Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

159d0d43bb...18.exe

windows7-x64

7

159d0d43bb...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/05/2024, 02:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    159d0d43bb8ddacc4d4b0496bd52a0c6_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    159d0d43bb8ddacc4d4b0496bd52a0c6

  • SHA1

    e0173a13bd473da9186654e092fdfc48cef93c2e

  • SHA256

    38fc4966516248b6396d8d89797975c001ae106dcfdcddc3687a825030195177

  • SHA512

    93e8ae8e1526d3538ba9b89160e3206eaa57455cf2ff83d67df28f64aabfe7d875cf73ebef2f79d18184d7353fef99f231b08d2ae467695dac502595445ae2cc

  • SSDEEP

    12288:HsM+aTA3c+FK1vrlVYBVignBtZnfVq4cz1i5pP9kPQyQ:MV4W8hqBYgnBLfVqx1WjkfQ

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\159d0d43bb8ddacc4d4b0496bd52a0c6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\159d0d43bb8ddacc4d4b0496bd52a0c6_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4288
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4288 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4676

Network

  • flag-us
    DNS
    search.searchfaa.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    search.searchfaa.com
    IN A
    Response
    search.searchfaa.com
    IN A
    54.227.14.106
    search.searchfaa.com
    IN A
    44.215.151.70
  • flag-us
    DNS
    ie.search.yahoo.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ie.search.yahoo.com
    IN A
    Response
    ie.search.yahoo.com
    IN CNAME
    ds-global3.l7.search.ystg1.b.yahoo.com
    ds-global3.l7.search.ystg1.b.yahoo.com
    IN A
    212.82.100.137
  • flag-ie
    GET
    https://ie.search.yahoo.com/os
    IEXPLORE.EXE
    Remote address:
    212.82.100.137:443
    Request
    GET /os HTTP/2.0
    host: ie.search.yahoo.com
    accept: */*
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    cache-control: no-cache
    Response
    HTTP/2.0 200
    date: Sun, 05 May 2024 03:04:51 GMT
    p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
    cache-control: private, max-age=3600
    expires: Sun, 05 May 2024 04:04:51 GMT
    content-length: 134
    content-type: application/x-suggestions+xml; charset=utf-8
    x-envoy-upstream-service-time: 16
    server: ATS
    age: 1
    strict-transport-security: max-age=31536000
    x-content-type-options: nosniff
    x-xss-protection: 1; mode=block; report=https://csp.search.yahoo.com/xssreport
    referrer-policy: no-referrer-when-downgrade
  • flag-us
    DNS
    137.100.82.212.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    137.100.82.212.in-addr.arpa
    IN PTR
    Response
    137.100.82.212.in-addr.arpa
    IN PTR
    ats1l7searchvipir2yahoocom
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Cd7c4Q8oZkTUICJMRYiRmjVUCUwFqpwzIhy-z-UOvSGBvI8dLsQtCC0cnGwGFIMVagcH-gcGzhnjqF0pgPpTJhYgfQ8s8KngM-7iNBEjFnCYl8-RrsPD4RoIuCywZwT1Y1oPlrHBvtPIqEpjSvuFHe9S_ekin0tKOs0vsx-5a8rH9mEs%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D70883cdf51a31d53e4ae5afd77ab2c4b&TIME=20240419T080734Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&muid=5128B8A4055F604393111EEEFB4045B4
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Cd7c4Q8oZkTUICJMRYiRmjVUCUwFqpwzIhy-z-UOvSGBvI8dLsQtCC0cnGwGFIMVagcH-gcGzhnjqF0pgPpTJhYgfQ8s8KngM-7iNBEjFnCYl8-RrsPD4RoIuCywZwT1Y1oPlrHBvtPIqEpjSvuFHe9S_ekin0tKOs0vsx-5a8rH9mEs%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D70883cdf51a31d53e4ae5afd77ab2c4b&TIME=20240419T080734Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&muid=5128B8A4055F604393111EEEFB4045B4 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=122237D3AA9769BA014623A5AB77683F; domain=.bing.com; expires=Fri, 30-May-2025 03:04:52 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E8B227E799044A2FA6DD8555E4B9BEBB Ref B: LON04EDGE1217 Ref C: 2024-05-05T03:04:52Z
