Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

fd30d28fcb...18.exe

windows7-x64

10

fd30d28fcb...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 16:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd30d28fcbcb1355343d594752b78772_JaffaCakes118.exe

  • Size

    345KB

  • MD5

    fd30d28fcbcb1355343d594752b78772

  • SHA1

    33cb0811591d84b68ce5cb07e1050e4dea0ce6cf

  • SHA256

    d00f87049fb2c7cbbf506ca2361e8295fe06926f17e1d2c16cfe3e88a2902f5a

  • SHA512

    5367ea6f2fea98f3942abc25b0c628d34443280f90eeae3d22d10686b428113237dd5708160ee5c790dc12c14a3a5b3505afc2c143d1392b93949cf3749e0f6b

  • SSDEEP

    6144:5CU7yTJH63y+Ah44w19QG3pLKSiUZrNVfs8V:oU7sOp4nS9QuNN2

Score
10/10
xloaderiq3gloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

iq3g

Decoy

itbcx.com

katielegget.com

myneighorsbasement.com

charts.wiki

toricolucci.com

ntlichengmodel.com

onsaleja.com

nailsbyleentje.com

freya-lux.com

moodyblack.com

mseoljaehwi.com

successfulsend.com

dr-roach.com

nargilegalerisi.com

animalhoney.com

indiarankers.com

botcantaysitokata.club

okinawakurashinavi.com

ceev-japan.com

shsqyy.com

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fd30d28fcbcb1355343d594752b78772_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fd30d28fcbcb1355343d594752b78772_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4376
    • C:\Users\Admin\AppData\Local\Temp\fd30d28fcbcb1355343d594752b78772_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\fd30d28fcbcb1355343d594752b78772_JaffaCakes118.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1760

