Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

437ead7b2b...31.exe

windows7-x64

10

437ead7b2b...31.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/05/2024, 01:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    437ead7b2bb32872480a15c9e391792b939d6feb944f45a756f3dc84d9168831.exe

  • Size

    1.1MB

  • MD5

    01311bbcca3794100bc4ef5a6f7f471e

  • SHA1

    01372089b8656907ec48e97eb911d05c41b9c651

  • SHA256

    437ead7b2bb32872480a15c9e391792b939d6feb944f45a756f3dc84d9168831

  • SHA512

    5fcc0ea9c247f591c6d2fcf37d5feb2e237856fe00cce1091eaf6f7254778b31e23507c2eed436c2a437d0033712096777097e6fa7960c14e18af0eee2504d21

  • SSDEEP

    24576:K4lavt0LkLL9IMixoEgea0k9I/l1uh9hq9MmCS:dkwkn9IMHea5y91utaPCS

Score
10/10
agentteslazgratkeyloggerratspywarestealertrojan

Malware Config

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Detect ZGRat V1 33 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\437ead7b2bb32872480a15c9e391792b939d6feb944f45a756f3dc84d9168831.exe
    "C:\Users\Admin\AppData\Local\Temp\437ead7b2bb32872480a15c9e391792b939d6feb944f45a756f3dc84d9168831.exe"
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1236
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Users\Admin\AppData\Local\Temp\437ead7b2bb32872480a15c9e391792b939d6feb944f45a756f3dc84d9168831.exe"
      2⤵
        PID:2168
      • C:\Users\Admin\AppData\Local\Temp\437ead7b2bb32872480a15c9e391792b939d6feb944f45a756f3dc84d9168831.exe
        "C:\Users\Admin\AppData\Local\Temp\437ead7b2bb32872480a15c9e391792b939d6feb944f45a756f3dc84d9168831.exe"
        2⤵
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:732
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
          "C:\Users\Admin\AppData\Local\Temp\437ead7b2bb32872480a15c9e391792b939d6feb944f45a756f3dc84d9168831.exe"
          3⤵
            PID:3752
          • C:\Users\Admin\AppData\Local\Temp\437ead7b2bb32872480a15c9e391792b939d6feb944f45a756f3dc84d9168831.exe
            "C:\Users\Admin\AppData\Local\Temp\437ead7b2bb32872480a15c9e391792b939d6feb944f45a756f3dc84d9168831.exe"
            3⤵
            • Suspicious use of SetThreadContext
            • Suspicious behavior: MapViewOfSection
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of WriteProcessMemory
            PID:3380
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
              "C:\Users\Admin\AppData\Local\Temp\437ead7b2bb32872480a15c9e391792b939d6feb944f45a756f3dc84d9168831.exe"
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:3412

