Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231127-en -
resource tags
arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system -
submitted
28/11/2023, 13:52 UTC
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Detects Eternity stealer 2 IoCs
resource yara_rule behavioral1/memory/2292-103-0x0000000000990000-0x0000000000A76000-memory.dmp eternity_stealer behavioral1/files/0x0008000000023128-143.dat eternity_stealer -
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Drops startup file 4 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemFreezer.exe SystemFreezer.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemFreezer.exe SystemFreezer.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemFreezer.exe SystemFreezer.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemFreezer.exe SystemFreezer.exe -
Executes dropped EXE 3 IoCs
pid Process 3180 dcd.exe 4836 dcd.exe 4836 dcd.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 8 msedge.exe 8 msedge.exe 4524 msedge.exe 4524 msedge.exe 4992 identity_helper.exe 4992 identity_helper.exe 1320 msedge.exe 1320 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 2292 SystemFreezer.exe Token: SeDebugPrivilege 5084 SystemFreezer.exe Token: SeDebugPrivilege 628 SystemFreezer.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe 8 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 8 wrote to memory of 3140 8 msedge.exe 87 PID 8 wrote to memory of 3140 8 msedge.exe 87 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4868 8 msedge.exe 89 PID 8 wrote to memory of 4524 8 msedge.exe 91 PID 8 wrote to memory of 4524 8 msedge.exe 91 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90 PID 8 wrote to memory of 1636 8 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/L3GOGT/Growtopia-Duplicator-Exploit/releases/download/working/GT.Duplicator.Exploit.zip1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:8 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ec1946f8,0x7ff8ec194708,0x7ff8ec1947182⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:82⤵PID:1636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵PID:2188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:82⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5548 /prefetch:82⤵PID:556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:12⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:12⤵PID:1844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵PID:3308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3929024001078929481,17588997358885815400,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3440 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4884
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2516
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4392
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2168
-
C:\Users\Admin\AppData\Local\Temp\Temp1_GT.Duplicator.Exploit.zip\GT Duplicator Exploit\SystemFreezer.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_GT.Duplicator.Exploit.zip\GT Duplicator Exploit\SystemFreezer.exe"1⤵
- Drops startup file
- Suspicious use of AdjustPrivilegeToken
PID:2292 -
C:\Users\Admin\AppData\Local\Temp\dcd.exe"C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""2⤵
- Executes dropped EXE
PID:3180
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_GT.Duplicator.Exploit.zip\GT Duplicator Exploit\SystemFreezer.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_GT.Duplicator.Exploit.zip\GT Duplicator Exploit\SystemFreezer.exe"1⤵
- Drops startup file
- Suspicious use of AdjustPrivilegeToken
PID:5084 -
