Analysis

  • max time kernel
    136s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2024, 14:19 UTC

General

  • Target

    bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe

  • Size

    98KB

  • MD5

    bc15484a064315cb851d53d068b8e831

  • SHA1

    4c7946b957ba583282c0ad7d17894c095e86c64a

  • SHA256

    0714c0f5525eea75a69bd0ee64e1de449a58995af644bebc904a5ea2e98cedc5

  • SHA512

    f2c96ba7cb2b3f095d8f5a11462c9ed89cdbd44e8cf602e8d79d8b96efc9d0ce5365c0ec33df2a84e0add191ea81d6083300ef7d02b3dfbdd62a047c41ef1025

  • SSDEEP

    3072:iMkpGNVvCo2ki7N9wu/uW+E2bgFs/9fjkRkprYY97S:pN8nu61FsVfYRgY6S

Score
10/10

Malware Config

Signatures

  • Modifies firewall policy service 3 TTPs 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:620
      • C:\Windows\system32\fontdrvhost.exe
        "fontdrvhost.exe"
        2⤵
          PID:772
        • C:\Windows\system32\dwm.exe
          "dwm.exe"
          2⤵
            PID:380
        • C:\Windows\system32\lsass.exe
          C:\Windows\system32\lsass.exe
          1⤵
            PID:680
          • C:\Windows\system32\fontdrvhost.exe
            "fontdrvhost.exe"
            1⤵
              PID:776
            • C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe -k DcomLaunch -p
              1⤵
                PID:796
                • C:\Windows\system32\wbem\unsecapp.exe
                  C:\Windows\system32\wbem\unsecapp.exe -Embedding
                  2⤵
                    PID:2428
                  • C:\Windows\system32\DllHost.exe
                    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                    2⤵
                      PID:3764
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      2⤵
                        PID:3852
                      • C:\Windows\System32\RuntimeBroker.exe
                        C:\Windows\System32\RuntimeBroker.exe -Embedding
                        2⤵
                          PID:3920
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          2⤵
                            PID:4004
                          • C:\Windows\System32\RuntimeBroker.exe
                            C:\Windows\System32\RuntimeBroker.exe -Embedding
                            2⤵
                              PID:3612
                            • C:\Windows\system32\SppExtComObj.exe
                              C:\Windows\system32\SppExtComObj.exe -Embedding
                              2⤵
                                PID:3600
                              • C:\Windows\system32\DllHost.exe
                                C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                2⤵
                                  PID:5048
                                • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
                                  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
                                  2⤵
                                    PID:4812
                                  • C:\Windows\System32\RuntimeBroker.exe
                                    C:\Windows\System32\RuntimeBroker.exe -Embedding
                                    2⤵
                                      PID:1036
                                    • C:\Windows\system32\backgroundTaskHost.exe
                                      "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca
                                      2⤵
                                        PID:3544
                                      • C:\Windows\system32\backgroundTaskHost.exe
                                        "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
                                        2⤵
                                          PID:4844
                                      • C:\Windows\system32\svchost.exe
                                        C:\Windows\system32\svchost.exe -k RPCSS -p
                                        1⤵
                                          PID:912
                                        • C:\Windows\system32\svchost.exe
                                          C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
                                          1⤵
                                            PID:960
                                          • C:\Windows\system32\svchost.exe
                                            C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
                                            1⤵
                                              PID:472
                                            • C:\Windows\System32\svchost.exe
                                              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
                                              1⤵
                                                PID:956
                                              • C:\Windows\System32\svchost.exe
                                                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                1⤵
                                                  PID:1072
                                                • C:\Windows\system32\svchost.exe
                                                  C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
                                                  1⤵
                                                    PID:1080
                                                  • C:\Windows\system32\svchost.exe
                                                    C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
                                                    1⤵
                                                      PID:1132
                                                      • C:\Windows\system32\taskhostw.exe
                                                        taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
                                                        2⤵
                                                          PID:2492
                                                        • C:\Windows\system32\MusNotification.exe
                                                          C:\Windows\system32\MusNotification.exe
                                                          2⤵
                                                            PID:3256
                                                        • C:\Windows\system32\svchost.exe
                                                          C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
                                                          1⤵
                                                            PID:1148
                                                          • C:\Windows\System32\svchost.exe
                                                            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
                                                            1⤵
                                                              PID:1176
                                                            • C:\Windows\system32\svchost.exe
                                                              C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                                                              1⤵
                                                                PID:1268
                                                              • C:\Windows\system32\svchost.exe
                                                                C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
                                                                1⤵
                                                                  PID:1288
                                                                • C:\Windows\system32\svchost.exe
                                                                  C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
                                                                  1⤵
                                                                    PID:1368
                                                                  • C:\Windows\system32\svchost.exe
                                                                    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
                                                                    1⤵
                                                                      PID:1388
                                                                    • C:\Windows\system32\svchost.exe
                                                                      C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
                                                                      1⤵
                                                                        PID:1408
                                                                        • C:\Windows\system32\sihost.exe
                                                                          sihost.exe
                                                                          2⤵
                                                                            PID:2832
                                                                        • C:\Windows\system32\svchost.exe
                                                                          C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
                                                                          1⤵
                                                                            PID:1548
                                                                          • C:\Windows\System32\svchost.exe
                                                                            C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
                                                                            1⤵
                                                                              PID:1560
                                                                            • C:\Windows\System32\svchost.exe
                                                                              C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
                                                                              1⤵
                                                                                PID:1636
                                                                              • C:\Windows\system32\svchost.exe
                                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
                                                                                1⤵
                                                                                  PID:1684
                                                                                • C:\Windows\System32\svchost.exe
                                                                                  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
                                                                                  1⤵
                                                                                    PID:1764
                                                                                  • C:\Windows\System32\svchost.exe
                                                                                    C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
                                                                                    1⤵
                                                                                      PID:1788
                                                                                    • C:\Windows\System32\svchost.exe
                                                                                      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                                                      1⤵
                                                                                        PID:1844
                                                                                      • C:\Windows\system32\svchost.exe
                                                                                        C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
                                                                                        1⤵
                                                                                          PID:1912
                                                                                        • C:\Windows\System32\svchost.exe
