Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
20/07/2024, 01:59 UTC
General
-
Target
5e9ac544c472baef4057017a306b5a92_JaffaCakes118.exe
-
Size
261KB
-
MD5
5e9ac544c472baef4057017a306b5a92
-
SHA1
3a93c266702acbcce4f08c6de1c27fabe1cf55af
-
SHA256
f1b4bc1d473efbcc74db7cf0b8ad026c10371afca7f5d4dd0cff6e67d3337787
-
SHA512
082eb956096fc7ca4d6dd690d1c98b07aaac6be2848fecd481dac0adc75758ffe2c77d2cbd3e9cda1eeae2780c6d29617d61111c7db6797d8dd54fdb934c52ad
-
SSDEEP
3072:1WMoTLbAyxLnX2aKidNy/MQKI3adATsHSRh+gnTchZNQsnOGT0RJiyDyCjntuFjO:mdGkHKdRhTIG3hDyCj8FyVrd
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e9ac544c472baef4057017a306b5a92_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5e9ac544c472baef4057017a306b5a92_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: RenamesItself
Network
-
DNSapp2.winsoft1.comRemote address:8.8.8.8:53Requestapp2.winsoft1.comIN AResponse -
DNSg.bing.comRemote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A13.107.21.237dual-a-0034.a-msedge.netIN A204.79.197.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=af18eb51cb1c44fb8ede6b55eca766ff&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=Remote address:13.107.21.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=af18eb51cb1c44fb8ede6b55eca766ff&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=26EFD9EAE8A46FB83CCFCD28E9836E7C; domain=.bing.com; expires=Thu, 14-Aug-2025 02:00:00 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E2FD813B2ED4466AB4C157CF76432AAA Ref B: LON04EDGE0608 Ref C: 2024-07-20T02:00:00Z
date: Sat, 20 Jul 2024 02:00:00 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=af18eb51cb1c44fb8ede6b55eca766ff&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=Remote address:13.107.21.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=af18eb51cb1c44fb8ede6b55eca766ff&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=26EFD9EAE8A46FB83CCFCD28E9836E7C
ResponseHTTP/2.0 204
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=EIdCLeophI4zVv_9BWEY8mv3iYs92GjkzhzqLW4q4J4; domain=.bing.com; expires=Thu, 14-Aug-2025 02:00:00 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6C0DD6686E304337A2CE02E8BDEC2B38 Ref B: LON04EDGE0608 Ref C: 2024-07-20T02:00:00Z
date: Sat, 20 Jul 2024 02:00:00 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=af18eb51cb1c44fb8ede6b55eca766ff&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=Remote address:13.107.21.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=af18eb51cb1c44fb8ede6b55eca766ff&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=26EFD9EAE8A46FB83CCFCD28E9836E7C; MSPTC=EIdCLeophI4zVv_9BWEY8mv3iYs92GjkzhzqLW4q4J4
ResponseHTTP/2.0 204
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4262E7D8D0D34098BD45084F0163C20D Ref B: LON04EDGE0608 Ref C: 2024-07-20T02:00:00Z
date: Sat, 20 Jul 2024 02:00:00 GMT
-
DNSapp2.winsoft2.comRemote address:8.8.8.8:53Requestapp2.winsoft2.comIN AResponse
-
DNSapp2.winsoft3.comRemote address:8.8.8.8:53Requestapp2.winsoft3.comIN AResponse
-
DNS172.210.232.199.in-addr.arpaRemote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
