Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

068428a4ac...26.exe

windows11-21h2-x64

8

0c4791a6b4...ea.elf

windows11-21h2-x64

3

0d9bd2ae2e...ea.exe

windows11-21h2-x64

7

0fa00d4f4f...70.dll

windows11-21h2-x64

1

10de02fec8...d1.bat

windows11-21h2-x64

8

1157191701...32.exe

windows11-21h2-x64

7

16e81343ec...a5.exe

windows11-21h2-x64

7

17691f0962...b7.elf

windows11-21h2-x64

3

17c24104e8...12.exe

windows11-21h2-x64

3

1816cd993d...28.exe

windows11-21h2-x64

7

1b8cda768b...8a.elf

windows11-21h2-x64

3

1df6acbc11...b7.elf

windows11-21h2-x64

3

1e7706ed04...b0.elf

windows11-21h2-x64

3

1f580428fa...2c.elf

windows11-21h2-x64

3

257fc477b9...cc.elf

windows11-21h2-x64

3

262a10ee37...50.elf

windows11-21h2-x64

3

267909cf4a...e7.bat

windows11-21h2-x64

10

2796760675...13.elf

windows11-21h2-x64

3

27e181c699...8c.elf

windows11-21h2-x64

3

2b4b073178...74.elf

windows11-21h2-x64

3

2b5bf75c0a...35.exe

windows11-21h2-x64

7

2bac99f5be...ec.elf

windows11-21h2-x64

3

2cfeefaa13...50.elf

windows11-21h2-x64

3

2e48ee0fb3...66.exe

windows11-21h2-x64

10

2e4d872360...5b.exe

windows11-21h2-x64

10

31b6a60839...1b.exe

windows11-21h2-x64

3

320ccae2e9...0d.exe

windows11-21h2-x64

10

3476006a8f...16.apk

windows11-21h2-x64

3

3545082c16...2e.elf

windows11-21h2-x64

3

377c3c3679...05.elf

windows11-21h2-x64

3

3c40413f93...f5.exe

windows11-21h2-x64

10

cbe27936a3...8b.iso

windows11-21h2-x64

3

Resubmissions

22/04/2024, 22:02 UTC

240422-1xtwbagh68 10

22/04/2024, 19:25 UTC

240422-x42b7afa68 10

19/04/2024, 03:02 UTC

240419-djmthsfh8w 10

Analysis

  • max time kernel
    1485s
  • max time network
    1499s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/04/2024, 19:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe

  • Size

    355KB

  • MD5

    cf1d6b216e37745bf725a0b327f0045e

  • SHA1

    3278b37ac35b877d3d5e9e1aff82d94bce532709

  • SHA256

    31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b

  • SHA512

    70b4f8651efd28af344059d62886f38595a692c642b8ebf0a81a69bfa948c471d73b7b7888d4a91c97e0bbe0d44f819e3ffcdae06dccfa790c77503ec5b7130b

  • SSDEEP

    6144:aR74gEBkjnu0zpAhr5lX8+CcpsUS5YKLFBVERB:a+gEBkjnXAhFlMSpBS5Htm

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
    "C:\Users\Admin\AppData\Local\Temp\31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe"
    1⤵
      PID:4280
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 1236
        2⤵
        • Program crash
        PID:2600
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4280 -ip 4280
      1⤵
        PID:4768