    date: Sun, 05 May 2024 03:04:52 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Cd7c4Q8oZkTUICJMRYiRmjVUCUwFqpwzIhy-z-UOvSGBvI8dLsQtCC0cnGwGFIMVagcH-gcGzhnjqF0pgPpTJhYgfQ8s8KngM-7iNBEjFnCYl8-RrsPD4RoIuCywZwT1Y1oPlrHBvtPIqEpjSvuFHe9S_ekin0tKOs0vsx-5a8rH9mEs%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D70883cdf51a31d53e4ae5afd77ab2c4b&TIME=20240419T080734Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&muid=5128B8A4055F604393111EEEFB4045B4
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Cd7c4Q8oZkTUICJMRYiRmjVUCUwFqpwzIhy-z-UOvSGBvI8dLsQtCC0cnGwGFIMVagcH-gcGzhnjqF0pgPpTJhYgfQ8s8KngM-7iNBEjFnCYl8-RrsPD4RoIuCywZwT1Y1oPlrHBvtPIqEpjSvuFHe9S_ekin0tKOs0vsx-5a8rH9mEs%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D70883cdf51a31d53e4ae5afd77ab2c4b&TIME=20240419T080734Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&muid=5128B8A4055F604393111EEEFB4045B4 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=122237D3AA9769BA014623A5AB77683F; _EDGE_S=SID=30A4CCA9322461713619D8DF3348605D
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=YvizsX98FUDQoAG9zUXe--TP_fTSAAFFCxYqUr65cvg; domain=.bing.com; expires=Fri, 30-May-2025 03:04:52 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 61445476EEA14C8AA6C467FF01FD3320 Ref B: LON04EDGE1217 Ref C: 2024-05-05T03:04:52Z
    date: Sun, 05 May 2024 03:04:52 GMT
  • flag-nl
    GET
    https://www.bing.com/aes/c.gif?RG=3f3ad69031a74446bc7067f919a7d9e5&med=10&PubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240419T080734Z&adUnitId=11730597&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725
    Remote address:
    23.62.61.97:443
    Request
    GET /aes/c.gif?RG=3f3ad69031a74446bc7067f919a7d9e5&med=10&PubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240419T080734Z&adUnitId=11730597&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=122237D3AA9769BA014623A5AB77683F
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F9ABED369F86427BABFC2F56B2065C36 Ref B: BRU30EDGE0520 Ref C: 2024-05-05T03:04:52Z
    content-length: 0
    date: Sun, 05 May 2024 03:04:52 GMT
    set-cookie: _EDGE_S=SID=30A4CCA9322461713619D8DF3348605D; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=122237D3AA9769BA014623A5AB77683F; path=/; httponly; expires=Fri, 30-May-2025 03:04:52 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.5d3d3e17.1714878292.ab933d3
  • flag-us
    DNS
    138.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    138.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-nl
    GET
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    23.62.61.97:443
    Request
    GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    cookie: MUID=122237D3AA9769BA014623A5AB77683F; _EDGE_S=SID=30A4CCA9322461713619D8DF3348605D; MSPTC=YvizsX98FUDQoAG9zUXe--TP_fTSAAFFCxYqUr65cvg; MUIDB=122237D3AA9769BA014623A5AB77683F
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QWthbWFp
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 1107
    date: Sun, 05 May 2024 03:04:53 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.5d3d3e17.1714878293.ab9355c
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.61.62.23.in-addr.arpa
    IN PTR
    Response
    97.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-97deploystaticakamaitechnologiescom
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    161.19.199.152.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    161.19.199.152.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    77.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    77.190.18.2.in-addr.arpa
    IN PTR
    Response
    77.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-77deploystaticakamaitechnologiescom
  • flag-us
    DNS
    48.251.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.251.17.2.in-addr.arpa
    IN PTR
    Response
    48.251.17.2.in-addr.arpa
    IN PTR
    a2-17-251-48deploystaticakamaitechnologiescom
  • flag-us
    DNS
    14.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.227.111.52.in-addr.arpa
    IN PTR
    Response
  • 212.82.100.137:443
    ie.search.yahoo.com
    tls, http2
    IEXPLORE.EXE
    1.1kB
     5.8kB
     15
    11
  • 212.82.100.137:443
    https://ie.search.yahoo.com/os
    tls, http2
    IEXPLORE.EXE
    1.3kB
     6.5kB
     17
    12

