Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

791b90f813...18.exe

windows7-x64

6

791b90f813...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/07/2024, 18:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe

  • Size

    29KB

  • MD5

    791b90f813f89ec999b438be528f4e48

  • SHA1

    e6033f407c5accd84354738764628377b9c2a9fd

  • SHA256

    b3b5050d5f18350dd13b425933f5e55636cfaf0f81a569c60d7ff13063a73a60

  • SHA512

    30d4d4340e6fb3009c9f117c9ad2225d37785cb2d82b1b8a075f8fd1eca5c7d9e11045675a7c2a6c086079e674dff75bf22a78149438458cb5afe6e4262f7a81

  • SSDEEP

    384:PmXBaKO6ZGKLHnwcdubFYwQS2fpnST3YIC9/Vspk51VbhSi8DT1y+g:+8KO6ZjwcdubP2PI8DVoJ

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    PID:468

Network

  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    81.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.144.22.2.in-addr.arpa
    IN PTR
    Response
    81.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-81deploystaticakamaitechnologiescom
  • flag-us
    DNS
    69.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    69.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    www.fatosh.com
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.fatosh.com
    IN A
    Response
    www.fatosh.com
    IN A
    141.0.173.168
  • flag-nl
    GET
    http://www.fatosh.com/up1.txt
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    141.0.173.168:80
    Request
    GET /up1.txt HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: www.fatosh.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Content-Type: text/html; charset=utf-8
    Location: https://www.fatosh.com/up1.txt
    Server: Caddy
    Date: Tue, 30 Jul 2024 12:18:31 GMT
    Content-Length: 53
  • flag-nl
    GET
    http://www.fatosh.com/
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    141.0.173.168:80
    Request
    GET / HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Connection: Keep-Alive
    Host: www.fatosh.com
    Response
    HTTP/1.1 302 Found
    Content-Type: text/html; charset=utf-8
    Location: https://www.fatosh.com/
    Server: Caddy
    Date: Tue, 30 Jul 2024 12:18:33 GMT
    Content-Length: 46
  • flag-nl
    GET
    http://www.fatosh.com/up1.txt
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    141.0.173.168:80
    Request
    GET /up1.txt HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: www.fatosh.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Content-Type: text/html; charset=utf-8
    Location: https://www.fatosh.com/up1.txt
    Server: Caddy
    Date: Tue, 30 Jul 2024 12:18:41 GMT
    Content-Length: 53
  • flag-nl
    GET
    http://www.fatosh.com/
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    141.0.173.168:80
    Request
    GET / HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Connection: Keep-Alive
    Host: www.fatosh.com
    Response
    HTTP/1.1 302 Found
    Content-Type: text/html; charset=utf-8
    Location: https://www.fatosh.com/
    Server: Caddy
    Date: Tue, 30 Jul 2024 12:18:41 GMT
    Content-Length: 46
  • flag-nl
    GET
    https://www.fatosh.com/up1.txt
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    141.0.173.168:443
    Request
    GET /up1.txt HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Connection: Keep-Alive
    Host: www.fatosh.com
    Response
    HTTP/1.1 302 Found
    Content-Length: 205
    Content-Type: text/html; charset=iso-8859-1
    Date: Tue, 30 Jul 2024 12:18:33 GMT
    Location: http://www.fatosh.com
    Server: Caddy
    Server: nginx
  • flag-nl
    GET
    https://www.fatosh.com/
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    141.0.173.168:443
    Request
    GET / HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Connection: Keep-Alive
    Host: www.fatosh.com
    Response
    HTTP/1.1 200 OK
    Content-Encoding: gzip
    Content-Type: text/html
    Date: Tue, 30 Jul 2024 12:18:33 GMT
    Etag: W/"3b1-479e89f21ab00"
    Last-Modified: Fri, 04 Dec 2009 15:18:36 GMT
    Server: Caddy
    Server: nginx
    Vary: Accept-Encoding
    Content-Length: 546
  • flag-nl
    GET
    https://www.fatosh.com/up1.txt
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    141.0.173.168:443
    Request
    GET /up1.txt HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Connection: Keep-Alive
    Host: www.fatosh.com
    Response
    HTTP/1.1 302 Found
    Content-Length: 205
    Content-Type: text/html; charset=iso-8859-1
    Date: Tue, 30 Jul 2024 12:18:41 GMT
    Location: http://www.fatosh.com
    Server: Caddy
    Server: nginx
  • flag-us
    DNS
    168.173.0.141.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    168.173.0.141.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    168.173.0.141.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    168.173.0.141.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    168.173.0.141.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    168.173.0.141.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    61.45.26.184.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    61.45.26.184.in-addr.arpa
    IN PTR
    Response
    61.45.26.184.in-addr.arpa
