Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

cracked_lunar.exe

windows7-x64

7

cracked_lunar.exe

windows10-2004-x64

7

cracked_lunar.pyc

windows7-x64

3

cracked_lunar.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    135s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/05/2024, 17:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cracked_lunar.exe

  • Size

    6.7MB

  • MD5

    a935a661746292c72c43f96a685fb148

  • SHA1

    464e4e832670ced5441b507a85fe79a4bdeb4802

  • SHA256

    524753508a50c33f404a87441625e1d9967d0c1a11b31c534e2d60b838fb1589

  • SHA512

    68e9a17255eab3ad2ae27442d1921a084c882ec59b6a498fbf3e8ab3e6b06b8c78a9e33871051b5bf9e5c974cf5b381433b1fdfd3b4ba2369ca91269de52bcf3

  • SSDEEP

    196608:Bfv8S5dQmRrdA6ly8Qnf2ODjMnGydS8GSyrDOQWl3:1l5dQOl6F3MnG38GSyrDPY

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 44 IoCs
  • Suspicious use of SendNotifyMessage 44 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cracked_lunar.exe
    "C:\Users\Admin\AppData\Local\Temp\cracked_lunar.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4688
    • C:\Users\Admin\AppData\Local\Temp\cracked_lunar.exe
      "C:\Users\Admin\AppData\Local\Temp\cracked_lunar.exe"
      2⤵
      • Loads dropped DLL
      PID:3388
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3120
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1960
    • C:\Users\Admin\AppData\Local\Temp\cracked_lunar.exe
      "C:\Users\Admin\AppData\Local\Temp\cracked_lunar.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Users\Admin\AppData\Local\Temp\cracked_lunar.exe
        "C:\Users\Admin\AppData\Local\Temp\cracked_lunar.exe"
        2⤵
        • Loads dropped DLL
        PID:2392