C:\Users\Admin\AppData\Local\Temp\dcd.exe"C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""2⤵
- Executes dropped EXE
PID:4836
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_GT.Duplicator.Exploit.zip\GT Duplicator Exploit\SystemFreezer.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_GT.Duplicator.Exploit.zip\GT Duplicator Exploit\SystemFreezer.exe"1⤵
- Drops startup file
- Suspicious use of AdjustPrivilegeToken
PID:628 -
C:\Users\Admin\AppData\Local\Temp\dcd.exe"C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""2⤵
- Executes dropped EXE
PID:4836
-
Network
-
Remote address:8.8.8.8:53Request67.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestgithub.comIN AResponsegithub.comIN A140.82.121.4
-
GEThttps://github.com/L3GOGT/Growtopia-Duplicator-Exploit/releases/download/working/GT.Duplicator.Exploit.zipmsedge.exeRemote address:140.82.121.4:443RequestGET /L3GOGT/Growtopia-Duplicator-Exploit/releases/download/working/GT.Duplicator.Exploit.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 302
date: Tue, 28 Nov 2023 13:52:13 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/720728519/61dfee5a-f15d-4efe-af74-89e64074c3e8?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231128%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231128T135213Z&X-Amz-Expires=300&X-Amz-Signature=015bdac000d887ef1119379a29a54a90df4fc22aa6110245de2f8a59376b7574&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=720728519&response-content-disposition=attachment%3B%20filename%3DGT.Duplicator.Exploit.zip&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.githubcopilot.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com support.github.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: E8B0:62AC:1EBEFC2E:1F304021:6565F08D
-
Remote address:8.8.8.8:53Request4.121.82.140.in-addr.arpaIN PTRResponse4.121.82.140.in-addr.arpaIN PTRlb-140-82-121-4-fragithubcom
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.1.85.104.in-addr.arpaIN PTRResponse198.1.85.104.in-addr.arpaIN PTRa104-85-1-198deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestobjects.githubusercontent.comIN AResponseobjects.githubusercontent.comIN A185.199.108.133objects.githubusercontent.comIN A185.199.109.133objects.githubusercontent.comIN A185.199.110.133objects.githubusercontent.comIN A185.199.111.133
-
GEThttps://objects.githubusercontent.com/github-production-release-asset-2e65be/720728519/61dfee5a-f15d-4efe-af74-89e64074c3e8?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231128%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231128T135213Z&X-Amz-Expires=300&X-Amz-Signature=015bdac000d887ef1119379a29a54a90df4fc22aa6110245de2f8a59376b7574&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=720728519&response-content-disposition=attachment%3B%20filename%3DGT.Duplicator.Exploit.zip&response-content-type=application%2Foctet-streammsedge.exeRemote address:185.199.108.133:443RequestGET /github-production-release-asset-2e65be/720728519/61dfee5a-f15d-4efe-af74-89e64074c3e8?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231128%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231128T135213Z&X-Amz-Expires=300&X-Amz-Signature=015bdac000d887ef1119379a29a54a90df4fc22aa6110245de2f8a59376b7574&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=720728519&response-content-disposition=attachment%3B%20filename%3DGT.Duplicator.Exploit.zip&response-content-type=application%2Foctet-stream HTTP/2.0
host: objects.githubusercontent.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-md5: GfO0C695U/IGjsPxSKLBqg==
last-modified: Sun, 19 Nov 2023 12:22:25 GMT
