Analysis
-
max time kernel
136s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
23/08/2024, 14:19 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe
Resource
win7-20240708-en
5 signatures
150 seconds
General
-
Target
bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe
-
Size
98KB
-
MD5
bc15484a064315cb851d53d068b8e831
-
SHA1
4c7946b957ba583282c0ad7d17894c095e86c64a
-
SHA256
0714c0f5525eea75a69bd0ee64e1de449a58995af644bebc904a5ea2e98cedc5
-
SHA512
f2c96ba7cb2b3f095d8f5a11462c9ed89cdbd44e8cf602e8d79d8b96efc9d0ce5365c0ec33df2a84e0add191ea81d6083300ef7d02b3dfbdd62a047c41ef1025
-
SSDEEP
3072:iMkpGNVvCo2ki7N9wu/uW+E2bgFs/9fjkRkprYY97S:pN8nu61FsVfYRgY6S
Malware Config
Signatures
-
Modifies firewall policy service 3 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Local\Temp\bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe:*:enabled:@shell32.dll,-1" bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe -
Suspicious behavior: MapViewOfSection 64 IoCs
pid Process 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3444 wrote to memory of 620 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 5 PID 3444 wrote to memory of 620 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 5 PID 3444 wrote to memory of 620 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 5 PID 3444 wrote to memory of 620 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 5 PID 3444 wrote to memory of 620 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 5 PID 3444 wrote to memory of 620 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 5 PID 3444 wrote to memory of 680 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 7 PID 3444 wrote to memory of 680 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 7 PID 3444 wrote to memory of 680 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 7 PID 3444 wrote to memory of 680 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 7 PID 3444 wrote to memory of 680 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 7 PID 3444 wrote to memory of 680 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 7 PID 3444 wrote to memory of 772 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 8 PID 3444 wrote to memory of 772 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 8 PID 3444 wrote to memory of 772 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 8 PID 3444 wrote to memory of 772 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 8 PID 3444 wrote to memory of 772 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 8 PID 3444 wrote to memory of 772 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 8 PID 3444 wrote to memory of 776 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 9 PID 3444 wrote to memory of 776 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 9 PID 3444 wrote to memory of 776 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 9 PID 3444 wrote to memory of 776 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 9 PID 3444 wrote to memory of 776 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 9 PID 3444 wrote to memory of 776 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 9 PID 3444 wrote to memory of 796 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 10 PID 3444 wrote to memory of 796 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 10 PID 3444 wrote to memory of 796 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 10 PID 3444 wrote to memory of 796 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 10 PID 3444 wrote to memory of 796 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 10 PID 3444 wrote to memory of 796 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 10 PID 3444 wrote to memory of 912 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 11 PID 3444 wrote to memory of 912 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 11 PID 3444 wrote to memory of 912 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 11 PID 3444 wrote to memory of 912 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 11 PID 3444 wrote to memory of 912 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 11 PID 3444 wrote to memory of 912 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 11 PID 3444 wrote to memory of 960 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 12 PID 3444 wrote to memory of 960 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 12 PID 3444 wrote to memory of 960 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 12 PID 3444 wrote to memory of 960 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 12 PID 3444 wrote to memory of 960 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 12 PID 3444 wrote to memory of 960 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 12 PID 3444 wrote to memory of 380 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 13 PID 3444 wrote to memory of 380 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 13 PID 3444 wrote to memory of 380 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 13 PID 3444 wrote to memory of 380 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 13 PID 3444 wrote to memory of 380 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 13 PID 3444 wrote to memory of 380 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 13 PID 3444 wrote to memory of 472 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 14 PID 3444 wrote to memory of 472 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 14 PID 3444 wrote to memory of 472 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 14 PID 3444 wrote to memory of 472 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 14 PID 3444 wrote to memory of 472 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 14 PID 3444 wrote to memory of 472 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 