Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

3

数码照�...20.dll

windows7-x64

1

数码照�...20.dll

windows10-2004-x64

1

数码照�...11.dll

windows7-x64

1

数码照�...11.dll

windows10-2004-x64

1

数码照�...ge.exe

windows7-x64

1

数码照�...ge.exe

windows10-2004-x64

1

数码照�...le.rtf

windows7-x64

4

数码照�...le.rtf

windows10-2004-x64

1

CMDLGCHS.dll

windows7-x64

1

CMDLGCHS.dll

windows10-2004-x64

1

COMCAT.dll

windows7-x64

1

COMCAT.dll

windows10-2004-x64

COMDLG32.dll

windows7-x64

1

COMDLG32.dll

windows10-2004-x64

1

DAO350.dll

windows7-x64

1

DAO350.dll

windows10-2004-x64

1

GAPI32.dll

windows7-x64

3

GAPI32.dll

windows10-2004-x64

3

MSCMCCHS.dll

windows7-x64

1

MSCMCCHS.dll

windows10-2004-x64

1

MSJET35.dll

windows7-x64

1

MSJET35.dll

windows10-2004-x64

1

MSJINT35.dll

windows7-x64

1

MSJINT35.dll

windows10-2004-x64

1

MSJTER35.dll

windows7-x64

1

MSJTER35.dll

windows10-2004-x64

1

MSRD2X35.dll

windows7-x64

1

MSRD2X35.dll

windows10-2004-x64

1

MSRDO20.dll

windows7-x64

1

MSRDO20.dll

windows10-2004-x64

1

MSREPL35.dll

windows7-x64

1

MSREPL35.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2024, 01:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GAPI32.dll

  • Size

    81KB

  • MD5

    dca8111d07cadd143207fba3c2ca4b98

  • SHA1

    6a55144ded3f303fda2b4bb0cc0eea434a57ecb6

  • SHA256

    391827931ea7e6b709cc888ffd0c3eba99060ea51efadcb54586fcfc1ed73a61

  • SHA512

    56ca33657ecfc23037863ceedd5dd0d9fc2fe3c09ac3dbd679c095ad3daed26a3ac2f64ea9109c25422463f14ac122975abb78577d5cbe21a8a31df073e3dd3c

  • SSDEEP

    1536:BVEtEA12hHzCtpi2g0+zeNsfWs7gbxHc0kBCsy43mcIJUJ3huS:wtroGC2teWrxH70CsRmtJUJ3hT

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\GAPI32.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\GAPI32.dll,#1
      2⤵
        PID:2224
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 628
          3⤵
          • Program crash
          PID:2184
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2224 -ip 2224
      1⤵
        PID:3972
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3684 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:4700