      Network

      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        DNS
        217.106.137.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        217.106.137.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        6.160.77.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        6.160.77.104.in-addr.arpa
        IN PTR
        Response
        6.160.77.104.in-addr.arpa
        IN PTR
        a104-77-160-6deploystaticakamaitechnologiescom
      • flag-us
        GET
        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8B0-xfVzW_KNddqZyB1XdQDVUCUxQbEd36opxMeaNgWpOYFklJoyQBwEurz9wGFG1p-yxhRvB8Cti6uB2aN7XcSahCJ-NoXDiuMnLmcvo-coTM1u1D9S_0dY8wAiEGJ8QvI671lW9ArF7beiMtE5Y5hdLlEzxNGi9oRnDczK0uReDwgw2%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D5d28b300759e19dbe260d52bc4d4dc4c&TIME=20240426T135136Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8B0-xfVzW_KNddqZyB1XdQDVUCUxQbEd36opxMeaNgWpOYFklJoyQBwEurz9wGFG1p-yxhRvB8Cti6uB2aN7XcSahCJ-NoXDiuMnLmcvo-coTM1u1D9S_0dY8wAiEGJ8QvI671lW9ArF7beiMtE5Y5hdLlEzxNGi9oRnDczK0uReDwgw2%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D5d28b300759e19dbe260d52bc4d4dc4c&TIME=20240426T135136Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6 HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=358DB1FB50B16B1107CBA58051516AC5; domain=.bing.com; expires=Wed, 04-Jun-2025 01:23:41 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 9864BD7C81934AF69083DF39263DDE88 Ref B: LON04EDGE1005 Ref C: 2024-05-10T01:23:41Z
        date: Fri, 10 May 2024 01:23:41 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8B0-xfVzW_KNddqZyB1XdQDVUCUxQbEd36opxMeaNgWpOYFklJoyQBwEurz9wGFG1p-yxhRvB8Cti6uB2aN7XcSahCJ-NoXDiuMnLmcvo-coTM1u1D9S_0dY8wAiEGJ8QvI671lW9ArF7beiMtE5Y5hdLlEzxNGi9oRnDczK0uReDwgw2%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D5d28b300759e19dbe260d52bc4d4dc4c&TIME=20240426T135136Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6
        Remote address:
        204.79.197.237:443
        Request
        GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8B0-xfVzW_KNddqZyB1XdQDVUCUxQbEd36opxMeaNgWpOYFklJoyQBwEurz9wGFG1p-yxhRvB8Cti6uB2aN7XcSahCJ-NoXDiuMnLmcvo-coTM1u1D9S_0dY8wAiEGJ8QvI671lW9ArF7beiMtE5Y5hdLlEzxNGi9oRnDczK0uReDwgw2%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D5d28b300759e19dbe260d52bc4d4dc4c&TIME=20240426T135136Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6 HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=358DB1FB50B16B1107CBA58051516AC5; _EDGE_S=SID=27EF065032756C2E15A1122B33DF6D46
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=TFCLn1sKsQDqW3sIuN9ShwtfIGiijtTeo4apxcaYabA; domain=.bing.com; expires=Wed, 04-Jun-2025 01:23:42 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 77ED93C362EE472DBB659F5BF4D536FC Ref B: LON04EDGE1005 Ref C: 2024-05-10T01:23:42Z
        date: Fri, 10 May 2024 01:23:42 GMT
      • flag-us
        DNS
        237.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.197.79.204.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        api.ipify.org
        RegSvcs.exe
        Remote address:
        8.8.8.8:53
        Request
        api.ipify.org
        IN A
        Response
        api.ipify.org
        IN A
        104.26.12.205
        api.ipify.org
        IN A
        172.67.74.152
        api.ipify.org
        IN A
        104.26.13.205
      • flag-us
        GET
        https://api.ipify.org/
        RegSvcs.exe
        Remote address:
        104.26.12.205:443
        Request
        GET / HTTP/1.1
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
        Host: api.ipify.org
        Connection: Keep-Alive
        Response
        HTTP/1.1 200 OK
        Date: Fri, 10 May 2024 01:23:42 GMT
        Content-Type: text/plain
        Content-Length: 14
        Connection: keep-alive
        Vary: Origin
        CF-Cache-Status: DYNAMIC
        Server: cloudflare
        CF-RAY: 8816201d4a12dcef-LHR
      • flag-nl
        GET
        https://www.bing.com/aes/c.gif?RG=22a32a6fedbd4a90aec6061f20970c69&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135136Z&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984
        Remote address:
        23.62.61.194:443
        Request
        GET /aes/c.gif?RG=22a32a6fedbd4a90aec6061f20970c69&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135136Z&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984 HTTP/2.0
        host: www.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=358DB1FB50B16B1107CBA58051516AC5
        Response
        HTTP/2.0 200
        cache-control: private,no-store
        pragma: no-cache
        vary: Origin
        p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 2D72ACF99D4C439C8FA03CFEA58EF3F6 Ref B: DUS30EDGE0809 Ref C: 2024-05-10T01:23:42Z
        content-length: 0
        date: Fri, 10 May 2024 01:23:42 GMT
        set-cookie: _EDGE_S=SID=27EF065032756C2E15A1122B33DF6D46; path=/; httponly; domain=bing.com
        set-cookie: MUIDB=358DB1FB50B16B1107CBA58051516AC5; path=/; httponly; expires=Wed, 04-Jun-2025 01:23:42 GMT
        alt-svc: h3=":443"; ma=93600
        x-cdn-traceid: 0.be3d3e17.1715304222.1be297
      • flag-us
        DNS
        64.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        64.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        205.12.26.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        205.12.26.104.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        194.61.62.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        194.61.62.23.in-addr.arpa
        IN PTR
        Response
        194.61.62.23.in-addr.arpa
        IN PTR
        a23-62-61-194deploystaticakamaitechnologiescom
      • flag-nl
        GET
        https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        Remote address:
        23.62.61.194:443
        Request
        GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
        host: www.bing.com
        accept: */*
        cookie: MUID=358DB1FB50B16B1107CBA58051516AC5; _EDGE_S=SID=27EF065032756C2E15A1122B33DF6D46; MSPTC=TFCLn1sKsQDqW3sIuN9ShwtfIGiijtTeo4apxcaYabA; MUIDB=358DB1FB50B16B1107CBA58051516AC5
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-type: image/png
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        content-length: 1107
        date: Fri, 10 May 2024 01:23:44 GMT
        alt-svc: h3=":443"; ma=93600
        x-cdn-traceid: 0.be3d3e17.1715304224.1be393
      • flag-us
        DNS
        86.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        86.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        15.164.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        15.164.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        77.190.18.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        77.190.18.2.in-addr.arpa
        IN PTR
        Response
        77.190.18.2.in-addr.arpa
        IN PTR
        a2-18-190-77deploystaticakamaitechnologiescom
      • flag-us
        DNS
        43.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        43.229.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 464243
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: C370AA213D9D4A3B96873BC371D61F3E Ref B: LON04EDGE0714 Ref C: 2024-05-10T01:25:22Z
        date: Fri, 10 May 2024 01:25:21 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 382817
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: C864174E7EA446AD80E6EED0F5D4A10D Ref B: LON04EDGE0714 Ref C: 2024-05-10T01:25:22Z
        date: Fri, 10 May 2024 01:25:21 GMT
      • flag-us
        DNS
        205.47.74.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        205.47.74.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        170.117.168.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        170.117.168.52.in-addr.arpa
        IN PTR
        Response
      • 204.79.197.237:443
        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8B0-xfVzW_KNddqZyB1XdQDVUCUxQbEd36opxMeaNgWpOYFklJoyQBwEurz9wGFG1p-yxhRvB8Cti6uB2aN7XcSahCJ-NoXDiuMnLmcvo-coTM1u1D9S_0dY8wAiEGJ8QvI671lW9ArF7beiMtE5Y5hdLlEzxNGi9oRnDczK0uReDwgw2%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D5d28b300759e19dbe260d52bc4d4dc4c&TIME=20240426T135136Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6
        tls, http2
        2.8kB
         8.8kB
         19
        12