                                                                                          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                                                          1⤵
                                                                                            PID:1920
                                                                                          • C:\Windows\System32\svchost.exe
                                                                                            C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
                                                                                            1⤵
                                                                                              PID:1976
                                                                                            • C:\Windows\system32\svchost.exe
                                                                                              C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
                                                                                              1⤵
                                                                                                PID:2012
                                                                                              • C:\Windows\System32\spoolsv.exe
                                                                                                C:\Windows\System32\spoolsv.exe
                                                                                                1⤵
                                                                                                  PID:2072
                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                  C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
                                                                                                  1⤵
                                                                                                    PID:2104
                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                    C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
                                                                                                    1⤵
                                                                                                      PID:2160
                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                      C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
                                                                                                      1⤵
                                                                                                        PID:2196
                                                                                                      • C:\Windows\System32\svchost.exe
                                                                                                        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
                                                                                                        1⤵
                                                                                                          PID:2304
                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
                                                                                                          1⤵
                                                                                                            PID:2448
                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                            C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
                                                                                                            1⤵
                                                                                                              PID:2456
                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                              C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
                                                                                                              1⤵
                                                                                                                PID:2684
                                                                                                              • C:\Windows\sysmon.exe
                                                                                                                C:\Windows\sysmon.exe
                                                                                                                1⤵
                                                                                                                  PID:2740
                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                  C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
                                                                                                                  1⤵
                                                                                                                    PID:2748
                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                    C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
                                                                                                                    1⤵
                                                                                                                      PID:2760
                                                                                                                    • C:\Windows\System32\svchost.exe
                                                                                                                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
                                                                                                                      1⤵
                                                                                                                        PID:2768
                                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                                        C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                                                                                                                        1⤵
                                                                                                                          PID:2864
                                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
                                                                                                                          1⤵
                                                                                                                            PID:2128
                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                            C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
                                                                                                                            1⤵
                                                                                                                              PID:3360
                                                                                                                            • C:\Windows\Explorer.EXE
                                                                                                                              C:\Windows\Explorer.EXE
                                                                                                                              1⤵
                                                                                                                                PID:3452
                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe
                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe"
                                                                                                                                  2⤵
                                                                                                                                  • Modifies firewall policy service
                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                  • Suspicious behavior: MapViewOfSection
                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                  • Suspicious use of WriteProcessMemory
                                                                                                                                  PID:3444
                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                                                                                                                                1⤵
                                                                                                                                  PID:3584
                                                                                                                                • C:\Windows\System32\svchost.exe
                                                                                                                                  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                                                  1⤵
                                                                                                                                    PID:1156
                                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
                                                                                                                                    1⤵
                                                                                                                                      PID:2656
                                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                                      C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
                                                                                                                                      1⤵
                                                                                                                                        PID:1044
                                                                                                                                      • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                                                                                        "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                                                                                                        1⤵
                                                                                                                                          PID:1884
                                                                                                                                        • C:\Windows\System32\svchost.exe
                                                                                                                                          C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                                                          1⤵
                                                                                                                                            PID:2376
                                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                                            C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                            1⤵
                                                                                                                                              PID:2288
                                                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                                                              C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                                                                                                                              1⤵
                                                                                                                                                PID:4760