DNS232.168.11.51.in-addr.arpaRemote address:8.8.8.8:53Request232.168.11.51.in-addr.arpaIN PTRResponse
-
DNS15.164.165.52.in-addr.arpaRemote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
DNS237.21.107.13.in-addr.arpaRemote address:8.8.8.8:53Request237.21.107.13.in-addr.arpaIN PTRResponse
-
DNS73.31.126.40.in-addr.arpaRemote address:8.8.8.8:53Request73.31.126.40.in-addr.arpaIN PTRResponse
-
DNSapp2.winsoft4.comRemote address:8.8.8.8:53Requestapp2.winsoft4.comIN AResponse
-
DNSapp2.winsoft5.comRemote address:8.8.8.8:53Requestapp2.winsoft5.comIN AResponse
-
DNSapp2.winsoft5.comRemote address:8.8.8.8:53Requestapp2.winsoft5.comIN A
-
DNSapp2.winsoft5.comRemote address:8.8.8.8:53Requestapp2.winsoft5.comIN A
-
DNS26.35.223.20.in-addr.arpaRemote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
DNSapp2.winsoft6.comRemote address:8.8.8.8:53Requestapp2.winsoft6.comIN AResponse
-
DNSapp2.winsoft6.comRemote address:8.8.8.8:53Requestapp2.winsoft6.comIN A
-
DNSapp2.winsoft7.comRemote address:8.8.8.8:53Requestapp2.winsoft7.comIN AResponse
-
DNSapp2.winsoft8.comRemote address:8.8.8.8:53Requestapp2.winsoft8.comIN AResponse
-
DNSapp2.winsoft9.comRemote address:8.8.8.8:53Requestapp2.winsoft9.comIN AResponse
-
DNSapp2.winsoft10.comRemote address:8.8.8.8:53Requestapp2.winsoft10.comIN AResponse
-
DNSapp2.winsoft11.comRemote address:8.8.8.8:53Requestapp2.winsoft11.comIN AResponse
-
DNSapp2.winsoft12.comRemote address:8.8.8.8:53Requestapp2.winsoft12.comIN AResponse
-
DNSapp2.winsoft13.comRemote address:8.8.8.8:53Requestapp2.winsoft13.comIN AResponse
-
DNSapp2.winsoft14.comRemote address:8.8.8.8:53Requestapp2.winsoft14.comIN AResponse
-
DNSapp2.winsoft15.comRemote address:8.8.8.8:53Requestapp2.winsoft15.comIN AResponse
-
DNSapp2.winsoft16.comRemote address:8.8.8.8:53Requestapp2.winsoft16.comIN AResponse
-
DNSapp2.winsoft17.comRemote address:8.8.8.8:53Requestapp2.winsoft17.comIN AResponse
-
DNSapp2.winsoft18.comRemote address:8.8.8.8:53Requestapp2.winsoft18.comIN AResponse
-
DNSapp2.winsoft19.comRemote address:8.8.8.8:53Requestapp2.winsoft19.comIN AResponse
-
DNSapp2.winsoft20.comRemote address:8.8.8.8:53Requestapp2.winsoft20.comIN AResponse
-
DNSapp2.winsoft21.comRemote address:8.8.8.8:53Requestapp2.winsoft21.comIN AResponse
-
DNSapp2.winsoft22.comRemote address:8.8.8.8:53Requestapp2.winsoft22.comIN AResponse
-
DNSapp2.winsoft23.comRemote address:8.8.8.8:53Requestapp2.winsoft23.comIN AResponse
-
DNSapp2.winsoft24.comRemote address:8.8.8.8:53Requestapp2.winsoft24.comIN AResponse
-
DNSapp2.winsoft25.comRemote address:8.8.8.8:53Requestapp2.winsoft25.comIN AResponse
-
DNS183.142.211.20.in-addr.arpaRemote address:8.8.8.8:53Request183.142.211.20.in-addr.arpaIN PTRResponse
-
DNSapp2.winsoft26.comRemote address:8.8.8.8:53Requestapp2.winsoft26.comIN AResponse
-
DNSapp2.winsoft27.comRemote address:8.8.8.8:53Requestapp2.winsoft27.comIN AResponse
-
DNSapp2.winsoft28.comRemote address:8.8.8.8:53Requestapp2.winsoft28.comIN AResponse
-
DNSapp2.winsoft29.comRemote address:8.8.8.8:53Requestapp2.winsoft29.comIN AResponse
-
DNSapp2.winsoft30.comRemote address:8.8.8.8:53Requestapp2.winsoft30.comIN AResponse
-
DNSapp2.winsoft31.comRemote address:8.8.8.8:53Requestapp2.winsoft31.comIN AResponse
