Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
01/11/2024, 20:26 UTC
Behavioral task
behavioral1
Sample
924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
Resource
win10v2004-20241007-en
General
-
Target
924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
-
Size
93KB
-
MD5
9da5a2d7e5dc56547b740fdcc9c135ce
-
SHA1
e203e130ff8e38e2108d9a362d3ac82b39102ba3
-
SHA256
924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277
-
SHA512
8ce0f84c24c2bc54ce5d2b4e70f88dc68b1be67b83c0670044f25e3881f2e3333737fd5cc51f120236f96ec7c98330f334028174549305981ce1d307d1b25efb
-
SSDEEP
768:OY3elnD9O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3isGW:AlxOx6baIa9RZj00ljEwzGi1dD+DIgS
Malware Config
Signatures
-
Modifies Windows Firewall 2 TTPs 3 IoCs
pid Process 1348 netsh.exe 436 netsh.exe 1820 netsh.exe -
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e851696be66464b14807383fe18b6d74Windows Update.exe 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e851696be66464b14807383fe18b6d74Windows Update.exe 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe -
Event Triggered Execution: Netsh Helper DLL 1 TTPs 9 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language netsh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language netsh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language netsh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe -
Suspicious use of AdjustPrivilegeToken 37 IoCs
description pid Process Token: SeDebugPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: 33 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe Token: SeIncBasePriorityPrivilege 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 3884 wrote to memory of 1820 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 87 PID 3884 wrote to memory of 1820 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 87 PID 3884 wrote to memory of 1820 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 87 PID 3884 wrote to memory of 1348 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 90 PID 3884 wrote to memory of 1348 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 90 PID 3884 wrote to memory of 1348 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 90 PID 3884 wrote to memory of 436 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 91 PID 3884 wrote to memory of 436 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 91 PID 3884 wrote to memory of 436 3884 924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe"C:\Users\Admin\AppData\Local\Temp\924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe"1⤵
- Drops startup file
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3884 -
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe" "924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe" ENABLE2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:1820
-
-
C:\Windows\SysWOW64\netsh.exenetsh firewall delete allowedprogram "C:\Users\Admin\AppData\Local\Temp\924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe"2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:1348
-
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe" "924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe" ENABLE2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:436
-
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.ax-0001.ax-msedge.netg-bing-com.ax-0001.ax-msedge.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2CB6C104F47D6E8D083DD42EF57B6F84; domain=.bing.com; expires=Wed, 26-Nov-2025 20:26:15 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 907DBA0C403E42B490DCDB328B2DD69B Ref B: LON601060108025 Ref C: 2024-11-01T20:26:15Z
date: Fri, 01 Nov 2024 20:26:14 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2CB6C104F47D6E8D083DD42EF57B6F84
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=SD70JZGxA0d9tBrM76bTgL_FedCEaADE8bhUarr501I; domain=.bing.com; expires=Wed, 26-Nov-2025 20:26:15 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4FA74CD888DB4AEF937AF30EB97463A6 Ref B: LON601060108025 Ref C: 2024-11-01T20:26:15Z
date: Fri, 01 Nov 2024 20:26:14 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2CB6C104F47D6E8D083DD42EF57B6F84; MSPTC=SD70JZGxA0d9tBrM76bTgL_FedCEaADE8bhUarr501I
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 89A0EC320F924A83A623F2CF7F8B584B Ref B: LON601060108025 Ref C: 2024-11-01T20:26:15Z
date: Fri, 01 Nov 2024 20:26:14 GMT
-
Remote address:8.8.8.8:53Request101.209.201.84.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request10.28.171.150.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request73.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.150.49.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.150.49.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request53.210.109.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.27.10ax-0001.ax-msedge.netIN A150.171.28.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360453660_1FJYLRXUGJ1KYC379&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239360453660_1FJYLRXUGJ1KYC379&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 632525
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2AE5B675549E48C88E8C6186A92F8853 Ref B: LON601060103054 Ref C: 2024-11-01T20:27:58Z
date: Fri, 01 Nov 2024 20:27:58 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418600_11EQ8QDR6IPB0F4AN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239340418600_11EQ8QDR6IPB0F4AN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 633835
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C0E4CF4F92AC48BE8A6424E7C4811D54 Ref B: LON601060103054 Ref C: 2024-11-01T20:27:58Z
date: Fri, 01 Nov 2024 20:27:58 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418599_1G42Z13GRT0FB3ANC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239340418599_1G42Z13GRT0FB3ANC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 405350
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E1C2B487E9F24AD6983A5BA45E79B7CE Ref B: LON601060103054 Ref C: 2024-11-01T20:27:58Z
date: Fri, 01 Nov 2024 20:27:58 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360453482_1OGQPWVCF77KWCMMI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239360453482_1OGQPWVCF77KWCMMI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 561868
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 78A3BD4398D6482FA56C89A6673501CD Ref B: LON601060103054 Ref C: 2024-11-01T20:27:58Z
date: Fri, 01 Nov 2024 20:27:58 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 771656
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 44F9EC4C7CA44AB893B460927C0AB139 Ref B: LON601060103054 Ref C: 2024-11-01T20:27:58Z
date: Fri, 01 Nov 2024 20:27:58 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 675336
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 14E56C3658824E529339C22B8A5BB710 Ref B: LON601060103054 Ref C: 2024-11-01T20:27:59Z
date: Fri, 01 Nov 2024 20:27:58 GMT
-
150.171.28.10:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=tls, http22.0kB 9.4kB 22 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=HTTP Response
204 -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
150.171.27.10:443https://tse1.mm.bing.net/th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http2149.8kB 3.8MB 2756 2748
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360453660_1FJYLRXUGJ1KYC379&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418600_11EQ8QDR6IPB0F4AN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418599_1G42Z13GRT0FB3ANC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360453482_1OGQPWVCF77KWCMMI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 6.9kB 16 13
-
1.2kB 6.9kB 16 13
-
1.2kB 6.9kB 16 13
-
1.2kB 6.9kB 15 13
-
-
-
-
-
-
-
-
-
-
-
-
56 B 148 B 1 1
DNS Request
g.bing.com
DNS Response
150.171.28.10150.171.27.10
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
73 B 133 B 1 1
DNS Request
101.209.201.84.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
10.28.171.150.in-addr.arpa
-
146 B 144 B 2 1
DNS Request
95.221.229.192.in-addr.arpa
DNS Request
95.221.229.192.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
73.159.190.20.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
241.150.49.20.in-addr.arpa
DNS Request
241.150.49.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
53.210.109.20.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
26.35.223.20.in-addr.arpa
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.27.10150.171.28.10
-