Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

77afc296d4...18.exe

windows7-x64

5

77afc296d4...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    134s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/05/2024, 02:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    77afc296d44d7fcb275c6e5dfd1b751a_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    77afc296d44d7fcb275c6e5dfd1b751a

  • SHA1

    79b632bc160d69acb7697370f6144daba7064725

  • SHA256

    c5cce2f6359693cad438c9f1711794d6fdf46829f8096aea33475bafae576a62

  • SHA512

    5ee2f078b22794eb89567616baec64628c18136ffbd51e0b13e61b3783eef92b3d7643110eadc75e2a729ef262bba0f5580f6bd7bdbdcfc337dedfba130e4c28

  • SSDEEP

    24576:BrK6dClXmekxlm1dl4r260n4dz0as5jc3AZ1COwiUP/5lq8AC:BrBew72604doSw6ewh

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77afc296d44d7fcb275c6e5dfd1b751a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\77afc296d44d7fcb275c6e5dfd1b751a_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3724
    • C:\Users\Admin\AppData\Local\Temp\77afc296d44d7fcb275c6e5dfd1b751a_JaffaCakes118.exe
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:3924
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 1920
        3⤵
        • Program crash
        PID:2908
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 1964
        3⤵
        • Program crash
        PID:2420
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3924 -ip 3924
    1⤵
      PID:3636
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3924 -ip 3924
      1⤵
        PID:2920

