Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

9623b854b5...18.exe

windows7-x64

7

9623b854b5...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/08/2024, 12:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe

  • Size

    21KB

  • MD5

    9623b854b58eda8b758e55833ee598a8

  • SHA1

    8b8779da9c3c5d7058953e0f3728dd67b96fd192

  • SHA256

    78897ff984e369ec464a09ac48cfe5472ac172c1fa9beb50ef99452943161e35

  • SHA512

    d1cad0d36089334d46e3581af37bad931091971aa606cf887243565515b55f9b876a2b5874c077db14bd6e4c8c7bfd687f235ab1cf38527c2e6300ba4ef6c84c

  • SSDEEP

    384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzU7rve7:SCIqdH/k1ZVcT194jp4nG7

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • UPX packed file 13 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:1368

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=98370231059d43b592b51f37e074952a&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=98370231059d43b592b51f37e074952a&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=3C11960B3A1B6630239682D03BA0671B; domain=.bing.com; expires=Mon, 08-Sep-2025 12:39:05 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: AFB3C8390FA54453BB9CA045A81DC16B Ref B: LON04EDGE0915 Ref C: 2024-08-14T12:39:05Z
    date: Wed, 14 Aug 2024 12:39:05 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=98370231059d43b592b51f37e074952a&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=98370231059d43b592b51f37e074952a&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=3C11960B3A1B6630239682D03BA0671B
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=gh02jf2xOX1bJMgybUCxVpoyoJKUaWPl5mQDlw6kkPI; domain=.bing.com; expires=Mon, 08-Sep-2025 12:39:06 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7FC4DBFB78F44E5FAB11FF789CF2468C Ref B: LON04EDGE0915 Ref C: 2024-08-14T12:39:06Z
    date: Wed, 14 Aug 2024 12:39:05 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=98370231059d43b592b51f37e074952a&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=98370231059d43b592b51f37e074952a&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=3C11960B3A1B6630239682D03BA0671B; MSPTC=gh02jf2xOX1bJMgybUCxVpoyoJKUaWPl5mQDlw6kkPI
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D03EFF5A72EA46AF82787A0E3EF527FF Ref B: LON04EDGE0915 Ref C: 2024-08-14T12:39:06Z
    date: Wed, 14 Aug 2024 12:39:05 GMT
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    23.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.144.22.2.in-addr.arpa
    IN PTR
    Response
    73.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-73deploystaticakamaitechnologiescom
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    resources.jar
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    resources.jar
    IN MX
    Response
  • flag-us
    DNS
    resources.jar
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    resources.jar
    IN MX
    Response
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    cs.stanford.edu
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    cs.stanford.edu
    IN MX
    Response
    cs.stanford.edu
    IN MX
    smtp1�
    cs.stanford.edu
    IN MX
    smtp2�
    cs.stanford.edu
    IN MX
  • flag-us
    DNS
    outlook.com
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    outlook.com
    IN MX
    Response
    outlook.com
    IN MX
     outlook-comolc protection�
  • flag-us
    DNS
    smtp1.cs.stanford.edu
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp1.cs.stanford.edu
    IN A
    Response
    smtp1.cs.stanford.edu
    IN A
    171.64.64.25
  • flag-us
    DNS
    outlook-com.olc.protection.outlook.com
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    outlook-com.olc.protection.outlook.com
    IN A
    Response
    outlook-com.olc.protection.outlook.com
    IN A
    52.101.73.17
    outlook-com.olc.protection.outlook.com
    IN A
    52.101.42.15
    outlook-com.olc.protection.outlook.com
    IN A
    52.101.8.43
    outlook-com.olc.protection.outlook.com
    IN A
    52.101.42.12
  • flag-us
    DNS
    nocorp.me
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    nocorp.me
    IN MX
