Overview

overview

8

Static

static

8

a2b53f42f5...2b.xls

windows7-x64

3

a2b53f42f5...2b.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    43s
  • max time network
    44s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2025, 21:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a2b53f42f5ad5c5729fa8e52eca2f38c92db61776ee5c36ee86cf698b8ffbd2b.xls

  • Size

    346KB

  • MD5

    350be1c62fe1a576bae4a141dc960cf7

  • SHA1

    ebfc4316a986951403362b6cd2ac0676cfcf876d

  • SHA256

    a2b53f42f5ad5c5729fa8e52eca2f38c92db61776ee5c36ee86cf698b8ffbd2b

  • SHA512

    56f7e941be1caa2f0b1c75b05a2bdd2f26b559cb9d8e895af274b5306b3d3e994dbc89be72dd710414145931537ebcdafe9396e3d49d02d466b5b679f8fa67a5

  • SSDEEP

    6144:MxEtjPOtioVjZUGGnwfDlavx+/xoY4GPOJ4FNaCpRFd+y0vS2e2AdPhFZtNl+8:spTdZt2fw3m

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\a2b53f42f5ad5c5729fa8e52eca2f38c92db61776ee5c36ee86cf698b8ffbd2b.xls"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:700

Network

  • flag-us
    DNS
    roaming.officeapps.live.com
    EXCEL.EXE
    Remote address:
    8.8.8.8:53
    Request
    roaming.officeapps.live.com
    IN A
    Response
    roaming.officeapps.live.com
    IN CNAME
    prod.roaming1.live.com.akadns.net
    prod.roaming1.live.com.akadns.net
    IN CNAME
    eur.roaming1.live.com.akadns.net
    eur.roaming1.live.com.akadns.net
    IN CNAME
    neu-azsc-000.roaming.officeapps.live.com
    neu-azsc-000.roaming.officeapps.live.com
    IN CNAME
    osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com
    osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com
    IN A
    52.109.76.243
  • flag-ie
    POST
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    EXCEL.EXE
    Remote address:
    52.109.76.243:443
    Request
    POST /rs/RoamingSoapService.svc HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/xml; charset=utf-8
    User-Agent: MS-WebServices/1.0
    SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
    Content-Length: 511
    Host: roaming.officeapps.live.com
    Response
    HTTP/1.1 200 OK
    Cache-Control: private
    Content-Type: text/xml; charset=utf-8
    Server: Microsoft-IIS/10.0
    X-OfficeFE: RoamingFE_IN_480
    X-OfficeVersion: 16.0.18702.30575
    X-OfficeCluster: neu-000.roaming.officeapps.live.com
    Content-Security-Policy-Report-Only: script-src 'nonce-GOAGRVFy7LCTzCvykCCdnuHMFeN0a3LNftNNmzssLFcRT6+WSaahRwEofu39OxDbazrLh1XMn9Txco/CVrPGQ/Z2wKvoWeGg7KMVjc9ImL38mNMBrRGC2ucwhpBT2Y7BEYp9FkG5ps+47NOh3kQ8XnuPSfGpOc1sejfUbd9STco=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; base-uri 'self'; object-src 'none'; require-trusted-types-for 'script'; report-uri https://csp.microsoft.com/report/OfficeIce-OfficeRoaming-Prod; frame-ancestors 'none';
    X-Frame-Options: Deny
    X-CorrelationId: c501d58a-2fe4-4d2a-b5f1-3249c7ea421e
    X-Powered-By: ASP.NET
    Date: Wed, 12 Mar 2025 21:51:22 GMT
    Content-Length: 654
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea16ca784c04497abede2825737e02ff&localId=w:7D2DA659-8646-0C47-4810-EF0D7A5C986B&deviceId=6966575319729917&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea16ca784c04497abede2825737e02ff&localId=w:7D2DA659-8646-0C47-4810-EF0D7A5C986B&deviceId=6966575319729917&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=24DC5A3871106EB60E0C4F9570BC6F17; domain=.bing.com; expires=Mon, 06-Apr-2026 21:51:25 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 94A6A25C1CB74D87AC8E21148B070E03 Ref B: FRA31EDGE0116 Ref C: 2025-03-12T21:51:25Z
    date: Wed, 12 Mar 2025 21:51:25 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ea16ca784c04497abede2825737e02ff&localId=w:7D2DA659-8646-0C47-4810-EF0D7A5C986B&deviceId=6966575319729917&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ea16ca784c04497abede2825737e02ff&localId=w:7D2DA659-8646-0C47-4810-EF0D7A5C986B&deviceId=6966575319729917&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=24DC5A3871106EB60E0C4F9570BC6F17
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=Ot9qPGdA8WP4qhoA7RsW3fcbG6Ww-6XBdkwmbx7B6Jk; domain=.bing.com; expires=Mon, 06-Apr-2026 21:51:25 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 008C1A88D88A491E9CC424999D52B438 Ref B: FRA31EDGE0116 Ref C: 2025-03-12T21:51:25Z
    date: Wed, 12 Mar 2025 21:51:25 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea16ca784c04497abede2825737e02ff&localId=w:7D2DA659-8646-0C47-4810-EF0D7A5C986B&deviceId=6966575319729917&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea16ca784c04497abede2825737e02ff&localId=w:7D2DA659-8646-0C47-4810-EF0D7A5C986B&deviceId=6966575319729917&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=24DC5A3871106EB60E0C4F9570BC6F17; MSPTC=Ot9qPGdA8WP4qhoA7RsW3fcbG6Ww-6XBdkwmbx7B6Jk
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: FDAF348459D4446290FA13EFA1F14145 Ref B: FRA31EDGE0116 Ref C: 2025-03-12T21:51:25Z
    date: Wed, 12 Mar 2025 21:51:25 GMT
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418543_1PQIQEA9PYCCTOZ9T&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418543_1PQIQEA9PYCCTOZ9T&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 748526
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 53096C5954F542F9977377A54CECFAAB Ref B: FRA31EDGE0513 Ref C: 2025-03-12T21:52:00Z
    date: Wed, 12 Mar 2025 21:51:59 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360607351_1LWNG3EPOKCB0ST8C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239360607351_1LWNG3EPOKCB0ST8C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 542449
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 728C585C3326421DB6205A409143B265 Ref B: FRA31EDGE0513 Ref C: 2025-03-12T21:52:00Z
    date: Wed, 12 Mar 2025 21:51:59 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239357448969_167ANDP278VEQSWN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239357448969_167ANDP278VEQSWN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 513505
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 699EECF0A8804F0E9DEC8F4F1E6F27F4 Ref B: FRA31EDGE0513 Ref C: 2025-03-12T21:52:00Z
    date: Wed, 12 Mar 2025 21:51:59 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360607350_1DIIHMLKOJP4KM45O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239360607350_1DIIHMLKOJP4KM45O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 664785
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 01F9667BE1184E97902B5DA098FC83F1 Ref B: FRA31EDGE0513 Ref C: 2025-03-12T21:52:00Z
    date: Wed, 12 Mar 2025 21:51:59 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239357448970_1TNLOVSCGCA1OJSDO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239357448970_1TNLOVSCGCA1OJSDO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 475456
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F830A8A2DB15449791D8DB6FAEB799CF Ref B: FRA31EDGE0513 Ref C: 2025-03-12T21:52:00Z
    date: Wed, 12 Mar 2025 21:51:59 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418544_1U65HGUXV07UFEU5B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418544_1U65HGUXV07UFEU5B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 800536
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A397931020264408B3BBC49D3781DA0E Ref B: FRA31EDGE0513 Ref C: 2025-03-12T21:52:01Z
    date: Wed, 12 Mar 2025 21:52:00 GMT
  • 52.109.76.243:443
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    tls, http
    EXCEL.EXE
    1.8kB
     8.3kB
     12
    11

