Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

3db2660d7c...17.exe

windows7-x64

10

3db2660d7c...17.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    200s
  • max time network
    214s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/01/2024, 19:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3db2660d7cffcb682ce00e0bde927517.exe

  • Size

    860KB

  • MD5

    3db2660d7cffcb682ce00e0bde927517

  • SHA1

    91c05b98597758c8f37c84f0addb074457ebee34

  • SHA256

    514955742584b4b75e5c21274ed9b8f44baac47f1eac8939b35928ecff930710

  • SHA512

    850f0f33032f16a090e09249a0671756ab341493a9e220587b5cf9b9d1f697e187c0bea49dd7f2a4c53c6deda8618674b48da5ebe6e7c1b7addfced99b6490c0

  • SSDEEP

    12288:720LBewQKm0Ih+F2k2dVEqoGO2p4W/pSbhrwzrW90ivPG1AnvBMhxKy3C5imMdM3:7xBeCLIE+PoGO26cEmy0ivOa5aC0mAw

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3db2660d7cffcb682ce00e0bde927517.exe
    "C:\Users\Admin\AppData\Local\Temp\3db2660d7cffcb682ce00e0bde927517.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Users\Admin\AppData\Local\Temp\3db2660d7cffcb682ce00e0bde927517.exe
      2⤵
        PID:3132
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 480
        2⤵
        • Program crash
        PID:5060
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2372 -ip 2372
      1⤵
        PID:4040