    Response
    nocorp.me
    IN MX
    in1-smtpmessagingenginecom
    nocorp.me
    IN MX
    in2-smtp�2
  • flag-us
    DNS
    in1-smtp.messagingengine.com
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    in1-smtp.messagingengine.com
    IN A
    Response
    in1-smtp.messagingengine.com
    IN A
    103.168.172.221
    in1-smtp.messagingengine.com
    IN A
    103.168.172.218
    in1-smtp.messagingengine.com
    IN A
    103.168.172.217
    in1-smtp.messagingengine.com
    IN A
    103.168.172.219
    in1-smtp.messagingengine.com
    IN A
    103.168.172.220
    in1-smtp.messagingengine.com
    IN A
    103.168.172.216
  • flag-us
    DNS
    alumni.caltech.edu
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni.caltech.edu
    IN MX
    Response
    alumni.caltech.edu
    IN MX
    alumni-caltech-edumail protectionoutlookcom
  • flag-us
    DNS
    gzip.org
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    gzip.org
    IN MX
    Response
    gzip.org
    IN MX
  • flag-us
    DNS
    alumni-caltech-edu.mail.protection.outlook.com
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    Response
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.10.5
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.42.18
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.42.13
    alumni-caltech-edu.mail.protection.outlook.com
    IN A
    52.101.9.17
  • flag-us
    DNS
    gzip.org
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    gzip.org
    IN A
    Response
    gzip.org
    IN A
    85.187.148.2
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418561_1E2KGQS8IVJEZ1891&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418561_1E2KGQS8IVJEZ1891&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 576636
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 47434CE70BBF47EA98871AC3467E2772 Ref B: LON04EDGE0713 Ref C: 2024-08-14T12:40:50Z
    date: Wed, 14 Aug 2024 12:40:49 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301220_18O58FXYXLPJZL3DY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301220_18O58FXYXLPJZL3DY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 694302
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 28DBB5DD9DB645D4A9237816669C97F9 Ref B: LON04EDGE0713 Ref C: 2024-08-14T12:40:50Z
    date: Wed, 14 Aug 2024 12:40:49 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388040_17NRQFHMSVZES5QDT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388040_17NRQFHMSVZES5QDT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 1310684
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: EB41A21CD9E2444F912D02B0DE7F1008 Ref B: LON04EDGE0713 Ref C: 2024-08-14T12:40:50Z
    date: Wed, 14 Aug 2024 12:40:49 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388041_1G4A2C01B1PAFTOD1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388041_1G4A2C01B1PAFTOD1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 857850
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 524B207DDB934D77B8E663D849D0E7F5 Ref B: LON04EDGE0713 Ref C: 2024-08-14T12:40:50Z
    date: Wed, 14 Aug 2024 12:40:49 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418562_1168Q5I7J0C0R4GX2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418562_1168Q5I7J0C0R4GX2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 1374508
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7E2D3E020AA34D45AA5524757ED8E267 Ref B: LON04EDGE0713 Ref C: 2024-08-14T12:40:50Z
    date: Wed, 14 Aug 2024 12:40:49 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301629_1OQFQHDVLTEIOH8CU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301629_1OQFQHDVLTEIOH8CU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 713808
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 68152CEE6A7C4D2CA0F9DF9BBE07705A Ref B: LON04EDGE0713 Ref C: 2024-08-14T12:40:51Z
    date: Wed, 14 Aug 2024 12:40:50 GMT
  • flag-us
    DNS
    10.27.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.27.171.150.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    outlook.com
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    outlook.com
    IN A
    Response
    outlook.com
