Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/05/2024, 10:56 UTC

General

  • Target

    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe

  • Size

    313KB

  • MD5

    753f884ecb413e72b5c729550cedde82

  • SHA1

    e02a6d0c4bd3378d10b294990f76a993b084a9e0

  • SHA256

    12fd973ee9b08d6f850820969b196eb23c7e4f78b34d86704085bd3d5f47402f

  • SHA512

    0be7db4196a557f3828acd90d8e1aad0eef7b819af16d2284e0c1b9640111694a856a5ba6b73fcb9b93df9979ac252449d83cc020b84c276dd0ba38984cf2c48

  • SSDEEP

    6144:/rK9uEo2S1YnQmCX492DkwNP3qpYFtcM7dZssr+Ixf6LuDTKD2ay9KGYG0Lu:/ryu6/eIo4vMResyEf0uP9d9UG0u

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:2100

Network

  • flag-us
    DNS
    r1.getapplicationmy.info
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
    Response
    r1.getapplicationmy.info
    IN A
    94.229.72.121
  • flag-us
    DNS
    c1.getapplicationmy.info
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
    Response
    c1.getapplicationmy.info
    IN A
    199.115.115.116
  • flag-gb
    POST
    http://r1.getapplicationmy.info/?report_version=5&
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    Remote address:
    94.229.72.121:80
    Request
    POST /?report_version=5& HTTP/1.1
    Accept: */*
    Content-Type: application/x-www-form-urlencoded
    User-Agent: TixDll
    Host: r1.getapplicationmy.info
    Content-Length: 1986
    Cache-Control: no-cache
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sun, 26 May 2024 10:56:17 GMT
    server: nginx
    set-cookie: sid=9493ab5b-1b4e-11ef-a560-18ade38e8915; path=/; domain=.getapplicationmy.info; expires=Fri, 13 Jun 2092 14:10:25 GMT; max-age=2147483647; HttpOnly
  • flag-us
    DNS
    r2.getapplicationmy.info
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
    Response
    r2.getapplicationmy.info
    IN A
    199.115.115.116
  • flag-us
    GET
    http://c1.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    Remote address:
    199.115.115.116:80
    Request
    GET /?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize= HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c1.getapplicationmy.info
    Cache-Control: no-cache
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sun, 26 May 2024 10:56:18 GMT
    server: nginx
    set-cookie: sid=94abb66a-1b4e-11ef-bd75-a6020b3aa881; path=/; domain=.getapplicationmy.info; expires=Fri, 13 Jun 2092 14:10:25 GMT; max-age=2147483647; HttpOnly
  • flag-us
    POST
    http://r2.getapplicationmy.info/?report_version=5&
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    Remote address:
    199.115.115.116:80
    Request
    POST /?report_version=5& HTTP/1.1
    Accept: */*
    Content-Type: application/x-www-form-urlencoded
    User-Agent: TixDll
    Host: r2.getapplicationmy.info
    Content-Length: 1986
    Cache-Control: no-cache
    Cookie: sid=9493ab5b-1b4e-11ef-a560-18ade38e8915
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sun, 26 May 2024 10:56:18 GMT
    server: nginx
  • flag-us
    DNS
    c2.getapplicationmy.info
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.getapplicationmy.info
    IN A
    Response
    c2.getapplicationmy.info
    IN A
    199.115.115.116
  • flag-us
    GET
    http://c2.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    Remote address:
    199.115.115.116:80
    Request
    GET /?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize= HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c2.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=94abb66a-1b4e-11ef-bd75-a6020b3aa881
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sun, 26 May 2024 10:56:18 GMT
    server: nginx
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    121.72.229.94.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    121.72.229.94.in-addr.arpa
    IN PTR
    Response
    121.72.229.94.in-addr.arpa
    IN PTR
    nordns ukserverscom
  • flag-us
    DNS
    116.115.115.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    116.115.115.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TiuR3cIOOgZKngqvDJZQpjVUCUx-WwpWQoer3yOaVv4JfxoGUaqIw-S1L5LDdrWYg834-1-0ukM2uHIPpdxZJO6l94sc4TMDADvVAqcuMqnGaO76uU9pSXaAdKhe6tQx3D4tH5ftevkLBRywZ1C6Bscc39kepuePVB4eK0oTwyvpzywc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D26adb2251c4810c3a723d41e7ce9fdbc&TIME=20240508T112338Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TiuR3cIOOgZKngqvDJZQpjVUCUx-WwpWQoer3yOaVv4JfxoGUaqIw-S1L5LDdrWYg834-1-0ukM2uHIPpdxZJO6l94sc4TMDADvVAqcuMqnGaO76uU9pSXaAdKhe6tQx3D4tH5ftevkLBRywZ1C6Bscc39kepuePVB4eK0oTwyvpzywc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D26adb2251c4810c3a723d41e7ce9fdbc&TIME=20240508T112338Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=29E3CD4E46DD657C0C81D9C547FA6406; domain=.bing.com; expires=Fri, 20-Jun-2025 10:56:19 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9466F0F1D7394B6188F1E854D2AA6882 Ref B: LON04EDGE0710 Ref C: 2024-05-26T10:56:19Z
    date: Sun, 26 May 2024 10:56:18 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TiuR3cIOOgZKngqvDJZQpjVUCUx-WwpWQoer3yOaVv4JfxoGUaqIw-S1L5LDdrWYg834-1-0ukM2uHIPpdxZJO6l94sc4TMDADvVAqcuMqnGaO76uU9pSXaAdKhe6tQx3D4tH5ftevkLBRywZ1C6Bscc39kepuePVB4eK0oTwyvpzywc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D26adb2251c4810c3a723d41e7ce9fdbc&TIME=20240508T112338Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TiuR3cIOOgZKngqvDJZQpjVUCUx-WwpWQoer3yOaVv4JfxoGUaqIw-S1L5LDdrWYg834-1-0ukM2uHIPpdxZJO6l94sc4TMDADvVAqcuMqnGaO76uU9pSXaAdKhe6tQx3D4tH5ftevkLBRywZ1C6Bscc39kepuePVB4eK0oTwyvpzywc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D26adb2251c4810c3a723d41e7ce9fdbc&TIME=20240508T112338Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=29E3CD4E46DD657C0C81D9C547FA6406; _EDGE_S=SID=3460D3BE8D51698F061DC7358CFB687A
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=wMbd-2DJaabMNX9yMwjW7C4pyzMKPr9pBmga9e9Z-ps; domain=.bing.com; expires=Fri, 20-Jun-2025 10:56:19 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 786AB55873544F95B77A1AF18511396D Ref B: LON04EDGE0710 Ref C: 2024-05-26T10:56:19Z
