Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Bitguard_P...ks.zip

windows7-x64

10

Bitguard_P...ks.zip

windows10-2004-x64

10

Analysis

  • max time kernel
    99s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/10/2024, 19:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bitguard_Pro_4.4_Cracked_by_31Cracks.zip

  • Size

    8.1MB

  • MD5

    ae74146566d2f7a90966ed650859119f

  • SHA1

    d7978e13772877074857d9d5fc5d46abff749863

  • SHA256

    27c5032cc5ece6baf23e8f6fd333cd46d1193ea31793ce9c8b4cbd19fd1ff5bd

  • SHA512

    5105cbccdd4df4cc5d1a22871c3fe05e82598069460f140f836a96630644f1a85baf0a55ec51f21f8182254b51af03302a67299909fe68f2309755e7a82ab906

  • SSDEEP

    196608:HV5fUcEm7lBJEcWF35vsVYeSCS3/2dMT9zUmPBVvQzgW:XPEmpBJEh3Z0SCfdaRYzJ

Score
10/10
zgratagilenetdiscoveryrat

Malware Config

Signatures

  • Detect ZGRat V2 2 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Obfuscated with Agile.Net obfuscator 2 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 60 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Bitguard_Pro_4.4_Cracked_by_31Cracks.zip"
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3124
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3492
    • C:\Users\Admin\Desktop\Bitguard Pro 4.4 Cracked by 31Cracks\BitGuardCracked.exe
      "C:\Users\Admin\Desktop\Bitguard Pro 4.4 Cracked by 31Cracks\BitGuardCracked.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3308
      • C:\BitGuard\Utils\Renamer.exe
        "C:\BitGuard\Utils\Renamer.exe" -n C:\BitGuard\Utils\temp.crproj
        2⤵
        • Executes dropped EXE
        PID:1416
      • C:\BitGuard\Utils\Renamer.exe
        "C:\BitGuard\Utils\Renamer.exe" -n C:\BitGuard\Utils\temp.crproj
        2⤵
        • Executes dropped EXE
        PID:2940