    IN PTR
    a184-26-45-61deploystaticakamaitechnologiescom
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.fortyacreclub.com
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.fortyacreclub.com
    IN A
    Response
    www.fortyacreclub.com
    IN A
    35.209.249.237
  • flag-us
    GET
    http://www.fortyacreclub.com/up1.txt
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    35.209.249.237:80
    Request
    GET /up1.txt HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: www.fortyacreclub.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 202 Accepted
    Server: nginx
    Date: Tue, 30 Jul 2024 12:18:51 GMT
    Content-Type: text/html
    Content-Length: 175
    Connection: keep-alive
    SG-Captcha: challenge
    X-Robots-Tag: noindex
    Set-Cookie: nevercache-b39818=Y;Max-Age=-1
    Expires: Thu, 01 Jan 1970 00:00:01 GMT
    Cache-Control: no-store,no-cache,max-age=0
    Host-Header: 8441280b0c35cbc1147f8ba998a563a7
    X-Proxy-Cache-Info: DT:1
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.249.209.35.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.249.209.35.in-addr.arpa
    IN PTR
    Response
    237.249.209.35.in-addr.arpa
    IN PTR
    23724920935bcgoogleusercontentcom
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    192.142.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    192.142.123.92.in-addr.arpa
    IN PTR
    Response
    192.142.123.92.in-addr.arpa
    IN PTR
    a92-123-142-192deploystaticakamaitechnologiescom
  • flag-us
    DNS
    www.rygz.net
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.rygz.net
    IN A
    Response
    www.rygz.net
    IN A
    154.37.3.138
  • flag-us
    DNS
    www.rygz.net
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.rygz.net
    IN A
  • flag-us
    DNS
    www.rygz.net
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.rygz.net
    IN A
  • flag-us
    GET
    http://www.rygz.net/up1.txt
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    154.37.3.138:80
    Request
    GET /up1.txt HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: www.rygz.net
    Connection: Keep-Alive
  • flag-us
    DNS
    138.3.37.154.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    138.3.37.154.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.slievenanee.co.uk
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.slievenanee.co.uk
    IN A
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    www.slimbridge.co.uk
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.slimbridge.co.uk
    IN A
    Response
    www.slimbridge.co.uk
    IN A
    185.151.30.150
  • flag-gb
    GET
    http://www.slimbridge.co.uk/up1.txt
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    185.151.30.150:80
    Request
    GET /up1.txt HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: www.slimbridge.co.uk
    Connection: Keep-Alive
    Response
    HTTP/1.1 403
    content-length: 93
    cache-control: no-cache
    content-type: text/html
    x-via: LHR2
  • flag-us
    DNS
    150.30.151.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    150.30.151.185.in-addr.arpa
    IN PTR
    Response
    150.30.151.185.in-addr.arpa
    IN PTR
    185-151-30-150ptr4stackcpnet
  • flag-us
    DNS
    www.starjk.com
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.starjk.com
    IN A
    Response
    www.starjk.com
    IN A
    103.205.86.155
  • flag-us
    GET
    http://www.starjk.com/up1.txt
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    103.205.86.155:80
    Request
    GET /up1.txt HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: www.starjk.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Tue, 30 Jul 2024 12:19:41 GMT
    Content-Type: text/html
    Content-Length: 805
    Connection: keep-alive
  • flag-us
    DNS
    155.86.205.103.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    155.86.205.103.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.stelvio.com.br
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.stelvio.com.br
    IN A
    Response
    www.stelvio.com.br
    IN CNAME
    stelvio.com.br
    stelvio.com.br
    IN A
    186.202.153.75
  • flag-br
    GET
    http://www.stelvio.com.br/up1.txt
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    186.202.153.75:80
    Request
    GET /up1.txt HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: www.stelvio.com.br
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 30 Jul 2024 12:19:53 GMT
    Server: Apache
    Vary: accept-language,accept-charset
    Accept-Ranges: bytes
    Connection: close
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=iso-8859-1
    Content-Language: en
  • flag-us
    DNS
    75.153.202.186.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    75.153.202.186.in-addr.arpa
    IN PTR
    Response
    75.153.202.186.in-addr.arpa
    IN PTR
    hm7064locawebcombr
  • flag-us
    DNS
    www.800sp.com
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.800sp.com
    IN A
    Response
  • flag-us
    DNS
    www.800sp.com
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.800sp.com
    IN A
  • flag-us
    DNS
    www.800sp.com