    date: Sun, 26 May 2024 10:56:19 GMT
  • flag-nl
    GET
    https://www.bing.com/aes/c.gif?RG=cf04c1f8e9e24b9480119a59df68891e&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T112338Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981
    Remote address:
    23.62.61.194:443
    Request
    GET /aes/c.gif?RG=cf04c1f8e9e24b9480119a59df68891e&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T112338Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=29E3CD4E46DD657C0C81D9C547FA6406
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 535C23845F4C416E9B2F63E18E80D970 Ref B: DUS30EDGE0912 Ref C: 2024-05-26T10:56:19Z
    content-length: 0
    date: Sun, 26 May 2024 10:56:19 GMT
    set-cookie: _EDGE_S=SID=3460D3BE8D51698F061DC7358CFB687A; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=29E3CD4E46DD657C0C81D9C547FA6406; path=/; httponly; expires=Fri, 20-Jun-2025 10:56:19 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.be3d3e17.1716720979.1f3f67aa
  • flag-us
    DNS
    75.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    75.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-nl
    GET
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    23.62.61.97:443
    Request
    GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    cookie: MUID=29E3CD4E46DD657C0C81D9C547FA6406; _EDGE_S=SID=3460D3BE8D51698F061DC7358CFB687A; MSPTC=wMbd-2DJaabMNX9yMwjW7C4pyzMKPr9pBmga9e9Z-ps; MUIDB=29E3CD4E46DD657C0C81D9C547FA6406
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 1107
    date: Sun, 26 May 2024 10:56:20 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.5d3d3e17.1716720980.f2e9746
  • flag-us
    DNS
    194.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.61.62.23.in-addr.arpa
    IN PTR
    Response
    194.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-194deploystaticakamaitechnologiescom
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.61.62.23.in-addr.arpa
    IN PTR
    Response
    97.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-97deploystaticakamaitechnologiescom
  • flag-us
    GET
    http://c1.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    Remote address:
    199.115.115.116:80
    Request
    GET /?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize= HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c1.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=94abb66a-1b4e-11ef-bd75-a6020b3aa881
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sun, 26 May 2024 10:56:23 GMT
    server: nginx
  • flag-us
    GET
    http://c2.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    Remote address:
    199.115.115.116:80
    Request
    GET /?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize= HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c2.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=94abb66a-1b4e-11ef-bd75-a6020b3aa881
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sun, 26 May 2024 10:56:23 GMT
    server: nginx
  • flag-us
    GET
    http://c1.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    Remote address:
    199.115.115.116:80
    Request
    GET /?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize= HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c1.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=94abb66a-1b4e-11ef-bd75-a6020b3aa881
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sun, 26 May 2024 10:56:28 GMT
    server: nginx
  • flag-us
    GET
    http://c2.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    Remote address:
    199.115.115.116:80
    Request
    GET /?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize= HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c2.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=94abb66a-1b4e-11ef-bd75-a6020b3aa881
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Sun, 26 May 2024 10:56:30 GMT
    server: nginx
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    82.90.14.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    82.90.14.23.in-addr.arpa
    IN PTR
    Response
    82.90.14.23.in-addr.arpa
    IN PTR
    a23-14-90-82deploystaticakamaitechnologiescom
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 415458
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5FC3AFFF975E40F2B855B6EE30AB64F1 Ref B: LON04EDGE0620 Ref C: 2024-05-26T10:57:58Z
    date: Sun, 26 May 2024 10:57:58 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 430689
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D330E869B8854E9AA0971EB41A61B4AD Ref B: LON04EDGE0620 Ref C: 2024-05-26T10:57:58Z
    date: Sun, 26 May 2024 10:57:58 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 638730
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D2357D5E0FE14706866E0012971DF015 Ref B: LON04EDGE0620 Ref C: 2024-05-26T10:57:58Z
    date: Sun, 26 May 2024 10:57:58 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 621794
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F627BFB927824B7198803825CD929FAD Ref B: LON04EDGE0620 Ref C: 2024-05-26T10:57:58Z
    date: Sun, 26 May 2024 10:57:58 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 555746
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A1117099BAE64858AE4548EC89382697 Ref B: LON04EDGE0620 Ref C: 2024-05-26T10:57:58Z
    date: Sun, 26 May 2024 10:57:58 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 659775
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: BB13BAA808E548E1A81C2D750153122A Ref B: LON04EDGE0620 Ref C: 2024-05-26T10:57:59Z
    date: Sun, 26 May 2024 10:57:58 GMT
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    209.143.182.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.143.182.52.in-addr.arpa
    IN PTR
    Response
  • 94.229.72.121:80
    http://r1.getapplicationmy.info/?report_version=5&
    http
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    2.5kB
    640 B
    8
    7

