Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15/05/2024, 14:59 UTC
Behavioral task
behavioral1
Sample
46b2350ea7a7dd2941673f6ef2573ad6_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
46b2350ea7a7dd2941673f6ef2573ad6_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
46b2350ea7a7dd2941673f6ef2573ad6_JaffaCakes118.pdf
-
Size
30KB
-
MD5
46b2350ea7a7dd2941673f6ef2573ad6
-
SHA1
bb5cc38d414e47c7a005550a7ab7eb022bcb0bd3
-
SHA256
b41a01a16b1d1319bc6bdbdfbe9fa5e86ca7204fa618b35d03076f766f471369
-
SHA512
d6505336912e1fddc12f93120bb04677789ee17f206aa7b1b2b516883f0dde9ed5d6f945e4f3fa680f79547db7c8d39872330e4351181530f636df61007b9171
-
SSDEEP
384:3/QON8MUG6Qgw0JZCTzz02YFnarX5WDcBy0KsjP42Lbfv30bZ2amQg/RCUSvLeg6:3XuMZmwgCLWarRk2Lzv21JwIymO9
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2024 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2024 AcroRd32.exe 2024 AcroRd32.exe 2024 AcroRd32.exe 2024 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2024 wrote to memory of 3660 2024 AcroRd32.exe 88 PID 2024 wrote to memory of 3660 2024 AcroRd32.exe 88 PID 2024 wrote to memory of 3660 2024 AcroRd32.exe 88 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4696 3660 RdrCEF.exe 89 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90 PID 3660 wrote to memory of 4072 3660 RdrCEF.exe 90
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\46b2350ea7a7dd2941673f6ef2573ad6_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:3660 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=03111EADF0358E3212205D526A4071B5 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4696
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9B49CD36DF1DC4D42C6055757A7559F8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9B49CD36DF1DC4D42C6055757A7559F8 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵PID:4072
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A959A6483577A45C4ED8BA20F3EFE864 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2104
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=64EDF2B11C3A75A85B62F5E9DF1F158D --mojo-platform-channel-handle=2432 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:740
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D9D87AAC7D4D28DE53B6722F920E2CE1 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D9D87AAC7D4D28DE53B6722F920E2CE1 --renderer-client-id=6 --mojo-platform-channel-handle=2376 --allow-no-sandbox-job /prefetch:13⤵PID:4788
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=90F13B4DEED9FBD08B5F2BF8C9137B92 --mojo-platform-channel-handle=2584 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4124
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1248
Network
-
Remote address:8.8.8.8:53Request83.177.190.20.in-addr.arpaIN PTRResponse
-
GEThttps://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90Remote address:23.62.61.75:443RequestGET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Wed, 15 May 2024 15:00:06 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.473d3e17.1715785206.7563f94
-
Remote address:8.8.8.8:53Request77.190.18.2.in-addr.arpaIN PTRResponse77.190.18.2.in-addr.arpaIN PTRa2-18-190-77deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request75.61.62.23.in-addr.arpaIN PTRResponse75.61.62.23.in-addr.arpaIN PTRa23-62-61-75deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request151.16.21.2.in-addr.arpaIN PTRResponse151.16.21.2.in-addr.arpaIN PTRa2-21-16-151deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request11.143.109.104.in-addr.arpaIN PTRResponse11.143.109.104.in-addr.arpaIN PTRa104-109-143-11deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request157.123.68.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request171.39.242.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request17.143.109.104.in-addr.arpaIN PTRResponse17.143.109.104.in-addr.arpaIN PTRa104-109-143-17deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request14.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 442324
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EBB1A12DE0CC4BDC8F839391CD95E71C Ref B: LON04EDGE0816 Ref C: 2024-05-15T15:01:44Z
date: Wed, 15 May 2024 15:01:43 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 394521
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 382DCF27B486463F9E1D4E7EF3676128 Ref B: LON04EDGE0816 Ref C: 2024-05-15T15:01:44Z
date: Wed, 15 May 2024 15:01:43 GMT
-
23.62.61.75:443https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90tls, http21.5kB 6.3kB 17 11
HTTP Request
GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90HTTP Response
200 -
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http230.3kB 873.5kB 640 637
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200 -
1.2kB 8.1kB 16 14
-
72 B 158 B 1 1
DNS Request
83.177.190.20.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
77.190.18.2.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
75.61.62.23.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
151.16.21.2.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
11.143.109.104.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
157.123.68.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
171.39.242.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
17.143.109.104.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
205.47.74.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
14.227.111.52.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5280b3b7e3dbb55e95b621134135735c2
SHA1e2a5da45d5b408ee8e52f64491a229d0a1411b50
SHA2563c658e604bc03ead8d39ccca0696bf48360f3c48000b939eacbc83af7ebcb74d
SHA51292d2a8ae4b5a7b51efdf20fe7fe945e14574c4c68ccf520096c06edb506b4239aaaf0e84365fdc7c76659f50a8b09cf1ea6790ac05f1663f1aacc256523dc5b7
-
Filesize
64KB
MD5c920e26bade5cdaa2cbc25ac200ab910
SHA16ae559b04e0203affbed6062f635fa0e92893309
SHA256841892be4cdfb9ef0b2522ac86944428d8de72840235d401257019dc9e54e7cf
SHA512084a5b1779e2ab29f5ece2d9caa8d6ef69cadd8003cc0e1f0e018b59c73ead88579b5dbd37608483f28d1377bd5bfa811f711c6735da5689a13745af00cfa961