Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2fcf6fe837...98.exe

windows7-x64

7

2fcf6fe837...98.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2024, 20:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998.exe

  • Size

    2.0MB

  • MD5

    f8aa8241a5b1f06d36c10aa06098aeaa

  • SHA1

    349f4ba35e552f3763c3264155df50fe2f28390e

  • SHA256

    2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998

  • SHA512

    8b8bf7e79a5dd956dc6e2fc00854acc11c129d44be939cfa1d71b7eddab739fbb84f3267597b64ec9cce7e2c3efe39360295415dc3498956beff08dec91d24fc

  • SSDEEP

    49152:C9G+HROQ/ngZYOop+qNiAImS9J+aDxeWr0y6ZnT:W3PjOjeXS9U0ey6ZT

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 12 IoCs
  • Drops file in Program Files directory 17 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998.exe
    "C:\Users\Admin\AppData\Local\Temp\2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Users\Admin\AppData\Local\Temp\2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998.exe
      "C:\Users\Admin\AppData\Local\Temp\2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998.exe"
      2⤵
      • Checks computer location settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:408
      • C:\Users\Admin\AppData\Local\Temp\2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998.exe
        "C:\Users\Admin\AppData\Local\Temp\2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998.exe"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:3052
    • C:\Users\Admin\AppData\Local\Temp\2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998.exe
      "C:\Users\Admin\AppData\Local\Temp\2fcf6fe837b6364d1fee9a5571705eed8e4cf67e34068aeb0bf435b374525998.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:784
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 1212
      2⤵
      • Program crash
      PID:1096
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1692 -ip 1692
    1⤵
      PID:3524