    IN A
    52.96.111.82
    outlook.com
    IN A
    52.96.223.2
    outlook.com
    IN A
    52.96.172.98
    outlook.com
    IN A
    52.96.222.194
    outlook.com
    IN A
    52.96.229.242
    outlook.com
    IN A
    52.96.91.34
    outlook.com
    IN A
    52.96.214.50
    outlook.com
    IN A
    52.96.228.130
    outlook.com
    IN A
    52.96.222.226
  • flag-us
    DNS
    in2-smtp.messagingengine.com
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    in2-smtp.messagingengine.com
    IN A
    Response
    in2-smtp.messagingengine.com
    IN A
    202.12.124.216
    in2-smtp.messagingengine.com
    IN A
    202.12.124.217
  • flag-us
    DNS
    smtp2.cs.stanford.edu
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp2.cs.stanford.edu
    IN A
    Response
    smtp2.cs.stanford.edu
    IN A
    171.64.64.26
  • flag-us
    DNS
    mozilla.org.xpi
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    mozilla.org.xpi
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    mozilla.org.xpi
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    mozilla.org.xpi
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    mozilla.org.xpi
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mozilla.org.xpi
    IN MX
    Response
  • flag-us
    DNS
    mx.mozilla.org.xpi
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.mozilla.org.xpi
    IN A
    Response
  • flag-us
    DNS
    mail.mozilla.org.xpi
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.mozilla.org.xpi
    IN A
    Response
  • flag-us
    DNS
    smtp.mozilla.org.xpi
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp.mozilla.org.xpi
    IN A
    Response
  • flag-us
    DNS
    alumni.caltech.edu
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    alumni.caltech.edu
    IN A
    Response
    alumni.caltech.edu
    IN A
    204.13.239.180
  • flag-us
    DNS
    mx.outlook.com
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.outlook.com
    IN A
    Response
  • flag-us
    DNS
    mail.outlook.com
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.outlook.com
    IN A
    Response
  • flag-us
    DNS
    nocorp.me
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    nocorp.me
    IN A
    Response
  • flag-us
    DNS
    cs.stanford.edu
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    cs.stanford.edu
    IN A
    Response
    cs.stanford.edu
    IN A
    171.64.64.64
  • flag-us
    DNS
    smtp.outlook.com
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp.outlook.com
    IN A
    Response
    smtp.outlook.com
    IN CNAME
    outlook.office365.com
    outlook.office365.com
    IN CNAME
    ooc-g2.tm-4.office.com
    ooc-g2.tm-4.office.com
    IN A
    52.98.236.114
    ooc-g2.tm-4.office.com
    IN A
    52.98.236.146
    ooc-g2.tm-4.office.com
    IN A
    52.98.207.146
    ooc-g2.tm-4.office.com
    IN A
    52.98.244.98
    ooc-g2.tm-4.office.com
    IN A
    40.99.213.82
    ooc-g2.tm-4.office.com
    IN A
    52.97.133.178
    ooc-g2.tm-4.office.com
    IN A
    52.98.207.50
    ooc-g2.tm-4.office.com
    IN A
    52.97.129.226
  • flag-us
    DNS
    mx.nocorp.me
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.nocorp.me
    IN A
    Response
  • flag-us
    DNS
    mail.nocorp.me
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.nocorp.me
    IN A
    Response
  • flag-us
    DNS
    smtp.nocorp.me
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp.nocorp.me
    IN A
    Response
  • flag-us
    DNS
    mx.alumni.caltech.edu
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mx.alumni.caltech.edu
    IN A
    Response
  • flag-us
    DNS
    mail.alumni.caltech.edu
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    mail.alumni.caltech.edu
    IN A
    Response
  • flag-us
    DNS
    smtp.alumni.caltech.edu
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    smtp.alumni.caltech.edu
    IN A
    Response
  • 192.168.0.174:1042
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=98370231059d43b592b51f37e074952a&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=
    tls, http2
    2.5kB
     9.9kB
     25
    20