-
DNSapp2.winsoft32.comRemote address:8.8.8.8:53Requestapp2.winsoft32.comIN AResponseapp2.winsoft32.comIN A91.195.240.13
-
DNSapp2.winsoft32.comRemote address:8.8.8.8:53Requestapp2.winsoft32.comIN AResponseapp2.winsoft32.comIN A91.195.240.13
-
DNSapp2.winsoft32.comRemote address:8.8.8.8:53Requestapp2.winsoft32.comIN A
-
DNSapp2.winsoft33.comRemote address:8.8.8.8:53Requestapp2.winsoft33.comIN AResponse
-
DNSapp2.winsoft34.comRemote address:8.8.8.8:53Requestapp2.winsoft34.comIN AResponse
-
DNSapp2.winsoft35.comRemote address:8.8.8.8:53Requestapp2.winsoft35.comIN AResponse
-
DNSapp2.winsoft36.comRemote address:8.8.8.8:53Requestapp2.winsoft36.comIN AResponse
-
DNSapp2.winsoft37.comRemote address:8.8.8.8:53Requestapp2.winsoft37.comIN AResponse
-
DNSapp2.winsoft38.comRemote address:8.8.8.8:53Requestapp2.winsoft38.comIN AResponse
-
DNSapp2.winsoft39.comRemote address:8.8.8.8:53Requestapp2.winsoft39.comIN AResponse
-
DNSapp2.winsoft40.comRemote address:8.8.8.8:53Requestapp2.winsoft40.comIN AResponse
-
DNSapp2.winsoft41.comRemote address:8.8.8.8:53Requestapp2.winsoft41.comIN AResponse
-
DNSapp2.winsoft42.comRemote address:8.8.8.8:53Requestapp2.winsoft42.comIN AResponse
-
DNSapp2.winsoft43.comRemote address:8.8.8.8:53Requestapp2.winsoft43.comIN AResponse
-
DNSapp2.winsoft44.comRemote address:8.8.8.8:53Requestapp2.winsoft44.comIN AResponse
-
DNSapp2.winsoft45.comRemote address:8.8.8.8:53Requestapp2.winsoft45.comIN AResponse
-
DNSapp2.winsoft46.comRemote address:8.8.8.8:53Requestapp2.winsoft46.comIN AResponse
-
DNSapp2.winsoft47.comRemote address:8.8.8.8:53Requestapp2.winsoft47.comIN AResponse
-
DNSapp2.winsoft48.comRemote address:8.8.8.8:53Requestapp2.winsoft48.comIN AResponse
-
DNSapp2.winsoft49.comRemote address:8.8.8.8:53Requestapp2.winsoft49.comIN AResponse
-
DNSapp2.winsoft50.comRemote address:8.8.8.8:53Requestapp2.winsoft50.comIN AResponse
-
DNSapp2.winsoft51.comRemote address:8.8.8.8:53Requestapp2.winsoft51.comIN AResponse
-
DNSapp2.winsoft52.comRemote address:8.8.8.8:53Requestapp2.winsoft52.comIN AResponse
-
DNSapp2.winsoft53.comRemote address:8.8.8.8:53Requestapp2.winsoft53.comIN AResponse
-
DNS183.59.114.20.in-addr.arpaRemote address:8.8.8.8:53Request183.59.114.20.in-addr.arpaIN PTRResponse
-
DNSapp2.winsoft54.comRemote address:8.8.8.8:53Requestapp2.winsoft54.comIN AResponse
-
DNStse1.mm.bing.netRemote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.27.10ax-0001.ax-msedge.netIN A150.171.28.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388084_14BR1HNZO7MDFJS4B&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239339388084_14BR1HNZO7MDFJS4B&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 586896
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 42690A2716B64A0081E3B6CC7247A1B0 Ref B: LON04EDGE0810 Ref C: 2024-07-20T02:00:31Z
date: Sat, 20 Jul 2024 02:00:30 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301469_1CI9E0AG3RDYG5DMG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239317301469_1CI9E0AG3RDYG5DMG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 443603
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BAC720FCEB6A4179B5A8463108932A01 Ref B: LON04EDGE0810 Ref C: 2024-07-20T02:00:31Z