etag: "0x8DBE8FA30AAC443"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5edde0d4-001e-0005-1b02-22338e000000
x-ms-version: 2020-04-08
x-ms-creation-time: Sun, 19 Nov 2023 12:22:25 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=GT.Duplicator.Exploit.zip
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 28 Nov 2023 13:52:14 GMT
age: 0
x-served-by: cache-iad-kcgs7200156-IAD, cache-ams21049-AMS
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1701179534.065010,VS0,VE200
content-length: 621971
-
Remote address:8.8.8.8:53Request133.108.199.185.in-addr.arpaIN PTRResponse133.108.199.185.in-addr.arpaIN PTRcdn-185-199-108-133githubcom
-
Remote address:8.8.8.8:53Request9.228.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.a-0001.a-msedge.netg-bing-com.a-0001.a-msedge.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2A476F7E58156B910E6D7CA9595D6AD8; domain=.bing.com; expires=Sun, 22-Dec-2024 13:52:19 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3989A48A86A04827AC828F0B5CC2D2FC Ref B: BRU30EDGE0907 Ref C: 2023-11-28T13:52:19Z
date: Tue, 28 Nov 2023 13:52:18 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2A476F7E58156B910E6D7CA9595D6AD8
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 45C4889E966842BB9B390BD15808588A Ref B: BRU30EDGE0907 Ref C: 2023-11-28T13:52:19Z
date: Tue, 28 Nov 2023 13:52:18 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2A476F7E58156B910E6D7CA9595D6AD8
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1298DE09DCE44B9699EB991884C9C6DB Ref B: BRU30EDGE0907 Ref C: 2023-11-28T13:52:19Z
date: Tue, 28 Nov 2023 13:52:18 GMT
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request203.33.253.131.in-addr.arpaIN PTRResponse203.33.253.131.in-addr.arpaIN PTRa-0003 dc-msedgenet
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request25.14.97.104.in-addr.arpaIN PTRResponse25.14.97.104.in-addr.arpaIN PTRa104-97-14-25deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestgoogle.comIN AResponsegoogle.comIN A142.250.179.142
-
Remote address:142.250.179.142:80RequestGET /generate_204 HTTP/1.1
Host: google.com
Connection: Keep-Alive
ResponseHTTP/1.1 204 No Content
Cross-Origin-Resource-Policy: cross-origin
Date: Tue, 28 Nov 2023 13:52:44 GMT
-
Remote address:8.8.8.8:53Request142.179.250.142.in-addr.arpaIN PTRResponse142.179.250.142.in-addr.arpaIN PTRams17s10-in-f141e100net
-
Remote address:8.8.8.8:53Requestapi.imgbb.comIN AResponseapi.imgbb.comIN A188.114.97.0api.imgbb.comIN A188.114.96.0
-
Remote address:188.114.97.0:443RequestPOST /1/upload?key=78adae1bfa0e608b56435fa339987449 HTTP/1.1
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Host: api.imgbb.com
Content-Length: 88722
Connection: Keep-Alive
ResponseHTTP/1.1 400 Bad Request
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, X-Requested-With, Content-Type
access-control-allow-methods: POST, GET, OPTIONS
last-modified: Tue, 28 Nov 2023 13:52:46GMT
Cache-Control: no-cache, must-revalidate
pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nR7K3DEl6%2B1A5zUIIZ7%2FO1PFT9WeS25o5cm14RpuFXCOVyB9Hqae%2F%2Bq9Bt1e%2BLCq0d2er%2B2mu%2Blv8LYtP3GHIEWtbRae6Gfp55lVCG32beY8BEBc7%2Fe5p4F9I4fzYUJ6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82d317e10c651c84-AMS
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Requesteterprx.netIN AResponseeterprx.netIN A104.21.20.223eterprx.netIN A172.67.194.181
-
Remote address:104.21.20.223:443RequestPOST /api/accounts HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: eterprx.net
Content-Length: 221
Connection: Keep-Alive
ResponseHTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
x-powered-by: PHP/7.2.34
cache-control: no-cache, private
x-ratelimit-limit: 30