14 PID 3444 wrote to memory of 956 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 15 PID 3444 wrote to memory of 956 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 15 PID 3444 wrote to memory of 956 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 15 PID 3444 wrote to memory of 956 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 15 PID 3444 wrote to memory of 956 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 15 PID 3444 wrote to memory of 956 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 15 PID 3444 wrote to memory of 1072 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 16 PID 3444 wrote to memory of 1072 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 16 PID 3444 wrote to memory of 1072 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 16 PID 3444 wrote to memory of 1072 3444 bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe 16
Processes
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵PID:620
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"2⤵PID:772
-
-
C:\Windows\system32\dwm.exe"dwm.exe"2⤵PID:380
-
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe1⤵PID:680
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"1⤵PID:776
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p1⤵PID:796
-
C:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\unsecapp.exe -Embedding2⤵PID:2428
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}2⤵PID:3764
-
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca2⤵PID:3852
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵PID:3920
-
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca2⤵PID:4004
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵PID:3612
-
-
C:\Windows\system32\SppExtComObj.exeC:\Windows\system32\SppExtComObj.exe -Embedding2⤵PID:3600
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}2⤵PID:5048
-
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca2⤵PID:4812
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding2⤵PID:1036
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca2⤵PID:3544
-
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca2⤵PID:4844
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS -p1⤵PID:912
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM1⤵PID:960
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc1⤵PID:472
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts1⤵PID:956
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService1⤵PID:1072
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc1⤵PID:1080
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule1⤵PID:1132
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}2⤵PID:2492
-
-
C:\Windows\system32\MusNotification.exeC:\Windows\system32\MusNotification.exe2⤵PID:3256
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p1⤵PID:1148
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog1⤵PID:1176
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc1⤵PID:1268
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s nsi1⤵PID:1288
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc1⤵PID:1368
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp1⤵PID:1388
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager1⤵PID:1408
-
C:\Windows\system32\sihost.exesihost.exe2⤵PID:2832
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem1⤵PID:1548
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s Themes1⤵PID:1560
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc1⤵PID:1636
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s SENS1⤵PID:1684
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder1⤵PID:1764
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalService -p -s netprofm1⤵PID:1788
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p1⤵PID:1844
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache1⤵PID:1912
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p1⤵PID:1920
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection1⤵PID:1976
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository1⤵PID:2012
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe1⤵PID:2072
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p1⤵PID:2104
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation1⤵PID:2160
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt1⤵PID:2196
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc1⤵PID:2304
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT1⤵PID:2448
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent1⤵PID:2456
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc1⤵PID:2684
-
C:\Windows\sysmon.exeC:\Windows\sysmon.exe1⤵PID:2740
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer1⤵PID:2748
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService1⤵PID:2760
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks1⤵PID:2768
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵PID:2864
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker1⤵PID:2128
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc1⤵PID:3360
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3452
-
C:\Users\Admin\AppData\Local\Temp\bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\bc15484a064315cb851d53d068b8e831_JaffaCakes118.exe"2⤵
- Modifies firewall policy service
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3444
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵PID:3584
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc1⤵PID:1156
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV1⤵PID:2656
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc1⤵PID:1044
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service1⤵PID:1884
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager1⤵PID:2376
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc1⤵PID:2288