date: Sat, 20 Jul 2024 02:00:30 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301036_1G9CB801VBJIYBSI0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239317301036_1G9CB801VBJIYBSI0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 347802
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 79F1E0CEC21E47C4B872FB986B6FD12F Ref B: LON04EDGE0810 Ref C: 2024-07-20T02:00:31Z
date: Sat, 20 Jul 2024 02:00:30 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388083_1LK8GG0XUINT2UANS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239339388083_1LK8GG0XUINT2UANS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 705144
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B31F7CF073D447C1AA913FDC9B8C6593 Ref B: LON04EDGE0810 Ref C: 2024-07-20T02:00:31Z
date: Sat, 20 Jul 2024 02:00:30 GMT
-
DNSapp2.winsoft55.comRemote address:8.8.8.8:53Requestapp2.winsoft55.comIN AResponse
-
DNSapp2.winsoft56.comRemote address:8.8.8.8:53Requestapp2.winsoft56.comIN AResponse
-
DNSapp2.winsoft56.comRemote address:8.8.8.8:53Requestapp2.winsoft56.comIN A
-
DNSapp2.winsoft57.comRemote address:8.8.8.8:53Requestapp2.winsoft57.comIN AResponse
-
DNSapp2.winsoft58.comRemote address:8.8.8.8:53Requestapp2.winsoft58.comIN AResponse
-
DNSapp2.winsoft59.comRemote address:8.8.8.8:53Requestapp2.winsoft59.comIN AResponse
-
DNSapp2.winsoft60.comRemote address:8.8.8.8:53Requestapp2.winsoft60.comIN AResponse
-
DNSapp2.winsoft61.comRemote address:8.8.8.8:53Requestapp2.winsoft61.comIN AResponse
-
DNSapp2.winsoft62.comRemote address:8.8.8.8:53Requestapp2.winsoft62.comIN AResponse
-
DNSapp2.winsoft63.comRemote address:8.8.8.8:53Requestapp2.winsoft63.comIN AResponse
-
DNSapp2.winsoft64.comRemote address:8.8.8.8:53Requestapp2.winsoft64.comIN AResponseapp2.winsoft64.comIN A91.195.240.13
-
DNSapp2.winsoft64.comRemote address:8.8.8.8:53Requestapp2.winsoft64.comIN AResponseapp2.winsoft64.comIN A91.195.240.13
-
DNSapp2.winsoft65.comRemote address:8.8.8.8:53Requestapp2.winsoft65.comIN AResponse
-
DNSapp2.winsoft66.comRemote address:8.8.8.8:53Requestapp2.winsoft66.comIN AResponse
-
DNSapp2.winsoft67.comRemote address:8.8.8.8:53Requestapp2.winsoft67.comIN AResponse
-
DNSapp2.winsoft68.comRemote address:8.8.8.8:53Requestapp2.winsoft68.comIN AResponse
-
DNSapp2.winsoft69.comRemote address:8.8.8.8:53Requestapp2.winsoft69.comIN AResponse
-
DNSapp2.winsoft70.comRemote address:8.8.8.8:53Requestapp2.winsoft70.comIN AResponse
-
DNSapp2.winsoft71.comRemote address:8.8.8.8:53Requestapp2.winsoft71.comIN AResponse
-
DNSapp2.winsoft72.comRemote address:8.8.8.8:53Requestapp2.winsoft72.comIN AResponse
-
DNSapp2.winsoft73.comRemote address:8.8.8.8:53Requestapp2.winsoft73.comIN AResponse
-
DNSapp2.winsoft73.comRemote address:8.8.8.8:53Requestapp2.winsoft73.comIN A
-
DNSapp2.winsoft73.comRemote address:8.8.8.8:53Requestapp2.winsoft73.comIN A
-
DNSapp2.winsoft74.comRemote address:8.8.8.8:53Requestapp2.winsoft74.comIN AResponse
-
DNSapp2.winsoft74.comRemote address:8.8.8.8:53Requestapp2.winsoft74.comIN A
-
DNSapp2.winsoft75.comRemote address:8.8.8.8:53Requestapp2.winsoft75.comIN AResponse
-