      Network

      • flag-us
        DNS
        cleartotalfisherwo.shop
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        Remote address:
        8.8.8.8:53
        Request
        cleartotalfisherwo.shop
        IN A
        Response
        cleartotalfisherwo.shop
        IN A
        172.67.185.32
        cleartotalfisherwo.shop
        IN A
        104.21.72.132
      • flag-us
        DNS
        worryfillvolcawoi.shop
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        Remote address:
        8.8.8.8:53
        Request
        worryfillvolcawoi.shop
        IN A
        Response
        worryfillvolcawoi.shop
        IN A
        172.67.199.191
        worryfillvolcawoi.shop
        IN A
        104.21.44.125
      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-us
        DNS
        enthusiasimtitleow.shop
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        Remote address:
        8.8.8.8:53
        Request
        enthusiasimtitleow.shop
        IN A
        Response
        enthusiasimtitleow.shop
        IN A
        104.21.18.233
        enthusiasimtitleow.shop
        IN A
        172.67.183.226
      • flag-us
        DNS
        affordcharmcropwo.shop
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        Remote address:
        8.8.8.8:53
        Request
        affordcharmcropwo.shop
        IN A
        Response
        affordcharmcropwo.shop
        IN A
        104.21.67.211
        affordcharmcropwo.shop
        IN A
        172.67.181.34
      • flag-us
        DNS
        diskretainvigorousiw.shop
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        Remote address:
        8.8.8.8:53
        Request
        diskretainvigorousiw.shop
        IN A
        Response
        diskretainvigorousiw.shop
        IN A
        104.21.23.143
        diskretainvigorousiw.shop
        IN A
        172.67.211.165
      • flag-us
        DNS
        pillowbrocccolipe.shop
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        Remote address:
        8.8.8.8:53
        Request
        pillowbrocccolipe.shop
        IN A
        Response
        pillowbrocccolipe.shop
        IN A
        104.21.47.56
        pillowbrocccolipe.shop
        IN A
        172.67.144.218
      • flag-us
        DNS
        19.229.111.52.in-addr.arpa
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        Remote address:
        8.8.8.8:53
        Request
        19.229.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        ctldl.windowsupdate.com
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        Remote address:
        8.8.8.8:53
        Request
        ctldl.windowsupdate.com
        IN A
        Response
        ctldl.windowsupdate.com
        IN CNAME
        wu-bg-shim.trafficmanager.net
        wu-bg-shim.trafficmanager.net
        IN CNAME
        windowsupdatebg.s.llnwi.net
        windowsupdatebg.s.llnwi.net
        IN A
        87.248.204.0
      • flag-us
        DNS
        ctldl.windowsupdate.com
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        Remote address:
        8.8.8.8:53
        Request
        ctldl.windowsupdate.com
        IN A
      • flag-us
        DNS
        32.185.67.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        32.185.67.172.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        dismissalcylinderhostw.shop
        Remote address:
        8.8.8.8:53
        Request
        dismissalcylinderhostw.shop
        IN A
        Response
        dismissalcylinderhostw.shop
        IN A
        172.67.205.132
        dismissalcylinderhostw.shop
        IN A
        104.21.22.160
      • flag-us
        DNS
        191.199.67.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        191.199.67.172.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        211.67.21.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        211.67.21.104.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        nexusrules.officeapps.live.com
        Remote address:
        8.8.8.8:53
        Request
        nexusrules.officeapps.live.com
        IN A
        Response
        nexusrules.officeapps.live.com
        IN CNAME
        prod.nexusrules.live.com.akadns.net
        prod.nexusrules.live.com.akadns.net
        IN A
        52.111.229.19
      • flag-us
        DNS
        209.80.50.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        209.80.50.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        0.204.248.87.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        0.204.248.87.in-addr.arpa
        IN PTR
        Response
        0.204.248.87.in-addr.arpa
        IN PTR
        https-87-248-204-0lhrllnwnet
      • flag-us
        DNS
        99.56.20.217.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        99.56.20.217.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        ocsp.digicert.com
        Remote address:
        8.8.8.8:53
        Request
        ocsp.digicert.com
        IN A
        Response
        ocsp.digicert.com
        IN CNAME
        ocsp.edge.digicert.com
        ocsp.edge.digicert.com
        IN CNAME
        fp2e7a.wpc.2be4.phicdn.net
        fp2e7a.wpc.2be4.phicdn.net
        IN CNAME
        fp2e7a.wpc.phicdn.net
        fp2e7a.wpc.phicdn.net
        IN A
        192.229.221.95
      • flag-us
        DNS
        4.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        4.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        55.36.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        55.36.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        arc.msn.com
        Remote address:
        8.8.8.8:53
        Request
        arc.msn.com
        IN A
        Response
        arc.msn.com
        IN CNAME
        arc.trafficmanager.net
        arc.trafficmanager.net
        IN CNAME
        iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
        iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
        IN A
        20.223.35.26
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        arc.msn.com
        Remote address:
        8.8.8.8:53
        Request
        arc.msn.com
        IN A
        Response
        arc.msn.com
        IN CNAME
        arc.trafficmanager.net
        arc.trafficmanager.net
        IN CNAME
        iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
        iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
        IN A
        20.223.35.26
      • flag-us
        DNS
        233.18.21.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        233.18.21.104.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        communicationgenerwo.shop
        Remote address:
        8.8.8.8:53
        Request
        communicationgenerwo.shop
        IN A
        Response
        communicationgenerwo.shop
        IN A
        172.67.166.251
        communicationgenerwo.shop
        IN A
        104.21.83.19
      • flag-us
        DNS
        251.166.67.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        251.166.67.172.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        251.166.67.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        251.166.67.172.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        251.166.67.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        251.166.67.172.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        132.205.67.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        132.205.67.172.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        143.23.21.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        143.23.21.104.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.47.21.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.47.21.104.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        self.events.data.microsoft.com
