Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
21/04/2024, 06:47 UTC
Static task
static1
Behavioral task
behavioral1
Sample
feb0bf5b0d7f6820c330fa45091cd189_JaffaCakes118.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
feb0bf5b0d7f6820c330fa45091cd189_JaffaCakes118.dll
Resource
win10v2004-20240412-en
General
-
Target
feb0bf5b0d7f6820c330fa45091cd189_JaffaCakes118.dll
-
Size
2.2MB
-
MD5
feb0bf5b0d7f6820c330fa45091cd189
-
SHA1
a1f50429415bc7cbf1706c22dfdca734173fb9ac
-
SHA256
474fe0f75ec639814eac17468c8ce29908ed30f3665457d864cffa6540047ea0
-
SHA512
07f208c66899c0f298037dd8aab4d772e2ef6321a36519112e5d677170a58ee19d69e8a397ae0cb485cc1f2c71d82b55c004d96cf40c459fbda3b405602670f8
-
SSDEEP
24576:52WdDKT6lr1CDu2ruh59hmxxJNOjOAUBJjlD4qH5vlalua2UotfG6o:53DlBEidgxJN5AejlD4uvlab2UotfG
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "Explorer.exe vchelp.exe" Regedit.exe -
Blocklisted process makes network request 1 IoCs
flow pid Process 4 4792 rundll32.exe -
Drops file in System32 directory 9 IoCs
description ioc Process File created C:\windows\SysWOW64\QFTKBVLATWCGCX.DLL rundll32.exe File opened for modification C:\WINDOWS\SysWOW64\wbem\ELPMGWT.MDA rundll32.exe File created C:\Windows\SysWOW64\arun.reg rundll32.exe File opened for modification C:\windows\SysWOW64\QFTKBVLATWCGCX.DLL rundll32.exe File opened for modification C:\Windows\SysWOW64\11D18gXgg.dll rundll32.exe File created C:\WINDOWS\SysWOW64\wbem\ELPMGWT.MDA rundll32.exe File created C:\windows\SysWOW64\KBQGA.DLL rundll32.exe File created C:\windows\SysWOW64\VNXKOW.LDO rundll32.exe File created C:\Windows\SysWOW64\11D18gXgg.dll rundll32.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs .reg file with regedit 1 IoCs
pid Process 3296 Regedit.exe -
Suspicious use of WriteProcessMemory 21 IoCs
description pid Process procid_target PID 5000 wrote to memory of 4792 5000 rundll32.exe 86 PID 5000 wrote to memory of 4792 5000 rundll32.exe 86 PID 5000 wrote to memory of 4792 5000 rundll32.exe 86 PID 4792 wrote to memory of 4520 4792 rundll32.exe 87 PID 4792 wrote to memory of 4520 4792 rundll32.exe 87 PID 4792 wrote to memory of 4520 4792 rundll32.exe 87 PID 4792 wrote to memory of 3960 4792 rundll32.exe 88 PID 4792 wrote to memory of 3960 4792 rundll32.exe 88 PID 4792 wrote to memory of 3960 4792 rundll32.exe 88 PID 4792 wrote to memory of 3360 4792 rundll32.exe 89 PID 4792 wrote to memory of 3360 4792 rundll32.exe 89 PID 4792 wrote to memory of 3360 4792 rundll32.exe 89 PID 4792 wrote to memory of 3160 4792 rundll32.exe 90 PID 4792 wrote to memory of 3160 4792 rundll32.exe 90 PID 4792 wrote to memory of 3160 4792 rundll32.exe 90 PID 4792 wrote to memory of 3932 4792 rundll32.exe 91 PID 4792 wrote to memory of 3932 4792 rundll32.exe 91 PID 4792 wrote to memory of 3932 4792 rundll32.exe 91 PID 4792 wrote to memory of 3296 4792 rundll32.exe 100 PID 4792 wrote to memory of 3296 4792 rundll32.exe 100 PID 4792 wrote to memory of 3296 4792 rundll32.exe 100
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\feb0bf5b0d7f6820c330fa45091cd189_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5000 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\feb0bf5b0d7f6820c330fa45091cd189_JaffaCakes118.dll,#12⤵
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4792 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\~Delbat01.bat3⤵PID:4520
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\~Delbat01.bat3⤵PID:3960
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\~Delbat01.bat3⤵PID:3360
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\~Delbat01.bat3⤵PID:3160
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\~Delbat01.bat3⤵PID:3932
-
-
C:\Windows\SysWOW64\Regedit.exeRegedit.exe /s "C:\Windows\SysWOW64\arun.reg"3⤵
- Modifies WinLogon for persistence
- Runs .reg file with regedit
PID:3296
-
-
Network
-
Remote address:8.8.8.8:53Requestwallcoo.comIN AResponsewallcoo.comIN A54.39.24.10
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3b608e38fba84f3c96099cb20cd4c5c4&localId=w:2DB2BB91-D977-19C3-E39A-25A75E13479E&deviceId=6755467521747595&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3b608e38fba84f3c96099cb20cd4c5c4&localId=w:2DB2BB91-D977-19C3-E39A-25A75E13479E&deviceId=6755467521747595&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0604FC28447661773DCDE84045966055; domain=.bing.com; expires=Fri, 16-May-2025 06:48:02 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6F471EF7FF5341AF95A929978786C6E2 Ref B: LON04EDGE1206 Ref C: 2024-04-21T06:48:02Z