                                                                                                                                              Network

                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                8.8.8.8.in-addr.arpa
                                                                                                                                                Dnscache
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                8.8.8.8.in-addr.arpa
                                                                                                                                                IN PTR
                                                                                                                                                Response
                                                                                                                                                8.8.8.8.in-addr.arpa
                                                                                                                                                IN PTR
                                                                                                                                                dnsgoogle
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                ilo.brenz.pl
                                                                                                                                                bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                ilo.brenz.pl
                                                                                                                                                IN A
                                                                                                                                                Response
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                ant.trenz.pl
                                                                                                                                                bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                ant.trenz.pl
                                                                                                                                                IN A
                                                                                                                                                Response
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                g.bing.com
                                                                                                                                                Dnscache
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                g.bing.com
                                                                                                                                                IN A
                                                                                                                                                Response
                                                                                                                                                g.bing.com
                                                                                                                                                IN CNAME
                                                                                                                                                g-bing-com.ax-0001.ax-msedge.net
                                                                                                                                                g-bing-com.ax-0001.ax-msedge.net
                                                                                                                                                IN CNAME
                                                                                                                                                ax-0001.ax-msedge.net
                                                                                                                                                ax-0001.ax-msedge.net
                                                                                                                                                IN A
                                                                                                                                                150.171.27.10
                                                                                                                                                ax-0001.ax-msedge.net
                                                                                                                                                IN A
                                                                                                                                                150.171.28.10
                                                                                                                                              • flag-us
                                                                                                                                                GET
                                                                                                                                                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=
                                                                                                                                                backgroundTaskHost.exe
                                                                                                                                                Remote address:
                                                                                                                                                150.171.27.10:443
                                                                                                                                                Request
                                                                                                                                                GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid= HTTP/2.0
                                                                                                                                                host: g.bing.com
                                                                                                                                                accept-encoding: gzip, deflate
                                                                                                                                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                                                                Response
                                                                                                                                                HTTP/2.0 204
                                                                                                                                                cache-control: no-cache, must-revalidate
                                                                                                                                                pragma: no-cache
                                                                                                                                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                set-cookie: MUID=1AA4CD1CE67165B01A37D9F8E7566477; domain=.bing.com; expires=Wed, 17-Sep-2025 14:20:04 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                x-cache: CONFIG_NOCACHE
                                                                                                                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                x-msedge-ref: Ref A: E2ACBA8C27A44110B03F962D3AAE87B2 Ref B: LON04EDGE0714 Ref C: 2024-08-23T14:20:04Z
                                                                                                                                                date: Fri, 23 Aug 2024 14:20:03 GMT
                                                                                                                                              • flag-us
                                                                                                                                                GET
                                                                                                                                                https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=
                                                                                                                                                backgroundTaskHost.exe
                                                                                                                                                Remote address:
                                                                                                                                                150.171.27.10:443
                                                                                                                                                Request
                                                                                                                                                GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid= HTTP/2.0
                                                                                                                                                host: g.bing.com
                                                                                                                                                accept-encoding: gzip, deflate
                                                                                                                                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                                                                cookie: MUID=1AA4CD1CE67165B01A37D9F8E7566477
                                                                                                                                                Response
                                                                                                                                                HTTP/2.0 204
                                                                                                                                                cache-control: no-cache, must-revalidate
                                                                                                                                                pragma: no-cache
                                                                                                                                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                set-cookie: MSPTC=eZsgpV2o5r1CSl5GEV7z_bIUNUFJ0E8rJRvGDs7W_Hc; domain=.bing.com; expires=Wed, 17-Sep-2025 14:20:04 GMT; path=/; Partitioned; secure; SameSite=None
                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                x-cache: CONFIG_NOCACHE
                                                                                                                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                x-msedge-ref: Ref A: 3D6609AA1EAD441787D0236E320718BF Ref B: LON04EDGE0714 Ref C: 2024-08-23T14:20:04Z
                                                                                                                                                date: Fri, 23 Aug 2024 14:20:03 GMT
                                                                                                                                              • flag-us
                                                                                                                                                GET
                                                                                                                                                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=
                                                                                                                                                backgroundTaskHost.exe
                                                                                                                                                Remote address:
                                                                                                                                                150.171.27.10:443