    HTTP Request

    POST http://r1.getapplicationmy.info/?report_version=5&

    HTTP Response

    429
  • 199.115.115.116:80
    http://c1.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=
    http
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    834 B
    560 B
    6
    5

    HTTP Request

    GET http://c1.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=

    HTTP Response

    429
  • 199.115.115.116:80
    http://r2.getapplicationmy.info/?report_version=5&
    http
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    2.6kB
    438 B
    8
    6

    HTTP Request

    POST http://r2.getapplicationmy.info/?report_version=5&

    HTTP Response

    429
  • 199.115.115.116:80
    http://c2.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=
    http
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    884 B
    398 B
    6
    5

    HTTP Request

    GET http://c2.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=

    HTTP Response

    429
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TiuR3cIOOgZKngqvDJZQpjVUCUx-WwpWQoer3yOaVv4JfxoGUaqIw-S1L5LDdrWYg834-1-0ukM2uHIPpdxZJO6l94sc4TMDADvVAqcuMqnGaO76uU9pSXaAdKhe6tQx3D4tH5ftevkLBRywZ1C6Bscc39kepuePVB4eK0oTwyvpzywc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D26adb2251c4810c3a723d41e7ce9fdbc&TIME=20240508T112338Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB
    tls, http2
    2.5kB
    8.9kB
    19
    15

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TiuR3cIOOgZKngqvDJZQpjVUCUx-WwpWQoer3yOaVv4JfxoGUaqIw-S1L5LDdrWYg834-1-0ukM2uHIPpdxZJO6l94sc4TMDADvVAqcuMqnGaO76uU9pSXaAdKhe6tQx3D4tH5ftevkLBRywZ1C6Bscc39kepuePVB4eK0oTwyvpzywc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D26adb2251c4810c3a723d41e7ce9fdbc&TIME=20240508T112338Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TiuR3cIOOgZKngqvDJZQpjVUCUx-WwpWQoer3yOaVv4JfxoGUaqIw-S1L5LDdrWYg834-1-0ukM2uHIPpdxZJO6l94sc4TMDADvVAqcuMqnGaO76uU9pSXaAdKhe6tQx3D4tH5ftevkLBRywZ1C6Bscc39kepuePVB4eK0oTwyvpzywc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D26adb2251c4810c3a723d41e7ce9fdbc&TIME=20240508T112338Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB

    HTTP Response

    204
  • 23.62.61.194:443
    https://www.bing.com/aes/c.gif?RG=cf04c1f8e9e24b9480119a59df68891e&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T112338Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981
    tls, http2
    1.4kB
    5.3kB
    16
    10

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=cf04c1f8e9e24b9480119a59df68891e&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T112338Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981

    HTTP Response

    200
  • 23.62.61.97:443
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    1.6kB
    6.3kB
    16
    11

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 199.115.115.116:80
    http://c1.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=
    http
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    884 B
    398 B
    6
    5

    HTTP Request

    GET http://c1.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=

    HTTP Response

    429
  • 199.115.115.116:80
    http://c2.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=
    http
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    884 B
    398 B
    6
    5

    HTTP Request

    GET http://c2.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=

    HTTP Response

    429
  • 199.115.115.116:80
    http://c1.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=
    http
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    884 B
    398 B
    6
    5

    HTTP Request

    GET http://c1.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=

    HTTP Response

    429
  • 199.115.115.116:80
    http://c2.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=
    http
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    936 B
    398 B
    7
    5

    HTTP Request

    GET http://c2.getapplicationmy.info/?step_id=1&installer_id=4266756570321458556&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=573611499520151651&external_id=0&session_id=7382444040793461282&hardware_id=8200566463231510855&q=Carmen+Jones+1954+DVDRip+x264+NoRBiT&q=Carmen&product_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&installer_file_name=Carmen+Jones+1954+DVDRip+x264+NoRBiT&id=index.html&affiliate_id=revizer&filesize=

    HTTP Response

    429
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    tls, http2
    118.1kB
    3.4MB
    2497
    2493

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    14
  • 8.8.8.8:53
    r1.getapplicationmy.info
    dns
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    70 B
    86 B
    1
    1

    DNS Request

    r1.getapplicationmy.info

    DNS Response

    94.229.72.121

  • 8.8.8.8:53
    c1.getapplicationmy.info
    dns
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    70 B
    86 B
    1
    1

    DNS Request

    c1.getapplicationmy.info

    DNS Response

    199.115.115.116

  • 8.8.8.8:53
    r2.getapplicationmy.info
    dns
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    70 B
    86 B
    1
    1

    DNS Request

    r2.getapplicationmy.info

    DNS Response

    199.115.115.116

  • 8.8.8.8:53
    c2.getapplicationmy.info
    dns
    753f884ecb413e72b5c729550cedde82_JaffaCakes118.exe
    70 B
    86 B
    1
    1

    DNS Request

    c2.getapplicationmy.info

    DNS Response

    199.115.115.116

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
    90 B
    1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    121.72.229.94.in-addr.arpa
    dns
    72 B
    107 B
    1
    1

    DNS Request

    121.72.229.94.in-addr.arpa

  • 8.8.8.8:53
    116.115.115.199.in-addr.arpa
    dns
    74 B
    137 B
    1
    1

    DNS Request

    116.115.115.199.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    151 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    75.159.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    75.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
    143 B
    1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    194.61.62.23.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    194.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    97.61.62.23.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    97.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    82.90.14.23.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    82.90.14.23.in-addr.arpa

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    173 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    209.143.182.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    209.143.182.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TsuA5771410.dll

    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

  • C:\Users\Admin\AppData\Local\Temp\{75C31CA1-5100-4F4B-ADA0-1922AE203E57}\Custom.dll

    Filesize

    91KB

    MD5

    c9d3d86ee95ae4d20c80de9ddaa8fa40

    SHA1

    5f0546ec86f3e27f0eec4d5d5451edc630907654

    SHA256

    b34ca5ec63459956e72289b6b1d85891377c4ef451b48f42d92ab7d1aad117a9

    SHA512

    ea895f339e31432497401782a17275cecda18286a158ad191dc1a5c2c3c541205c679689a74ff46c4e4861c7e6d87bf862e54049b419675cadaeea76c400b186

  • C:\Users\Admin\AppData\Local\Temp\{75C31CA1-5100-4F4B-ADA0-1922AE203E57}\_Setup.dll

    Filesize

    170KB

    MD5

    1aabcda403b1a6801317ef9921e80c91

    SHA1

    082d05c392a00a6045afabc6aece91e5879cbdcc

    SHA256

    09cd996ee6e10242e7fa0052c7599b293f4ea28b235d270a6bc253d03ffff467

    SHA512

    a35975b65372335aff47565bb104f918f089c5bc452e5107a8d767b03350a2a7155e8632c54d28f7dc1d79eb637fabb9ad2e0975fef5c86f902d2f35dcd240ae

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.