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=98370231059d43b592b51f37e074952a&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=98370231059d43b592b51f37e074952a&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=98370231059d43b592b51f37e074952a&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=

    HTTP Response

    204
  • 167.193.155.229:1042
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 63.240.155.163:1042
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 192.168.7.159:1042
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 63.107.91.99:1042
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 52.101.73.17:25
    outlook-com.olc.protection.outlook.com
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 103.168.172.221:25
    in1-smtp.messagingengine.com
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 171.64.64.25:25
    smtp1.cs.stanford.edu
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 52.101.10.5:25
    alumni-caltech-edu.mail.protection.outlook.com
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 85.187.148.2:25
    gzip.org
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 10.136.124.136:1042
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301629_1OQFQHDVLTEIOH8CU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    195.3kB
     5.7MB
     4159
    4153

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418561_1E2KGQS8IVJEZ1891&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301220_18O58FXYXLPJZL3DY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388040_17NRQFHMSVZES5QDT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388041_1G4A2C01B1PAFTOD1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418562_1168Q5I7J0C0R4GX2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301629_1OQFQHDVLTEIOH8CU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 52.96.111.82:25
    outlook.com
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 202.12.124.216:25
    in2-smtp.messagingengine.com
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 171.64.64.26:25
    smtp2.cs.stanford.edu
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 85.187.148.2:25
    gzip.org
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 204.13.239.180:25
    alumni.caltech.edu
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 67.127.231.210:1042
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    260 B
     5
  • 171.64.64.64:25
    cs.stanford.edu
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    208 B
     4
  • 52.98.236.114:25
    smtp.outlook.com
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    208 B
     4
  • 69.19.193.233:1042
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    104 B
     2
  • 8.8.8.8:53
    g.bing.com
    dns
    112 B
     151 B
     2
    1

    DNS Request

    g.bing.com

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    146 B
     143 B
     2
    1

    DNS Request

    237.197.79.204.in-addr.arpa

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    23.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    23.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    73.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    73.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    144 B
     146 B
     2
    1

    DNS Request

    157.123.68.40.in-addr.arpa

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    56.126.166.20.in-addr.arpa

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    resources.jar
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    59 B
     134 B
     1
    1

    DNS Request

    resources.jar

  • 8.8.8.8:53
    resources.jar
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    59 B
     134 B
     1
    1

    DNS Request

    resources.jar

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    cs.stanford.edu
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    61 B
     121 B
     1
    1

    DNS Request

    cs.stanford.edu

  • 8.8.8.8:53
    outlook.com
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    57 B
     100 B
     1
    1

    DNS Request

    outlook.com

  • 8.8.8.8:53
    smtp1.cs.stanford.edu
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    67 B
     83 B
     1
    1

    DNS Request

    smtp1.cs.stanford.edu

    DNS Response

    171.64.64.25

  • 8.8.8.8:53
    outlook-com.olc.protection.outlook.com
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    84 B
     148 B
     1
    1

    DNS Request

    outlook-com.olc.protection.outlook.com

    DNS Response

    52.101.73.17
    52.101.42.15
    52.101.8.43
    52.101.42.12

  • 8.8.8.8:53
    nocorp.me
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    55 B
     124 B
     1
    1

    DNS Request

    nocorp.me

  • 8.8.8.8:53
    in1-smtp.messagingengine.com
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    74 B
     170 B
     1
    1

    DNS Request

    in1-smtp.messagingengine.com

    DNS Response

    103.168.172.221
    103.168.172.218
    103.168.172.217
    103.168.172.219
    103.168.172.220
    103.168.172.216

  • 8.8.8.8:53
    alumni.caltech.edu
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    64 B
     126 B
     1
    1

    DNS Request

    alumni.caltech.edu

  • 8.8.8.8:53
    gzip.org
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    54 B
     70 B
     1
    1

    DNS Request

    gzip.org

  • 8.8.8.8:53
    alumni-caltech-edu.mail.protection.outlook.com
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    92 B
     156 B
     1
    1

    DNS Request

    alumni-caltech-edu.mail.protection.outlook.com

    DNS Response

    52.101.10.5
    52.101.42.18
    52.101.42.13
    52.101.9.17

  • 8.8.8.8:53
    gzip.org
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    54 B
     70 B
     1
    1

    DNS Request

    gzip.org

    DNS Response

    85.187.148.2

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    10.27.171.150.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    10.27.171.150.in-addr.arpa

  • 8.8.8.8:53
    outlook.com
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    57 B
     201 B
     1
    1

    DNS Request

    outlook.com

    DNS Response

    52.96.111.82
    52.96.223.2
    52.96.172.98
    52.96.222.194
    52.96.229.242
    52.96.91.34
    52.96.214.50
    52.96.228.130
    52.96.222.226

  • 8.8.8.8:53
    in2-smtp.messagingengine.com
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    74 B
     106 B
     1
    1

    DNS Request

    in2-smtp.messagingengine.com

    DNS Response

    202.12.124.216
    202.12.124.217

  • 8.8.8.8:53
    smtp2.cs.stanford.edu
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    67 B
     83 B
     1
    1