                                                                                                                                                Request
                                                                                                                                                GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid= HTTP/2.0
                                                                                                                                                host: g.bing.com
                                                                                                                                                accept-encoding: gzip, deflate
                                                                                                                                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                                                                cookie: MUID=1AA4CD1CE67165B01A37D9F8E7566477; MSPTC=eZsgpV2o5r1CSl5GEV7z_bIUNUFJ0E8rJRvGDs7W_Hc
                                                                                                                                                Response
                                                                                                                                                HTTP/2.0 204
                                                                                                                                                cache-control: no-cache, must-revalidate
                                                                                                                                                pragma: no-cache
                                                                                                                                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                x-cache: CONFIG_NOCACHE
                                                                                                                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                x-msedge-ref: Ref A: 310ED9536D4044B9B66848CEC67BCA42 Ref B: LON04EDGE0714 Ref C: 2024-08-23T14:20:04Z
                                                                                                                                                date: Fri, 23 Aug 2024 14:20:03 GMT
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                196.249.167.52.in-addr.arpa
                                                                                                                                                Dnscache
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                196.249.167.52.in-addr.arpa
                                                                                                                                                IN PTR
                                                                                                                                                Response
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                45.56.20.217.in-addr.arpa
                                                                                                                                                Dnscache
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                45.56.20.217.in-addr.arpa
                                                                                                                                                IN PTR
                                                                                                                                                Response
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                71.159.190.20.in-addr.arpa
                                                                                                                                                Dnscache
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                71.159.190.20.in-addr.arpa
                                                                                                                                                IN PTR
                                                                                                                                                Response
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                95.221.229.192.in-addr.arpa
                                                                                                                                                Dnscache
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                95.221.229.192.in-addr.arpa
                                                                                                                                                IN PTR
                                                                                                                                                Response
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                13.86.106.20.in-addr.arpa
                                                                                                                                                Dnscache
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                13.86.106.20.in-addr.arpa
                                                                                                                                                IN PTR
                                                                                                                                                Response
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                86.23.85.13.in-addr.arpa
                                                                                                                                                Dnscache
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                86.23.85.13.in-addr.arpa
                                                                                                                                                IN PTR
                                                                                                                                                Response
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                171.39.242.20.in-addr.arpa
                                                                                                                                                Dnscache
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                171.39.242.20.in-addr.arpa
                                                                                                                                                IN PTR
                                                                                                                                                Response
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                147.142.123.92.in-addr.arpa
                                                                                                                                                Dnscache
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                147.142.123.92.in-addr.arpa
                                                                                                                                                IN PTR
                                                                                                                                                Response
                                                                                                                                                147.142.123.92.in-addr.arpa
                                                                                                                                                IN PTR
                                                                                                                                                a92-123-142-147deploystaticakamaitechnologiescom
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                240.221.184.93.in-addr.arpa
                                                                                                                                                Dnscache
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                240.221.184.93.in-addr.arpa
                                                                                                                                                IN PTR
                                                                                                                                                Response
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                26.35.223.20.in-addr.arpa
                                                                                                                                                Dnscache
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                26.35.223.20.in-addr.arpa
                                                                                                                                                IN PTR
                                                                                                                                                Response
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                26.35.223.20.in-addr.arpa
                                                                                                                                                Dnscache
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                26.35.223.20.in-addr.arpa
                                                                                                                                                IN PTR
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                26.35.223.20.in-addr.arpa
                                                                                                                                                Dnscache
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                26.35.223.20.in-addr.arpa
                                                                                                                                                IN PTR
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                31.243.111.52.in-addr.arpa
                                                                                                                                                Dnscache
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                31.243.111.52.in-addr.arpa
                                                                                                                                                IN PTR
                                                                                                                                                Response
                                                                                                                                              • flag-us
                                                                                                                                                DNS
                                                                                                                                                tse1.mm.bing.net
                                                                                                                                                Dnscache
                                                                                                                                                Remote address:
                                                                                                                                                8.8.8.8:53
                                                                                                                                                Request
                                                                                                                                                tse1.mm.bing.net
                                                                                                                                                IN A
                                                                                                                                                Response
                                                                                                                                                tse1.mm.bing.net
                                                                                                                                                IN CNAME