      Network

      • flag-us
        DNS
        133.211.185.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        133.211.185.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JnKssSNRmNFvdMOii7vzvzVUCUw9gOzgjs2pyerRM_c812O-_UaQoqCsGLx1--RxShPrr6irPir6dFzB22fyU-POa5hGuqofDJD8Qf-VhyqQAf_K_tUOXV_7CRIg1by1D7RiVt7e6WnLwGvn0dh2bzaseufxxURCD2cgH5NkdnuVSlys%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59ba931a856d1d4bd9a2f521e1e88e84&TIME=20240508T114018Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JnKssSNRmNFvdMOii7vzvzVUCUw9gOzgjs2pyerRM_c812O-_UaQoqCsGLx1--RxShPrr6irPir6dFzB22fyU-POa5hGuqofDJD8Qf-VhyqQAf_K_tUOXV_7CRIg1by1D7RiVt7e6WnLwGvn0dh2bzaseufxxURCD2cgH5NkdnuVSlys%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59ba931a856d1d4bd9a2f521e1e88e84&TIME=20240508T114018Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48 HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=24C35A41BAC56F0001A04ECDBB256E7A; domain=.bing.com; expires=Sat, 21-Jun-2025 02:57:18 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 9BC054E08949461198B9321C4841D178 Ref B: LON04EDGE1008 Ref C: 2024-05-27T02:57:18Z
        date: Mon, 27 May 2024 02:57:18 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JnKssSNRmNFvdMOii7vzvzVUCUw9gOzgjs2pyerRM_c812O-_UaQoqCsGLx1--RxShPrr6irPir6dFzB22fyU-POa5hGuqofDJD8Qf-VhyqQAf_K_tUOXV_7CRIg1by1D7RiVt7e6WnLwGvn0dh2bzaseufxxURCD2cgH5NkdnuVSlys%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59ba931a856d1d4bd9a2f521e1e88e84&TIME=20240508T114018Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JnKssSNRmNFvdMOii7vzvzVUCUw9gOzgjs2pyerRM_c812O-_UaQoqCsGLx1--RxShPrr6irPir6dFzB22fyU-POa5hGuqofDJD8Qf-VhyqQAf_K_tUOXV_7CRIg1by1D7RiVt7e6WnLwGvn0dh2bzaseufxxURCD2cgH5NkdnuVSlys%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59ba931a856d1d4bd9a2f521e1e88e84&TIME=20240508T114018Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48 HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=24C35A41BAC56F0001A04ECDBB256E7A; _EDGE_S=SID=334585C8792E62A831469144780663ED
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=ln7tS3Qcj4Mc3fr6EF8mvGi5fsepyf6qJAqUAtl3pDg; domain=.bing.com; expires=Sat, 21-Jun-2025 02:57:18 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 18B5A44E68D248EDA1D9DE6DAD798079 Ref B: LON04EDGE1008 Ref C: 2024-05-27T02:57:18Z
        date: Mon, 27 May 2024 02:57:18 GMT
      • flag-se
        GET
        https://www.bing.com/aes/c.gif?RG=1de3478dc91e467bab3fe3b537a435b1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T114018Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182
        Remote address:
        184.31.15.184:443
        Request
        GET /aes/c.gif?RG=1de3478dc91e467bab3fe3b537a435b1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T114018Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182 HTTP/2.0
        host: www.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=24C35A41BAC56F0001A04ECDBB256E7A
        Response
        HTTP/2.0 200
        cache-control: private,no-store
        pragma: no-cache
        vary: Origin
        p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 28703DB04A5A4E17BD8A402B67B55746 Ref B: STOEDGE0917 Ref C: 2024-05-27T02:57:18Z
        content-length: 0
        date: Mon, 27 May 2024 02:57:18 GMT
        set-cookie: _EDGE_S=SID=334585C8792E62A831469144780663ED; path=/; httponly; domain=bing.com
        set-cookie: MUIDB=24C35A41BAC56F0001A04ECDBB256E7A; path=/; httponly; expires=Sat, 21-Jun-2025 02:57:18 GMT
        alt-svc: h3=":443"; ma=93600
        x-cdn-traceid: 0.b40f1fb8.1716778638.13b2440
      • flag-us
        DNS
        64.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        64.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        237.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.197.79.204.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        184.15.31.184.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        184.15.31.184.in-addr.arpa
        IN PTR
        Response
        184.15.31.184.in-addr.arpa
        IN PTR
        a184-31-15-184deploystaticakamaitechnologiescom
      • flag-se
        GET
        https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        Remote address:
        184.31.15.184:443
        Request
        GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
        host: www.bing.com
        accept: */*
        cookie: MUID=24C35A41BAC56F0001A04ECDBB256E7A; _EDGE_S=SID=334585C8792E62A831469144780663ED; MSPTC=ln7tS3Qcj4Mc3fr6EF8mvGi5fsepyf6qJAqUAtl3pDg; MUIDB=24C35A41BAC56F0001A04ECDBB256E7A
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-type: image/png
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        content-length: 1107
        date: Mon, 27 May 2024 02:57:19 GMT
        alt-svc: h3=":443"; ma=93600
        x-cdn-traceid: 0.b40f1fb8.1716778639.13b2731
      • flag-us
        DNS
        57.169.31.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        57.169.31.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        103.169.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        103.169.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        18.24.18.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.24.18.2.in-addr.arpa
        IN PTR
        Response
        18.24.18.2.in-addr.arpa
        IN PTR
        a2-18-24-18deploystaticakamaitechnologiescom
      • flag-us
        DNS
        14.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        14.227.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 449656
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: CBE498E53853489A86012B923BBAEB6C Ref B: LON04EDGE0708 Ref C: 2024-05-27T02:58:57Z
        date: Mon, 27 May 2024 02:58:56 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 468637
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 0D98C81935BA415599040837707AB1C8 Ref B: LON04EDGE0708 Ref C: 2024-05-27T02:58:57Z
        date: Mon, 27 May 2024 02:58:56 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 621794
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 3FCD6C26E1794EA7AF4B15A2F4231D6D Ref B: LON04EDGE0708 Ref C: 2024-05-27T02:58:57Z
        date: Mon, 27 May 2024 02:58:56 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 659775
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 2A6D5D6ED9F0412D8ABC4482844B348B Ref B: LON04EDGE0708 Ref C: 2024-05-27T02:58:57Z
        date: Mon, 27 May 2024 02:58:56 GMT
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • 204.79.197.237:443
        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JnKssSNRmNFvdMOii7vzvzVUCUw9gOzgjs2pyerRM_c812O-_UaQoqCsGLx1--RxShPrr6irPir6dFzB22fyU-POa5hGuqofDJD8Qf-VhyqQAf_K_tUOXV_7CRIg1by1D7RiVt7e6WnLwGvn0dh2bzaseufxxURCD2cgH5NkdnuVSlys%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59ba931a856d1d4bd9a2f521e1e88e84&TIME=20240508T114018Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
        tls, http2
        2.5kB
         9.0kB
         20
        17