    Network

    • flag-us
      DNS
      232.168.11.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      232.168.11.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      226.108.222.173.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      226.108.222.173.in-addr.arpa
      IN PTR
      Response
      226.108.222.173.in-addr.arpa
      IN PTR
      a173-222-108-226deploystaticakamaitechnologiescom
    • flag-us
      DNS
      17.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      17.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      217.106.137.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.106.137.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      212.20.149.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      212.20.149.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      101.11.19.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      101.11.19.2.in-addr.arpa
      IN PTR
      Response
      101.11.19.2.in-addr.arpa
      IN PTR
      a2-19-11-101deploystaticakamaitechnologiescom
    • flag-us
      DNS
      bitguard.pw
      BitGuardCracked.exe
      Remote address:
      8.8.8.8:53
      Request
      bitguard.pw
      IN A
      Response
      bitguard.pw
      IN A
      172.67.206.141
      bitguard.pw
      IN A
      104.21.53.2
    • flag-us
      GET
      https://bitguard.pw/
      BitGuardCracked.exe
      Remote address:
      172.67.206.141:443
      Request
      GET / HTTP/1.1
      Host: bitguard.pw
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Mon, 21 Oct 2024 19:01:21 GMT
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: keep-alive
      last-modified: Thu, 26 Sep 2024 03:20:39 GMT
      accept-ranges: bytes
      x-turbo-charged-by: LiteSpeed
      cf-cache-status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uFL3AqutBKEJ08702qHRrWqX%2BORDqtcj6l9QUDZbqCiTJjiE3qI0bjT7ANmEg%2FNxcqzn3qa%2BwFS%2Fa9iXRo4wS7XRD3xjFuCxzUkscLB875IGiD7tZ90JYao2CtH%2Fpw%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8d637ee48c35940f-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=24467&sent=6&recv=6&lost=0&retrans=0&sent_bytes=2984&recv_bytes=356&delivery_rate=157864&cwnd=253&unsent_bytes=0&cid=f3ef1c83a97100db&ts=383&x=0"
    • flag-us
      DNS
      141.206.67.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      141.206.67.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      210.108.222.173.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      210.108.222.173.in-addr.arpa
      IN PTR
      Response
      210.108.222.173.in-addr.arpa
      IN PTR
      a173-222-108-210deploystaticakamaitechnologiescom
    • flag-us
      DNS
      11.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418542_1M27CNBNVY6AXHL84&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239340418542_1M27CNBNVY6AXHL84&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 550977
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: B6D6A75939EF46ACBADAFB1CDCD441FF Ref B: LON601060105042 Ref C: 2024-10-21T19:02:15Z
      date: Mon, 21 Oct 2024 19:02:14 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418541_1R6VGP5QQCA6F4RQL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239340418541_1R6VGP5QQCA6F4RQL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 529279
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: DB99B7F7E37A47D3B1152D965A105A42 Ref B: LON601060105042 Ref C: 2024-10-21T19:02:15Z
      date: Mon, 21 Oct 2024 19:02:14 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239398629832_1AECK4YD8K87JKVB5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239398629832_1AECK4YD8K87JKVB5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 488443
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: A0BF2D1845A949218234A3ED9710CE87 Ref B: LON601060105042 Ref C: 2024-10-21T19:02:15Z
      date: Mon, 21 Oct 2024 19:02:14 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239398629831_1XETNM7TBCG6PTKQG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239398629831_1XETNM7TBCG6PTKQG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 644823
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 11D44DC98ABD4FE9A93AEE8130E94B7F Ref B: LON601060105042 Ref C: 2024-10-21T19:02:15Z
      date: Mon, 21 Oct 2024 19:02:14 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388103_1CSWF230IMLBJ1BZH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239339388103_1CSWF230IMLBJ1BZH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 714240
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 653F7DADBFF14D4AAEF85B1C02709529 Ref B: LON601060105042 Ref C: 2024-10-21T19:02:15Z
      date: Mon, 21 Oct 2024 19:02:14 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388104_1WOMQSFLGSNQV3AH1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239339388104_1WOMQSFLGSNQV3AH1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 659067
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 1E1587A5C4194EB8B267FD942CC53C36 Ref B: LON601060105042 Ref C: 2024-10-21T19:02:16Z
      date: Mon, 21 Oct 2024 19:02:15 GMT
    • 172.67.206.141:443
      https://bitguard.pw/
      tls, http
      BitGuardCracked.exe
      666 B
       4.5kB
       7
      9

      HTTP Request

      GET https://bitguard.pw/

      HTTP Response

      200
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.1kB
       6.9kB
       14
      13
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.1kB
       6.9kB
       14
      13
    • 150.171.27.10:443
      https://tse1.mm.bing.net/th?id=OADD2.10239339388104_1WOMQSFLGSNQV3AH1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      tls, http2
      130.7kB
       3.7MB
       2701
      2701

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418542_1M27CNBNVY6AXHL84&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418541_1R6VGP5QQCA6F4RQL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239398629832_1AECK4YD8K87JKVB5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239398629831_1XETNM7TBCG6PTKQG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388103_1CSWF230IMLBJ1BZH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388104_1WOMQSFLGSNQV3AH1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.1kB
       6.9kB
       14
      13
    • 8.8.8.8:53
      232.168.11.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      232.168.11.51.in-addr.arpa

    • 8.8.8.8:53
      226.108.222.173.in-addr.arpa
      dns
      74 B
       141 B
       1
      1

      DNS Request

      226.108.222.173.in-addr.arpa

    • 8.8.8.8:53
      17.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      17.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      217.106.137.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      217.106.137.52.in-addr.arpa

    • 8.8.8.8:53
      212.20.149.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      212.20.149.52.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      101.11.19.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      101.11.19.2.in-addr.arpa

    • 8.8.8.8:53
      bitguard.pw
      dns
      BitGuardCracked.exe
      57 B
       89 B
       1
      1

      DNS Request

      bitguard.pw

      DNS Response

      172.67.206.141
      104.21.53.2

    • 8.8.8.8:53
      141.206.67.172.in-addr.arpa
      dns
      73 B
       135 B
       1
      1