DNSapp2.winsoft76.comRemote address:8.8.8.8:53Requestapp2.winsoft76.comIN AResponse
-
DNSapp2.winsoft77.comRemote address:8.8.8.8:53Requestapp2.winsoft77.comIN AResponse
-
DNSapp2.winsoft78.comRemote address:8.8.8.8:53Requestapp2.winsoft78.comIN AResponse
-
DNSapp2.winsoft79.comRemote address:8.8.8.8:53Requestapp2.winsoft79.comIN AResponse
-
DNSapp2.winsoft80.comRemote address:8.8.8.8:53Requestapp2.winsoft80.comIN AResponse
-
DNSapp2.winsoft81.comRemote address:8.8.8.8:53Requestapp2.winsoft81.comIN AResponse
-
DNSapp2.winsoft82.comRemote address:8.8.8.8:53Requestapp2.winsoft82.comIN AResponse
-
DNSapp2.winsoft83.comRemote address:8.8.8.8:53Requestapp2.winsoft83.comIN AResponse
-
DNSapp2.winsoft84.comRemote address:8.8.8.8:53Requestapp2.winsoft84.comIN AResponse
-
DNSapp2.winsoft85.comRemote address:8.8.8.8:53Requestapp2.winsoft85.comIN AResponse
-
DNSapp2.winsoft86.comRemote address:8.8.8.8:53Requestapp2.winsoft86.comIN AResponse
-
DNSapp2.winsoft87.comRemote address:8.8.8.8:53Requestapp2.winsoft87.comIN AResponse
-
DNSapp2.winsoft88.comRemote address:8.8.8.8:53Requestapp2.winsoft88.comIN AResponse
-
DNSapp2.winsoft89.comRemote address:8.8.8.8:53Requestapp2.winsoft89.comIN AResponse
-
DNSapp2.winsoft90.comRemote address:8.8.8.8:53Requestapp2.winsoft90.comIN AResponse
-
DNSapp2.winsoft91.comRemote address:8.8.8.8:53Requestapp2.winsoft91.comIN AResponse
-
DNSapp2.winsoft92.comRemote address:8.8.8.8:53Requestapp2.winsoft92.comIN AResponse
-
DNSapp2.winsoft93.comRemote address:8.8.8.8:53Requestapp2.winsoft93.comIN AResponse
-
DNSapp2.winsoft94.comRemote address:8.8.8.8:53Requestapp2.winsoft94.comIN AResponse
-
DNSapp2.winsoft95.comRemote address:8.8.8.8:53Requestapp2.winsoft95.comIN AResponse
-
DNSapp2.winsoft96.comRemote address:8.8.8.8:53Requestapp2.winsoft96.comIN AResponse
-
DNSapp2.winsoft97.comRemote address:8.8.8.8:53Requestapp2.winsoft97.comIN AResponse
-
DNSapp2.winsoft98.comRemote address:8.8.8.8:53Requestapp2.winsoft98.comIN AResponse
-
DNSapp2.winsoft98.comRemote address:8.8.8.8:53Requestapp2.winsoft98.comIN AResponse
-
DNSapp2.winsoft98.comRemote address:8.8.8.8:53Requestapp2.winsoft98.comIN AResponse
-
DNSapp2.winsoft98.comRemote address:8.8.8.8:53Requestapp2.winsoft98.comIN AResponse
-
DNSapp2.winsoft99.comRemote address:8.8.8.8:53Requestapp2.winsoft99.comIN AResponse
-
DNSapp2.winsoft99.comRemote address:8.8.8.8:53Requestapp2.winsoft99.comIN A
-
DNSapp2.winsoft100.comRemote address:8.8.8.8:53Requestapp2.winsoft100.comIN AResponse
-
DNSapp2.winsoft0.comRemote address:8.8.8.8:53Requestapp2.winsoft0.comIN AResponse
-
DNSapp2.winsoft1.comRemote address:8.8.8.8:53Requestapp2.winsoft1.comIN AResponse
-
DNSapp2.winsoft2.comRemote address:8.8.8.8:53Requestapp2.winsoft2.comIN AResponse
-
DNSapp2.winsoft3.comRemote address:8.8.8.8:53Requestapp2.winsoft3.comIN AResponse
-
DNSp2.winsoft3.comRemote address:8.8.8.8:53Requestp2.winsoft3.comIN AResponse
-
DNS240.221.184.93.in-addr.arpaRemote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
DNS48.229.111.52.in-addr.arpaRemote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTRResponse
-