date: Sun, 21 Apr 2024 06:48:01 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3b608e38fba84f3c96099cb20cd4c5c4&localId=w:2DB2BB91-D977-19C3-E39A-25A75E13479E&deviceId=6755467521747595&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3b608e38fba84f3c96099cb20cd4c5c4&localId=w:2DB2BB91-D977-19C3-E39A-25A75E13479E&deviceId=6755467521747595&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0604FC28447661773DCDE84045966055
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=tttz342nPkQ8mWCtlQSkM6v57Hh8uABqWgeBrLLnsgM; domain=.bing.com; expires=Fri, 16-May-2025 06:48:02 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E0056D0EB9CA4C3CBF7A0C5D01170411 Ref B: LON04EDGE1206 Ref C: 2024-04-21T06:48:02Z
date: Sun, 21 Apr 2024 06:48:01 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3b608e38fba84f3c96099cb20cd4c5c4&localId=w:2DB2BB91-D977-19C3-E39A-25A75E13479E&deviceId=6755467521747595&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3b608e38fba84f3c96099cb20cd4c5c4&localId=w:2DB2BB91-D977-19C3-E39A-25A75E13479E&deviceId=6755467521747595&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0604FC28447661773DCDE84045966055; MSPTC=tttz342nPkQ8mWCtlQSkM6v57Hh8uABqWgeBrLLnsgM
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 37CC5FFC99F64022B00BE2D32D0E0054 Ref B: LON04EDGE1206 Ref C: 2024-04-21T06:48:02Z
date: Sun, 21 Apr 2024 06:48:02 GMT
-
Remote address:8.8.8.8:53Request0.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request149.220.183.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request9.228.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request9.228.82.20.in-addr.arpaIN PTR
-
GEThttps://www.bing.com/th?id=OADD2.10239381793954_1BHQ1BWFG78XLZOQQ&pid=21.2&c=16&roil=0.0049&roit=0&roir=0.9951&roib=1&w=24&h=24&dynsize=1&qlt=90Remote address:23.62.61.145:443RequestGET /th?id=OADD2.10239381793954_1BHQ1BWFG78XLZOQQ&pid=21.2&c=16&roil=0.0049&roit=0&roir=0.9951&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=0604FC28447661773DCDE84045966055; MSPTC=tttz342nPkQ8mWCtlQSkM6v57Hh8uABqWgeBrLLnsgM
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1299
date: Sun, 21 Apr 2024 06:48:05 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.8d3d3e17.1713682085.7328757
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request21.114.53.23.in-addr.arpaIN PTRResponse21.114.53.23.in-addr.arpaIN PTRa23-53-114-21deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request145.61.62.23.in-addr.arpaIN PTRResponse145.61.62.23.in-addr.arpaIN PTRa23-62-61-145deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request157.123.68.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request217.106.137.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request154.173.246.72.in-addr.arpaIN PTRResponse154.173.246.72.in-addr.arpaIN PTRa72-246-173-154deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request154.173.246.72.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request198.32.209.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.32.209.4.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request119.110.54.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request119.110.54.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request65.139.73.23.in-addr.arpaIN PTRResponse65.139.73.23.in-addr.arpaIN PTRa23-73-139-65deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request49.15.97.104.in-addr.arpaIN PTRResponse49.15.97.104.in-addr.arpaIN PTRa104-97-15-49deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request43.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 430689
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B82AF97C265F48EDA0D588C85F3A4B90 Ref B: LON04EDGE0907 Ref C: 2024-04-21T06:49:38Z
date: Sun, 21 Apr 2024 06:49:37 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 792794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 567568328B0145BAAEC0D69D8F7BAFEC Ref B: LON04EDGE0907 Ref C: 2024-04-21T06:49:38Z
date: Sun, 21 Apr 2024 06:49:37 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 627437
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C1782DC2BBA940B5BEC0CCA47AB7C257 Ref B: LON04EDGE0907 Ref C: 2024-04-21T06:49:38Z