      Network

      • flag-us
        DNS
        178.223.142.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        178.223.142.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        16.234.44.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        16.234.44.23.in-addr.arpa
        IN PTR
        Response
        16.234.44.23.in-addr.arpa
        IN PTR
        a23-44-234-16deploystaticakamaitechnologiescom
      • flag-us
        DNS
        158.240.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        158.240.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        158.240.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        158.240.127.40.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        26.165.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.165.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.165.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.165.165.52.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        5.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        5.179.17.96.in-addr.arpa
        IN PTR
        Response
        5.179.17.96.in-addr.arpa
        IN PTR
        a96-17-179-5deploystaticakamaitechnologiescom
      • flag-us
        DNS
        5.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        5.179.17.96.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        5.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        5.179.17.96.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        21.53.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        21.53.126.40.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        21.53.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        21.53.126.40.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        21.53.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        21.53.126.40.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        21.53.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        21.53.126.40.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        21.53.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        21.53.126.40.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        18.31.95.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.31.95.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        18.31.95.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.31.95.13.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        28.160.77.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        28.160.77.104.in-addr.arpa
        IN PTR
        Response
        28.160.77.104.in-addr.arpa
        IN PTR
        a104-77-160-28deploystaticakamaitechnologiescom
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.a-0001.a-msedge.net
        g-bing-com.a-0001.a-msedge.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=3932F85FD58460190F6AEBA6D43F61F2; domain=.bing.com; expires=Sat, 25-Jan-2025 19:37:14 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: A09176A0F3284767B2D9810F84842325 Ref B: LON04EDGE0817 Ref C: 2024-01-01T19:37:14Z
        date: Mon, 01 Jan 2024 19:37:14 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=3932F85FD58460190F6AEBA6D43F61F2
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=9X2O_BM44YSdw9Napqn6MZb9Md_KRTJ6Phvc_ZVNseo; domain=.bing.com; expires=Sat, 25-Jan-2025 19:37:16 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 4ECBB6972B274E7888F5AFAB13ADDB40 Ref B: LON04EDGE0817 Ref C: 2024-01-01T19:37:16Z
        date: Mon, 01 Jan 2024 19:37:15 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=3932F85FD58460190F6AEBA6D43F61F2; MSPTC=9X2O_BM44YSdw9Napqn6MZb9Md_KRTJ6Phvc_ZVNseo
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 734C210E2B1B406EB634975A26CFE8F5 Ref B: LON04EDGE0817 Ref C: 2024-01-01T19:37:16Z
        date: Mon, 01 Jan 2024 19:37:15 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=390a9b34e8f04bdc848f64a0c142c221&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=390a9b34e8f04bdc848f64a0c142c221&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=3932F85FD58460190F6AEBA6D43F61F2; MSPTC=9X2O_BM44YSdw9Napqn6MZb9Md_KRTJ6Phvc_ZVNseo
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: A54F933AF2FB424AAF62504B094EE38E Ref B: LON04EDGE0817 Ref C: 2024-01-01T19:37:30Z
        date: Mon, 01 Jan 2024 19:37:30 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=390a9b34e8f04bdc848f64a0c142c221&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=390a9b34e8f04bdc848f64a0c142c221&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=3932F85FD58460190F6AEBA6D43F61F2; MSPTC=9X2O_BM44YSdw9Napqn6MZb9Md_KRTJ6Phvc_ZVNseo
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 11FBADD3F206426397AE60CBC6B4B581 Ref B: LON04EDGE0817 Ref C: 2024-01-01T19:37:30Z
        date: Mon, 01 Jan 2024 19:37:30 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=390a9b34e8f04bdc848f64a0c142c221&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=390a9b34e8f04bdc848f64a0c142c221&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=3932F85FD58460190F6AEBA6D43F61F2; MSPTC=9X2O_BM44YSdw9Napqn6MZb9Md_KRTJ6Phvc_ZVNseo
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 25E681C300DE4787AD67DB4E669F53DA Ref B: LON04EDGE0817 Ref C: 2024-01-01T19:37:30Z
        date: Mon, 01 Jan 2024 19:37:30 GMT
      • flag-us
        DNS
        200.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.197.79.204.in-addr.arpa
        IN PTR
        Response
        200.197.79.204.in-addr.arpa
        IN PTR
        a-0001a-msedgenet
      • flag-us
        DNS
        9.228.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        9.228.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        9.228.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        9.228.82.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        58.99.105.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        58.99.105.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301095_1DVS21CWR8N49JQ44&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301095_1DVS21CWR8N49JQ44&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 328898
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: F8ADF9B988484005BB302CD7DEACBEE4 Ref B: LON04EDGE1010 Ref C: 2024-01-01T19:37:24Z
        date: Mon, 01 Jan 2024 19:37:24 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301528_1GXBJ11CWSVGL69Z6&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301528_1GXBJ11CWSVGL69Z6&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 475808
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 6AC9217B6C064DC0898C740C0B12BB74 Ref B: LON04EDGE1010 Ref C: 2024-01-01T19:37:24Z
        date: Mon, 01 Jan 2024 19:37:24 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301384_1HQXQBTAMSF7ILYA2&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301384_1HQXQBTAMSF7ILYA2&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 455761
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 20E062616C7A4174AC918C1D7D767D59 Ref B: LON04EDGE1010 Ref C: 2024-01-01T19:37:24Z
        date: Mon, 01 Jan 2024 19:37:24 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317300951_1DEESSRWOJQZD4FVQ&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317300951_1DEESSRWOJQZD4FVQ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 374984
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: BEA0677D413941E880FB4C0CD0EB65CD Ref B: LON04EDGE1010 Ref C: 2024-01-01T19:37:26Z
        date: Mon, 01 Jan 2024 19:37:26 GMT
      • flag-us
        DNS
        2.136.104.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.136.104.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        84.177.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        84.177.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        195.233.44.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        195.233.44.23.in-addr.arpa
        IN PTR
        Response
        195.233.44.23.in-addr.arpa
        IN PTR
        a23-44-233-195deploystaticakamaitechnologiescom
      • flag-us
        DNS
        195.233.44.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        195.233.44.23.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        195.233.44.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        195.233.44.23.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        29.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        29.179.17.96.in-addr.arpa
        IN PTR
        Response
        29.179.17.96.in-addr.arpa
        IN PTR
        a96-17-179-29deploystaticakamaitechnologiescom
      • flag-us
        DNS
        79.121.231.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        79.121.231.20.in-addr.arpa
        IN PTR
        Response
      • 204.79.197.200:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=390a9b34e8f04bdc848f64a0c142c221&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=
        tls, http2
        3.2kB
         10.6kB
         30
        26

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a3f19cfd800f473d8ec7729356566932&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=390a9b34e8f04bdc848f64a0c142c221&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=390a9b34e8f04bdc848f64a0c142c221&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=390a9b34e8f04bdc848f64a0c142c221&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=

        HTTP Response

        204
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239317300951_1DEESSRWOJQZD4FVQ&pid=21.2&w=1920&h=1080&c=4
        tls, http2
        32.3kB
         836.2kB
         616
        609