13.107.21.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=af18eb51cb1c44fb8ede6b55eca766ff&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=tls, http2
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=af18eb51cb1c44fb8ede6b55eca766ff&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=af18eb51cb1c44fb8ede6b55eca766ff&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=af18eb51cb1c44fb8ede6b55eca766ff&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=HTTP Response
204 -
150.171.27.10:443https://tse1.mm.bing.net/th?id=OADD2.10239339388083_1LK8GG0XUINT2UANS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http2
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388084_14BR1HNZO7MDFJS4B&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301469_1CI9E0AG3RDYG5DMG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301036_1G9CB801VBJIYBSI0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388083_1LK8GG0XUINT2UANS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200 -
150.171.27.10:443tse1.mm.bing.nettls, http2
-
150.171.27.10:443tse1.mm.bing.nettls, http2
-
150.171.27.10:443tse1.mm.bing.nettls, http2
-
52.111.236.23:443
-
8.8.8.8:53app2.winsoft1.comdns
DNS Request
app2.winsoft1.com
-
8.8.8.8:53g.bing.comdns
DNS Request
g.bing.com
DNS Response
13.107.21.237204.79.197.237
-
8.8.8.8:53app2.winsoft2.comdns
DNS Request
app2.winsoft2.com
-
8.8.8.8:53app2.winsoft3.comdns
DNS Request
app2.winsoft3.com
-
8.8.8.8:53172.210.232.199.in-addr.arpadns
DNS Request
172.210.232.199.in-addr.arpa
-
8.8.8.8:53232.168.11.51.in-addr.arpadns
DNS Request
232.168.11.51.in-addr.arpa
DNS Request
15.164.165.52.in-addr.arpa
-
8.8.8.8:53237.21.107.13.in-addr.arpadns
DNS Request
237.21.107.13.in-addr.arpa
-
8.8.8.8:5373.31.126.40.in-addr.arpadns
DNS Request
73.31.126.40.in-addr.arpa
-
8.8.8.8:53app2.winsoft4.comdns
DNS Request
app2.winsoft4.com
-
8.8.8.8:53app2.winsoft5.comdns
DNS Request
app2.winsoft5.com
DNS Request
app2.winsoft5.com
DNS Request
app2.winsoft5.com
-
8.8.8.8:5326.35.223.20.in-addr.arpadns
DNS Request
26.35.223.20.in-addr.arpa
-
8.8.8.8:53app2.winsoft6.comdns
DNS Request
app2.winsoft6.com
DNS Request
app2.winsoft6.com
-
8.8.8.8:53app2.winsoft7.comdns
DNS Request
app2.winsoft7.com
-
8.8.8.8:53app2.winsoft8.comdns
DNS Request
app2.winsoft8.com
-
8.8.8.8:53app2.winsoft9.comdns
DNS Request
app2.winsoft9.com
-
8.8.8.8:53app2.winsoft10.comdns
DNS Request
app2.winsoft10.com
-
8.8.8.8:53app2.winsoft11.comdns
DNS Request
app2.winsoft11.com
-
8.8.8.8:53app2.winsoft12.comdns
DNS Request
app2.winsoft12.com
-
8.8.8.8:53app2.winsoft13.comdns
DNS Request
app2.winsoft13.com
-
8.8.8.8:53app2.winsoft14.comdns
DNS Request
app2.winsoft14.com
-
8.8.8.8:53app2.winsoft15.comdns
DNS Request
app2.winsoft15.com
-
8.8.8.8:53app2.winsoft16.comdns
DNS Request
app2.winsoft16.com
-
8.8.8.8:53app2.winsoft17.comdns
DNS Request
app2.winsoft17.com
-
8.8.8.8:53app2.winsoft18.comdns
DNS Request
app2.winsoft18.com
-
8.8.8.8:53app2.winsoft19.comdns
DNS Request
app2.winsoft19.com
-
8.8.8.8:53app2.winsoft20.comdns
DNS Request
app2.winsoft20.com
-
8.8.8.8:53app2.winsoft21.comdns
DNS Request
app2.winsoft21.com
-
8.8.8.8:53app2.winsoft22.comdns
DNS Request
app2.winsoft22.com
-
8.8.8.8:53app2.winsoft23.comdns
