Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c66ea2ec21...58.exe

windows7-x64

7

c66ea2ec21...58.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 17:11 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c66ea2ec216fa6a79e943fa656117258.exe

  • Size

    385KB

  • MD5

    c66ea2ec216fa6a79e943fa656117258

  • SHA1

    be2d6b3e54fdf9df898994e233e0d9e41a670cef

  • SHA256

    80f8585b842eaea1531cf4d20afd7327824f8923777b9084ec1c04de1b07dcd5

  • SHA512

    1a8d3980c3fd15174dbc5b9047ae3713bd0febd9d0ca49e64ceca8d22151f7559b7fccacfa868e63ca5b7a43f88d09c77fdd6c3971b73e23b38e40c2f8cebe99

  • SSDEEP

    12288:g0I7gHef+a3FgxsfTlEuyTcOWWhNJb65164h1uQeXB:gEeGYKyRWhCD6G1N+B

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c66ea2ec216fa6a79e943fa656117258.exe
    "C:\Users\Admin\AppData\Local\Temp\c66ea2ec216fa6a79e943fa656117258.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:456
    • C:\Users\Admin\AppData\Local\Temp\c66ea2ec216fa6a79e943fa656117258.exe
      C:\Users\Admin\AppData\Local\Temp\c66ea2ec216fa6a79e943fa656117258.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3856
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3608 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:5076