                                                                                                                                                mm-mm.bing.net.trafficmanager.net
                                                                                                                                                mm-mm.bing.net.trafficmanager.net
                                                                                                                                                IN CNAME
                                                                                                                                                ax-0001.ax-msedge.net
                                                                                                                                                ax-0001.ax-msedge.net
                                                                                                                                                IN A
                                                                                                                                                150.171.27.10
                                                                                                                                                ax-0001.ax-msedge.net
                                                                                                                                                IN A
                                                                                                                                                150.171.28.10
                                                                                                                                              • flag-us
                                                                                                                                                GET
                                                                                                                                                https://tse1.mm.bing.net/th?id=OADD2.10239317301292_1GDVMD25ARDBL3246&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                                                                                                                                Remote address:
                                                                                                                                                150.171.27.10:443
                                                                                                                                                Request
                                                                                                                                                GET /th?id=OADD2.10239317301292_1GDVMD25ARDBL3246&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                                                                                                                                host: tse1.mm.bing.net
                                                                                                                                                accept: */*
                                                                                                                                                accept-encoding: gzip, deflate, br
                                                                                                                                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                                                                                                                Response
                                                                                                                                                HTTP/2.0 200
                                                                                                                                                cache-control: public, max-age=2592000
                                                                                                                                                content-length: 248362
                                                                                                                                                content-type: image/jpeg
                                                                                                                                                x-cache: TCP_HIT
                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                access-control-allow-headers: *
                                                                                                                                                access-control-allow-methods: GET, POST, OPTIONS
                                                                                                                                                timing-allow-origin: *
                                                                                                                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                x-msedge-ref: Ref A: CA4818DAC0874EB8B2F2733D098AB8F6 Ref B: LON04EDGE1121 Ref C: 2024-08-23T14:21:45Z
                                                                                                                                                date: Fri, 23 Aug 2024 14:21:45 GMT
                                                                                                                                              • flag-us
                                                                                                                                                GET
                                                                                                                                                https://tse1.mm.bing.net/th?id=OADD2.10239360615986_1M5N6Y5ACPFWCCI4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                                                                                                                                Remote address:
                                                                                                                                                150.171.27.10:443
                                                                                                                                                Request
                                                                                                                                                GET /th?id=OADD2.10239360615986_1M5N6Y5ACPFWCCI4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                                                                                                                                host: tse1.mm.bing.net
                                                                                                                                                accept: */*
                                                                                                                                                accept-encoding: gzip, deflate, br
                                                                                                                                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                                                                                                                Response
                                                                                                                                                HTTP/2.0 200
                                                                                                                                                cache-control: public, max-age=2592000
                                                                                                                                                content-length: 432965
                                                                                                                                                content-type: image/jpeg
                                                                                                                                                x-cache: TCP_HIT
                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                access-control-allow-headers: *
                                                                                                                                                access-control-allow-methods: GET, POST, OPTIONS
                                                                                                                                                timing-allow-origin: *
                                                                                                                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                x-msedge-ref: Ref A: A5D0B1EF8DE649F39D9A2E59DAEAC181 Ref B: LON04EDGE1121 Ref C: 2024-08-23T14:21:45Z
                                                                                                                                                date: Fri, 23 Aug 2024 14:21:45 GMT
                                                                                                                                              • flag-us
                                                                                                                                                GET
                                                                                                                                                https://tse1.mm.bing.net/th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                                                                                                                                Remote address:
                                                                                                                                                150.171.27.10:443
                                                                                                                                                Request
                                                                                                                                                GET /th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                                                                                                                                host: tse1.mm.bing.net
                                                                                                                                                accept: */*
                                                                                                                                                accept-encoding: gzip, deflate, br
                                                                                                                                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                                                                                                                Response
                                                                                                                                                HTTP/2.0 200
                                                                                                                                                cache-control: public, max-age=2592000
                                                                                                                                                content-length: 305259
                                                                                                                                                content-type: image/jpeg
                                                                                                                                                x-cache: TCP_HIT
                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                access-control-allow-headers: *
                                                                                                                                                access-control-allow-methods: GET, POST, OPTIONS
                                                                                                                                                timing-allow-origin: *
                                                                                                                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                x-msedge-ref: Ref A: 19B9DE95319F4A6EAE8F5CEC64443838 Ref B: LON04EDGE1121 Ref C: 2024-08-23T14:21:45Z
