                                                access-control-allow-headers: *
                                                access-control-allow-methods: GET, POST, OPTIONS
                                                timing-allow-origin: *
                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                x-msedge-ref: Ref A: 59B054A2562D47C2843474E006CDBD5A Ref B: LON04EDGE0706 Ref C: 2024-08-19T05:56:08Z
                                                date: Mon, 19 Aug 2024 05:56:07 GMT
                                              • flag-us
                                                GET
                                                https://tse1.mm.bing.net/th?id=OADD2.10239317301493_1LBG6KMWNFIA52WWP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                                Remote address:
                                                150.171.27.10:443
                                                Request
                                                GET /th?id=OADD2.10239317301493_1LBG6KMWNFIA52WWP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                                host: tse1.mm.bing.net
                                                accept: */*
                                                accept-encoding: gzip, deflate, br
                                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                Response
                                                HTTP/2.0 200
                                                cache-control: public, max-age=2592000
                                                content-length: 532229
                                                content-type: image/jpeg
                                                x-cache: TCP_HIT
                                                access-control-allow-origin: *
                                                access-control-allow-headers: *
                                                access-control-allow-methods: GET, POST, OPTIONS
                                                timing-allow-origin: *
                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                x-msedge-ref: Ref A: 33EE276601F94F719A1D98DEE57E55C8 Ref B: LON04EDGE0706 Ref C: 2024-08-19T05:56:08Z
                                                date: Mon, 19 Aug 2024 05:56:07 GMT
                                              • flag-us
                                                GET
                                                https://tse1.mm.bing.net/th?id=OADD2.10239340418592_1RYDTURC2A8KOBZ9U&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                                Remote address:
                                                150.171.27.10:443
                                                Request
                                                GET /th?id=OADD2.10239340418592_1RYDTURC2A8KOBZ9U&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                                host: tse1.mm.bing.net
                                                accept: */*
                                                accept-encoding: gzip, deflate, br
                                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                Response
                                                HTTP/2.0 200
                                                cache-control: public, max-age=2592000
                                                content-length: 473521
                                                content-type: image/jpeg
                                                x-cache: TCP_HIT
                                                access-control-allow-origin: *
                                                access-control-allow-headers: *
                                                access-control-allow-methods: GET, POST, OPTIONS
                                                timing-allow-origin: *
                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                x-msedge-ref: Ref A: 3E2DC808D419492B8C177152BDE1B345 Ref B: LON04EDGE0706 Ref C: 2024-08-19T05:56:08Z
                                                date: Mon, 19 Aug 2024 05:56:08 GMT
                                              • flag-us
                                                GET
                                                https://tse1.mm.bing.net/th?id=OADD2.10239360284736_11427X8L96F0YA4AW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                                Remote address:
                                                150.171.27.10:443
                                                Request
                                                GET /th?id=OADD2.10239360284736_11427X8L96F0YA4AW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                                host: tse1.mm.bing.net
                                                accept: */*
                                                accept-encoding: gzip, deflate, br
                                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                Response
                                                HTTP/2.0 200
                                                cache-control: public, max-age=2592000
                                                content-length: 679182
                                                content-type: image/jpeg
                                                x-cache: TCP_HIT
                                                access-control-allow-origin: *
                                                access-control-allow-headers: *
                                                access-control-allow-methods: GET, POST, OPTIONS
                                                timing-allow-origin: *
                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                x-msedge-ref: Ref A: D7FA14BDD567495486F3DA6B764E064F Ref B: LON04EDGE0706 Ref C: 2024-08-19T05:56:08Z
                                                date: Mon, 19 Aug 2024 05:56:08 GMT
                                              • flag-us
                                                DNS
                                                10.27.171.150.in-addr.arpa
                                                Remote address:
                                                8.8.8.8:53
                                                Request
                                                10.27.171.150.in-addr.arpa
                                                IN PTR
                                                Response
                                              • 204.79.197.237:443
                                                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=af1e49dd338e40bd905cb206d43e155f&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=
                                                tls, http2
                                                backgroundTaskHost.exe
                                                2.0kB
                                                9.3kB
                                                21
                                                19

                                                HTTP Request

                                                GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=af1e49dd338e40bd905cb206d43e155f&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=

                                                HTTP Response

                                                204

                                                HTTP Request

                                                GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=af1e49dd338e40bd905cb206d43e155f&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=

                                                HTTP Response

                                                204

                                                HTTP Request

                                                GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=af1e49dd338e40bd905cb206d43e155f&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=

