Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

61b25af23c...18.exe

windows7-x64

6

61b25af23c...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 22:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61b25af23c667a2eed64bbb84f9a3a83_JaffaCakes118.exe

  • Size

    163KB

  • MD5

    61b25af23c667a2eed64bbb84f9a3a83

  • SHA1

    6fd6fe67974ecafd41a24b1db04a3c2e34dae248

  • SHA256

    55f8bf22f4afe26c0473b3399a30a1d07550d448c10ef6f5655c0d98e91731e8

  • SHA512

    0dd8a306ed162b1ee618ad70d6ee8599219d5b1b17ede760e8f7f050fba4dee83ab599a7df6d7499727f60d08055676d58b2606eb4b657846864f4e5db435a6f

  • SSDEEP

    3072:y68He74NIdwUaFPmgRMNlPTGQQm6ytwZEsrYkK4b5AUWCH3:ybHe7in98gWNlPTGQQm6agrdPWM

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61b25af23c667a2eed64bbb84f9a3a83_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\61b25af23c667a2eed64bbb84f9a3a83_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:216

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f3b2fa6012f246ed91468f819b1c7853&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f3b2fa6012f246ed91468f819b1c7853&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=20FDD715096C6A1611A7C3D608D76B0B; domain=.bing.com; expires=Fri, 15-Aug-2025 22:40:25 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 76063C314BF745BE83D2DABAED84B7B7 Ref B: LON04EDGE0920 Ref C: 2024-07-21T22:40:25Z
    date: Sun, 21 Jul 2024 22:40:24 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f3b2fa6012f246ed91468f819b1c7853&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f3b2fa6012f246ed91468f819b1c7853&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=20FDD715096C6A1611A7C3D608D76B0B
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=fvo2gRvp8a-QRNvXtqbgLcOiAjVhMm5KWvsn94m_0-o; domain=.bing.com; expires=Fri, 15-Aug-2025 22:40:25 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: EDFF1EF4C7B84FAA9176A1C996731338 Ref B: LON04EDGE0920 Ref C: 2024-07-21T22:40:25Z
    date: Sun, 21 Jul 2024 22:40:24 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f3b2fa6012f246ed91468f819b1c7853&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f3b2fa6012f246ed91468f819b1c7853&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=20FDD715096C6A1611A7C3D608D76B0B; MSPTC=fvo2gRvp8a-QRNvXtqbgLcOiAjVhMm5KWvsn94m_0-o
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 330476D1BED940BE86BB6AB76BB67AC6 Ref B: LON04EDGE0920 Ref C: 2024-07-21T22:40:25Z
    date: Sun, 21 Jul 2024 22:40:24 GMT
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.21.107.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.21.107.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    22.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    14.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    DNS
    45.19.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    45.19.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301678_17ZTGMBOXP9GMFDLK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301678_17ZTGMBOXP9GMFDLK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 1071336
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8CD4D42044CD4F5E89D58020A3F14CC4 Ref B: LON04EDGE1110 Ref C: 2024-07-21T22:42:03Z
    date: Sun, 21 Jul 2024 22:42:03 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301501_1BOFEUDRJLDYFFOL7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301501_1BOFEUDRJLDYFFOL7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 363054
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 778452BCE38342C38D364BA032122868 Ref B: LON04EDGE1110 Ref C: 2024-07-21T22:42:03Z
    date: Sun, 21 Jul 2024 22:42:03 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301068_1A0LL5KWTCOCJPP2F&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301068_1A0LL5KWTCOCJPP2F&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 363519
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B22189282D0E4F63A2BE6B9525D84B19 Ref B: LON04EDGE1110 Ref C: 2024-07-21T22:42:03Z
    date: Sun, 21 Jul 2024 22:42:03 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418597_1J0EQ8ZTOVJVXHV7G&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418597_1J0EQ8ZTOVJVXHV7G&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 374381
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 753F03C9196346228B92BD08884E975B Ref B: LON04EDGE1110 Ref C: 2024-07-21T22:42:03Z
    date: Sun, 21 Jul 2024 22:42:03 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301269_1SV32GTE1U6J5ZYXG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301269_1SV32GTE1U6J5ZYXG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 1145630
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 244F54341A7E499AB3B96459967AC11A Ref B: LON04EDGE1110 Ref C: 2024-07-21T22:42:03Z
    date: Sun, 21 Jul 2024 22:42:03 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418598_1HURUV6S4V3U642BB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418598_1HURUV6S4V3U642BB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 492694
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3B7E1005BA1B4C44A0FB965D9CF53356 Ref B: LON04EDGE1110 Ref C: 2024-07-21T22:42:03Z
    date: Sun, 21 Jul 2024 22:42:03 GMT
  • 13.107.21.237:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f3b2fa6012f246ed91468f819b1c7853&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=
    tls, http2
    2.0kB
     9.3kB
     22
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f3b2fa6012f246ed91468f819b1c7853&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f3b2fa6012f246ed91468f819b1c7853&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f3b2fa6012f246ed91468f819b1c7853&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=

