Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    139s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/02/2025, 10:49 UTC

General

  • Target

    JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe

  • Size

    141KB

  • MD5

    9ed7cf6b6d3eedfa7a6521fe79966ad3

  • SHA1

    7006fedeb6f79c82cd3bb66a24ab4af83c095af8

  • SHA256

    105c8da7c072eb57f09212d67cbf6fe3d63cf12b8a1e4817f385e442750258ba

  • SHA512

    a4faa0bec298ce5993849e5f5071cb297d97ba2720e8affe5a3e761264ece901878792d08020ccab0186636a18aa745524f82598311e44c24725737778e8f918

  • SSDEEP

    3072:DmVZ3bRZW2+dzaw0sMJttlUyFlI+e+ANOdfut8Jj:cRDWB5A80I+NfutIj

Malware Config

Signatures

  • Detect XtremeRAT payload 5 IoCs
  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

  • Xtremerat family
  • Suspicious use of SetThreadContext 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4908
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4016
      • C:\Windows\SysWOW64\svchost.exe
        svchost.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3156
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 476
          4⤵
          • Program crash
          PID:1492
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 488
          4⤵
          • Program crash
          PID:2884
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        3⤵
          PID:1412
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3156 -ip 3156
      1⤵
        PID:2044
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3156 -ip 3156
        1⤵
          PID:2180