        Remote address:
        8.8.8.8:53
        Request
        self.events.data.microsoft.com
        IN A
        Response
        self.events.data.microsoft.com
        IN CNAME
        self-events-data.trafficmanager.net
        self-events-data.trafficmanager.net
        IN CNAME
        onedscolprdneu02.northeurope.cloudapp.azure.com
        onedscolprdneu02.northeurope.cloudapp.azure.com
        IN A
        20.50.80.209
      • flag-us
        DNS
        ocsp.digicert.com
        Remote address:
        8.8.8.8:53
        Request
        ocsp.digicert.com
        IN A
        Response
        ocsp.digicert.com
        IN CNAME
        ocsp.edge.digicert.com
        ocsp.edge.digicert.com
        IN CNAME
        fp2e7a.wpc.2be4.phicdn.net
        fp2e7a.wpc.2be4.phicdn.net
        IN CNAME
        fp2e7a.wpc.phicdn.net
        fp2e7a.wpc.phicdn.net
        IN A
        192.229.221.95
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        ctldl.windowsupdate.com
        Remote address:
        8.8.8.8:53
        Request
        ctldl.windowsupdate.com
        IN A
        Response
        ctldl.windowsupdate.com
        IN CNAME
        wu-bg-shim.trafficmanager.net
        wu-bg-shim.trafficmanager.net
        IN CNAME
        edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
        edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
        IN A
        217.20.56.99
        edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
        IN A
        217.20.56.43
        edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
        IN A
        217.20.58.101
        edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
        IN A
        217.20.58.100
        edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
        IN A
        217.20.58.98
        edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
        IN A
        217.20.56.37
        edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
        IN A
        217.20.58.99
      • flag-us
        DNS
        login.live.com
        Remote address:
        8.8.8.8:53
        Request
        login.live.com
        IN A
        Response
        login.live.com
        IN CNAME
        login.msa.msidentity.com
        login.msa.msidentity.com
        IN CNAME
        www.tm.lg.prod.aadmsa.trafficmanager.net
        www.tm.lg.prod.aadmsa.trafficmanager.net
        IN CNAME
        prdv4a.aadg.msidentity.com
        prdv4a.aadg.msidentity.com
        IN CNAME
        www.tm.v4.a.prd.aadg.trafficmanager.net
        www.tm.v4.a.prd.aadg.trafficmanager.net
        IN A
        20.190.159.4
        www.tm.v4.a.prd.aadg.trafficmanager.net
        IN A
        20.190.159.0
        www.tm.v4.a.prd.aadg.trafficmanager.net
        IN A
        20.190.159.2
        www.tm.v4.a.prd.aadg.trafficmanager.net
        IN A
        20.190.159.68
        www.tm.v4.a.prd.aadg.trafficmanager.net
        IN A
        40.126.31.69
        www.tm.v4.a.prd.aadg.trafficmanager.net
        IN A
        20.190.159.64
        www.tm.v4.a.prd.aadg.trafficmanager.net
        IN A
        20.190.159.71
        www.tm.v4.a.prd.aadg.trafficmanager.net
        IN A
        20.190.159.23
      • flag-us
        DNS
        arc.msn.com
        Remote address:
        8.8.8.8:53
        Request
        arc.msn.com
        IN A
        Response
        arc.msn.com
        IN CNAME
        arc.trafficmanager.net
        arc.trafficmanager.net
        IN CNAME
        iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
        iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
        IN A
        20.223.36.55
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        200.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.197.79.204.in-addr.arpa
        IN PTR
        Response
        200.197.79.204.in-addr.arpa
        IN PTR
        a-0001a-msedgenet
      • flag-us
        DNS
        ris.api.iris.microsoft.com
        Remote address:
        8.8.8.8:53
        Request
        ris.api.iris.microsoft.com
        IN A
        Response
        ris.api.iris.microsoft.com
        IN CNAME
        ris-prod.trafficmanager.net
        ris-prod.trafficmanager.net
        IN CNAME
        asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
        asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
        IN A
        20.234.120.54
      • flag-us
        DNS
        54.120.234.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        54.120.234.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 621794
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 0A07F2DADA0E4C7B87D2D886E8C09D1B Ref B: LON04EDGE1213 Ref C: 2024-04-22T20:04:23Z
        date: Mon, 22 Apr 2024 20:04:23 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 659775
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 7EFC9B2EB31649FA9A20E8EA82EA2CF2 Ref B: LON04EDGE1213 Ref C: 2024-04-22T20:04:23Z
        date: Mon, 22 Apr 2024 20:04:23 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 638730
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: B8764F300EC84AE1AD6E403A540DF9F7 Ref B: LON04EDGE1213 Ref C: 2024-04-22T20:04:23Z
        date: Mon, 22 Apr 2024 20:04:23 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 555746
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 04654B143A0740808D54EB01A9A267B2 Ref B: LON04EDGE1213 Ref C: 2024-04-22T20:04:23Z
        date: Mon, 22 Apr 2024 20:04:23 GMT
      • 172.67.185.32:443
        cleartotalfisherwo.shop
        tls
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        1.6kB
         8.0kB
         13
        14
      • 172.67.199.191:443
        worryfillvolcawoi.shop
        tls
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        1.1kB
         6.9kB
         10
        10
      • 104.21.18.233:443
        enthusiasimtitleow.shop
        tls
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        1.1kB
         7.0kB
         10
        10
      • 172.67.205.132:443
        dismissalcylinderhostw.shop
        tls
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        1.1kB
         6.9kB
         10
        9
      • 104.21.67.211:443
        affordcharmcropwo.shop
        tls
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        1.2kB
         6.6kB
         11
        11
      • 104.21.23.143:443
        diskretainvigorousiw.shop
        tls
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        1.1kB
         6.6kB
         10
        10
      • 172.67.166.251:443
        communicationgenerwo.shop
        tls
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        1.1kB
         6.9kB
         10
        9
      • 104.21.47.56:443
        pillowbrocccolipe.shop
        tls
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        1.1kB
         7.0kB
         10
        10
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.3kB
         8.1kB
         16
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.3kB
         8.1kB
         16
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.3kB
         8.1kB
         16
        14
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        tls, http2
        93.0kB
         2.6MB
         1881
        1879