                                                HTTP Response

                                                204
                                              • 92.123.142.186:443
                                                https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                                                tls, http2
                                                1.5kB
                                                6.3kB
                                                16
                                                13

                                                HTTP Request

                                                GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

                                                HTTP Response

                                                200
                                              • 150.171.27.10:443
                                                https://tse1.mm.bing.net/th?id=OADD2.10239360284736_11427X8L96F0YA4AW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                                tls, http2
                                                119.3kB
                                                3.5MB
                                                2535
                                                2527

                                                HTTP Request

                                                GET https://tse1.mm.bing.net/th?id=OADD2.10239360284735_1J9G8ZRD0Q7KNETKQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                                HTTP Request

                                                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301060_1R4MHRP0LUJX09GMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                                HTTP Request

                                                GET https://tse1.mm.bing.net/th?id=OADD2.10239340418591_10FJHPMA48A1P20JW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                                HTTP Request

                                                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301493_1LBG6KMWNFIA52WWP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                                HTTP Response

                                                200

                                                HTTP Response

                                                200

                                                HTTP Response

                                                200

                                                HTTP Response

                                                200

                                                HTTP Request

                                                GET https://tse1.mm.bing.net/th?id=OADD2.10239340418592_1RYDTURC2A8KOBZ9U&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                                HTTP Request

                                                GET https://tse1.mm.bing.net/th?id=OADD2.10239360284736_11427X8L96F0YA4AW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                                HTTP Response

                                                200

                                                HTTP Response

                                                200
                                              • 150.171.27.10:443
                                                tse1.mm.bing.net
                                                tls, http2
                                                1.2kB
                                                6.9kB
                                                15
                                                13
                                              • 150.171.27.10:443
                                                tse1.mm.bing.net
                                                tls, http2
                                                1.1kB
                                                7.7kB
                                                13
                                                11
                                              • 150.171.27.10:443
                                                tse1.mm.bing.net
                                                tls, http2
                                                1.2kB
                                                6.9kB
                                                16
                                                13
                                              • 150.171.27.10:443
                                                tse1.mm.bing.net
                                                tls, http2
                                                1.2kB
                                                7.3kB
                                                16
                                                13
                                              • 8.8.8.8:53
                                                8.8.8.8.in-addr.arpa
                                                dns
                                                66 B
                                                90 B
                                                1
                                                1

                                                DNS Request

                                                8.8.8.8.in-addr.arpa

                                              • 8.8.8.8:53
                                                58.55.71.13.in-addr.arpa
                                                dns
                                                70 B
                                                144 B
                                                1
                                                1

                                                DNS Request

                                                58.55.71.13.in-addr.arpa

                                              • 8.8.8.8:53
                                                172.214.232.199.in-addr.arpa
                                                dns
                                                74 B
                                                128 B
                                                1
                                                1

                                                DNS Request

                                                172.214.232.199.in-addr.arpa

                                              • 8.8.8.8:53
                                                g.bing.com
                                                dns
                                                56 B
                                                151 B
                                                1
                                                1

                                                DNS Request

                                                g.bing.com

                                                DNS Response

                                                204.79.197.237
                                                13.107.21.237

                                              • 8.8.8.8:53
                                                74.32.126.40.in-addr.arpa
                                                dns
                                                71 B
                                                157 B
                                                1
                                                1

                                                DNS Request

                                                74.32.126.40.in-addr.arpa

                                              • 8.8.8.8:53
                                                95.221.229.192.in-addr.arpa
                                                dns
                                                73 B
                                                144 B
                                                1
                                                1

                                                DNS Request

                                                95.221.229.192.in-addr.arpa

                                              • 8.8.8.8:53
                                                237.197.79.204.in-addr.arpa
                                                dns
                                                73 B
                                                143 B
                                                1
                                                1

                                                DNS Request

                                                237.197.79.204.in-addr.arpa

                                              • 8.8.8.8:53
                                                57.169.31.20.in-addr.arpa
                                                dns
                                                142 B
                                                157 B
                                                2
                                                1

                                                DNS Request

                                                57.169.31.20.in-addr.arpa

                                                DNS Request

                                                57.169.31.20.in-addr.arpa

                                              • 8.8.8.8:53
                                                186.142.123.92.in-addr.arpa
                                                dns
                                                146 B
                                                139 B
                                                2
                                                1

                                                DNS Request

                                                186.142.123.92.in-addr.arpa

                                                DNS Request

                                                186.142.123.92.in-addr.arpa

                                              • 8.8.8.8:53
                                                232.168.11.51.in-addr.arpa
                                                dns
                                                72 B
                                                158 B
                                                1
                                                1