        Network

        • flag-us
          DNS
          g.bing.com
          Remote address:
          8.8.8.8:53
          Request
          g.bing.com
          IN A
          Response
          g.bing.com
          IN CNAME
          g-bing-com.ax-0001.ax-msedge.net
          g-bing-com.ax-0001.ax-msedge.net
          IN CNAME
          ax-0001.ax-msedge.net
          ax-0001.ax-msedge.net
          IN A
          150.171.28.10
          ax-0001.ax-msedge.net
          IN A
          150.171.27.10
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid=
          Remote address:
          150.171.28.10:443
          Request
          GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          set-cookie: MUID=3A5C8CED537861A608EC9967525F602D; domain=.bing.com; expires=Mon, 02-Mar-2026 10:49:31 GMT; path=/; SameSite=None; Secure; Priority=High;
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 8DC60BDFF6114E42A7CFFEECD3B0D7B3 Ref B: LON04EDGE0614 Ref C: 2025-02-05T10:49:31Z
          date: Wed, 05 Feb 2025 10:49:31 GMT
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid=
          Remote address:
          150.171.28.10:443
          Request
          GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          cookie: MUID=3A5C8CED537861A608EC9967525F602D
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          set-cookie: MSPTC=X15FzV2tmw_mDi_iaLxAsLnSmSE94Bn7-VZ3eia-ecA; domain=.bing.com; expires=Mon, 02-Mar-2026 10:49:31 GMT; path=/; Partitioned; secure; SameSite=None
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 8C5C5A7E83604E6C86EA1E6412994E25 Ref B: LON04EDGE0614 Ref C: 2025-02-05T10:49:31Z
          date: Wed, 05 Feb 2025 10:49:31 GMT
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid=
          Remote address:
          150.171.28.10:443
          Request
          GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          cookie: MUID=3A5C8CED537861A608EC9967525F602D; MSPTC=X15FzV2tmw_mDi_iaLxAsLnSmSE94Bn7-VZ3eia-ecA
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 8E1E6DD9C5334D3AB5569C91432B285B Ref B: LON04EDGE0614 Ref C: 2025-02-05T10:49:31Z
          date: Wed, 05 Feb 2025 10:49:31 GMT
        • flag-us
          DNS
          2.159.190.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          2.159.190.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          8.8.8.8.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          8.8.8.8.in-addr.arpa
          IN PTR
          Response
          8.8.8.8.in-addr.arpa
          IN PTR
          dnsgoogle
        • flag-us
          DNS
          172.214.232.199.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          172.214.232.199.in-addr.arpa
          IN PTR
          Response
        • flag-gb
          GET
          https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
          Remote address:
          95.101.143.183:443
          Request
          GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
          host: www.bing.com
          accept: */*
          cookie: MUID=3A5C8CED537861A608EC9967525F602D; MSPTC=X15FzV2tmw_mDi_iaLxAsLnSmSE94Bn7-VZ3eia-ecA
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-type: image/png
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          content-length: 1107
          date: Wed, 05 Feb 2025 10:49:32 GMT
          alt-svc: h3=":443"; ma=93600
          x-cdn-traceid: 0.48367a5c.1738752572.f1c861c
        • flag-us
          DNS
          57.169.31.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          57.169.31.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          183.143.101.95.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          183.143.101.95.in-addr.arpa
          IN PTR
          Response
          183.143.101.95.in-addr.arpa
          IN PTR
          a95-101-143-183deploystaticakamaitechnologiescom
        • flag-us
          DNS
          200.163.202.172.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          200.163.202.172.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          198.187.3.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          198.187.3.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          172.210.232.199.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          172.210.232.199.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          26.35.223.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          26.35.223.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          23.236.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          23.236.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          tse1.mm.bing.net
          Remote address:
          8.8.8.8:53
          Request
          tse1.mm.bing.net
          IN A
          Response
          tse1.mm.bing.net
          IN CNAME
          mm-mm.bing.net.trafficmanager.net
          mm-mm.bing.net.trafficmanager.net
          IN CNAME
          ax-0001.ax-msedge.net
          ax-0001.ax-msedge.net
          IN A
          150.171.27.10
          ax-0001.ax-msedge.net
          IN A
          150.171.28.10
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239400979857_14A87O62ZUJXBN0IX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
          Remote address:
          150.171.27.10:443
          Request
          GET /th?id=OADD2.10239400979857_14A87O62ZUJXBN0IX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 272888
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: C500951F602045118E288033C7213079 Ref B: LON04EDGE0813 Ref C: 2025-02-05T10:51:10Z
          date: Wed, 05 Feb 2025 10:51:10 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239400979856_1C4ONTMUVBZM2U4CN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
          Remote address:
          150.171.27.10:443
          Request
          GET /th?id=OADD2.10239400979856_1C4ONTMUVBZM2U4CN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 304360
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 9ED282710EC64060AEC7C9F230F0FA66 Ref B: LON04EDGE0813 Ref C: 2025-02-05T10:51:10Z
          date: Wed, 05 Feb 2025 10:51:10 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239370991981_1ADN1Q80S15MZX0QS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
          Remote address:
          150.171.27.10:443
          Request
          GET /th?id=OADD2.10239370991981_1ADN1Q80S15MZX0QS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 533604
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 3D8F08F5F7E24524A572467114D3D85C Ref B: LON04EDGE0813 Ref C: 2025-02-05T10:51:10Z
          date: Wed, 05 Feb 2025 10:51:10 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239370991982_1AFUSB1APZJOHRJ13&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
          Remote address:
          150.171.27.10:443
          Request
          GET /th?id=OADD2.10239370991982_1AFUSB1APZJOHRJ13&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 520601
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: F65C2C647D754E3790D869EE09D5568E Ref B: LON04EDGE0813 Ref C: 2025-02-05T10:51:10Z
          date: Wed, 05 Feb 2025 10:51:10 GMT
        • flag-us
          DNS
          43.58.199.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          43.58.199.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          167.173.78.104.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          167.173.78.104.in-addr.arpa
          IN PTR
          Response
          167.173.78.104.in-addr.arpa
          IN PTR
          a104-78-173-167deploystaticakamaitechnologiescom
        • flag-us
          DNS
          10.27.171.150.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          10.27.171.150.in-addr.arpa
          IN PTR
          Response
        • 150.171.28.10:443
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid=
          tls, http2
          2.0kB
          9.3kB
          21
          18

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid=

          HTTP Response

          204

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid=

          HTTP Response

          204

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid=

          HTTP Response

          204
        • 95.101.143.183:443
          https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
          tls, http2
          1.5kB
          6.4kB
          17
          13

          HTTP Request

          GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

          HTTP Response

          200
        • 150.171.27.10:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
          6.9kB
          15
          13
        • 150.171.27.10:443
          https://tse1.mm.bing.net/th?id=OADD2.10239370991982_1AFUSB1APZJOHRJ13&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
          tls, http2
          59.5kB
          1.7MB
          1242
          1237