        Network

        • flag-us
          DNS
          95.221.229.192.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          95.221.229.192.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          9.228.82.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          9.228.82.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          64.159.190.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          64.159.190.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          240.221.184.93.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          240.221.184.93.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          41.110.16.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          41.110.16.96.in-addr.arpa
          IN PTR
          Response
          41.110.16.96.in-addr.arpa
          IN PTR
          a96-16-110-41deploystaticakamaitechnologiescom
        • flag-us
          DNS
          13.86.106.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          13.86.106.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          26.35.223.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          26.35.223.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          g.bing.com
          Remote address:
          8.8.8.8:53
          Request
          g.bing.com
          IN A
          Response
          g.bing.com
          IN CNAME
          g-bing-com.a-0001.a-msedge.net
          g-bing-com.a-0001.a-msedge.net
          IN CNAME
          dual-a-0001.a-msedge.net
          dual-a-0001.a-msedge.net
          IN A
          204.79.197.200
          dual-a-0001.a-msedge.net
          IN A
          13.107.21.200
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
          Remote address:
          204.79.197.200:443
          Request
          GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          set-cookie: MUID=04FCE4C64497693702BEF0FA452C684D; domain=.bing.com; expires=Wed, 02-Apr-2025 01:15:25 GMT; path=/; SameSite=None; Secure; Priority=High;
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 8509F202B18546478E9C6F1C0036566E Ref B: LON04EDGE0917 Ref C: 2024-03-08T01:15:25Z
          date: Fri, 08 Mar 2024 01:15:24 GMT
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
          Remote address:
          204.79.197.200:443
          Request
          GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          cookie: MUID=04FCE4C64497693702BEF0FA452C684D
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          set-cookie: MSPTC=z_YLebvZ6UNi1a9mOcwqNyRnyfnEYV8vcLPoqnqcvI8; domain=.bing.com; expires=Wed, 02-Apr-2025 01:15:25 GMT; path=/; Partitioned; secure; SameSite=None
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 730238392CD24989BD3B20339BDA3C85 Ref B: LON04EDGE0917 Ref C: 2024-03-08T01:15:25Z
          date: Fri, 08 Mar 2024 01:15:24 GMT
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
          Remote address:
          204.79.197.200:443
          Request
          GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          cookie: MUID=04FCE4C64497693702BEF0FA452C684D; MSPTC=z_YLebvZ6UNi1a9mOcwqNyRnyfnEYV8vcLPoqnqcvI8
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 199F788138FA4181BF2C487AD5BDE73B Ref B: LON04EDGE0917 Ref C: 2024-03-08T01:15:25Z
          date: Fri, 08 Mar 2024 01:15:24 GMT
        • flag-us
          DNS
          200.197.79.204.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          200.197.79.204.in-addr.arpa
          IN PTR
          Response
          200.197.79.204.in-addr.arpa
          IN PTR
          a-0001a-msedgenet
        • flag-us
          DNS
          217.106.137.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          217.106.137.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          183.59.114.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          183.59.114.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          198.187.3.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          198.187.3.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          chromewebstore.googleapis.com
          Remote address:
          8.8.8.8:53
          Request
          chromewebstore.googleapis.com
          IN A
        • flag-us
          DNS
          chromewebstore.googleapis.com
          Remote address:
          8.8.8.8:53
          Request
          chromewebstore.googleapis.com
          IN Unknown
        • flag-us
          DNS
          chromewebstore.googleapis.com
          Remote address:
          8.8.8.8:53
          Request
          chromewebstore.googleapis.com
          IN A
          Response
          chromewebstore.googleapis.com
          IN A
          142.250.180.10
          chromewebstore.googleapis.com
          IN A
          142.250.187.202
          chromewebstore.googleapis.com
          IN A
          142.250.187.234
          chromewebstore.googleapis.com
          IN A
          172.217.16.234
          chromewebstore.googleapis.com
          IN A
          142.250.178.10
          chromewebstore.googleapis.com
          IN A
          142.250.200.42
          chromewebstore.googleapis.com
          IN A
          142.250.200.10
          chromewebstore.googleapis.com
          IN A
          216.58.201.106
          chromewebstore.googleapis.com
          IN A
          216.58.204.74
          chromewebstore.googleapis.com
          IN A
          216.58.213.10
          chromewebstore.googleapis.com
          IN A
          172.217.169.42
          chromewebstore.googleapis.com
          IN A
          142.250.179.234
        • flag-us
          DNS
          chromewebstore.googleapis.com
          Remote address:
          8.8.8.8:53
          Request
          chromewebstore.googleapis.com
          IN Unknown
          Response
        • flag-us
          DNS
          10.180.250.142.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          10.180.250.142.in-addr.arpa
          IN PTR
          Response
          10.180.250.142.in-addr.arpa
          IN PTR
          lhr25s32-in-f101e100net
        • flag-us
          DNS
          134.71.91.104.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          134.71.91.104.in-addr.arpa
          IN PTR
          Response
          134.71.91.104.in-addr.arpa
          IN PTR
          a104-91-71-134deploystaticakamaitechnologiescom
        • flag-us
          DNS
          58.55.71.13.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          58.55.71.13.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          241.150.49.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          241.150.49.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          241.150.49.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          241.150.49.20.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          29.243.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          29.243.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          tse1.mm.bing.net
          Remote address:
          8.8.8.8:53
          Request
          tse1.mm.bing.net
          IN A
          Response
          tse1.mm.bing.net
          IN CNAME
          mm-mm.bing.net.trafficmanager.net
          mm-mm.bing.net.trafficmanager.net
          IN CNAME
          dual-a-0001.a-msedge.net
          dual-a-0001.a-msedge.net
          IN A
          204.79.197.200
          dual-a-0001.a-msedge.net
          IN A
          13.107.21.200
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301096_19QEA75LL3ZH4HJ9P&pid=21.2&w=1920&h=1080&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301096_19QEA75LL3ZH4HJ9P&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 216720
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 1C693EEA3CC14203A63E32443FC1F692 Ref B: LON04EDGE1017 Ref C: 2024-03-08T01:17:17Z
          date: Fri, 08 Mar 2024 01:17:16 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239339388239_1FMFJEKV2DXW3LPOK&pid=21.2&w=1080&h=1920&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239339388239_1FMFJEKV2DXW3LPOK&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 279340
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 0591C60D13484CC58E5169B8DDC2A8B8 Ref B: LON04EDGE1017 Ref C: 2024-03-08T01:17:17Z
          date: Fri, 08 Mar 2024 01:17:16 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239339388238_1B1DKEJRUJUG2JDMP&pid=21.2&w=1920&h=1080&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239339388238_1B1DKEJRUJUG2JDMP&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 378343
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 71EEA198A01B4204852BAB8B88C62CA7 Ref B: LON04EDGE1017 Ref C: 2024-03-08T01:17:17Z
          date: Fri, 08 Mar 2024 01:17:16 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301529_1DMPN0VMBUXDAYN7W&pid=21.2&w=1080&h=1920&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239317301529_1DMPN0VMBUXDAYN7W&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 326717
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 8C85F18539324C078E42B80F860A075C Ref B: LON04EDGE1017 Ref C: 2024-03-08T01:17:17Z
          date: Fri, 08 Mar 2024 01:17:16 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239340418602_13EDNGC3ZL2WGZFXN&pid=21.2&w=1920&h=1080&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239340418602_13EDNGC3ZL2WGZFXN&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 219688
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 7B4173C4518D4A3CB11E7FD451F052AE Ref B: LON04EDGE1017 Ref C: 2024-03-08T01:17:18Z
          date: Fri, 08 Mar 2024 01:17:17 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239340418601_1XRLHD1YRS9ZZSDWX&pid=21.2&w=1080&h=1920&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239340418601_1XRLHD1YRS9ZZSDWX&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 271675
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 0DA85A5C62EF4D18B273219C97331447 Ref B: LON04EDGE1017 Ref C: 2024-03-08T01:17:18Z
          date: Fri, 08 Mar 2024 01:17:17 GMT
        • flag-us
          DNS
          252.15.104.51.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          252.15.104.51.in-addr.arpa
          IN PTR
          Response
        • 204.79.197.200:443
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
          tls, http2
          2.0kB
           9.2kB
           21
          19