      DNS Request

      141.206.67.172.in-addr.arpa

    • 8.8.8.8:53
      210.108.222.173.in-addr.arpa
      dns
      74 B
       141 B
       1
      1

      DNS Request

      210.108.222.173.in-addr.arpa

    • 8.8.8.8:53
      11.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      11.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       170 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      150.171.27.10
      150.171.28.10

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\BitGuard\Utils\Confuser.Core.dll
      Filesize

      205KB

      MD5

      3e0c10d8f78319005a4e4d81e2c5642e

      SHA1

      f7f59f0c0e161a025c17c34b813a7885bc74e19b

      SHA256

      5c01e7dc3d737569f89490b5a281b4ca5e4839d6e140559ca5c42fce4ffa2d24

      SHA512

      ffc51711830e04f7193075c09ffa7428c6a587886efedcf6fd8871176c139181c51cc13199356362886d685bd5cffc6025e450e1bec03b3a254f6df7ccc011f7

      Download Submit

    • C:\BitGuard\Utils\Confuser.Core.pdb
      Filesize

      99KB

      MD5

      a3e7189f7a7579b380c8b5395cd5c2fe

      SHA1

      4c3f5f5c60701723dab3ef69e64011aa629c8066

      SHA256

      6dd44b64cec9987e06be597306f6cb78d55d12342f8b06042c1a23d02a764ad0

      SHA512

      e658fe5d68965bb1fdef053eb0a99c2883fcaace1142339c480ae5a8971a65babdcf099a257870b46b76e5f853203f954f6cc55229c29dc3a1580ec1a1be8a78

      Download Submit

    • C:\BitGuard\Utils\Confuser.DynCipher.dll
      Filesize

      51KB

      MD5

      a26ababda9741f74de7ea9ffeb53d66d

      SHA1

      c494e284d3ba3b825bfa6cfa67a77e16c031e5b0

      SHA256

      d6655d3ceca5ff82d33390e82b8d40bcd96e1bbc49cf9741661eb08a3a3e9b5e

      SHA512

      c6e8da342e81224b4bf3b23946226b790b7edd4a64662a889b5aa367d7e7e31c0c7401b868a514d037ad466c08378731150f4b907e7674d9a19fe075284f7809

      Download Submit

    • C:\BitGuard\Utils\Confuser.Protections.dll
      Filesize

      166KB

      MD5

      a796ebfc24d2f3b6e0284f3f2079057b

      SHA1

      9ee09f2920b7b4967dea7833a2acc0fdad745c96

      SHA256

      0e51bcf333b5af7c804639783511c65bdbb8e9d362ee9a041301d46e3b155dba

      SHA512

      51e406e2859940b8cad3f9fa35247fc584d49218ba9a316b2f63ed0c349a3735e7657497e1ec5382eb459ef06eb1908e7c6d45fcd8441fbb4defb16107833bbc

      Download Submit

    • C:\BitGuard\Utils\Confuser.Renamer.dll
      Filesize

      366KB

      MD5

      bfc85a9c75eb78e637ce8d84f2d0e8bd

      SHA1

      105e5021691d72a3d7c7c217aac1d1e6d0ccaae3

      SHA256

      d2abca70f00a61019443be706f60cce5e2dd52ece6d4544f48f1045bd796e748

      SHA512

      6aaf03c534a34cd1958f34b0fd234db1a6cb7b0f2ff3e4f5ea75a362052dd1a9957a498b6513d7834a8a3b3b0e8ee1889481200230849d702e287182a9329886

      Download Submit

    • C:\BitGuard\Utils\Confuser.Runtime.dll
      Filesize

      45KB

      MD5

      362abcf65a5897a54e7f7e1107868d82

      SHA1

      cb0c929a20045cc32fbfaeb0f9c349a32613f0e5

      SHA256

      5e30f2a8ece3efde7c83782b7481deb57bf75c1d9b17342a8691be939e98bf72

      SHA512

      0256857309fc3994ddef118f2fce88b2915961b0bbf18ccf5585d714608018ab7ae8395b06efc3f82e07012aca68e183e0a1a617c9c20bfb7335e11a3ff251ba