x-ratelimit-remaining: 29
vary: User-Agent
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g2SoWJbe4Y%2F0aaV0UQAIV0h3Yds86HpCr49IZLrazNoSGrIkBwoYj7x%2Fk0NsDuHZ667Weun2TM7hd56oMyvOzPURgghnHVNq1E%2BYVFVAbwH0XGhf4ntRTe6nXA8HDg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82d317e20e29660a-AMS
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Requesteternitypr.netIN AResponseeternitypr.netIN A172.67.199.29eternitypr.netIN A104.21.21.142
-
Remote address:172.67.199.29:443RequestPOST /api/accounts HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: eternitypr.net
Content-Length: 221
Connection: Keep-Alive
ResponseHTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
x-powered-by: PHP/7.2.34
cache-control: no-cache, private
x-ratelimit-limit: 30
x-ratelimit-remaining: 29
vary: User-Agent
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=azgDfX1WpJ2aHj%2FRSDTITfaauazqt5DLLoHgMY0c4xMCY2mVwXPTzjHtxN%2B8PTZLgq3697ZG8E5I6J8n6lqaamwP3rerDTd5c6j5gecF0CvglkILQJ4WQnpRfplyErr86w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82d317e3294e1c90-AMS
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Request0.97.114.188.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request223.20.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request29.199.67.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request126.23.238.8.in-addr.arpaIN PTRResponse
-
Remote address:142.250.179.142:80RequestGET /generate_204 HTTP/1.1
Host: google.com
Connection: Keep-Alive
ResponseHTTP/1.1 204 No Content
Cross-Origin-Resource-Policy: cross-origin
Date: Tue, 28 Nov 2023 13:53:15 GMT
-
Remote address:188.114.97.0:443RequestPOST /1/upload?key=78adae1bfa0e608b56435fa339987449 HTTP/1.1
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Host: api.imgbb.com
Content-Length: 88780
Connection: Keep-Alive
ResponseHTTP/1.1 400 Bad Request
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, X-Requested-With, Content-Type
access-control-allow-methods: POST, GET, OPTIONS
last-modified: Tue, 28 Nov 2023 13:53:16GMT
Cache-Control: no-cache, must-revalidate
pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GEPM15lB6tRIsJyYLAxLVT%2BEcQN53bsKi79jz8zG2%2B4zzUiZvrDPYlI%2BEYZZhTiKzqLiihW39ToghQ18VLQR7OvhX8z2Ox9y6UuRYMMo%2BNRqZm2lt6JOHBAKIcTCUgmM"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82d3189b88ddb706-AMS
alt-svc: h3=":443"; ma=86400
-
Remote address:104.21.20.223:443RequestPOST /api/accounts HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: eterprx.net
Content-Length: 221
Connection: Keep-Alive
ResponseHTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
x-powered-by: PHP/7.2.34
cache-control: no-cache, private
x-ratelimit-limit: 30
x-ratelimit-remaining: 28
vary: User-Agent
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YmnFOMNDQkke2l8x%2FKTruPQUoNAzPTOUNO1p0wX6A2hGCObPhFhOVcFMzG9teDeDgvbUUlTjABdVLuSBhopH%2BDI5yR3XlVQJQ%2BtR%2Byu3GJjt6CLULvcs4C8xns2MUw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82d3189c59896692-AMS
alt-svc: h3=":443"; ma=86400
-
Remote address:172.67.199.29:443RequestPOST /api/accounts HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: eternitypr.net
Content-Length: 221
Connection: Keep-Alive
ResponseHTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
x-powered-by: PHP/7.2.34
cache-control: no-cache, private
x-ratelimit-limit: 30
x-ratelimit-remaining: 28
vary: User-Agent
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eRcas3BbTw3P8IdEIN%2FVjyXQRjguIsIuQrd7Oym07aDodeWbKQYcln5sXxmJFG3MJb6tJBjI5J2cCK2KFnzFaibj9kB1ytAv6WSI5avR8SyX2PSJqJkJUwq5tJX8lNoPNA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82d3189d4c0c0bb0-AMS