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239400979857_14A87O62ZUJXBN0IX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239400979856_1C4ONTMUVBZM2U4CN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239370991981_1ADN1Q80S15MZX0QS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239370991982_1AFUSB1APZJOHRJ13&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200
        • 150.171.27.10:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
          6.9kB
          15
          13
        • 150.171.27.10:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
          6.9kB
          15
          13
        • 8.8.8.8:53
          g.bing.com
          dns
          56 B
          148 B
          1
          1

          DNS Request

          g.bing.com

          DNS Response

          150.171.28.10
          150.171.27.10

        • 8.8.8.8:53
          2.159.190.20.in-addr.arpa
          dns
          71 B
          157 B
          1
          1

          DNS Request

          2.159.190.20.in-addr.arpa

        • 8.8.8.8:53
          8.8.8.8.in-addr.arpa
          dns
          66 B
          90 B
          1
          1

          DNS Request

          8.8.8.8.in-addr.arpa

        • 8.8.8.8:53
          172.214.232.199.in-addr.arpa
          dns
          74 B
          128 B
          1
          1

          DNS Request

          172.214.232.199.in-addr.arpa

        • 8.8.8.8:53
          57.169.31.20.in-addr.arpa
          dns
          71 B
          157 B
          1
          1

          DNS Request

          57.169.31.20.in-addr.arpa

        • 8.8.8.8:53
          183.143.101.95.in-addr.arpa
          dns
          73 B
          139 B
          1
          1

          DNS Request

          183.143.101.95.in-addr.arpa

        • 8.8.8.8:53
          200.163.202.172.in-addr.arpa
          dns
          74 B
          160 B
          1
          1

          DNS Request

          200.163.202.172.in-addr.arpa

        • 8.8.8.8:53
          198.187.3.20.in-addr.arpa
          dns
          71 B
          157 B
          1
          1

          DNS Request

          198.187.3.20.in-addr.arpa

        • 8.8.8.8:53
          172.210.232.199.in-addr.arpa
          dns
          74 B
          128 B
          1
          1

          DNS Request

          172.210.232.199.in-addr.arpa

        • 8.8.8.8:53
          26.35.223.20.in-addr.arpa
          dns
          71 B
          157 B
          1
          1

          DNS Request

          26.35.223.20.in-addr.arpa

        • 8.8.8.8:53
          23.236.111.52.in-addr.arpa
          dns
          72 B
          158 B
          1
          1

          DNS Request

          23.236.111.52.in-addr.arpa

        • 8.8.8.8:53
          tse1.mm.bing.net
          dns
          62 B
          170 B
          1
          1

          DNS Request

          tse1.mm.bing.net

          DNS Response

          150.171.27.10
          150.171.28.10

        • 8.8.8.8:53
          43.58.199.20.in-addr.arpa
          dns
          71 B
          157 B
          1
          1

          DNS Request

          43.58.199.20.in-addr.arpa

        • 8.8.8.8:53
          167.173.78.104.in-addr.arpa
          dns
          73 B
          139 B
          1
          1

          DNS Request

          167.173.78.104.in-addr.arpa

        • 8.8.8.8:53
          10.27.171.150.in-addr.arpa
          dns
          72 B
          158 B
          1
          1

          DNS Request

          10.27.171.150.in-addr.arpa

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3156-10-0x0000000010000000-0x000000001004D000-memory.dmp

          Filesize

          308KB

        • memory/3156-12-0x0000000010000000-0x000000001004D000-memory.dmp

          Filesize

          308KB

        • memory/4016-3-0x0000000010000000-0x000000001004D000-memory.dmp

          Filesize

          308KB

        • memory/4016-5-0x0000000010000000-0x000000001004D000-memory.dmp

          Filesize

          308KB

        • memory/4016-9-0x0000000010000000-0x000000001004D000-memory.dmp

          Filesize

          308KB

        • memory/4016-7-0x0000000010000000-0x000000001004D000-memory.dmp

          Filesize

          308KB

        • memory/4016-11-0x0000000010000000-0x000000001004D000-memory.dmp

          Filesize

          308KB

        • memory/4908-0-0x0000000000400000-0x0000000000440970-memory.dmp

          Filesize

          258KB

        • memory/4908-8-0x0000000000400000-0x0000000000440970-memory.dmp

          Filesize

          258KB

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.