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301095_1DVS21CWR8N49JQ44&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301528_1GXBJ11CWSVGL69Z6&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301384_1HQXQBTAMSF7ILYA2&pid=21.2&w=1080&h=1920&c=4

        HTTP Response

        200

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317300951_1DEESSRWOJQZD4FVQ&pid=21.2&w=1920&h=1080&c=4

        HTTP Response

        200

        HTTP Response

        200
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.3kB
         8.7kB
         17
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.3kB
         8.7kB
         17
        15
      • 8.8.8.8:53
        178.223.142.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        178.223.142.52.in-addr.arpa

      • 8.8.8.8:53
        16.234.44.23.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        16.234.44.23.in-addr.arpa

      • 8.8.8.8:53
        158.240.127.40.in-addr.arpa
        dns
        146 B
         147 B
         2
        1

        DNS Request

        158.240.127.40.in-addr.arpa

        DNS Request

        158.240.127.40.in-addr.arpa

      • 8.8.8.8:53
        26.165.165.52.in-addr.arpa
        dns
        144 B
         146 B
         2
        1

        DNS Request

        26.165.165.52.in-addr.arpa

        DNS Request

        26.165.165.52.in-addr.arpa

      • 8.8.8.8:53
        5.179.17.96.in-addr.arpa
        dns
        210 B
         133 B
         3
        1

        DNS Request

        5.179.17.96.in-addr.arpa

        DNS Request

        5.179.17.96.in-addr.arpa

        DNS Request

        5.179.17.96.in-addr.arpa

      • 8.8.8.8:53
        21.53.126.40.in-addr.arpa
        dns
        355 B
         5

        DNS Request

        21.53.126.40.in-addr.arpa

        DNS Request

        21.53.126.40.in-addr.arpa

        DNS Request

        21.53.126.40.in-addr.arpa

        DNS Request

        21.53.126.40.in-addr.arpa

        DNS Request

        21.53.126.40.in-addr.arpa

      • 8.8.8.8:53
        18.31.95.13.in-addr.arpa
        dns
        140 B
         144 B
         2
        1

        DNS Request

        18.31.95.13.in-addr.arpa

        DNS Request

        18.31.95.13.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        28.160.77.104.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        28.160.77.104.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        112 B
         158 B
         2
        1

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        200.197.79.204.in-addr.arpa
        dns
        73 B
         106 B
         1
        1

        DNS Request

        200.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        9.228.82.20.in-addr.arpa
        dns
        140 B
         156 B
         2
        1

        DNS Request

        9.228.82.20.in-addr.arpa

        DNS Request

        9.228.82.20.in-addr.arpa

      • 8.8.8.8:53
        58.99.105.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        58.99.105.20.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
         173 B
         1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        2.136.104.51.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        2.136.104.51.in-addr.arpa

      • 8.8.8.8:53
        84.177.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        84.177.190.20.in-addr.arpa

      • 8.8.8.8:53
        195.233.44.23.in-addr.arpa
        dns
        216 B
         137 B
         3
        1

        DNS Request

        195.233.44.23.in-addr.arpa

        DNS Request

        195.233.44.23.in-addr.arpa

        DNS Request

        195.233.44.23.in-addr.arpa

      • 8.8.8.8:53
        29.179.17.96.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        29.179.17.96.in-addr.arpa

      • 8.8.8.8:53
        79.121.231.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        79.121.231.20.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2372-0-0x0000000005630000-0x0000000005640000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2372-1-0x0000000005650000-0x0000000005660000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2372-2-0x0000000005670000-0x0000000005680000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2372-3-0x0000000005680000-0x0000000005690000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2372-4-0x0000000005690000-0x00000000056A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2372-5-0x00000000056A0000-0x00000000056B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2372-6-0x00000000056B0000-0x00000000056C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2372-7-0x00000000056C0000-0x00000000056D0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2372-8-0x00000000056D0000-0x00000000056E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2372-9-0x0000000005F30000-0x0000000005F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2372-10-0x0000000005F40000-0x0000000005F50000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2372-11-0x0000000005F50000-0x0000000005F60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2372-12-0x0000000005F60000-0x0000000005F70000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2372-13-0x0000000005F70000-0x0000000005F80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2372-14-0x0000000005F90000-0x0000000005FA0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2372-15-0x0000000005FA0000-0x0000000005FB0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2372-16-0x0000000005FB0000-0x0000000005FC0000-memory.dmp

        Filesize

        64KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.