    HTTP Request

    GET https://ie.search.yahoo.com/os

    HTTP Response

    200
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Cd7c4Q8oZkTUICJMRYiRmjVUCUwFqpwzIhy-z-UOvSGBvI8dLsQtCC0cnGwGFIMVagcH-gcGzhnjqF0pgPpTJhYgfQ8s8KngM-7iNBEjFnCYl8-RrsPD4RoIuCywZwT1Y1oPlrHBvtPIqEpjSvuFHe9S_ekin0tKOs0vsx-5a8rH9mEs%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D70883cdf51a31d53e4ae5afd77ab2c4b&TIME=20240419T080734Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&muid=5128B8A4055F604393111EEEFB4045B4
    tls, http2
    2.5kB
     9.0kB
     20
    17

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Cd7c4Q8oZkTUICJMRYiRmjVUCUwFqpwzIhy-z-UOvSGBvI8dLsQtCC0cnGwGFIMVagcH-gcGzhnjqF0pgPpTJhYgfQ8s8KngM-7iNBEjFnCYl8-RrsPD4RoIuCywZwT1Y1oPlrHBvtPIqEpjSvuFHe9S_ekin0tKOs0vsx-5a8rH9mEs%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D70883cdf51a31d53e4ae5afd77ab2c4b&TIME=20240419T080734Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&muid=5128B8A4055F604393111EEEFB4045B4

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Cd7c4Q8oZkTUICJMRYiRmjVUCUwFqpwzIhy-z-UOvSGBvI8dLsQtCC0cnGwGFIMVagcH-gcGzhnjqF0pgPpTJhYgfQ8s8KngM-7iNBEjFnCYl8-RrsPD4RoIuCywZwT1Y1oPlrHBvtPIqEpjSvuFHe9S_ekin0tKOs0vsx-5a8rH9mEs%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D70883cdf51a31d53e4ae5afd77ab2c4b&TIME=20240419T080734Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&muid=5128B8A4055F604393111EEEFB4045B4

    HTTP Response

    204
  • 23.62.61.97:443
    https://www.bing.com/aes/c.gif?RG=3f3ad69031a74446bc7067f919a7d9e5&med=10&PubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240419T080734Z&adUnitId=11730597&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725
    tls, http2
    1.4kB
     5.3kB
     16
    11

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=3f3ad69031a74446bc7067f919a7d9e5&med=10&PubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240419T080734Z&adUnitId=11730597&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725

    HTTP Response

    200
  • 23.62.61.97:443
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    1.6kB
     6.4kB
     17
    12

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls, http2
    IEXPLORE.EXE
    1.2kB
     8.1kB
     15
    14
  • 8.8.8.8:53
    search.searchfaa.com
    dns
    IEXPLORE.EXE
    66 B
     98 B
     1
    1

    DNS Request

    search.searchfaa.com

    DNS Response

    54.227.14.106
    44.215.151.70

  • 8.8.8.8:53
    ie.search.yahoo.com
    dns
    IEXPLORE.EXE
    65 B
     124 B
     1
    1

    DNS Request

    ie.search.yahoo.com

    DNS Response

    212.82.100.137

  • 8.8.8.8:53
    137.100.82.212.in-addr.arpa
    dns
    73 B
     119 B
     1
    1

    DNS Request

    137.100.82.212.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    138.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    138.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
     143 B
     1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    97.61.62.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    97.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    161.19.199.152.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    161.19.199.152.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    77.190.18.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    77.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    48.251.17.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    48.251.17.2.in-addr.arpa

  • 8.8.8.8:53
    14.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    14.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    db1d00c8d4aed9e23477029535924cda

    SHA1

    2c65908ad49ae34035a3212c7c8c32072be706b2

    SHA256

    72c791b342a217d83eb625194c430bc6778ecffa8fdf0f5a9dc0e72a71d33241

    SHA512

    d350043d9e26fbf5ce31de0b929201fdb00195da2ce25a1f8778c728adca9530f2c5f111fbe1d44e55078ac89fab5b07394b30e175898a71e54e3b51c3a46dff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    ed603c7aabfa3cc1a4e950c13152a0bd

    SHA1

    90edcd6292c93fc45ff4993ab6be61cf2eb31a13

    SHA256

    603780471bc67e964867af723c99b4c91a1afc0498c1560cdc7b14b817a8ac2f

    SHA512

    7bfff3453b6c04a3323c1b780d4ce32a4b4eadc0926ca5232380d5a1f6484d6c0fd546e03b3906b1f883ca76ac6556df73e5b9e4ee1ca85ac9f9fa00c4124f44

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOM5RXN2\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.