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=291F407C0415625B252A541B053263E4; domain=.bing.com; expires=Thu, 15-May-2025 16:52:23 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C48F9BAAF0CD4BA2B11A2654CBDE146B Ref B: LON04EDGE0614 Ref C: 2024-04-20T16:52:23Z
    date: Sat, 20 Apr 2024 16:52:23 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=291F407C0415625B252A541B053263E4
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=gzgOZ2elccrIMQkJA5tTcLsY918KKbaizDfrequ6l0E; domain=.bing.com; expires=Thu, 15-May-2025 16:52:23 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 86F3ABECA6CF41D38CBB49C8847EBAF8 Ref B: LON04EDGE0614 Ref C: 2024-04-20T16:52:23Z
    date: Sat, 20 Apr 2024 16:52:23 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=291F407C0415625B252A541B053263E4; MSPTC=gzgOZ2elccrIMQkJA5tTcLsY918KKbaizDfrequ6l0E
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: CD32A3AA8F3145A192E9466E585670BA Ref B: LON04EDGE0614 Ref C: 2024-04-20T16:52:23Z
    date: Sat, 20 Apr 2024 16:52:23 GMT
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    16.244.122.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    16.244.122.92.in-addr.arpa
    IN PTR
    Response
    16.244.122.92.in-addr.arpa
    IN PTR
    a92-122-244-16deploystaticakamaitechnologiescom
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-nl
    GET
    https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    23.62.61.163:443
    Request
    GET /th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    cookie: MUID=291F407C0415625B252A541B053263E4; MSPTC=gzgOZ2elccrIMQkJA5tTcLsY918KKbaizDfrequ6l0E
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 1678
    date: Sat, 20 Apr 2024 16:52:44 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.9f3d3e17.1713631964.3b16e99c
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    163.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    163.61.62.23.in-addr.arpa
    IN PTR
    Response
    163.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-163deploystaticakamaitechnologiescom
  • flag-us
    DNS
    156.33.209.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    156.33.209.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    21.114.53.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.114.53.23.in-addr.arpa
    IN PTR
    Response
    21.114.53.23.in-addr.arpa
    IN PTR
    a23-53-114-21deploystaticakamaitechnologiescom
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.143.109.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.143.109.104.in-addr.arpa
    IN PTR
    Response
    28.143.109.104.in-addr.arpa
    IN PTR
    a104-109-143-28deploystaticakamaitechnologiescom
  • flag-us
    DNS
    154.173.246.72.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.173.246.72.in-addr.arpa
    IN PTR
    Response
    154.173.246.72.in-addr.arpa
    IN PTR
    a72-246-173-154deploystaticakamaitechnologiescom
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    40.244.122.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    40.244.122.92.in-addr.arpa
    IN PTR
    Response
    40.244.122.92.in-addr.arpa
    IN PTR
    a92-122-244-40deploystaticakamaitechnologiescom
  • flag-us
    DNS
    9.244.122.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.244.122.92.in-addr.arpa
    IN PTR
    Response
    9.244.122.92.in-addr.arpa
    IN PTR
    a92-122-244-9deploystaticakamaitechnologiescom
  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    219.138.73.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    219.138.73.23.in-addr.arpa
    IN PTR
    Response
    219.138.73.23.in-addr.arpa
    IN PTR
    a23-73-138-219deploystaticakamaitechnologiescom
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 682798
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 352E86F1A8C543528163B50932DB4873 Ref B: LON04EDGE0906 Ref C: 2024-04-20T16:54:17Z
    date: Sat, 20 Apr 2024 16:54:16 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 664406
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F7CBFD50DB9E4898BC209A3732D9307B Ref B: LON04EDGE0906 Ref C: 2024-04-20T16:54:17Z
    date: Sat, 20 Apr 2024 16:54:16 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 496166
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B9D1F59601DF4A2A95557204D44173D8 Ref B: LON04EDGE0906 Ref C: 2024-04-20T16:54:17Z
    date: Sat, 20 Apr 2024 16:54:16 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239379019160_1CYVPZ2UN6QMEATU2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239379019160_1CYVPZ2UN6QMEATU2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 543854
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0941E34641D84DC3878379A63363363F Ref B: LON04EDGE0906 Ref C: 2024-04-20T16:54:17Z
    date: Sat, 20 Apr 2024 16:54:16 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239379019164_1DBDX3CJXSDC8PX7N&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239379019164_1DBDX3CJXSDC8PX7N&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 497954
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0AC8B312BACE41C693CB8F26B3A5E7A5 Ref B: LON04EDGE0906 Ref C: 2024-04-20T16:54:17Z
    date: Sat, 20 Apr 2024 16:54:16 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 496229
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 2085C23D5CFD4CA5A27A1F4BBB94715A Ref B: LON04EDGE0906 Ref C: 2024-04-20T16:54:18Z
    date: Sat, 20 Apr 2024 16:54:18 GMT
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=
    tls, http2
    2.0kB
     9.2kB
     21
    18

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

    HTTP Response

    204
  • 23.62.61.163:443
    https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    2.1kB
     7.0kB
     21
    13

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    123.5kB
     3.5MB
     2590
    2579

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239379019160_1CYVPZ2UN6QMEATU2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239379019164_1DBDX3CJXSDC8PX7N&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
     8.0kB
     15
    11
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.0kB
     16
    12
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.0kB
     16
    12
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
     8.0kB
     16
    11
  • 8.8.8.8:53
    g.bing.com
    dns
    112 B
     151 B
     2
    1

    DNS Request

    g.bing.com

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
     143 B
     1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    16.244.122.92.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    16.244.122.92.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    183.59.114.20.in-addr.arpa

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    163.61.62.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    163.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    156.33.209.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    156.33.209.4.in-addr.arpa

  • 8.8.8.8:53
    21.114.53.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    21.114.53.23.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    28.143.109.104.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    28.143.109.104.in-addr.arpa

  • 8.8.8.8:53
    154.173.246.72.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    154.173.246.72.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
    40.244.122.92.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    40.244.122.92.in-addr.arpa

  • 8.8.8.8:53
    9.244.122.92.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    9.244.122.92.in-addr.arpa

  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    219.138.73.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    219.138.73.23.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1760-3-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1760-6-0x0000000000B50000-0x0000000000E9A000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4376-1-0x00000000017B0000-0x00000000018B0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4376-2-0x00000000016E0000-0x000000000170A000-memory.dmp

    Filesize

    168KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.