                                                                                                                                                date: Fri, 23 Aug 2024 14:21:45 GMT
                                                                                                                                              • flag-us
                                                                                                                                                GET
                                                                                                                                                https://tse1.mm.bing.net/th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                                                                                                                                Remote address:
                                                                                                                                                150.171.27.10:443
                                                                                                                                                Request
                                                                                                                                                GET /th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                                                                                                                                host: tse1.mm.bing.net
                                                                                                                                                accept: */*
                                                                                                                                                accept-encoding: gzip, deflate, br
                                                                                                                                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                                                                                                                Response
                                                                                                                                                HTTP/2.0 200
                                                                                                                                                cache-control: public, max-age=2592000
                                                                                                                                                content-length: 258855
                                                                                                                                                content-type: image/jpeg
                                                                                                                                                x-cache: TCP_HIT
                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                access-control-allow-headers: *
                                                                                                                                                access-control-allow-methods: GET, POST, OPTIONS
                                                                                                                                                timing-allow-origin: *
                                                                                                                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                x-msedge-ref: Ref A: 008CCD9F360840C088F5D4CF2DC1E274 Ref B: LON04EDGE1121 Ref C: 2024-08-23T14:21:45Z
                                                                                                                                                date: Fri, 23 Aug 2024 14:21:45 GMT
                                                                                                                                              • flag-us
                                                                                                                                                GET
                                                                                                                                                https://tse1.mm.bing.net/th?id=OADD2.10239317301701_11UGRWY4Y5ZEF3873&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                                                                                                                                Remote address:
                                                                                                                                                150.171.27.10:443
                                                                                                                                                Request
                                                                                                                                                GET /th?id=OADD2.10239317301701_11UGRWY4Y5ZEF3873&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                                                                                                                                host: tse1.mm.bing.net
                                                                                                                                                accept: */*
                                                                                                                                                accept-encoding: gzip, deflate, br
                                                                                                                                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                                                                                                                Response
                                                                                                                                                HTTP/2.0 200
                                                                                                                                                cache-control: public, max-age=2592000
                                                                                                                                                content-length: 475434
                                                                                                                                                content-type: image/jpeg
                                                                                                                                                x-cache: TCP_HIT
                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                access-control-allow-headers: *
                                                                                                                                                access-control-allow-methods: GET, POST, OPTIONS
                                                                                                                                                timing-allow-origin: *
                                                                                                                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                x-msedge-ref: Ref A: BA30274AE7674CACAC1EFD549A89BC9C Ref B: LON04EDGE1121 Ref C: 2024-08-23T14:21:45Z
                                                                                                                                                date: Fri, 23 Aug 2024 14:21:45 GMT
                                                                                                                                              • flag-us
                                                                                                                                                GET
                                                                                                                                                https://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                                                                                                                                Remote address:
                                                                                                                                                150.171.27.10:443
                                                                                                                                                Request
                                                                                                                                                GET /th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                                                                                                                                host: tse1.mm.bing.net
                                                                                                                                                accept: */*
                                                                                                                                                accept-encoding: gzip, deflate, br
                                                                                                                                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                                                                                                                Response
                                                                                                                                                HTTP/2.0 200
                                                                                                                                                cache-control: public, max-age=2592000
                                                                                                                                                content-length: 383560
                                                                                                                                                content-type: image/jpeg
                                                                                                                                                x-cache: TCP_HIT
                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                access-control-allow-headers: *
                                                                                                                                                access-control-allow-methods: GET, POST, OPTIONS
                                                                                                                                                timing-allow-origin: *
                                                                                                                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                x-msedge-ref: Ref A: 05FE8842ED694AC7A87AE038A77154B8 Ref B: LON04EDGE1121 Ref C: 2024-08-23T14:21:46Z
                                                                                                                                                date: Fri, 23 Aug 2024 14:21:45 GMT
                                                                                                                                              • 150.171.27.10:443
                                                                                                                                                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=
                                                                                                                                                tls, http2
                                                                                                                                                backgroundTaskHost.exe
                                                                                                                                                2.2kB
                                                                                                                                                9.3kB
                                                                                                                                                23
                                                                                                                                                19