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc1⤵PID:4760
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Requestilo.brenz.plIN AResponse
-
Remote address:8.8.8.8:53Requestant.trenz.plIN AResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.ax-0001.ax-msedge.netg-bing-com.ax-0001.ax-msedge.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.27.10ax-0001.ax-msedge.netIN A150.171.28.10
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=backgroundTaskHost.exeRemote address:150.171.27.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1AA4CD1CE67165B01A37D9F8E7566477; domain=.bing.com; expires=Wed, 17-Sep-2025 14:20:04 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E2ACBA8C27A44110B03F962D3AAE87B2 Ref B: LON04EDGE0714 Ref C: 2024-08-23T14:20:04Z
date: Fri, 23 Aug 2024 14:20:03 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=backgroundTaskHost.exeRemote address:150.171.27.10:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1AA4CD1CE67165B01A37D9F8E7566477
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=eZsgpV2o5r1CSl5GEV7z_bIUNUFJ0E8rJRvGDs7W_Hc; domain=.bing.com; expires=Wed, 17-Sep-2025 14:20:04 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3D6609AA1EAD441787D0236E320718BF Ref B: LON04EDGE0714 Ref C: 2024-08-23T14:20:04Z
date: Fri, 23 Aug 2024 14:20:03 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=backgroundTaskHost.exeRemote address:150.171.27.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1AA4CD1CE67165B01A37D9F8E7566477; MSPTC=eZsgpV2o5r1CSl5GEV7z_bIUNUFJ0E8rJRvGDs7W_Hc
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 310ED9536D4044B9B66848CEC67BCA42 Ref B: LON04EDGE0714 Ref C: 2024-08-23T14:20:04Z
date: Fri, 23 Aug 2024 14:20:03 GMT
-
Remote address:8.8.8.8:53Request196.249.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request45.56.20.217.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request71.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request171.39.242.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request147.142.123.92.in-addr.arpaIN PTRResponse147.142.123.92.in-addr.arpaIN PTRa92-123-142-147deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request31.243.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.27.10ax-0001.ax-msedge.netIN A150.171.28.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301292_1GDVMD25ARDBL3246&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239317301292_1GDVMD25ARDBL3246&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 248362
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CA4818DAC0874EB8B2F2733D098AB8F6 Ref B: LON04EDGE1121 Ref C: 2024-08-23T14:21:45Z
date: Fri, 23 Aug 2024 14:21:45 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360615986_1M5N6Y5ACPFWCCI4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239360615986_1M5N6Y5ACPFWCCI4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 432965
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A5D0B1EF8DE649F39D9A2E59DAEAC181 Ref B: LON04EDGE1121 Ref C: 2024-08-23T14:21:45Z
date: Fri, 23 Aug 2024 14:21:45 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 305259
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 19B9DE95319F4A6EAE8F5CEC64443838 Ref B: LON04EDGE1121 Ref C: 2024-08-23T14:21:45Z
date: Fri, 23 Aug 2024 14:21:45 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 258855
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 008CCD9F360840C088F5D4CF2DC1E274 Ref B: LON04EDGE1121 Ref C: 2024-08-23T14:21:45Z
date: Fri, 23 Aug 2024 14:21:45 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301701_11UGRWY4Y5ZEF3873&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239317301701_11UGRWY4Y5ZEF3873&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 475434
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BA30274AE7674CACAC1EFD549A89BC9C Ref B: LON04EDGE1121 Ref C: 2024-08-23T14:21:45Z
date: Fri, 23 Aug 2024 14:21:45 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 383560
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 05FE8842ED694AC7A87AE038A77154B8 Ref B: LON04EDGE1121 Ref C: 2024-08-23T14:21:46Z
date: Fri, 23 Aug 2024 14:21:45 GMT
-
150.171.27.10:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=tls, http2backgroundTaskHost.exe2.2kB 9.3kB 23 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9b2feaaf4736429397b8cc17ed08430a&localId=w:F595C12A-38F0-79CD-7666-DE379BE74C7C&deviceId=6966569430194623&anid=HTTP Response
204 -
156 B 3
-
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
150.171.27.10:443https://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http275.7kB 2.2MB 1592 1589
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301292_1GDVMD25ARDBL3246&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360615986_1M5N6Y5ACPFWCCI4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301701_11UGRWY4Y5ZEF3873&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 6.9kB 16 14
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
58 B 58 B 1 1
DNS Request
ilo.brenz.pl
-
58 B 58 B 1 1
DNS Request
ant.trenz.pl
-
56 B 148 B 1 1
DNS Request
g.bing.com
DNS Response
150.171.27.10150.171.28.10
-
73 B 147 B 1 1
DNS Request
196.249.167.52.in-addr.arpa
-
71 B 131 B 1 1
DNS Request
45.56.20.217.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
71.159.190.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
86.23.85.13.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
171.39.242.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
147.142.123.92.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
213 B 157 B 3 1
DNS Request
26.35.223.20.in-addr.arpa
DNS Request
26.35.223.20.in-addr.arpa
DNS Request
26.35.223.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
31.243.111.52.in-addr.arpa
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.27.10150.171.28.10