DNS Request
app2.winsoft23.com
-
8.8.8.8:53app2.winsoft24.comdns
DNS Request
app2.winsoft24.com
-
8.8.8.8:53app2.winsoft25.comdns
DNS Request
app2.winsoft25.com
-
8.8.8.8:53183.142.211.20.in-addr.arpadns
DNS Request
183.142.211.20.in-addr.arpa
-
8.8.8.8:53app2.winsoft26.comdns
DNS Request
app2.winsoft26.com
-
8.8.8.8:53app2.winsoft27.comdns
DNS Request
app2.winsoft27.com
-
8.8.8.8:53app2.winsoft28.comdns
DNS Request
app2.winsoft28.com
-
8.8.8.8:53app2.winsoft29.comdns
DNS Request
app2.winsoft29.com
-
8.8.8.8:53app2.winsoft30.comdns
DNS Request
app2.winsoft30.com
-
8.8.8.8:53app2.winsoft31.comdns
DNS Request
app2.winsoft31.com
-
8.8.8.8:53app2.winsoft32.comdns
DNS Request
app2.winsoft32.com
DNS Request
app2.winsoft32.com
DNS Request
app2.winsoft32.com
DNS Response
91.195.240.13
DNS Response
91.195.240.13
-
8.8.8.8:53app2.winsoft33.comdns
DNS Request
app2.winsoft33.com
-
8.8.8.8:53app2.winsoft34.comdns
DNS Request
app2.winsoft34.com
-
8.8.8.8:53app2.winsoft35.comdns
DNS Request
app2.winsoft35.com
-
8.8.8.8:53app2.winsoft36.comdns
DNS Request
app2.winsoft36.com
-
8.8.8.8:53app2.winsoft37.comdns
DNS Request
app2.winsoft37.com
-
8.8.8.8:53app2.winsoft38.comdns
DNS Request
app2.winsoft38.com
-
8.8.8.8:53app2.winsoft39.comdns
DNS Request
app2.winsoft39.com
-
8.8.8.8:53app2.winsoft40.comdns
DNS Request
app2.winsoft40.com
-
8.8.8.8:53app2.winsoft41.comdns
DNS Request
app2.winsoft41.com
-
8.8.8.8:53app2.winsoft42.comdns
DNS Request
app2.winsoft42.com
-
8.8.8.8:53app2.winsoft43.comdns
DNS Request
app2.winsoft43.com
-
8.8.8.8:53app2.winsoft44.comdns
DNS Request
app2.winsoft44.com
-
8.8.8.8:53app2.winsoft45.comdns
DNS Request
app2.winsoft45.com
-
8.8.8.8:53app2.winsoft46.comdns
DNS Request
app2.winsoft46.com
-
8.8.8.8:53app2.winsoft47.comdns
DNS Request
app2.winsoft47.com
-
8.8.8.8:53app2.winsoft48.comdns
DNS Request
app2.winsoft48.com
-
8.8.8.8:53app2.winsoft49.comdns
DNS Request
app2.winsoft49.com
-
8.8.8.8:53app2.winsoft50.comdns
DNS Request
app2.winsoft50.com
-
8.8.8.8:53app2.winsoft51.comdns
DNS Request
app2.winsoft51.com
-
8.8.8.8:53app2.winsoft52.comdns
DNS Request
app2.winsoft52.com
-
8.8.8.8:53app2.winsoft53.comdns
DNS Request
app2.winsoft53.com
-
8.8.8.8:53183.59.114.20.in-addr.arpadns
DNS Request
183.59.114.20.in-addr.arpa
-
8.8.8.8:53app2.winsoft54.comdns
DNS Request
app2.winsoft54.com
-
8.8.8.8:53tse1.mm.bing.netdns
DNS Request
tse1.mm.bing.net
DNS Response
150.171.27.10150.171.28.10
-
8.8.8.8:53app2.winsoft55.comdns
DNS Request
app2.winsoft55.com
-
8.8.8.8:53app2.winsoft56.comdns
DNS Request
app2.winsoft56.com
DNS Request
app2.winsoft56.com
-
8.8.8.8:53app2.winsoft57.comdns
DNS Request
app2.winsoft57.com
-
8.8.8.8:53app2.winsoft58.comdns
DNS Request
app2.winsoft58.com
-
8.8.8.8:53app2.winsoft59.comdns
DNS Request
app2.winsoft59.com
-
8.8.8.8:53app2.winsoft60.comdns
DNS Request
app2.winsoft60.com
-
8.8.8.8:53app2.winsoft61.comdns
DNS Request
app2.winsoft61.com
-
8.8.8.8:53app2.winsoft62.comdns
DNS Request
app2.winsoft62.com
-
8.8.8.8:53app2.winsoft63.comdns
DNS Request
app2.winsoft63.com
-
8.8.8.8:53app2.winsoft64.comdns
DNS Request
app2.winsoft64.com
DNS Request
app2.winsoft64.com
DNS Response