    Network

    • flag-us
      DNS
      136.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      136.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      displaycatalog.mp.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      displaycatalog.mp.microsoft.com
      IN A
      Response
      displaycatalog.mp.microsoft.com
      IN CNAME
      displaycatalog-rp.md.mp.microsoft.com.akadns.net
      displaycatalog-rp.md.mp.microsoft.com.akadns.net
      IN CNAME
      rp-consumer-prod-displaycatalog-geomap.trafficmanager.net
      rp-consumer-prod-displaycatalog-geomap.trafficmanager.net
      IN CNAME
      neus1c-displaycatalog.frontdoor.bigcatalog.commerce.microsoft.com
      neus1c-displaycatalog.frontdoor.bigcatalog.commerce.microsoft.com
      IN A
      20.82.154.241
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=385D5DABACEB68DB23B549EAAD0B696A; domain=.bing.com; expires=Mon, 07-Apr-2025 17:11:51 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: D0AC0B6F9FC44B9D97D5B5532238A081 Ref B: LON04EDGE1112 Ref C: 2024-03-13T17:11:51Z
      date: Wed, 13 Mar 2024 17:11:50 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=385D5DABACEB68DB23B549EAAD0B696A
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=5why4u9OSdak2o_UckFkwOHwEO6pb6_GXdZwKkwah84; domain=.bing.com; expires=Mon, 07-Apr-2025 17:11:51 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: BFD440C54B9E4420B9AF9B05AC5E3B04 Ref B: LON04EDGE1112 Ref C: 2024-03-13T17:11:51Z
      date: Wed, 13 Mar 2024 17:11:50 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=385D5DABACEB68DB23B549EAAD0B696A; MSPTC=5why4u9OSdak2o_UckFkwOHwEO6pb6_GXdZwKkwah84
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 52EDC4DCB25F4B429045EDD14296E781 Ref B: LON04EDGE1112 Ref C: 2024-03-13T17:11:51Z
      date: Wed, 13 Mar 2024 17:11:50 GMT
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      178.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      178.178.17.96.in-addr.arpa
      IN PTR
      Response
      178.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-178deploystaticakamaitechnologiescom
    • flag-us
      DNS
      178.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      178.178.17.96.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      154.239.44.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      154.239.44.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      55.36.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      55.36.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      pastebin.com
      c66ea2ec216fa6a79e943fa656117258.exe
      Remote address:
      8.8.8.8:53
      Request
      pastebin.com
      IN A
      Response
      pastebin.com
      IN A
      104.20.67.143
      pastebin.com
      IN A
      172.67.34.170
      pastebin.com
      IN A
      104.20.68.143
    • flag-us
      GET
      https://pastebin.com/raw/ubFNTPjt
      c66ea2ec216fa6a79e943fa656117258.exe
      Remote address:
      104.20.67.143:443
      Request
      GET /raw/ubFNTPjt HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
      Host: pastebin.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Date: Wed, 13 Mar 2024 17:12:01 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 993
      Server: cloudflare
      CF-RAY: 863da5824d8f63a0-LHR
    • flag-us
      DNS
      143.67.20.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      143.67.20.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      13.86.106.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.86.106.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.31.95.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.31.95.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.31.95.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.31.95.13.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      28.160.77.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      28.160.77.104.in-addr.arpa
      IN PTR
      Response
      28.160.77.104.in-addr.arpa
      IN PTR
      a104-77-160-28deploystaticakamaitechnologiescom
    • flag-us
      DNS
      173.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      173.178.17.96.in-addr.arpa
      IN PTR
      Response
      173.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-173deploystaticakamaitechnologiescom
    • flag-us
      DNS
      173.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      173.178.17.96.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      22.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      22.236.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      chromewebstore.googleapis.com
      Remote address:
      8.8.8.8:53
      Request
      chromewebstore.googleapis.com
      IN A
    • flag-us
      DNS
      chromewebstore.googleapis.com
      Remote address:
      8.8.8.8:53
      Request
      chromewebstore.googleapis.com
      IN Unknown
    • flag-us
      DNS
      chromewebstore.googleapis.com
      Remote address:
      8.8.8.8:53
      Request
      chromewebstore.googleapis.com
      IN A
      Response
      chromewebstore.googleapis.com
      IN A
      142.251.39.106
      chromewebstore.googleapis.com
      IN A
      172.217.168.202
      chromewebstore.googleapis.com
      IN A
      172.217.23.202
      chromewebstore.googleapis.com
      IN A
      142.250.179.138
      chromewebstore.googleapis.com
      IN A
      142.251.36.42
      chromewebstore.googleapis.com
      IN A
      142.250.179.170
      chromewebstore.googleapis.com
      IN A
      142.250.179.202
      chromewebstore.googleapis.com
      IN A
      142.251.36.10
    • flag-us
      DNS
      chromewebstore.googleapis.com
      Remote address:
      8.8.8.8:53
      Request
      chromewebstore.googleapis.com
      IN Unknown
      Response
    • flag-us
      DNS
      106.39.251.142.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      106.39.251.142.in-addr.arpa
      IN PTR
      Response
      106.39.251.142.in-addr.arpa
      IN PTR
      ams15s48-in-f101e100net
    • flag-us
      DNS
      88.156.103.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.156.103.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.156.103.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.156.103.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317300991_1FMEZ62360OCLMCN3&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317300991_1FMEZ62360OCLMCN3&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 439596
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 8A11875446384194B40E7B4EF1F6A35C Ref B: LON04EDGE0906 Ref C: 2024-03-13T17:13:43Z
      date: Wed, 13 Mar 2024 17:13:43 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360433542_1UJC4903W7XNIUU73&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360433542_1UJC4903W7XNIUU73&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 534735
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: FC4A78ACD8A443B18E2D82CD9AB0B9EE Ref B: LON04EDGE0906 Ref C: 2024-03-13T17:13:43Z
      date: Wed, 13 Mar 2024 17:13:43 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360433543_1F4HJPO10Z3VYH0SK&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360433543_1F4HJPO10Z3VYH0SK&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 433791
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 249C124ACA1E496EAD5C9D86C44A4BA3 Ref B: LON04EDGE0906 Ref C: 2024-03-13T17:13:43Z
      date: Wed, 13 Mar 2024 17:13:43 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301424_1QV7T9E0YAU5JUTLU&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301424_1QV7T9E0YAU5JUTLU&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 448456
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: D3FEA5B76ED44384B2FCBF6B805CCFA1 Ref B: LON04EDGE0906 Ref C: 2024-03-13T17:13:43Z
      date: Wed, 13 Mar 2024 17:13:43 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418563_16RSKIH5RQZW91ZBH&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340418563_16RSKIH5RQZW91ZBH&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 215415
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: B844F5A1B14F442581DED007258D6C9F Ref B: LON04EDGE0906 Ref C: 2024-03-13T17:13:43Z
      date: Wed, 13 Mar 2024 17:13:43 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418564_10W6V5F7I280O8R44&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340418564_10W6V5F7I280O8R44&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 275141
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 5006215A61B74E70ACC85B6B9F146449 Ref B: LON04EDGE0906 Ref C: 2024-03-13T17:13:53Z
      date: Wed, 13 Mar 2024 17:13:52 GMT
    • flag-us
      DNS
      2.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.173.189.20.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
      tls, http2
      2.0kB
       9.2kB
       21
      18

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

      HTTP Response

      204
    • 104.20.67.143:443
      https://pastebin.com/raw/ubFNTPjt
      tls, http
      c66ea2ec216fa6a79e943fa656117258.exe
      1.1kB
       4.7kB
       13
      9

      HTTP Request

      GET https://pastebin.com/raw/ubFNTPjt

      HTTP Response

      404
    • 13.107.253.64:443
      92 B
       40 B
       2
      1
    • 142.251.39.106:443
      chromewebstore.googleapis.com
      tls
      1.9kB
       7.9kB
       15
      16
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       9.2kB
       15
      14
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239340418564_10W6V5F7I280O8R44&pid=21.2&w=1920&h=1080&c=4
      tls, http2
      86.9kB
       2.5MB
       1810
      1799

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317300991_1FMEZ62360OCLMCN3&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360433542_1UJC4903W7XNIUU73&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360433543_1F4HJPO10Z3VYH0SK&pid=21.2&w=1080&h=1920&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301424_1QV7T9E0YAU5JUTLU&pid=21.2&w=1080&h=1920&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418563_16RSKIH5RQZW91ZBH&pid=21.2&w=1080&h=1920&c=4