date: Sun, 21 Apr 2024 06:49:37 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 415458
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8C67E0BD642C4F79BC5F749C0CA8E392 Ref B: LON04EDGE0907 Ref C: 2024-04-21T06:49:38Z
date: Sun, 21 Apr 2024 06:49:37 GMT
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
156 B 3
-
204.79.197.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3b608e38fba84f3c96099cb20cd4c5c4&localId=w:2DB2BB91-D977-19C3-E39A-25A75E13479E&deviceId=6755467521747595&anid=tls, http22.1kB 9.2kB 23 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3b608e38fba84f3c96099cb20cd4c5c4&localId=w:2DB2BB91-D977-19C3-E39A-25A75E13479E&deviceId=6755467521747595&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3b608e38fba84f3c96099cb20cd4c5c4&localId=w:2DB2BB91-D977-19C3-E39A-25A75E13479E&deviceId=6755467521747595&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3b608e38fba84f3c96099cb20cd4c5c4&localId=w:2DB2BB91-D977-19C3-E39A-25A75E13479E&deviceId=6755467521747595&anid=HTTP Response
204 -
23.62.61.145:443https://www.bing.com/th?id=OADD2.10239381793954_1BHQ1BWFG78XLZOQQ&pid=21.2&c=16&roil=0.0049&roit=0&roir=0.9951&roib=1&w=24&h=24&dynsize=1&qlt=90tls, http21.5kB 6.5kB 17 12
HTTP Request
GET https://www.bing.com/th?id=OADD2.10239381793954_1BHQ1BWFG78XLZOQQ&pid=21.2&c=16&roil=0.0049&roit=0&roir=0.9951&roib=1&w=24&h=24&dynsize=1&qlt=90HTTP Response
200 -
322 B 7
-
1.2kB 8.1kB 16 14
-
1.2kB 8.1kB 16 13
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http282.8kB 2.4MB 1744 1740
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200 -
1.3kB 8.1kB 17 14
-
57 B 73 B 1 1
DNS Request
wallcoo.com
DNS Response
54.39.24.10
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
71 B 157 B 1 1
DNS Request
0.159.190.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
149.220.183.52.in-addr.arpa
-
140 B 156 B 2 1
DNS Request
9.228.82.20.in-addr.arpa
DNS Request
9.228.82.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
43.58.199.20.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
21.114.53.23.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
145.61.62.23.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
157.123.68.40.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
217.106.137.52.in-addr.arpa
-
146 B 139 B 2 1
DNS Request
154.173.246.72.in-addr.arpa
DNS Request
154.173.246.72.in-addr.arpa
-
142 B 157 B 2 1
DNS Request
198.32.209.4.in-addr.arpa
DNS Request
198.32.209.4.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
119.110.54.20.in-addr.arpa
DNS Request
119.110.54.20.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
65.139.73.23.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
49.15.97.104.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
43.229.111.52.in-addr.arpa
-
124 B 346 B 2 2
DNS Request
tse1.mm.bing.net
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
DNS Response
204.79.197.20013.107.21.200
-
144 B 316 B 2 2
DNS Request
88.156.103.20.in-addr.arpa
DNS Request
88.156.103.20.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
158B
MD5b0a27860ea12fd07015510c5c35c7554
SHA1535e08f7a8759f019fb085554675034faca50bb3
SHA2561c62ea2659178f376ddcc36492ffc6c4a0c08c78436566f20170bbe3b02d9cd9
SHA512f4af7e332e6b866501a79cc98a76fa1f1fa3a24d61f27a188b503c64360140dd67e0b9bb60590e8f1b5369413a1cc5d8929ea2f8ff1db843a5d8098aca5c884a
-
Filesize
921B
MD5b7d9db6b08668f6225b47354d1625d57
SHA147068158132fe367904bbffe71d6445ba4a87b8d
SHA256db4a5ad033e9052a1a709ec47e9b1bcd7afb9f3c799ef7c9451871593febb0ff
SHA512e8bc3753bfb3e82c8e5865be23c8c976d8c7d96db5e5ec5fa80dc1c526f4af5f4e7876a7e1e756db1bff227cbd2d57ac69c7157173c0fe575fb7b345f8d1759e
-
Filesize
1KB
MD503870ec18f067da58cb6253c2fad3265
SHA1fb8e064476fb3af2faf3a977835bb3b284cf4a33
SHA256f2c43e0bb1465011d8b66ddb6c9bd206e37c512d9096546d0990952ac5ada770
SHA512a3c58f60a0af99d1e5640a663807f5ea0f5a812e15f9ba385a38f93a4267ea6493931aad304645bc158131cfa5fee54052330295d3b2b934f9aa0212b4ca9ef1
-
Filesize
149B
MD5adfc8b71e83fe2857ee9679492f69327
SHA1691d668a9bafd29397d07d40f7a9835c2a69995b
SHA256ce08d9de9b28cee3e147505a99335f3b7f5ab1b82dc009032864c0c1b911cd3c
SHA51213f37167233bf6b00c0f23174e336f7abfbcded6e7bf8d6d5d146459a74f03cfe96a6e414d5ebfe55967be4c02a3f4e6f23cc2c5333180338a45ad7507ced822