    DNS Request

    smtp2.cs.stanford.edu

    DNS Response

    171.64.64.26

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    61 B
     136 B
     1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    61 B
     136 B
     1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    61 B
     136 B
     1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    61 B
     136 B
     1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    mozilla.org.xpi
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    61 B
     136 B
     1
    1

    DNS Request

    mozilla.org.xpi

  • 8.8.8.8:53
    mx.mozilla.org.xpi
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    64 B
     139 B
     1
    1

    DNS Request

    mx.mozilla.org.xpi

  • 8.8.8.8:53
    mail.mozilla.org.xpi
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    66 B
     141 B
     1
    1

    DNS Request

    mail.mozilla.org.xpi

  • 8.8.8.8:53
    smtp.mozilla.org.xpi
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    66 B
     141 B
     1
    1

    DNS Request

    smtp.mozilla.org.xpi

  • 8.8.8.8:53
    alumni.caltech.edu
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    64 B
     80 B
     1
    1

    DNS Request

    alumni.caltech.edu

    DNS Response

    204.13.239.180

  • 8.8.8.8:53
    mx.outlook.com
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    60 B
     156 B
     1
    1

    DNS Request

    mx.outlook.com

  • 8.8.8.8:53
    mail.outlook.com
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    62 B
     145 B
     1
    1

    DNS Request

    mail.outlook.com

  • 8.8.8.8:53
    nocorp.me
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    55 B
     117 B
     1
    1

    DNS Request

    nocorp.me

  • 8.8.8.8:53
    cs.stanford.edu
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    61 B
     77 B
     1
    1

    DNS Request

    cs.stanford.edu

    DNS Response

    171.64.64.64

  • 8.8.8.8:53
    smtp.outlook.com
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    62 B
     255 B
     1
    1

    DNS Request

    smtp.outlook.com

    DNS Response

    52.98.236.114
    52.98.236.146
    52.98.207.146
    52.98.244.98
    40.99.213.82
    52.97.133.178
    52.98.207.50
    52.97.129.226

  • 8.8.8.8:53
    mx.nocorp.me
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    58 B
     120 B
     1
    1

    DNS Request

    mx.nocorp.me

  • 8.8.8.8:53
    mail.nocorp.me
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    60 B
     122 B
     1
    1

    DNS Request

    mail.nocorp.me

  • 8.8.8.8:53
    smtp.nocorp.me
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    60 B
     122 B
     1
    1

    DNS Request

    smtp.nocorp.me

  • 8.8.8.8:53
    mx.alumni.caltech.edu
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    67 B
     145 B
     1
    1

    DNS Request

    mx.alumni.caltech.edu

  • 8.8.8.8:53
    mail.alumni.caltech.edu
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    69 B
     147 B
     1
    1

    DNS Request

    mail.alumni.caltech.edu

  • 8.8.8.8:53
    smtp.alumni.caltech.edu
    dns
    9623b854b58eda8b758e55833ee598a8_JaffaCakes118.exe
    69 B
     147 B
     1
    1

    DNS Request

    smtp.alumni.caltech.edu

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\microsoft shared\ink\ar-SA\Winamp 5.0 (en).exe
    Filesize

    21KB

    MD5

    9623b854b58eda8b758e55833ee598a8

    SHA1

    8b8779da9c3c5d7058953e0f3728dd67b96fd192

    SHA256

    78897ff984e369ec464a09ac48cfe5472ac172c1fa9beb50ef99452943161e35

    SHA512

    d1cad0d36089334d46e3581af37bad931091971aa606cf887243565515b55f9b876a2b5874c077db14bd6e4c8c7bfd687f235ab1cf38527c2e6300ba4ef6c84c

    Download Submit

  • memory/1368-86-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1368-5-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1368-7-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1368-9-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1368-3-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1368-0-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1368-135-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1368-160-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1368-234-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1368-296-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1368-297-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1368-298-0x0000000000800000-0x000000000080D000-memory.dmp

    Filesize

    52KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.