    HTTP Response

    204
  • 52.111.243.30:443
    322 B
     7
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239340418598_1HURUV6S4V3U642BB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    tls, http2
    138.6kB
     3.9MB
     2856
    2850

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301678_17ZTGMBOXP9GMFDLK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301501_1BOFEUDRJLDYFFOL7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301068_1A0LL5KWTCOCJPP2F&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418597_1J0EQ8ZTOVJVXHV7G&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301269_1SV32GTE1U6J5ZYXG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418598_1HURUV6S4V3U642BB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    13.107.21.237
    204.79.197.237

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    237.21.107.13.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    237.21.107.13.in-addr.arpa

  • 8.8.8.8:53
    22.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    22.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    14.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    14.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    45.19.74.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    45.19.74.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/216-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/216-11-0x0000000002A00000-0x0000000002A01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-15-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-14-0x0000000002A90000-0x0000000002A91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-13-0x0000000002A30000-0x0000000002A32000-memory.dmp

    Filesize

    8KB

    Download

  • memory/216-12-0x0000000002A40000-0x0000000002A44000-memory.dmp

    Filesize

    16KB

    Download

  • memory/216-8-0x00000000021B0000-0x00000000021B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-7-0x0000000002940000-0x0000000002941000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-5-0x0000000002960000-0x0000000002961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-3-0x00000000021A0000-0x00000000021A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-2-0x00000000029E0000-0x00000000029E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-10-0x0000000002930000-0x0000000002931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-9-0x00000000029C0000-0x00000000029C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-6-0x0000000002950000-0x0000000002951000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-4-0x0000000002180000-0x0000000002181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-1-0x0000000002970000-0x00000000029B3000-memory.dmp

    Filesize

    268KB

    Download

  • memory/216-36-0x0000000003430000-0x0000000003431000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-55-0x0000000003540000-0x0000000003541000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-54-0x0000000003550000-0x0000000003551000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-53-0x0000000003520000-0x0000000003521000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-52-0x0000000003530000-0x0000000003531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-51-0x0000000003500000-0x0000000003501000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-50-0x0000000003510000-0x0000000003511000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-49-0x00000000034E0000-0x00000000034E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-48-0x00000000034F0000-0x00000000034F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-47-0x00000000034C0000-0x00000000034C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-46-0x00000000034D0000-0x00000000034D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-45-0x00000000034A0000-0x00000000034A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-44-0x00000000034B0000-0x00000000034B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-43-0x0000000003480000-0x0000000003481000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-42-0x0000000003490000-0x0000000003491000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-41-0x0000000003460000-0x0000000003461000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-40-0x0000000003470000-0x0000000003471000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-39-0x0000000003440000-0x0000000003441000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-38-0x0000000003450000-0x0000000003451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-37-0x0000000003420000-0x0000000003421000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-35-0x0000000003400000-0x0000000003401000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-34-0x0000000003410000-0x0000000003411000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-33-0x00000000033E0000-0x00000000033E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-32-0x00000000033F0000-0x00000000033F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-31-0x0000000002D40000-0x0000000002D41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-30-0x00000000033D0000-0x00000000033D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-29-0x0000000002D20000-0x0000000002D21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-28-0x0000000002D30000-0x0000000002D31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-27-0x0000000002C70000-0x0000000002C71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-26-0x0000000002D10000-0x0000000002D11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-25-0x0000000002C50000-0x0000000002C51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-24-0x0000000002C60000-0x0000000002C61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-23-0x0000000002C30000-0x0000000002C31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-22-0x0000000002C40000-0x0000000002C41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-21-0x0000000002A60000-0x0000000002A61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-20-0x0000000002A20000-0x0000000002A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-19-0x0000000002A10000-0x0000000002A11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-18-0x0000000002A50000-0x0000000002A51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/216-56-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/216-57-0x0000000002970000-0x00000000029B3000-memory.dmp

    Filesize

    268KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.