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.800sp.com
    IN A
  • flag-us
    DNS
    www.800sp.com
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.800sp.com
    IN A
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360264303_1FV8HLP8B8WOIRSCV&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239360264303_1FV8HLP8B8WOIRSCV&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 585223
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B56BC2F295AF45AC821310B7BA67E8D5 Ref B: LON04EDGE0714 Ref C: 2024-07-30T12:20:05Z
    date: Tue, 30 Jul 2024 12:20:04 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301287_1U7X9BQKXX1CUMUTC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301287_1U7X9BQKXX1CUMUTC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 649065
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9B6C87FAF0194975B4B9DBA1782D33CF Ref B: LON04EDGE0714 Ref C: 2024-07-30T12:20:05Z
    date: Tue, 30 Jul 2024 12:20:04 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418547_1N5DXBL93QHFGMSRD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418547_1N5DXBL93QHFGMSRD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 401499
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5C93E6A95C054B4488E27CDAFC1A5BE5 Ref B: LON04EDGE0714 Ref C: 2024-07-30T12:20:05Z
    date: Tue, 30 Jul 2024 12:20:04 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360264291_1OMXAE3VFGJI9A76K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239360264291_1OMXAE3VFGJI9A76K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 554838
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E0C484B7C3924FF8BA615BFC7CD37CA0 Ref B: LON04EDGE0714 Ref C: 2024-07-30T12:20:05Z
    date: Tue, 30 Jul 2024 12:20:04 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418548_1UEU8RPM3S7H7G0D8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418548_1UEU8RPM3S7H7G0D8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 458468
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9C2A20D5BEAC454F80CE1B4F31B9BF27 Ref B: LON04EDGE0714 Ref C: 2024-07-30T12:20:05Z
    date: Tue, 30 Jul 2024 12:20:04 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301696_1Q8MJV8QG3PLKIW77&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301696_1Q8MJV8QG3PLKIW77&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 570255
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 48E06CC95F794DA7A7F4D960E133632F Ref B: LON04EDGE0714 Ref C: 2024-07-30T12:20:05Z
    date: Tue, 30 Jul 2024 12:20:05 GMT
  • flag-us
    DNS
    www.abm-logistic.com.hk
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.abm-logistic.com.hk
    IN A
    Response
  • flag-us
    DNS
    www.abm-logistic.com.hk
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.abm-logistic.com.hk
    IN A
  • flag-nl
    GET
    http://www.fatosh.com/up1.txt
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    141.0.173.168:80
    Request
    GET /up1.txt HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: www.fatosh.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Content-Type: text/html; charset=utf-8
    Location: https://www.fatosh.com/up1.txt
    Server: Caddy
    Date: Tue, 30 Jul 2024 12:20:21 GMT
    Content-Length: 53
  • flag-nl
    GET
    http://www.fatosh.com/
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    141.0.173.168:80
    Request
    GET / HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Connection: Keep-Alive
    Host: www.fatosh.com
    Response
    HTTP/1.1 302 Found
    Content-Type: text/html; charset=utf-8
    Location: https://www.fatosh.com/
    Server: Caddy
    Date: Tue, 30 Jul 2024 12:20:21 GMT
    Content-Length: 46
  • flag-nl
    GET
    https://www.fatosh.com/up1.txt
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    141.0.173.168:443
    Request
    GET /up1.txt HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Connection: Keep-Alive
    Host: www.fatosh.com
    Response
    HTTP/1.1 302 Found
    Content-Length: 205
    Content-Type: text/html; charset=iso-8859-1
    Date: Tue, 30 Jul 2024 12:20:21 GMT
    Location: http://www.fatosh.com
    Server: Caddy
    Server: nginx
  • flag-us
    GET
    http://www.fortyacreclub.com/up1.txt
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    Remote address:
    35.209.249.237:80
    Request
    GET /up1.txt HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: www.fortyacreclub.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 202 Accepted
    Server: nginx
    Date: Tue, 30 Jul 2024 12:20:31 GMT
    Content-Type: text/html
    Content-Length: 175
    Connection: keep-alive
    SG-Captcha: challenge
    X-Robots-Tag: noindex
    Set-Cookie: nevercache-b39818=Y;Max-Age=-1
    Expires: Thu, 01 Jan 1970 00:00:01 GMT
    Cache-Control: no-store,no-cache,max-age=0
    Host-Header: 8441280b0c35cbc1147f8ba998a563a7
    X-Proxy-Cache-Info: DT:1
  • flag-us
    DNS
    27.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    27.173.189.20.in-addr.arpa
    IN PTR
    Response
  • 141.0.173.168:80
    http://www.fatosh.com/
    http
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    1.7kB
     1.4kB
     13
    8