    Network

    • flag-us
      DNS
      249.197.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      249.197.17.2.in-addr.arpa
      IN PTR
      Response
      249.197.17.2.in-addr.arpa
      IN PTR
      a2-17-197-249deploystaticakamaitechnologiescom
    • flag-us
      DNS
      232.168.11.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      232.168.11.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8fWvVQ9nQhDKXSo3LbxfatTVUCUwD_2UHyXDmJNOntJ-eSx1pNZQAM_JKyhgS-gFs0rQCrvv9HUDiIvYzM4hX5yHdTX8hGUpACov82Gi6wYxsTNJDFTCSCCeqQxd2GP6GQ4lzDfQyGDmZYm3Cmo7vorR785t09J94tkIIn8X5M83hYMW5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D6573714b19291311dd321760a87d0ab3&TIME=20240426T135142Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8fWvVQ9nQhDKXSo3LbxfatTVUCUwD_2UHyXDmJNOntJ-eSx1pNZQAM_JKyhgS-gFs0rQCrvv9HUDiIvYzM4hX5yHdTX8hGUpACov82Gi6wYxsTNJDFTCSCCeqQxd2GP6GQ4lzDfQyGDmZYm3Cmo7vorR785t09J94tkIIn8X5M83hYMW5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D6573714b19291311dd321760a87d0ab3&TIME=20240426T135142Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=3EEA3668F46567422AD42214F5DE6625; domain=.bing.com; expires=Thu, 05-Jun-2025 17:50:30 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 66CDDA92A105476D9CD6B7AC052E719C Ref B: LON04EDGE0919 Ref C: 2024-05-11T17:50:30Z
      date: Sat, 11 May 2024 17:50:30 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8fWvVQ9nQhDKXSo3LbxfatTVUCUwD_2UHyXDmJNOntJ-eSx1pNZQAM_JKyhgS-gFs0rQCrvv9HUDiIvYzM4hX5yHdTX8hGUpACov82Gi6wYxsTNJDFTCSCCeqQxd2GP6GQ4lzDfQyGDmZYm3Cmo7vorR785t09J94tkIIn8X5M83hYMW5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D6573714b19291311dd321760a87d0ab3&TIME=20240426T135142Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8fWvVQ9nQhDKXSo3LbxfatTVUCUwD_2UHyXDmJNOntJ-eSx1pNZQAM_JKyhgS-gFs0rQCrvv9HUDiIvYzM4hX5yHdTX8hGUpACov82Gi6wYxsTNJDFTCSCCeqQxd2GP6GQ4lzDfQyGDmZYm3Cmo7vorR785t09J94tkIIn8X5M83hYMW5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D6573714b19291311dd321760a87d0ab3&TIME=20240426T135142Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3EEA3668F46567422AD42214F5DE6625; _EDGE_S=SID=066E3EDD9AEA63B200812AA19BA26245
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=N5SlUaxP-0bdhp_EaD1HW-4ifCZwoxQ1oRiGp0G2gjs; domain=.bing.com; expires=Thu, 05-Jun-2025 17:50:31 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 1FF6FEF56F8F4C39826A2ED30D4BDA0C Ref B: LON04EDGE0919 Ref C: 2024-05-11T17:50:31Z
      date: Sat, 11 May 2024 17:50:31 GMT
    • flag-us
      DNS
      76.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      76.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-nl
      GET
      https://www.bing.com/aes/c.gif?RG=0d47f4b5026c4dd689eccd82b504b5b3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135142Z&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984
      Remote address:
      23.62.61.97:443
      Request
      GET /aes/c.gif?RG=0d47f4b5026c4dd689eccd82b504b5b3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135142Z&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3EEA3668F46567422AD42214F5DE6625
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 715354BDD3CA4DAD81B9C52565C35D36 Ref B: BRU30EDGE0813 Ref C: 2024-05-11T17:50:31Z
      content-length: 0
      date: Sat, 11 May 2024 17:50:31 GMT
      set-cookie: _EDGE_S=SID=066E3EDD9AEA63B200812AA19BA26245; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=3EEA3668F46567422AD42214F5DE6625; path=/; httponly; expires=Thu, 05-Jun-2025 17:50:31 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.5d3d3e17.1715449831.70bddf7
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      97.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.61.62.23.in-addr.arpa
      IN PTR
      Response
      97.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-97deploystaticakamaitechnologiescom
    • flag-nl
      GET
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      Remote address:
      23.62.61.97:443
      Request
      GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
      host: www.bing.com
      accept: */*
      cookie: MUID=3EEA3668F46567422AD42214F5DE6625; _EDGE_S=SID=066E3EDD9AEA63B200812AA19BA26245; MSPTC=N5SlUaxP-0bdhp_EaD1HW-4ifCZwoxQ1oRiGp0G2gjs; MUIDB=3EEA3668F46567422AD42214F5DE6625
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-type: image/png
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      content-length: 1107
      date: Sat, 11 May 2024 17:50:32 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.5d3d3e17.1715449832.70be17b
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      196.249.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      196.249.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      17.143.109.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      17.143.109.104.in-addr.arpa
      IN PTR
      Response
      17.143.109.104.in-addr.arpa
      IN PTR
      a104-109-143-17deploystaticakamaitechnologiescom
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      13.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 382817
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 7AF13CC2058B4C50A9427276DB87AFC8 Ref B: LON04EDGE0609 Ref C: 2024-05-11T17:52:10Z
      date: Sat, 11 May 2024 17:52:09 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 499516
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: C73426E07BC44E9D9BB0901CECC8527C Ref B: LON04EDGE0609 Ref C: 2024-05-11T17:52:10Z
      date: Sat, 11 May 2024 17:52:09 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 476246
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 96D827A5B82647D38615065D28B8682D Ref B: LON04EDGE0609 Ref C: 2024-05-11T17:52:10Z
      date: Sat, 11 May 2024 17:52:09 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 464243
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 4938409245854F7D8042C8BE8285E7A7 Ref B: LON04EDGE0609 Ref C: 2024-05-11T17:52:10Z
      date: Sat, 11 May 2024 17:52:09 GMT
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8fWvVQ9nQhDKXSo3LbxfatTVUCUwD_2UHyXDmJNOntJ-eSx1pNZQAM_JKyhgS-gFs0rQCrvv9HUDiIvYzM4hX5yHdTX8hGUpACov82Gi6wYxsTNJDFTCSCCeqQxd2GP6GQ4lzDfQyGDmZYm3Cmo7vorR785t09J94tkIIn8X5M83hYMW5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D6573714b19291311dd321760a87d0ab3&TIME=20240426T135142Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6
      tls, http2
      2.5kB
       9.0kB
       20
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8fWvVQ9nQhDKXSo3LbxfatTVUCUwD_2UHyXDmJNOntJ-eSx1pNZQAM_JKyhgS-gFs0rQCrvv9HUDiIvYzM4hX5yHdTX8hGUpACov82Gi6wYxsTNJDFTCSCCeqQxd2GP6GQ4lzDfQyGDmZYm3Cmo7vorR785t09J94tkIIn8X5M83hYMW5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D6573714b19291311dd321760a87d0ab3&TIME=20240426T135142Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8fWvVQ9nQhDKXSo3LbxfatTVUCUwD_2UHyXDmJNOntJ-eSx1pNZQAM_JKyhgS-gFs0rQCrvv9HUDiIvYzM4hX5yHdTX8hGUpACov82Gi6wYxsTNJDFTCSCCeqQxd2GP6GQ4lzDfQyGDmZYm3Cmo7vorR785t09J94tkIIn8X5M83hYMW5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D6573714b19291311dd321760a87d0ab3&TIME=20240426T135142Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6