                                                                                                                                                HTTP Request

                                                                                                                                                GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

                                                                                                                                                HTTP Response

                                                                                                                                                204

                                                                                                                                                HTTP Request

                                                                                                                                                GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

                                                                                                                                                HTTP Response

                                                                                                                                                204

                                                                                                                                                HTTP Request

                                                                                                                                                GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=

                                                                                                                                                HTTP Response

                                                                                                                                                204
                                                                                                                                              • 60.190.222.139:80
                                                                                                                                                bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe
                                                                                                                                                156 B
                                                                                                                                                3
                                                                                                                                              • 150.171.27.10:443
                                                                                                                                                tse1.mm.bing.net
                                                                                                                                                tls, http2
                                                                                                                                                1.2kB
                                                                                                                                                6.9kB
                                                                                                                                                15
                                                                                                                                                13
                                                                                                                                              • 150.171.27.10:443
                                                                                                                                                tse1.mm.bing.net
                                                                                                                                                tls, http2
                                                                                                                                                1.2kB
                                                                                                                                                6.9kB
                                                                                                                                                15
                                                                                                                                                13
                                                                                                                                              • 150.171.27.10:443
                                                                                                                                                tse1.mm.bing.net
                                                                                                                                                tls, http2
                                                                                                                                                1.2kB
                                                                                                                                                6.9kB
                                                                                                                                                15
                                                                                                                                                13
                                                                                                                                              • 150.171.27.10:443
                                                                                                                                                https://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                                                                                                                                tls, http2
                                                                                                                                                75.7kB
                                                                                                                                                2.2MB
                                                                                                                                                1592
                                                                                                                                                1589

                                                                                                                                                HTTP Request

                                                                                                                                                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301292_1GDVMD25ARDBL3246&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                                                                                                                                HTTP Request

                                                                                                                                                GET https://tse1.mm.bing.net/th?id=OADD2.10239360615986_1M5N6Y5ACPFWCCI4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                                                                                                                                HTTP Request

                                                                                                                                                GET https://tse1.mm.bing.net/th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                                                                                                                                HTTP Request

                                                                                                                                                GET https://tse1.mm.bing.net/th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                                                                                                                                HTTP Request

                                                                                                                                                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301701_11UGRWY4Y5ZEF3873&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                                                                                                                                HTTP Response

                                                                                                                                                200

                                                                                                                                                HTTP Response

                                                                                                                                                200

                                                                                                                                                HTTP Response

                                                                                                                                                200

                                                                                                                                                HTTP Response

                                                                                                                                                200

                                                                                                                                                HTTP Response

                                                                                                                                                200

                                                                                                                                                HTTP Request

                                                                                                                                                GET https://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                                                                                                                                HTTP Response

                                                                                                                                                200
                                                                                                                                              • 150.171.27.10:443
                                                                                                                                                tse1.mm.bing.net
                                                                                                                                                tls, http2
                                                                                                                                                1.2kB
                                                                                                                                                6.9kB
                                                                                                                                                16
                                                                                                                                                14
                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                8.8.8.8.in-addr.arpa
                                                                                                                                                dns
                                                                                                                                                Dnscache
                                                                                                                                                66 B
                                                                                                                                                90 B
                                                                                                                                                1
                                                                                                                                                1

                                                                                                                                                DNS Request

                                                                                                                                                8.8.8.8.in-addr.arpa

                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                ilo.brenz.pl
                                                                                                                                                dns
                                                                                                                                                bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe
                                                                                                                                                58 B
                                                                                                                                                58 B
                                                                                                                                                1
                                                                                                                                                1

                                                                                                                                                DNS Request

                                                                                                                                                ilo.brenz.pl

                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                ant.trenz.pl
                                                                                                                                                dns
                                                                                                                                                bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe
                                                                                                                                                58 B
                                                                                                                                                58 B
                                                                                                                                                1
                                                                                                                                                1

                                                                                                                                                DNS Request

                                                                                                                                                ant.trenz.pl

                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                g.bing.com
                                                                                                                                                dns
                                                                                                                                                Dnscache
                                                                                                                                                56 B
                                                                                                                                                148 B
                                                                                                                                                1
                                                                                                                                                1

                                                                                                                                                DNS Request

                                                                                                                                                g.bing.com

                                                                                                                                                DNS Response

                                                                                                                                                150.171.27.10
                                                                                                                                                150.171.28.10

                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                196.249.167.52.in-addr.arpa
                                                                                                                                                dns
                                                                                                                                                Dnscache
                                                                                                                                                73 B
                                                                                                                                                147 B
                                                                                                                                                1
                                                                                                                                                1

                                                                                                                                                DNS Request

                                                                                                                                                196.249.167.52.in-addr.arpa

                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                45.56.20.217.in-addr.arpa
                                                                                                                                                dns
                                                                                                                                                Dnscache
                                                                                                                                                71 B
                                                                                                                                                131 B
                                                                                                                                                1
                                                                                                                                                1

                                                                                                                                                DNS Request

                                                                                                                                                45.56.20.217.in-addr.arpa

                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                71.159.190.20.in-addr.arpa
                                                                                                                                                dns
                                                                                                                                                Dnscache
                                                                                                                                                72 B
                                                                                                                                                158 B
                                                                                                                                                1
                                                                                                                                                1