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      58.55.71.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.55.71.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8h7vfMCH8u0aTiH2aCbJNMTVUCUzpGGVYaDV_lyRFBUk_prbchoSIigUNwuPxeuiYKjmSC0SurxzVnSqGAX1N2SdyBIrmJr6oMjgMkWBGQfIWH348HhKlhRq7KGJStz6WEqvATjy3KndQLWL2GFcFm0rxgkbr5RvBK4f15oMyacAWQHAn%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZmFwcHMubWljcm9zb2Z0LmNvbSUyZnN0b3JlJTJmZGV0YWlsJTJmb3V0bG9vay1mb3Itd2luZG93cyUyZjlOUlg2MzIwOVI3QiUzZmhsJTNkZW4tdXMlMjZnbCUzZHVzJTI2T0NJRCUzZGNtbXE2bWdvamxlJTI2Rk9STSUzZE01MDA2WA%26rlid%3D8486cfe6ade0196314e2a98e0eee7cc3&TIME=20240611T191910Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8h7vfMCH8u0aTiH2aCbJNMTVUCUzpGGVYaDV_lyRFBUk_prbchoSIigUNwuPxeuiYKjmSC0SurxzVnSqGAX1N2SdyBIrmJr6oMjgMkWBGQfIWH348HhKlhRq7KGJStz6WEqvATjy3KndQLWL2GFcFm0rxgkbr5RvBK4f15oMyacAWQHAn%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZmFwcHMubWljcm9zb2Z0LmNvbSUyZnN0b3JlJTJmZGV0YWlsJTJmb3V0bG9vay1mb3Itd2luZG93cyUyZjlOUlg2MzIwOVI3QiUzZmhsJTNkZW4tdXMlMjZnbCUzZHVzJTI2T0NJRCUzZGNtbXE2bWdvamxlJTI2Rk9STSUzZE01MDA2WA%26rlid%3D8486cfe6ade0196314e2a98e0eee7cc3&TIME=20240611T191910Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=1D48DBCA460D65C438CDCF7B47B66476; domain=.bing.com; expires=Mon, 28-Jul-2025 20:12:34 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: A10E7AFE8DFB4B7E9B1F22E92BB4B292 Ref B: LON04EDGE0917 Ref C: 2024-07-03T20:12:34Z
      date: Wed, 03 Jul 2024 20:12:34 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8h7vfMCH8u0aTiH2aCbJNMTVUCUzpGGVYaDV_lyRFBUk_prbchoSIigUNwuPxeuiYKjmSC0SurxzVnSqGAX1N2SdyBIrmJr6oMjgMkWBGQfIWH348HhKlhRq7KGJStz6WEqvATjy3KndQLWL2GFcFm0rxgkbr5RvBK4f15oMyacAWQHAn%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZmFwcHMubWljcm9zb2Z0LmNvbSUyZnN0b3JlJTJmZGV0YWlsJTJmb3V0bG9vay1mb3Itd2luZG93cyUyZjlOUlg2MzIwOVI3QiUzZmhsJTNkZW4tdXMlMjZnbCUzZHVzJTI2T0NJRCUzZGNtbXE2bWdvamxlJTI2Rk9STSUzZE01MDA2WA%26rlid%3D8486cfe6ade0196314e2a98e0eee7cc3&TIME=20240611T191910Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8h7vfMCH8u0aTiH2aCbJNMTVUCUzpGGVYaDV_lyRFBUk_prbchoSIigUNwuPxeuiYKjmSC0SurxzVnSqGAX1N2SdyBIrmJr6oMjgMkWBGQfIWH348HhKlhRq7KGJStz6WEqvATjy3KndQLWL2GFcFm0rxgkbr5RvBK4f15oMyacAWQHAn%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZmFwcHMubWljcm9zb2Z0LmNvbSUyZnN0b3JlJTJmZGV0YWlsJTJmb3V0bG9vay1mb3Itd2luZG93cyUyZjlOUlg2MzIwOVI3QiUzZmhsJTNkZW4tdXMlMjZnbCUzZHVzJTI2T0NJRCUzZGNtbXE2bWdvamxlJTI2Rk9STSUzZE01MDA2WA%26rlid%3D8486cfe6ade0196314e2a98e0eee7cc3&TIME=20240611T191910Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=1D48DBCA460D65C438CDCF7B47B66476; _EDGE_S=SID=2E134E54F5D362643DA75AE5F45063E6
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=db9jAIMbgsd5Pjx1R62sJJuhtVba2Zth-mfgRtkoJlA; domain=.bing.com; expires=Mon, 28-Jul-2025 20:12:35 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 94D71295F8784F40AF570EC0BA86CA54 Ref B: LON04EDGE0917 Ref C: 2024-07-03T20:12:35Z
      date: Wed, 03 Jul 2024 20:12:34 GMT
    • flag-us
      DNS
      82.90.14.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      82.90.14.23.in-addr.arpa
      IN PTR
      Response
      82.90.14.23.in-addr.arpa
      IN PTR
      a23-14-90-82deploystaticakamaitechnologiescom
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-nl
      GET
      https://www.bing.com/aes/c.gif?RG=140d55a52868477c954ee9398a52e442&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191910Z&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670
      Remote address:
      23.62.61.160:443
      Request
      GET /aes/c.gif?RG=140d55a52868477c954ee9398a52e442&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191910Z&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=1D48DBCA460D65C438CDCF7B47B66476
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: EBA79C7E1480424CA54B956830AFDF95 Ref B: AMS04EDGE2612 Ref C: 2024-07-03T20:12:35Z
      content-length: 0
      date: Wed, 03 Jul 2024 20:12:35 GMT
      set-cookie: _EDGE_S=SID=2E134E54F5D362643DA75AE5F45063E6; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=1D48DBCA460D65C438CDCF7B47B66476; path=/; httponly; expires=Mon, 28-Jul-2025 20:12:35 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.9c3d3e17.1720037555.13b6608e
    • flag-us
      DNS
      17.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      17.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      160.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      160.61.62.23.in-addr.arpa
      IN PTR
      Response
      160.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-160deploystaticakamaitechnologiescom
    • flag-us
      DNS
      154.239.44.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      154.239.44.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      183.59.114.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.59.114.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      92.12.20.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      92.12.20.2.in-addr.arpa
      IN PTR
      Response
      92.12.20.2.in-addr.arpa
      IN PTR
      a2-20-12-92deploystaticakamaitechnologiescom
    • flag-us
      DNS
      91.90.14.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      91.90.14.23.in-addr.arpa
      IN PTR
      Response
      91.90.14.23.in-addr.arpa
      IN PTR
      a23-14-90-91deploystaticakamaitechnologiescom
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 532141
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 13BBBA42CC8B45A6AC30DC86EAD3FEFD Ref B: LON04EDGE1115 Ref C: 2024-07-03T20:14:13Z
      date: Wed, 03 Jul 2024 20:14:12 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 770657
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: BB6AE2C68034483CA3A496B8EBB31889 Ref B: LON04EDGE1115 Ref C: 2024-07-03T20:14:13Z
      date: Wed, 03 Jul 2024 20:14:12 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239378035945_10T6FVURQVW5LVR96&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239378035945_10T6FVURQVW5LVR96&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 835660
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 06C9EC7856D54911AAEDBE04D65F04ED Ref B: LON04EDGE1115 Ref C: 2024-07-03T20:14:13Z
      date: Wed, 03 Jul 2024 20:14:12 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239378035944_1EHBGA1BYD4HZXZYE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239378035944_1EHBGA1BYD4HZXZYE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 592155
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 2CB4000731754EAAA1BA72F664DAE034 Ref B: LON04EDGE1115 Ref C: 2024-07-03T20:14:13Z
      date: Wed, 03 Jul 2024 20:14:12 GMT
    • flag-us
      DNS
      10.28.171.150.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.28.171.150.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      41.173.79.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.173.79.40.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8h7vfMCH8u0aTiH2aCbJNMTVUCUzpGGVYaDV_lyRFBUk_prbchoSIigUNwuPxeuiYKjmSC0SurxzVnSqGAX1N2SdyBIrmJr6oMjgMkWBGQfIWH348HhKlhRq7KGJStz6WEqvATjy3KndQLWL2GFcFm0rxgkbr5RvBK4f15oMyacAWQHAn%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZmFwcHMubWljcm9zb2Z0LmNvbSUyZnN0b3JlJTJmZGV0YWlsJTJmb3V0bG9vay1mb3Itd2luZG93cyUyZjlOUlg2MzIwOVI3QiUzZmhsJTNkZW4tdXMlMjZnbCUzZHVzJTI2T0NJRCUzZGNtbXE2bWdvamxlJTI2Rk9STSUzZE01MDA2WA%26rlid%3D8486cfe6ade0196314e2a98e0eee7cc3&TIME=20240611T191910Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920
      tls, http2
      2.7kB
       9.1kB
       20
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8h7vfMCH8u0aTiH2aCbJNMTVUCUzpGGVYaDV_lyRFBUk_prbchoSIigUNwuPxeuiYKjmSC0SurxzVnSqGAX1N2SdyBIrmJr6oMjgMkWBGQfIWH348HhKlhRq7KGJStz6WEqvATjy3KndQLWL2GFcFm0rxgkbr5RvBK4f15oMyacAWQHAn%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZmFwcHMubWljcm9zb2Z0LmNvbSUyZnN0b3JlJTJmZGV0YWlsJTJmb3V0bG9vay1mb3Itd2luZG93cyUyZjlOUlg2MzIwOVI3QiUzZmhsJTNkZW4tdXMlMjZnbCUzZHVzJTI2T0NJRCUzZGNtbXE2bWdvamxlJTI2Rk9STSUzZE01MDA2WA%26rlid%3D8486cfe6ade0196314e2a98e0eee7cc3&TIME=20240611T191910Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8h7vfMCH8u0aTiH2aCbJNMTVUCUzpGGVYaDV_lyRFBUk_prbchoSIigUNwuPxeuiYKjmSC0SurxzVnSqGAX1N2SdyBIrmJr6oMjgMkWBGQfIWH348HhKlhRq7KGJStz6WEqvATjy3KndQLWL2GFcFm0rxgkbr5RvBK4f15oMyacAWQHAn%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZmFwcHMubWljcm9zb2Z0LmNvbSUyZnN0b3JlJTJmZGV0YWlsJTJmb3V0bG9vay1mb3Itd2luZG93cyUyZjlOUlg2MzIwOVI3QiUzZmhsJTNkZW4tdXMlMjZnbCUzZHVzJTI2T0NJRCUzZGNtbXE2bWdvamxlJTI2Rk9STSUzZE01MDA2WA%26rlid%3D8486cfe6ade0196314e2a98e0eee7cc3&TIME=20240611T191910Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670&muid=E27E96ED1C24B87CD7538842C7811920