        HTTP Request

        GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8B0-xfVzW_KNddqZyB1XdQDVUCUxQbEd36opxMeaNgWpOYFklJoyQBwEurz9wGFG1p-yxhRvB8Cti6uB2aN7XcSahCJ-NoXDiuMnLmcvo-coTM1u1D9S_0dY8wAiEGJ8QvI671lW9ArF7beiMtE5Y5hdLlEzxNGi9oRnDczK0uReDwgw2%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D5d28b300759e19dbe260d52bc4d4dc4c&TIME=20240426T135136Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8B0-xfVzW_KNddqZyB1XdQDVUCUxQbEd36opxMeaNgWpOYFklJoyQBwEurz9wGFG1p-yxhRvB8Cti6uB2aN7XcSahCJ-NoXDiuMnLmcvo-coTM1u1D9S_0dY8wAiEGJ8QvI671lW9ArF7beiMtE5Y5hdLlEzxNGi9oRnDczK0uReDwgw2%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D5d28b300759e19dbe260d52bc4d4dc4c&TIME=20240426T135136Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6

        HTTP Response

        204
      • 104.26.12.205:443
        https://api.ipify.org/
        tls, http
        RegSvcs.exe
        900 B
         5.5kB
         10
        10

        HTTP Request

        GET https://api.ipify.org/

        HTTP Response

        200
      • 23.62.61.194:443
        https://www.bing.com/aes/c.gif?RG=22a32a6fedbd4a90aec6061f20970c69&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135136Z&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984
        tls, http2
        1.4kB
         5.3kB
         16
        11

        HTTP Request

        GET https://www.bing.com/aes/c.gif?RG=22a32a6fedbd4a90aec6061f20970c69&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135136Z&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984

        HTTP Response

        200
      • 23.62.61.194:443
        https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
        tls, http2
        1.5kB
         6.4kB
         15
        12

        HTTP Request

        GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

        HTTP Response

        200
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        tls, http2
        30.5kB
         883.8kB
         645
        640

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Response

        200

        HTTP Response

        200
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.1kB
         16
        14
      • 8.8.8.8:53
        8.8.8.8.in-addr.arpa
        dns
        66 B
         90 B
         1
        1

        DNS Request

        8.8.8.8.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        168 B
         151 B
         3
        1

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.237
        13.107.21.237

      • 8.8.8.8:53
        217.106.137.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        217.106.137.52.in-addr.arpa

      • 8.8.8.8:53
        6.160.77.104.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        6.160.77.104.in-addr.arpa

      • 8.8.8.8:53
        237.197.79.204.in-addr.arpa
        dns
        73 B
         143 B
         1
        1

        DNS Request

        237.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        api.ipify.org
        dns
        RegSvcs.exe
        59 B
         107 B
         1
        1

        DNS Request

        api.ipify.org

        DNS Response

        104.26.12.205
        172.67.74.152
        104.26.13.205

      • 8.8.8.8:53
        64.159.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        64.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        205.12.26.104.in-addr.arpa
        dns
        72 B
         134 B
         1
        1

        DNS Request

        205.12.26.104.in-addr.arpa

      • 8.8.8.8:53
        194.61.62.23.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        194.61.62.23.in-addr.arpa