                                                                                                                                                DNS Request

                                                                                                                                                71.159.190.20.in-addr.arpa

                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                95.221.229.192.in-addr.arpa
                                                                                                                                                dns
                                                                                                                                                Dnscache
                                                                                                                                                73 B
                                                                                                                                                144 B
                                                                                                                                                1
                                                                                                                                                1

                                                                                                                                                DNS Request

                                                                                                                                                95.221.229.192.in-addr.arpa

                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                13.86.106.20.in-addr.arpa
                                                                                                                                                dns
                                                                                                                                                Dnscache
                                                                                                                                                71 B
                                                                                                                                                157 B
                                                                                                                                                1
                                                                                                                                                1

                                                                                                                                                DNS Request

                                                                                                                                                13.86.106.20.in-addr.arpa

                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                86.23.85.13.in-addr.arpa
                                                                                                                                                dns
                                                                                                                                                Dnscache
                                                                                                                                                70 B
                                                                                                                                                144 B
                                                                                                                                                1
                                                                                                                                                1

                                                                                                                                                DNS Request

                                                                                                                                                86.23.85.13.in-addr.arpa

                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                171.39.242.20.in-addr.arpa
                                                                                                                                                dns
                                                                                                                                                Dnscache
                                                                                                                                                72 B
                                                                                                                                                158 B
                                                                                                                                                1
                                                                                                                                                1

                                                                                                                                                DNS Request

                                                                                                                                                171.39.242.20.in-addr.arpa

                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                147.142.123.92.in-addr.arpa
                                                                                                                                                dns
                                                                                                                                                Dnscache
                                                                                                                                                73 B
                                                                                                                                                139 B
                                                                                                                                                1
                                                                                                                                                1

                                                                                                                                                DNS Request

                                                                                                                                                147.142.123.92.in-addr.arpa

                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                240.221.184.93.in-addr.arpa
                                                                                                                                                dns
                                                                                                                                                Dnscache
                                                                                                                                                73 B
                                                                                                                                                144 B
                                                                                                                                                1
                                                                                                                                                1

                                                                                                                                                DNS Request

                                                                                                                                                240.221.184.93.in-addr.arpa

                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                26.35.223.20.in-addr.arpa
                                                                                                                                                dns
                                                                                                                                                Dnscache
                                                                                                                                                213 B
                                                                                                                                                157 B
                                                                                                                                                3
                                                                                                                                                1

                                                                                                                                                DNS Request

                                                                                                                                                26.35.223.20.in-addr.arpa

                                                                                                                                                DNS Request

                                                                                                                                                26.35.223.20.in-addr.arpa

                                                                                                                                                DNS Request

                                                                                                                                                26.35.223.20.in-addr.arpa

                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                31.243.111.52.in-addr.arpa
                                                                                                                                                dns
                                                                                                                                                Dnscache
                                                                                                                                                72 B
                                                                                                                                                158 B
                                                                                                                                                1
                                                                                                                                                1

                                                                                                                                                DNS Request

                                                                                                                                                31.243.111.52.in-addr.arpa

                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                tse1.mm.bing.net
                                                                                                                                                dns
                                                                                                                                                Dnscache
                                                                                                                                                62 B
                                                                                                                                                170 B
                                                                                                                                                1
                                                                                                                                                1

                                                                                                                                                DNS Request

                                                                                                                                                tse1.mm.bing.net

                                                                                                                                                DNS Response

                                                                                                                                                150.171.27.10
                                                                                                                                                150.171.28.10

                                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                                              Replay Monitor

                                                                                                                                              Loading Replay Monitor...

                                                                                                                                              Downloads

                                                                                                                                              • memory/3444-0-0x0000000001000000-0x000000000101C000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                112KB

                                                                                                                                              • memory/3444-1-0x0000000077CE2000-0x0000000077CE3000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/3444-3-0x0000000077CE3000-0x0000000077CE4000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/3444-2-0x000000007FE40000-0x000000007FE4C000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                48KB

                                                                                                                                              • memory/3444-4-0x000000007FE40000-0x000000007FE4C000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                48KB

                                                                                                                                              • memory/3444-5-0x000000007FE40000-0x000000007FE4C000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                48KB

                                                                                                                                              • memory/3444-7-0x0000000001000000-0x000000000101C000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                112KB

                                                                                                                                              We care about your privacy.

                                                                                                                                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.