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

          HTTP Response

          204

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

          HTTP Response

          204

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

          HTTP Response

          204
        • 142.250.180.10:443
          chromewebstore.googleapis.com
          tls
          2.0kB
           7.9kB
           17
          17
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.5kB
           8.1kB
           17
          13
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.5kB
           9.5kB
           18
          14
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.5kB
           8.1kB
           17
          13
        • 204.79.197.200:443
          https://tse1.mm.bing.net/th?id=OADD2.10239340418601_1XRLHD1YRS9ZZSDWX&pid=21.2&w=1080&h=1920&c=4
          tls, http2
          67.8kB
           1.8MB
           1286
          1277

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301096_19QEA75LL3ZH4HJ9P&pid=21.2&w=1920&h=1080&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239339388239_1FMFJEKV2DXW3LPOK&pid=21.2&w=1080&h=1920&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239339388238_1B1DKEJRUJUG2JDMP&pid=21.2&w=1920&h=1080&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301529_1DMPN0VMBUXDAYN7W&pid=21.2&w=1080&h=1920&c=4

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239340418602_13EDNGC3ZL2WGZFXN&pid=21.2&w=1920&h=1080&c=4

          HTTP Response

          200

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239340418601_1XRLHD1YRS9ZZSDWX&pid=21.2&w=1080&h=1920&c=4