        HTTP Request

        GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JnKssSNRmNFvdMOii7vzvzVUCUw9gOzgjs2pyerRM_c812O-_UaQoqCsGLx1--RxShPrr6irPir6dFzB22fyU-POa5hGuqofDJD8Qf-VhyqQAf_K_tUOXV_7CRIg1by1D7RiVt7e6WnLwGvn0dh2bzaseufxxURCD2cgH5NkdnuVSlys%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59ba931a856d1d4bd9a2f521e1e88e84&TIME=20240508T114018Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JnKssSNRmNFvdMOii7vzvzVUCUw9gOzgjs2pyerRM_c812O-_UaQoqCsGLx1--RxShPrr6irPir6dFzB22fyU-POa5hGuqofDJD8Qf-VhyqQAf_K_tUOXV_7CRIg1by1D7RiVt7e6WnLwGvn0dh2bzaseufxxURCD2cgH5NkdnuVSlys%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D59ba931a856d1d4bd9a2f521e1e88e84&TIME=20240508T114018Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48

        HTTP Response

        204
      • 184.31.15.184:443
        https://www.bing.com/aes/c.gif?RG=1de3478dc91e467bab3fe3b537a435b1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T114018Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182
        tls, http2
        1.4kB
         5.3kB
         16
        10

        HTTP Request

        GET https://www.bing.com/aes/c.gif?RG=1de3478dc91e467bab3fe3b537a435b1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T114018Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182

        HTTP Response

        200
      • 184.31.15.184:443
        https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        tls, http2
        1.6kB
         6.4kB
         17
        12

        HTTP Request

        GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

        HTTP Response

        200
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        tls, http2
        80.9kB
         2.3MB
         1661
        1658

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.1kB
         16
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.1kB
         16
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.1kB
         16
        14
      • 8.8.8.8:53
        133.211.185.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        133.211.185.52.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         151 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.237
        13.107.21.237

      • 8.8.8.8:53
        64.159.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        64.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        237.197.79.204.in-addr.arpa
        dns
        73 B
         143 B
         1
        1

        DNS Request

        237.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        184.15.31.184.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        184.15.31.184.in-addr.arpa

      • 8.8.8.8:53
        57.169.31.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        57.169.31.20.in-addr.arpa

      • 8.8.8.8:53
        103.169.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        103.169.127.40.in-addr.arpa

      • 8.8.8.8:53
        56.126.166.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        56.126.166.20.in-addr.arpa

      • 8.8.8.8:53
        18.24.18.2.in-addr.arpa
        dns
        69 B
         131 B
         1
        1

        DNS Request

        18.24.18.2.in-addr.arpa

      • 8.8.8.8:53
        14.227.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        14.227.111.52.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
         173 B
         1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        26.35.223.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        26.35.223.20.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3924-0-0x0000000000400000-0x00000000004E0000-memory.dmp

        Filesize

        896KB

        Download

      • memory/3924-1-0x0000000000400000-0x00000000004E0000-memory.dmp

        Filesize

        896KB

        Download

      • memory/3924-2-0x0000000000400000-0x00000000004E0000-memory.dmp

        Filesize

        896KB

        Download

      • memory/3924-3-0x0000000000400000-0x00000000004E0000-memory.dmp

        Filesize

        896KB

        Download

      • memory/3924-4-0x0000000000400000-0x00000000004E0000-memory.dmp

        Filesize

        896KB

        Download

      • memory/3924-5-0x0000000000400000-0x00000000004E0000-memory.dmp

        Filesize

        896KB

        Download

      • memory/3924-6-0x0000000000400000-0x00000000004E0000-memory.dmp

        Filesize

        896KB

        Download

      • memory/3924-10-0x0000000000400000-0x00000000004E0000-memory.dmp

        Filesize

        896KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.