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Request43.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:142.250.179.142:80RequestGET /generate_204 HTTP/1.1
Host: google.com
Connection: Keep-Alive
ResponseHTTP/1.1 204 No Content
Cross-Origin-Resource-Policy: cross-origin
Date: Tue, 28 Nov 2023 13:54:01 GMT
-
Remote address:188.114.97.0:443RequestPOST /1/upload?key=78adae1bfa0e608b56435fa339987449 HTTP/1.1
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Host: api.imgbb.com
Content-Length: 88780
Connection: Keep-Alive
ResponseHTTP/1.1 400 Bad Request
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-origin: *
access-control-allow-headers: Cache-Control, X-Requested-With, Content-Type
access-control-allow-methods: POST, GET, OPTIONS
last-modified: Tue, 28 Nov 2023 13:54:01GMT
Cache-Control: no-cache, must-revalidate
pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BzleUYrKox51CBFm7Un1McYrcmpBUaHIfXFIPJoyIvwi%2FHYX0gRUscAzDtrfsARRUZryJd6goc93ufvSEq5SnR3zSSizg6t9ILrqdmNTTCwzcOCaz%2FBeY3%2FKf%2F5o%2B6%2Bx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82d319ba198a672a-AMS
alt-svc: h3=":443"; ma=86400
-
Remote address:104.21.20.223:443RequestPOST /api/accounts HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: eterprx.net
Content-Length: 221
Connection: Keep-Alive
ResponseHTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
x-powered-by: PHP/7.2.34
cache-control: no-cache, private
x-ratelimit-limit: 30
x-ratelimit-remaining: 29
vary: User-Agent
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q0K2PDqlyhJiP78NPPqam4opuXZvH1HAytYz5zsKIUhPEwrJFtrgsx8eYqysDX1YLpkjhymo5QPQO9cX5Wg2eMXCZvMcKAzeHxAWsEwqZCAf3s1hnwH%2B1hC0Er4I6g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82d319bb1e220e6c-AMS
alt-svc: h3=":443"; ma=86400
-
Remote address:172.67.199.29:443RequestPOST /api/accounts HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: eternitypr.net
Content-Length: 221
Connection: Keep-Alive
ResponseHTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
x-powered-by: PHP/7.2.34
cache-control: no-cache, private
x-ratelimit-limit: 30
x-ratelimit-remaining: 29
vary: User-Agent
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fGvCic%2F%2BvYKvSEr%2BFRdpyQ0OSjANvkOKkXQmziFSZt7qUgpj%2FQoMJaYY2zPXq6xFUSh1GcgAj3gbdNhmI%2B8j7JgVeCxsTFxxlf%2BAwLT3ooMGtpT2FsPQsdGuhYFNFW090A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82d319bcfef8669f-AMS
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Request9.73.50.20.in-addr.arpaIN PTRResponse
-
140.82.121.4:443https://github.com/L3GOGT/Growtopia-Duplicator-Exploit/releases/download/working/GT.Duplicator.Exploit.ziptls, http2msedge.exe2.0kB 7.3kB 17 18
HTTP Request
GET https://github.com/L3GOGT/Growtopia-Duplicator-Exploit/releases/download/working/GT.Duplicator.Exploit.zipHTTP Response
302 -
1.1kB 3.3kB 11 8
-
185.199.108.133:443https://objects.githubusercontent.com/github-production-release-asset-2e65be/720728519/61dfee5a-f15d-4efe-af74-89e64074c3e8?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231128%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231128T135213Z&X-Amz-Expires=300&X-Amz-Signature=015bdac000d887ef1119379a29a54a90df4fc22aa6110245de2f8a59376b7574&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=720728519&response-content-disposition=attachment%3B%20filename%3DGT.Duplicator.Exploit.zip&response-content-type=application%2Foctet-streamtls, http2msedge.exe13.2kB 650.5kB 254 493
HTTP Request
GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/720728519/61dfee5a-f15d-4efe-af74-89e64074c3e8?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20231128%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231128T135213Z&X-Amz-Expires=300&X-Amz-Signature=015bdac000d887ef1119379a29a54a90df4fc22aa6110245de2f8a59376b7574&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=720728519&response-content-disposition=attachment%3B%20filename%3DGT.Duplicator.Exploit.zip&response-content-type=application%2Foctet-streamHTTP Response
200 -
204.79.197.200:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=tls, http21.9kB 9.3kB 22 20
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bcbb8f4ef115421f80ba1d9d12532185&localId=w:5DA71B07-9A86-3028-7BAC-0A2B03A6FF03&deviceId=6896189400010801&anid=HTTP Response
204 -
302 B 259 B 5 3
HTTP Request
GET http://google.com/generate_204HTTP Response
204 -
188.114.97.0:443https://api.imgbb.com/1/upload?key=78adae1bfa0e608b56435fa339987449tls, httpSystemFreezer.exe92.4kB 7.5kB 73 39
HTTP Request
POST https://api.imgbb.com/1/upload?key=78adae1bfa0e608b56435fa339987449HTTP Response
400 -
1.1kB 3.9kB 9 8
HTTP Request
POST https://eterprx.net/api/accountsHTTP Response
400 -
1.1kB 3.9kB 9 8
HTTP Request
POST https://eternitypr.net/api/accountsHTTP Response
400 -
302 B 259 B 5 3
HTTP Request
GET http://google.com/generate_204HTTP Response
204 -
188.114.97.0:443https://api.imgbb.com/1/upload?key=78adae1bfa0e608b56435fa339987449tls, httpSystemFreezer.exe92.4kB 7.3kB 73 36
HTTP Request
POST https://api.imgbb.com/1/upload?key=78adae1bfa0e608b56435fa339987449HTTP Response
400 -
1.1kB 3.9kB 9 8
HTTP Request
POST https://eterprx.net/api/accountsHTTP Response
400 -
1.1kB 3.9kB 9 8
HTTP Request
POST https://eternitypr.net/api/accountsHTTP Response
400 -
302 B 259 B 5 3
HTTP Request
GET http://google.com/generate_204HTTP Response
204 -
188.114.97.0:443https://api.imgbb.com/1/upload?key=78adae1bfa0e608b56435fa339987449tls, httpSystemFreezer.exe92.4kB 7.4kB 73 38
HTTP Request
POST https://api.imgbb.com/1/upload?key=78adae1bfa0e608b56435fa339987449HTTP Response
400 -
1.1kB 3.9kB 9 8
HTTP Request
POST https://eterprx.net/api/accountsHTTP Response
400 -
1.1kB 3.9kB 9 8
HTTP Request
POST https://eternitypr.net/api/accountsHTTP Response
400
-
71 B 157 B 1 1
DNS Request
67.31.126.40.in-addr.arpa
-
56 B 72 B 1 1
DNS Request
github.com
DNS Response
140.82.121.4
-
71 B 115 B 1 1
DNS Request
4.121.82.140.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
198.1.85.104.in-addr.arpa
-
75 B 139 B 1 1
DNS Request
objects.githubusercontent.com
DNS Response
185.199.108.133185.199.109.133185.199.110.133185.199.111.133
-
74 B 118 B 1 1
DNS Request
133.108.199.185.in-addr.arpa
-
514 B 8
-
70 B 156 B 1 1
DNS Request
9.228.82.20.in-addr.arpa
-
56 B 158 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.20013.107.21.200
-
73 B 106 B 1 1
DNS Request
200.197.79.204.in-addr.arpa
-
73 B 107 B 1 1
DNS Request
203.33.253.131.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
25.14.97.104.in-addr.arpa
-
56 B 72 B 1 1
DNS Request
google.com
DNS Response
142.250.179.142
-
74 B 113 B 1 1
DNS Request
142.179.250.142.in-addr.arpa
-
59 B 91 B 1 1
DNS Request
api.imgbb.com
DNS Response
188.114.97.0188.114.96.0
-
57 B 89 B 1 1
DNS Request
eterprx.net
DNS Response
104.21.20.223172.67.194.181
-
60 B 92 B 1 1
DNS Request
eternitypr.net
DNS Response
172.67.199.29104.21.21.142
-
71 B 133 B 1 1
DNS Request
0.97.114.188.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
223.20.21.104.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
29.199.67.172.in-addr.arpa
-
71 B 125 B 1 1
DNS Request
126.23.238.8.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
43.229.111.52.in-addr.arpa
-
69 B 155 B 1 1
DNS Request