    HTTP Request

    GET http://www.fatosh.com/up1.txt

    HTTP Response

    302

    HTTP Request

    GET http://www.fatosh.com/

    HTTP Response

    302

    HTTP Request

    GET http://www.fatosh.com/up1.txt

    HTTP Response

    302

    HTTP Request

    GET http://www.fatosh.com/

    HTTP Response

    302
  • 141.0.173.168:443
    https://www.fatosh.com/up1.txt
    tls, http
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    2.0kB
     5.4kB
     17
    11

    HTTP Request

    GET https://www.fatosh.com/up1.txt

    HTTP Response

    302

    HTTP Request

    GET https://www.fatosh.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.fatosh.com/up1.txt

    HTTP Response

    302
  • 35.209.249.237:80
    http://www.fortyacreclub.com/up1.txt
    http
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    563 B
     781 B
     6
    5

    HTTP Request

    GET http://www.fortyacreclub.com/up1.txt

    HTTP Response

    202
  • 154.37.3.138:80
    http://www.rygz.net/up1.txt
    http
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    600 B
     172 B
     7
    4

    HTTP Request

    GET http://www.rygz.net/up1.txt
  • 185.151.30.150:80
    http://www.slimbridge.co.uk/up1.txt
    http
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    562 B
     361 B
     6
    4

    HTTP Request

    GET http://www.slimbridge.co.uk/up1.txt

    HTTP Response

    403
  • 103.205.86.155:80
    http://www.starjk.com/up1.txt
    http
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    464 B
     1.0kB
     4
    2

    HTTP Request

    GET http://www.starjk.com/up1.txt

    HTTP Response

    200
  • 186.202.153.75:80
    http://www.stelvio.com.br/up1.txt
    http
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    802 B
     3.1kB
     11
    7

    HTTP Request

    GET http://www.stelvio.com.br/up1.txt

    HTTP Response

    404
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301696_1Q8MJV8QG3PLKIW77&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    116.0kB
     3.3MB
     2441
    2435

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360264303_1FV8HLP8B8WOIRSCV&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301287_1U7X9BQKXX1CUMUTC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418547_1N5DXBL93QHFGMSRD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360264291_1OMXAE3VFGJI9A76K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418548_1UEU8RPM3S7H7G0D8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301696_1Q8MJV8QG3PLKIW77&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 141.0.173.168:80
    http://www.fatosh.com/
    http
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    869 B
     656 B
     7
    5

    HTTP Request

    GET http://www.fatosh.com/up1.txt

    HTTP Response

    302

    HTTP Request

    GET http://www.fatosh.com/

    HTTP Response

    302
  • 141.0.173.168:443
    https://www.fatosh.com/up1.txt
    tls, http
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    1.1kB
     4.1kB
     11
    8

    HTTP Request

    GET https://www.fatosh.com/up1.txt

    HTTP Response

    302
  • 35.209.249.237:80
    http://www.fortyacreclub.com/up1.txt
    http
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    471 B
     701 B
     4
    3

    HTTP Request

    GET http://www.fortyacreclub.com/up1.txt

    HTTP Response

    202
  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    81.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    81.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    69.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    69.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    43.58.199.20.in-addr.arpa

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    www.fatosh.com
    dns
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    60 B
     76 B
     1
    1

    DNS Request

    www.fatosh.com

    DNS Response

    141.0.173.168

  • 8.8.8.8:53
    168.173.0.141.in-addr.arpa
    dns
    216 B
     160 B
     3
    1

    DNS Request

    168.173.0.141.in-addr.arpa

    DNS Request

    168.173.0.141.in-addr.arpa

    DNS Request

    168.173.0.141.in-addr.arpa

  • 8.8.8.8:53
    61.45.26.184.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    61.45.26.184.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    www.fortyacreclub.com
    dns
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    67 B
     83 B
     1
    1