      HTTP Response

      204
    • 23.62.61.97:443
      https://www.bing.com/aes/c.gif?RG=0d47f4b5026c4dd689eccd82b504b5b3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135142Z&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984
      tls, http2
      1.5kB
       5.4kB
       17
      12

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=0d47f4b5026c4dd689eccd82b504b5b3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135142Z&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984

      HTTP Response

      200
    • 23.62.61.97:443
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      tls, http2
      1.7kB
       6.4kB
       18
      13

      HTTP Request

      GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       8.1kB
       16
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       8.1kB
       16
      14
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      tls, http2
      65.4kB
       1.9MB
       1374
      1372

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       8.1kB
       16
      14
    • 8.8.8.8:53
      249.197.17.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      249.197.17.2.in-addr.arpa

    • 8.8.8.8:53
      232.168.11.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      232.168.11.51.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      76.32.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      76.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
       143 B
       1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      97.61.62.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      97.61.62.23.in-addr.arpa

    • 8.8.8.8:53
      57.169.31.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      57.169.31.20.in-addr.arpa

    • 8.8.8.8:53
      196.249.167.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      196.249.167.52.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      17.143.109.104.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      17.143.109.104.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      13.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      13.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       173 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      73 B
       106 B
       1
      1

      DNS Request

      200.197.79.204.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI46882\VCRUNTIME140.dll
      Filesize

      96KB

      MD5

      f12681a472b9dd04a812e16096514974

      SHA1

      6fd102eb3e0b0e6eef08118d71f28702d1a9067c

      SHA256

      d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

      SHA512

      7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI46882\base_library.zip
      Filesize

      1.7MB

      MD5

      334e5d6e591eccd91d2121194db22815

      SHA1

      821d70c44dc7f25a784e9938d74e75a3471e1ad0

      SHA256

      9e830533f6e67b84d9dbc502db38a6f25d3c984f1a6a195a50f838d48d5b3ba5

      SHA512

      bac4a1283745e5eb4db953227bbf00831c8a0c3c831f5889e0d0630841e59c8ad96c3386ce3ad48300f4754fde188212edc79b78c9c98f76bca21987c1c05866

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_MEI46882\python311.dll
      Filesize

      5.5MB

      MD5

      9a24c8c35e4ac4b1597124c1dcbebe0f

      SHA1

      f59782a4923a30118b97e01a7f8db69b92d8382a

      SHA256

      a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

      SHA512

      9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

      Download Submit

    • memory/1960-30-0x00000238A4650000-0x00000238A4651000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1960-19-0x00000238A4650000-0x00000238A4651000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1960-20-0x00000238A4650000-0x00000238A4651000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1960-18-0x00000238A4650000-0x00000238A4651000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1960-29-0x00000238A4650000-0x00000238A4651000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1960-28-0x00000238A4650000-0x00000238A4651000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1960-27-0x00000238A4650000-0x00000238A4651000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1960-26-0x00000238A4650000-0x00000238A4651000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1960-25-0x00000238A4650000-0x00000238A4651000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1960-24-0x00000238A4650000-0x00000238A4651000-memory.dmp

      Filesize

      4KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.