    HTTP Request

    POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

    HTTP Response

    200
  • 150.171.27.10:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea16ca784c04497abede2825737e02ff&localId=w:7D2DA659-8646-0C47-4810-EF0D7A5C986B&deviceId=6966575319729917&anid=
    tls, http2
    2.0kB
     9.3kB
     22
    18

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea16ca784c04497abede2825737e02ff&localId=w:7D2DA659-8646-0C47-4810-EF0D7A5C986B&deviceId=6966575319729917&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ea16ca784c04497abede2825737e02ff&localId=w:7D2DA659-8646-0C47-4810-EF0D7A5C986B&deviceId=6966575319729917&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea16ca784c04497abede2825737e02ff&localId=w:7D2DA659-8646-0C47-4810-EF0D7A5C986B&deviceId=6966575319729917&anid=

    HTTP Response

    204
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    12
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239340418544_1U65HGUXV07UFEU5B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    tls, http2
    136.0kB
     3.9MB
     2833
    2828

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418543_1PQIQEA9PYCCTOZ9T&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360607351_1LWNG3EPOKCB0ST8C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239357448969_167ANDP278VEQSWN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360607350_1DIIHMLKOJP4KM45O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239357448970_1TNLOVSCGCA1OJSDO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418544_1U65HGUXV07UFEU5B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    12
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 8.8.8.8:53
    roaming.officeapps.live.com
    dns
    EXCEL.EXE
    73 B
     248 B
     1
    1

    DNS Request

    roaming.officeapps.live.com

    DNS Response

    52.109.76.243

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     148 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/700-0-0x00007FFE27110000-0x00007FFE27120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/700-1-0x00007FFE6712D000-0x00007FFE6712E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/700-6-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/700-5-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/700-4-0x00007FFE27110000-0x00007FFE27120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/700-3-0x00007FFE27110000-0x00007FFE27120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/700-7-0x00007FFE27110000-0x00007FFE27120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/700-2-0x00007FFE27110000-0x00007FFE27120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/700-9-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/700-8-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/700-10-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/700-12-0x00007FFE24D50000-0x00007FFE24D60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/700-11-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/700-13-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/700-17-0x00007FFE24D50000-0x00007FFE24D60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/700-16-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/700-19-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/700-20-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/700-18-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/700-15-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/700-14-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/700-30-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/700-31-0x00007FFE6712D000-0x00007FFE6712E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/700-35-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

    Filesize

    2.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.