    DNS Request

    www.fortyacreclub.com

    DNS Response

    35.209.249.237

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    237.249.209.35.in-addr.arpa
    dns
    73 B
     126 B
     1
    1

    DNS Request

    237.249.209.35.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    192.142.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    192.142.123.92.in-addr.arpa

  • 8.8.8.8:53
    www.rygz.net
    dns
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    174 B
     74 B
     3
    1

    DNS Request

    www.rygz.net

    DNS Request

    www.rygz.net

    DNS Request

    www.rygz.net

    DNS Response

    154.37.3.138

  • 8.8.8.8:53
    138.3.37.154.in-addr.arpa
    dns
    71 B
     71 B
     1
    1

    DNS Request

    138.3.37.154.in-addr.arpa

  • 8.8.8.8:53
    www.slievenanee.co.uk
    dns
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    67 B
     135 B
     1
    1

    DNS Request

    www.slievenanee.co.uk

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    148 B
     128 B
     2
    1

    DNS Request

    172.214.232.199.in-addr.arpa

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    www.slimbridge.co.uk
    dns
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    66 B
     82 B
     1
    1

    DNS Request

    www.slimbridge.co.uk

    DNS Response

    185.151.30.150

  • 8.8.8.8:53
    150.30.151.185.in-addr.arpa
    dns
    73 B
     118 B
     1
    1

    DNS Request

    150.30.151.185.in-addr.arpa

  • 8.8.8.8:53
    www.starjk.com
    dns
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    60 B
     76 B
     1
    1

    DNS Request

    www.starjk.com

    DNS Response

    103.205.86.155

  • 8.8.8.8:53
    155.86.205.103.in-addr.arpa
    dns
    73 B
     161 B
     1
    1

    DNS Request

    155.86.205.103.in-addr.arpa

  • 8.8.8.8:53
    www.stelvio.com.br
    dns
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    64 B
     94 B
     1
    1

    DNS Request

    www.stelvio.com.br

    DNS Response

    186.202.153.75

  • 8.8.8.8:53
    75.153.202.186.in-addr.arpa
    dns
    73 B
     108 B
     1
    1

    DNS Request

    75.153.202.186.in-addr.arpa

  • 8.8.8.8:53
    www.800sp.com
    dns
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    236 B
     132 B
     4
    1

    DNS Request

    www.800sp.com

    DNS Request

    www.800sp.com

    DNS Request

    www.800sp.com

    DNS Request

    www.800sp.com

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    www.abm-logistic.com.hk
    dns
    791b90f813f89ec999b438be528f4e48_JaffaCakes118.exe
    138 B
     130 B
     2
    1

    DNS Request

    www.abm-logistic.com.hk

    DNS Request

    www.abm-logistic.com.hk

  • 8.8.8.8:53
    27.173.189.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    27.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\arquivos de programas\arquivos comuns\system\shell\update\update.dll
    Filesize

    945B

    MD5

    6ee76b8a4ff55be3730b4cc33806a187

    SHA1

    dd4e0da123b5e36d19ae514730805485f8a4baf5

    SHA256

    c05640e4d7de59acacc1a8d9227c61443ee9c488f88d065ad574c23102f15bfd

    SHA512

    b5fc251eaaf7f80751de825b8795b4c7ca4baf0d2805fc30e075c9a49a30bcd3d8501a6f1f5108ff61349432429b10e0f62583a12199d5d63c8616b8c60d0a2b

    Download Submit

  • C:\arquivos de programas\arquivos comuns\system\shell\update\update.dll
    Filesize

    805B

    MD5

    64480a43c20b2b7d000d99adcc210859

    SHA1

    a705a13476454cb8500a2edd1b186420bd43cb19

    SHA256

    fe54ddf36ead142594955314b3b11ac554141de3f0584600543efa8599bfbe19

    SHA512

    67e8b076118e576c186a0a868606c44c07b8f9fa1c3e10e5d4fc5602502ba667f42ad5986c224d8dd0727b0941833f61b6072b6af1d52983a0f52a3bb2474944

    Download Submit

  • memory/468-24-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/468-3-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/468-20-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/468-21-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/468-22-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/468-23-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/468-0-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/468-19-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/468-31-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/468-32-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/468-33-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/468-34-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/468-41-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/468-42-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/468-43-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.