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200
      • 8.8.8.8:53
        cleartotalfisherwo.shop
        dns
        31b6a608393ad6cadd7eadf286795aef37260c9b99e837f1d7a1aa4e9a7f901b.exe
        689 B
         1.0kB
         10
        9

        DNS Request

        cleartotalfisherwo.shop

        DNS Response

        172.67.185.32
        104.21.72.132

        DNS Request

        worryfillvolcawoi.shop

        DNS Response

        172.67.199.191
        104.21.44.125

        DNS Request

        8.8.8.8.in-addr.arpa

        DNS Request

        enthusiasimtitleow.shop

        DNS Response

        104.21.18.233
        172.67.183.226

        DNS Request

        affordcharmcropwo.shop

        DNS Response

        104.21.67.211
        172.67.181.34

        DNS Request

        diskretainvigorousiw.shop

        DNS Response

        104.21.23.143
        172.67.211.165

        DNS Request

        pillowbrocccolipe.shop

        DNS Response

        104.21.47.56
        172.67.144.218

        DNS Request

        19.229.111.52.in-addr.arpa

        DNS Request

        ctldl.windowsupdate.com

        DNS Request

        ctldl.windowsupdate.com

        DNS Response

        87.248.204.0

      • 8.8.8.8:53
        32.185.67.172.in-addr.arpa
        dns
        969 B
         2.0kB
         14
        14