                                                DNS Request

                                                232.168.11.51.in-addr.arpa

                                              • 8.8.8.8:53
                                                26.165.165.52.in-addr.arpa
                                                dns
                                                72 B
                                                146 B
                                                1
                                                1

                                                DNS Request

                                                26.165.165.52.in-addr.arpa

                                              • 8.8.8.8:53
                                                198.187.3.20.in-addr.arpa
                                                dns
                                                71 B
                                                157 B
                                                1
                                                1

                                                DNS Request

                                                198.187.3.20.in-addr.arpa

                                              • 8.8.8.8:53
                                                172.210.232.199.in-addr.arpa
                                                dns
                                                74 B
                                                128 B
                                                1
                                                1

                                                DNS Request

                                                172.210.232.199.in-addr.arpa

                                              • 8.8.8.8:53
                                                13.227.111.52.in-addr.arpa
                                                dns
                                                72 B
                                                158 B
                                                1
                                                1

                                                DNS Request

                                                13.227.111.52.in-addr.arpa

                                              • 8.8.8.8:53
                                                tse1.mm.bing.net
                                                dns
                                                62 B
                                                170 B
                                                1
                                                1

                                                DNS Request

                                                tse1.mm.bing.net

                                                DNS Response

                                                150.171.27.10
                                                150.171.28.10

                                              • 8.8.8.8:53
                                                10.27.171.150.in-addr.arpa
                                                dns
                                                72 B
                                                158 B
                                                1
                                                1

                                                DNS Request

                                                10.27.171.150.in-addr.arpa

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • memory/1272-69-0x0000000002430000-0x000000000345A000-memory.dmp

                                                Filesize

                                                16.2MB

                                              • memory/1272-62-0x0000000002430000-0x000000000345A000-memory.dmp

                                                Filesize

                                                16.2MB

                                              • memory/1272-7-0x0000000002430000-0x000000000345A000-memory.dmp

                                                Filesize

                                                16.2MB

                                              • memory/1272-17-0x00000000042E0000-0x00000000042E2000-memory.dmp

                                                Filesize

                                                8KB

                                              • memory/1272-19-0x0000000005C60000-0x0000000005C61000-memory.dmp

                                                Filesize

                                                4KB

                                              • memory/1272-18-0x00000000042E0000-0x00000000042E2000-memory.dmp

                                                Filesize

                                                8KB

                                              • memory/1272-15-0x00000000042E0000-0x00000000042E2000-memory.dmp

                                                Filesize

                                                8KB

                                              • memory/1272-9-0x0000000002430000-0x000000000345A000-memory.dmp

                                                Filesize

                                                16.2MB

                                              • memory/1272-21-0x0000000002430000-0x000000000345A000-memory.dmp

                                                Filesize

                                                16.2MB

                                              • memory/1272-99-0x0000000000400000-0x000000000046D000-memory.dmp

                                                Filesize

                                                436KB

                                              • memory/1272-3-0x0000000002430000-0x000000000345A000-memory.dmp

                                                Filesize

                                                16.2MB

                                              • memory/1272-75-0x0000000002430000-0x000000000345A000-memory.dmp

                                                Filesize

                                                16.2MB

                                              • memory/1272-35-0x0000000002430000-0x000000000345A000-memory.dmp

                                                Filesize

                                                16.2MB

                                              • memory/1272-0-0x0000000000400000-0x000000000046D000-memory.dmp

                                                Filesize

                                                436KB

                                              • memory/1800-70-0x0000000000440000-0x0000000000454000-memory.dmp

                                                Filesize

                                                80KB

                                              • memory/1800-71-0x0000000000440000-0x0000000000454000-memory.dmp

                                                Filesize

                                                80KB

                                              • memory/4404-60-0x0000000000BD0000-0x0000000000BE4000-memory.dmp

                                                Filesize

                                                80KB

                                              • memory/4404-63-0x0000000000BD0000-0x0000000000BE4000-memory.dmp

                                                Filesize

                                                80KB

                                              • memory/4480-66-0x0000000000840000-0x0000000000854000-memory.dmp

                                                Filesize

                                                80KB

                                              • memory/4480-65-0x0000000000840000-0x0000000000854000-memory.dmp

                                                Filesize

                                                80KB

                                              • memory/4784-72-0x0000000000B50000-0x0000000000B64000-memory.dmp

                                                Filesize

                                                80KB

                                              • memory/4784-73-0x0000000000B50000-0x0000000000B64000-memory.dmp

                                                Filesize

                                                80KB

                                              We care about your privacy.

                                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.