      • 8.8.8.8:53
        86.23.85.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        86.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        15.164.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        15.164.165.52.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        77.190.18.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        77.190.18.2.in-addr.arpa

      • 8.8.8.8:53
        43.229.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        43.229.111.52.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
         173 B
         1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        205.47.74.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        205.47.74.20.in-addr.arpa

      • 8.8.8.8:53
        170.117.168.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        170.117.168.52.in-addr.arpa

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\aut79B4.tmp
        Filesize

        260KB

        MD5

        7bde5cead8dc88649fd9a646987d681b

        SHA1

        bac867ff6c74d0fc9e303a419856542a1e65fcf0

        SHA256

        85b581de960dc784124a8c937dae07c17412a0ca44fad8fc4a3554dee60a1b39

        SHA512

        6204008f3904271656452630be8a5bbc2e4871c68d9a11fe1505210da2187e932ab69e7950af6ab79fb0d4e90db989e2b303c081474518652df48f2747e0074b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\aut79D4.tmp
        Filesize

        9KB

        MD5

        c716019e0d264b1dadd72e704190699b

        SHA1

        3b922810e3981240b567baac1d7ae2082fbadb90

        SHA256

        138aae39695cc7715c5ceb2109f42a669480424179a5487d053bd6b8ec8beaa1

        SHA512

        30b2ac411506483244aae97d8ee971c001ad4465edc3a8255c00923e0be0092976a3e2752568d3240a4354807753c0e29a8901a2b71c3c6acf0a334c5b1bfca4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\conged
        Filesize

        29KB

        MD5

        75bac33d2f9686ca5a73c23c0499d3c7

        SHA1

        51cc3027dc9f25d9f8303de574133c0ef6226dba

        SHA256

        d0ad39e0760c18c0637a6ba84309295db9104a91e30bf13c1dffbb92c5da9ce7

        SHA512

        70a7d7dac136b1c6ea1f391470a01195319b60945550f9ab37c15b9e766e5f343f82489c8424d83f1d4fa1c8ddc09efc80e5e922b8d59a455ac7773232ef1520

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\prophetesses
        Filesize

        192KB

        MD5

        93f4871f51579b651ca84b1c08b19379

        SHA1

        bf43ce45181e41cb689bd89bc48548bee0f71221

        SHA256

        98136aa972cd8c40692b1d582c4191d2b2c5f610cba49a454469642ba7738900

        SHA512

        ffc120889e216ac9acce071ccdf78231debabaabb75ec1de23cb30518ef144aa7e6d2138f67f818d271994bd4f743c1d5ca89b4f9f35c3a301a6cada597d7402

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\prophetesses
        Filesize

        261KB

        MD5

        4e79f81a94866e0630f2ac3bea08b706

        SHA1

        c56d834ac8c8928c7291a2ea183bf1342bd3bee2

        SHA256

        501d2385a7f215159fa32727d8791a2b62e033ed336c327f6d5fc4fb7c09728a

        SHA512

        80bd22db86705e50b4b8395742945ae04e0055659e42182af966fab8a19f9b9dcacde77137fc5c2d7d6c50b7e1613256082f3caba8b08694281874d9f2152071

        Download Submit

      • memory/1236-10-0x0000000003C30000-0x0000000003C34000-memory.dmp

        Filesize

        16KB

        Download

      • memory/3412-35-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download

      • memory/3412-37-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download

      • memory/3412-38-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download

      • memory/3412-36-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download

      • memory/3412-39-0x00000000056D0000-0x0000000005724000-memory.dmp

        Filesize

        336KB

        Download

      • memory/3412-40-0x0000000005DE0000-0x0000000006384000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/3412-41-0x0000000005760000-0x00000000057B2000-memory.dmp

        Filesize

        328KB

        Download

      • memory/3412-51-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-97-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-91-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-85-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-77-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-59-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-53-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-49-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-47-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-45-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-43-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-42-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-101-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-99-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-95-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-93-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-89-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-87-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-83-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-82-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-79-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-75-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-74-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-71-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-69-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-67-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-65-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-63-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-61-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-57-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-56-0x0000000005760000-0x00000000057AD000-memory.dmp

        Filesize

        308KB

        Download

      • memory/3412-1072-0x00000000059A0000-0x0000000005A06000-memory.dmp

        Filesize

        408KB

        Download

      • memory/3412-1073-0x0000000006C90000-0x0000000006CE0000-memory.dmp

        Filesize

        320KB

        Download

      • memory/3412-1074-0x0000000006D80000-0x0000000006E12000-memory.dmp

        Filesize

        584KB

        Download

      • memory/3412-1075-0x0000000006CF0000-0x0000000006CFA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/3412-1076-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.