          HTTP Response

          200
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.6kB
           8.1kB
           17
          13
        • 8.8.8.8:53
          95.221.229.192.in-addr.arpa
          dns
          73 B
           144 B
           1
          1

          DNS Request

          95.221.229.192.in-addr.arpa

        • 8.8.8.8:53
          9.228.82.20.in-addr.arpa
          dns
          70 B
           156 B
           1
          1

          DNS Request

          9.228.82.20.in-addr.arpa

        • 8.8.8.8:53
          64.159.190.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          64.159.190.20.in-addr.arpa

        • 8.8.8.8:53
          240.221.184.93.in-addr.arpa
          dns
          73 B
           144 B
           1
          1

          DNS Request

          240.221.184.93.in-addr.arpa

        • 8.8.8.8:53
          41.110.16.96.in-addr.arpa
          dns
          71 B
           135 B
           1
          1

          DNS Request

          41.110.16.96.in-addr.arpa

        • 8.8.8.8:53
          13.86.106.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          13.86.106.20.in-addr.arpa

        • 8.8.8.8:53
          26.35.223.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          26.35.223.20.in-addr.arpa

        • 8.8.8.8:53
          g.bing.com
          dns
          56 B
           158 B
           1
          1

          DNS Request

          g.bing.com

          DNS Response

          204.79.197.200
          13.107.21.200

        • 8.8.8.8:53
          200.197.79.204.in-addr.arpa
          dns
          73 B
           106 B
           1
          1

          DNS Request

          200.197.79.204.in-addr.arpa

        • 8.8.8.8:53
          217.106.137.52.in-addr.arpa
          dns
          73 B
           147 B
           1
          1

          DNS Request

          217.106.137.52.in-addr.arpa

        • 8.8.8.8:53
          183.59.114.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          183.59.114.20.in-addr.arpa

        • 8.8.8.8:53
          198.187.3.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          198.187.3.20.in-addr.arpa

        • 8.8.8.8:53
          chromewebstore.googleapis.com
          dns
          75 B
           1

          DNS Request

          chromewebstore.googleapis.com

        • 8.8.8.8:53
          chromewebstore.googleapis.com
          dns
          75 B
           1

          DNS Request

          chromewebstore.googleapis.com

        • 8.8.8.8:53
          chromewebstore.googleapis.com
          dns
          75 B
           267 B
           1
          1

          DNS Request

          chromewebstore.googleapis.com

          DNS Response

          142.250.180.10
          142.250.187.202
          142.250.187.234
          172.217.16.234
          142.250.178.10
          142.250.200.42
          142.250.200.10
          216.58.201.106
          216.58.204.74
          216.58.213.10
          172.217.169.42
          142.250.179.234

        • 8.8.8.8:53
          chromewebstore.googleapis.com
          dns
          75 B
           132 B
           1
          1

          DNS Request

          chromewebstore.googleapis.com

        • 8.8.8.8:53
          10.180.250.142.in-addr.arpa
          dns
          73 B
           112 B
           1
          1

          DNS Request

          10.180.250.142.in-addr.arpa

        • 8.8.8.8:53
          134.71.91.104.in-addr.arpa
          dns
          72 B
           137 B
           1
          1

          DNS Request

          134.71.91.104.in-addr.arpa

        • 8.8.8.8:53
          58.55.71.13.in-addr.arpa
          dns
          70 B
           144 B
           1
          1

          DNS Request

          58.55.71.13.in-addr.arpa

        • 8.8.8.8:53
          241.150.49.20.in-addr.arpa
          dns
          144 B
           158 B
           2
          1

          DNS Request

          241.150.49.20.in-addr.arpa

          DNS Request

          241.150.49.20.in-addr.arpa

        • 8.8.8.8:53
          29.243.111.52.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          29.243.111.52.in-addr.arpa

        • 8.8.8.8:53
          tse1.mm.bing.net
          dns
          62 B
           173 B
           1
          1

          DNS Request

          tse1.mm.bing.net

          DNS Response

          204.79.197.200
          13.107.21.200

        • 8.8.8.8:53
          252.15.104.51.in-addr.arpa
          dns
          72 B
           146 B
           1
          1

          DNS Request

          252.15.104.51.in-addr.arpa

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.