      HTTP Response

      204
    • 23.62.61.160:443
      https://www.bing.com/aes/c.gif?RG=140d55a52868477c954ee9398a52e442&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191910Z&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670
      tls, http2
      1.5kB
       5.4kB
       17
      14

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=140d55a52868477c954ee9398a52e442&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T191910Z&adUnitId=11730597&localId=w:E27E96ED-1C24-B87C-D753-8842C7811920&deviceId=6825835402279670

      HTTP Response

      200
    • 150.171.28.10:443
      https://tse1.mm.bing.net/th?id=OADD2.10239378035944_1EHBGA1BYD4HZXZYE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      tls, http2
      99.7kB
       2.8MB
       2067
      2064

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239378035945_10T6FVURQVW5LVR96&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239378035944_1EHBGA1BYD4HZXZYE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.8kB
       15
      12
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      58.55.71.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      58.55.71.13.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      82.90.14.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      82.90.14.23.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
       143 B
       1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      17.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      17.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      160.61.62.23.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      160.61.62.23.in-addr.arpa

    • 8.8.8.8:53
      154.239.44.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      154.239.44.20.in-addr.arpa

    • 8.8.8.8:53
      183.59.114.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      183.59.114.20.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      92.12.20.2.in-addr.arpa
      dns
      69 B
       131 B
       1
      1

      DNS Request

      92.12.20.2.in-addr.arpa

    • 8.8.8.8:53
      91.90.14.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      91.90.14.23.in-addr.arpa

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    • 8.8.8.8:53
      14.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       170 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      150.171.28.10
      150.171.27.10

    • 8.8.8.8:53
      10.28.171.150.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      10.28.171.150.in-addr.arpa

    • 8.8.8.8:53
      41.173.79.40.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      41.173.79.40.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\sperm masturbation upskirt .rar.exe
      Filesize

      2.0MB

      MD5

      4dd359b415890b6b5e1bd2204b101357

      SHA1

      3a473a0a3f124eef5f22b631451067579e54ad96

      SHA256

      acdb0d9f9095045c9e4fcaef2cd0bf724f962e05e2374736a7ad3ee840e552d4

      SHA512

      ee259e3c4d8008e0e37f14e4d752db59c52c20301f7c9e76147d65a3027a204ac66c441273318c50ea8e4bf5a54e024affcdbdcf2bcb01b39c4ce7ec1cd0c3f7

      Download Submit

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.