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418564_10W6V5F7I280O8R44&pid=21.2&w=1920&h=1080&c=4

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.6kB
       9.4kB
       18
      13
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.8kB
       9.4kB
       19
      13
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      2.5kB
       9.0kB
       21
      14
    • 8.8.8.8:53
      136.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      136.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      150 B
       433 B
       2
      2

      DNS Request

      95.221.229.192.in-addr.arpa

      DNS Request

      displaycatalog.mp.microsoft.com

      DNS Response

      20.82.154.241

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       158 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      73 B
       106 B
       1
      1

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      178.178.17.96.in-addr.arpa
      dns
      144 B
       137 B
       2
      1

      DNS Request

      178.178.17.96.in-addr.arpa

      DNS Request

      178.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      154.239.44.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      154.239.44.20.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      55.36.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      55.36.223.20.in-addr.arpa

    • 8.8.8.8:53
      pastebin.com
      dns
      c66ea2ec216fa6a79e943fa656117258.exe
      58 B
       106 B
       1
      1

      DNS Request

      pastebin.com

      DNS Response

      104.20.67.143
      172.67.34.170
      104.20.68.143

    • 8.8.8.8:53
      143.67.20.104.in-addr.arpa
      dns
      72 B
       134 B
       1
      1

      DNS Request

      143.67.20.104.in-addr.arpa

    • 8.8.8.8:53
      13.86.106.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      13.86.106.20.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      18.31.95.13.in-addr.arpa
      dns
      140 B
       144 B
       2
      1

      DNS Request

      18.31.95.13.in-addr.arpa

      DNS Request

      18.31.95.13.in-addr.arpa

    • 8.8.8.8:53
      28.160.77.104.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      28.160.77.104.in-addr.arpa

    • 8.8.8.8:53
      173.178.17.96.in-addr.arpa
      dns
      144 B
       137 B
       2
      1

      DNS Request

      173.178.17.96.in-addr.arpa

      DNS Request

      173.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      22.236.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      22.236.111.52.in-addr.arpa

    • 8.8.8.8:53
      chromewebstore.googleapis.com
      dns
      75 B
       1

      DNS Request

      chromewebstore.googleapis.com

    • 8.8.8.8:53
      chromewebstore.googleapis.com
      dns
      75 B
       1

      DNS Request

      chromewebstore.googleapis.com

    • 8.8.8.8:53
      chromewebstore.googleapis.com
      dns
      75 B
       203 B
       1
      1

      DNS Request

      chromewebstore.googleapis.com

      DNS Response

      142.251.39.106
      172.217.168.202
      172.217.23.202
      142.250.179.138
      142.251.36.42
      142.250.179.170
      142.250.179.202
      142.251.36.10

    • 8.8.8.8:53
      chromewebstore.googleapis.com
      dns
      75 B
       132 B
       1
      1

      DNS Request

      chromewebstore.googleapis.com

    • 8.8.8.8:53
      106.39.251.142.in-addr.arpa
      dns
      73 B
       112 B
       1
      1

      DNS Request

      106.39.251.142.in-addr.arpa

    • 8.8.8.8:53
      88.156.103.20.in-addr.arpa
      dns
      144 B
       158 B
       2
      1

      DNS Request

      88.156.103.20.in-addr.arpa

      DNS Request

      88.156.103.20.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      124 B
       173 B
       2
      1

      DNS Request

      tse1.mm.bing.net

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      2.173.189.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      2.173.189.20.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\c66ea2ec216fa6a79e943fa656117258.exe
      Filesize

      385KB

      MD5

      ad23903464cf8f44784e5b7ca5e15931

      SHA1

      468301b63a53d5c4cb882d29133e81e17b34dba0

      SHA256

      06d76056dd8fb3be3f2827ededcb9ab4b21477860aa5c1402a9b72f7cc7e352e

      SHA512

      a09ce72258ab79392ea99cda377367c4fbdb147a68c8ff5543c0bc59bd2bb2270bd0fb767911beb529578c24274a3e9474e479a94e1616ffa5cfbecd5b203144

      Download Submit

    • memory/456-0-0x0000000000400000-0x0000000000466000-memory.dmp

      Filesize

      408KB

      Download

    • memory/456-1-0x00000000014D0000-0x0000000001536000-memory.dmp

      Filesize

      408KB

      Download

    • memory/456-2-0x0000000000400000-0x000000000045F000-memory.dmp

      Filesize

      380KB

      Download

    • memory/456-12-0x0000000000400000-0x000000000045F000-memory.dmp

      Filesize

      380KB

      Download

    • memory/3856-13-0x0000000000400000-0x0000000000466000-memory.dmp

      Filesize

      408KB

      Download

    • memory/3856-14-0x0000000001470000-0x00000000014D6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/3856-20-0x0000000004E90000-0x0000000004EEF000-memory.dmp

      Filesize

      380KB

      Download

    • memory/3856-21-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/3856-30-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/3856-33-0x000000000B600000-0x000000000B63C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/3856-36-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.