91.195.240.13
DNS Response
91.195.240.13
-
8.8.8.8:53app2.winsoft65.comdns
DNS Request
app2.winsoft65.com
-
8.8.8.8:53app2.winsoft66.comdns
DNS Request
app2.winsoft66.com
-
8.8.8.8:53app2.winsoft67.comdns
DNS Request
app2.winsoft67.com
-
8.8.8.8:53app2.winsoft68.comdns
DNS Request
app2.winsoft68.com
-
8.8.8.8:53app2.winsoft69.comdns
DNS Request
app2.winsoft69.com
-
8.8.8.8:53app2.winsoft70.comdns
DNS Request
app2.winsoft70.com
-
8.8.8.8:53app2.winsoft71.comdns
DNS Request
app2.winsoft71.com
-
8.8.8.8:53app2.winsoft72.comdns
DNS Request
app2.winsoft72.com
-
8.8.8.8:53app2.winsoft73.comdns
DNS Request
app2.winsoft73.com
DNS Request
app2.winsoft73.com
DNS Request
app2.winsoft73.com
-
8.8.8.8:53app2.winsoft74.comdns
DNS Request
app2.winsoft74.com
DNS Request
app2.winsoft74.com
-
8.8.8.8:53app2.winsoft75.comdns
DNS Request
app2.winsoft75.com
-
8.8.8.8:53app2.winsoft76.comdns
DNS Request
app2.winsoft76.com
-
8.8.8.8:53app2.winsoft77.comdns
DNS Request
app2.winsoft77.com
-
8.8.8.8:53app2.winsoft78.comdns
DNS Request
app2.winsoft78.com
-
8.8.8.8:53app2.winsoft79.comdns
DNS Request
app2.winsoft79.com
-
8.8.8.8:53app2.winsoft80.comdns
DNS Request
app2.winsoft80.com
-
8.8.8.8:53app2.winsoft81.comdns
DNS Request
app2.winsoft81.com
-
8.8.8.8:53app2.winsoft82.comdns
DNS Request
app2.winsoft82.com
-
8.8.8.8:53app2.winsoft83.comdns
DNS Request
app2.winsoft83.com
-
8.8.8.8:53app2.winsoft84.comdns
DNS Request
app2.winsoft84.com
-
8.8.8.8:53app2.winsoft85.comdns
DNS Request
app2.winsoft85.com
-
8.8.8.8:53app2.winsoft86.comdns
DNS Request
app2.winsoft86.com
-
8.8.8.8:53app2.winsoft87.comdns
DNS Request
app2.winsoft87.com
-
8.8.8.8:53app2.winsoft88.comdns
DNS Request
app2.winsoft88.com
-
8.8.8.8:53app2.winsoft89.comdns
DNS Request
app2.winsoft89.com
-
8.8.8.8:53app2.winsoft90.comdns
DNS Request
app2.winsoft90.com
-
8.8.8.8:53app2.winsoft91.comdns
DNS Request
app2.winsoft91.com
-
8.8.8.8:53app2.winsoft92.comdns
DNS Request
app2.winsoft92.com
-
8.8.8.8:53app2.winsoft93.comdns
DNS Request
app2.winsoft93.com
-
8.8.8.8:53app2.winsoft94.comdns
DNS Request
app2.winsoft94.com
-
8.8.8.8:53app2.winsoft95.comdns
DNS Request
app2.winsoft95.com
-
8.8.8.8:53app2.winsoft96.comdns
DNS Request
app2.winsoft96.com
-
8.8.8.8:53app2.winsoft97.comdns
DNS Request
app2.winsoft97.com
-
8.8.8.8:53app2.winsoft98.comdns
DNS Request
app2.winsoft98.com
DNS Request
app2.winsoft98.com
DNS Request
app2.winsoft98.com
DNS Request
app2.winsoft98.com
-
8.8.8.8:53app2.winsoft99.comdns
DNS Request
app2.winsoft99.com
DNS Request
app2.winsoft99.com
-
8.8.8.8:53app2.winsoft100.comdns
DNS Request
app2.winsoft100.com
-
8.8.8.8:53app2.winsoft0.comdns
DNS Request
app2.winsoft0.com
-
8.8.8.8:53app2.winsoft1.comdns
DNS Request
app2.winsoft1.com
-
8.8.8.8:53app2.winsoft2.comdns
DNS Request
app2.winsoft2.com
-
8.8.8.8:53app2.winsoft3.comdns
DNS Request
app2.winsoft3.com
-
8.8.8.8:53p2.winsoft3.comdns
DNS Request
p2.winsoft3.com
-
8.8.8.8:53240.221.184.93.in-addr.arpadns
DNS Request
240.221.184.93.in-addr.arpa
-
8.8.8.8:5348.229.111.52.in-addr.arpadns
DNS Request
48.229.111.52.in-addr.arpa
-
8.8.8.8:53
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
284KB