9.73.50.20.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD5ac0ca66ac4c91ca3b77783527979b645
SHA1317c25230f0a90a5ecd27fbac4a5cc38d7dc5c5c
SHA2566b06c317071768e8c127cfbb5390664a552d273d1357aa523a120bfba1a6c71f
SHA51207b45f6509b702bc334a4423ea8f1e718e2e1d6040917088e6b96a9a57f04801a9d221fcefa173976dcda9bc575ca08fb44f82ade528ddf67daffd6be1aebebc
-
Filesize
152B
MD5208a234643c411e1b919e904ee20115e
SHA1400b6e6860953f981bfe4716c345b797ed5b2b5b
SHA256af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458
SHA5122779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2
-
Filesize
265B
MD5f5cd008cf465804d0e6f39a8d81f9a2d
SHA16b2907356472ed4a719e5675cc08969f30adc855
SHA256fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d
SHA512dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD56f530f1f11bf69ff10ee37e799208bc0
SHA11f90bb1505616020ca14368bc1162d5e6d68a871
SHA256fa7fde1d2ddd376a9a65addbc35ab23fe71e8f4f06fe24d9b7a9bd151d8670f5
SHA512f6afebacfd754739f1e0486fd1666d2b40e2706b6fab96d83cd786c17ca57f86206833e3df2e7a5caafb2aea7f7386274001956a7079bd18d6b50b4593a92d19
-
Filesize
5KB
MD57199eab038c28907bacfecd816d387ee
SHA1efc8cb53429081ecca1d4284e2ee2a2db6e69c71
SHA2564c27360601cfcc7cde3522dd490c4878802c10be7587f31dc616483b74227067
SHA51207c23132e7aed82c0d736f22436a63b06f20e72fd4570ae78d037dcce31358dad205797593f6c008a30e1275332201c191d8064a2857a78e7824dc85d8c6685a
-
Filesize
24KB
MD55a6206a3489650bf4a9c3ce44a428126
SHA13137a909ef8b098687ec536c57caa1bacc77224b
SHA2560a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28
SHA512980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD53360cb9430c3e9491d08df94ce7aa18b
SHA17dfc1554ec47ab9a472d47e77baf064a371860b7
SHA2569ddf1048c52129818182bf4d8150ac4c3e3845d08d6dce9b1350256216ac33fe
SHA512ebca653f018925b6333923272f1f0c6aea41c4c08619c7e2a1d401b7cfa317b61f9516db8b81cba5c3d060659f3ab7f2c71205f9a782d98c9b6aec2171b43e3f
-
Filesize
227KB
MD5b5ac46e446cead89892628f30a253a06
SHA1f4ad1044a7f77a1b02155c3a355a1bb4177076ca
SHA256def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669
SHA512bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87
-
Filesize
227KB
MD5b5ac46e446cead89892628f30a253a06
SHA1f4ad1044a7f77a1b02155c3a355a1bb4177076ca
SHA256def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669
SHA512bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87
-
Filesize
227KB
MD5b5ac46e446cead89892628f30a253a06
SHA1f4ad1044a7f77a1b02155c3a355a1bb4177076ca
SHA256def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669
SHA512bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87
-
Filesize
227KB
MD5b5ac46e446cead89892628f30a253a06
SHA1f4ad1044a7f77a1b02155c3a355a1bb4177076ca
SHA256def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669
SHA512bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87
-
Filesize
227KB
MD5b5ac46e446cead89892628f30a253a06
SHA1f4ad1044a7f77a1b02155c3a355a1bb4177076ca
SHA256def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669
SHA512bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87
-
Filesize
884KB
MD5c535be7d5fca25b986c17ff8dda9d482
SHA199199849ab5140e0df64083ae70c9b65265308f7
SHA25607cc4f727bac2537a45421540107751df24bb736d6e471d90f84e73366e111e0
SHA512c7ac6268ce848f7137e9c31407abbad528f0129d1c436c831b79ca30ec304ebd7da0d94fe70128be3c3c383edb85b59c9a546e8e64e6cec11be414c7bd4159c2
-
Filesize
607KB
MD519f3b40baf7953f2068ec3f148a2c1aa
SHA1d7c9d9307d317177d7b8f394b838e57f0157bbc5
SHA2563064f41531487ee3b9205367940d50ab150775008c1ff13b92069cbbbb828e1f
SHA512364b8b24cef388466d5365d7a6a738082770e4be648d1de3745df346ebabcf838749f16dfe647133550e5922c90ee5fe464e3528691a7e05bdcc55a379bde6c0