        DNS Request

        32.185.67.172.in-addr.arpa

        DNS Request

        dismissalcylinderhostw.shop

        DNS Response

        172.67.205.132
        104.21.22.160

        DNS Request

        191.199.67.172.in-addr.arpa

        DNS Request

        211.67.21.104.in-addr.arpa

        DNS Request

        nexusrules.officeapps.live.com

        DNS Response

        52.111.229.19

        DNS Request

        209.80.50.20.in-addr.arpa

        DNS Request

        0.204.248.87.in-addr.arpa

        DNS Request

        99.56.20.217.in-addr.arpa

        DNS Request

        ocsp.digicert.com

        DNS Response

        192.229.221.95

        DNS Request

        4.159.190.20.in-addr.arpa

        DNS Request

        55.36.223.20.in-addr.arpa

        DNS Request

        arc.msn.com

        DNS Response

        20.223.35.26

        DNS Request

        26.35.223.20.in-addr.arpa

        DNS Request

        arc.msn.com

        DNS Response

        20.223.35.26

      • 8.8.8.8:53
        233.18.21.104.in-addr.arpa
        dns
        362 B
         372 B
         5
        3

        DNS Request

        233.18.21.104.in-addr.arpa

        DNS Request

        communicationgenerwo.shop

        DNS Response

        172.67.166.251
        104.21.83.19

        DNS Request

        251.166.67.172.in-addr.arpa

        DNS Request

        251.166.67.172.in-addr.arpa

        DNS Request

        251.166.67.172.in-addr.arpa

      • 8.8.8.8:53
        132.205.67.172.in-addr.arpa
        dns
        893 B
         2.3kB
         13
        13

        DNS Request

        132.205.67.172.in-addr.arpa

        DNS Request

        143.23.21.104.in-addr.arpa

        DNS Request

        56.47.21.104.in-addr.arpa

        DNS Request

        self.events.data.microsoft.com

        DNS Response

        20.50.80.209

        DNS Request

        ocsp.digicert.com

        DNS Response

        192.229.221.95

        DNS Request

        95.221.229.192.in-addr.arpa

        DNS Request

        ctldl.windowsupdate.com

        DNS Response

        217.20.56.99
        217.20.56.43
        217.20.58.101
        217.20.58.100
        217.20.58.98
        217.20.56.37
        217.20.58.99

        DNS Request

        login.live.com

        DNS Response

        20.190.159.4
        20.190.159.0
        20.190.159.2
        20.190.159.68
        40.126.31.69
        20.190.159.64
        20.190.159.71
        20.190.159.23

        DNS Request

        arc.msn.com

        DNS Response

        20.223.36.55

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

        DNS Request

        200.197.79.204.in-addr.arpa

        DNS Request

        ris.api.iris.microsoft.com

        DNS Response

        20.234.120.54

        DNS Request

        54.120.234.20.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4280-1-0x0000000002EE0000-0x0000000002FE0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/4280-2-0x0000000004BA0000-0x0000000004BEA000-memory.dmp

        Filesize

        296KB

        Download

      • memory/4280-3-0x0000000004C00000-0x0000000004C40000-memory.dmp

        Filesize

        256KB

        Download

      • memory/4280-4-0x0000000004C00000-0x0000000004C40000-memory.dmp

        Filesize

        256KB

        Download

      • memory/4280-5-0x0000000004C00000-0x0000000004C40000-memory.dmp

        Filesize

        256KB

        Download

      • memory/4280-6-0x0000000004C00000-0x0000000004C40000-memory.dmp

        Filesize

        256KB

        Download

      • memory/4280-7-0x0000000004C00000-0x0000000004C40000-memory.dmp

        Filesize

        256KB

        Download

      • memory/4280-8-0x0000000000400000-0x0000000002D57000-memory.dmp

        Filesize

        41.3MB

        Download

      • memory/4280-10-0x0000000004BA0000-0x0000000004BEA000-memory.dmp

        Filesize

        296KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.