      Download Submit

    • C:\BitGuard\Utils\Confuser.Runtime.pdb
      Filesize

      22KB

      MD5

      ed737ff05dbb3ac878ca2d9e137f4208

      SHA1

      938205ed6c9fc2b1ea81db6b7c3adf600bb8d8e8

      SHA256

      b08e687ff35e3669e5c4cd7ab7c95f18fd959d08dc98b8ebf17a69826115b054

      SHA512

      85ad0aa5490fd5c03baf4d6333630a4849b30ba260185bcd8954208bc9b608de74ebeb581ae4eeefca99180bb25b7d94a9c32d07e69bab7354b1d4a1b36ce549

      Download Submit

    • C:\BitGuard\Utils\NDesk.Options.dll
      Filesize

      23KB

      MD5

      0bfe707e64eeea613fdfc8657997ec85

      SHA1

      8ff72e287bc44e45fcce8a15b1ea9bf9e2365cba

      SHA256

      369bf908d5acea6ff4555db6d90c7178ec84c88f9daf3abe17a74d6c58caab1f

      SHA512

      d85f68d9c57f4fa8515e73f836cd60982002c2e58fcc8c5778beafa619ed6a78856395e279c451475d6d31604d85404edc1df36ac2d6650516f6e9c715be0f01

      Download Submit

    • C:\BitGuard\Utils\Renamer.exe
      Filesize

      15KB

      MD5

      5e9559edee33325f3d210e14c3c0b209

      SHA1

      d8c1d8e9821091c71b1c7e82ce4ef4b984ebbfcf

      SHA256

      e9fd3b3e213a7416c276b5b6c740fc223aab5fa1758d3c97842241ed648b4086

      SHA512

      1d4761a0f01c388bd18b1b469e80cd5e8565f26f4d194fae1f816fa316a8536df49b24006aa44ea23f41fdab94a504c5c2f2d3d03658b79f6d45dfe6b31f120a

      Download Submit

    • C:\BitGuard\Utils\dnlib.dll
      Filesize

      1.1MB

      MD5

      d9e08ec1c571d8139255cf305e3fef40

      SHA1

      72aea7c18c901a3246eb276258e3b37a95048b4e

      SHA256

      48f144f744a9ce60659ee8cc7094610252aecbabf95492fbc612db919d144918

      SHA512

      de9b6fa6cd5025fd4639ff930caec751a3f466c39a15c6a117cba9f20348918928b3ab84a902d9a03b6b5fa233e4370393387025a470f2ea7437d36e6028ae90

      Download Submit

    • C:\BitGuard\Utils\temp.crproj
      Filesize

      333B

      MD5

      cb57ab1a24152d8b1a08739fabc2a164

      SHA1

      12797b5d9c57414aa472424f79a60d5d2341191b

      SHA256

      085465ef8ed286795e91856b3e3da02e0c509552096632ec2d63d9a17d2996c3

      SHA512

      5c53539dd1a79e4f265e9bad8b2161a3780f1d901cf695667fb3dc57460dbe66f1d8be9a99103600c027f13f9f6cc51a0e83fd853b7925f79e56a70d437796a9

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Renamer.exe.log
      Filesize

      939B

      MD5

      a350ecd0b5ab253003663e4ec0c14f02

      SHA1

      6d1540b89d12fa29d642c7d1a151bbd578039076

      SHA256

      1269073c875a48ebc2fa7e43b3223546a89d9e7019c48fdf724c4946f79a8e12

      SHA512

      f2f8500fc0d42837cb7930330a82b871906fc4d5484ae8f636023ff2efc5c71141bb5dae26f9290dd8ec96302531806f14d6512bd58f8f0f7378ca40d42db647

      Download Submit

    • C:\Users\Admin\Desktop\Bitguard Pro 4.4 Cracked by 31Cracks\0Harmony.dll
      Filesize

      2.1MB

      MD5

      6167fb063bd1ac47bf0cd4a5dd4fc1ac

      SHA1

      915af8611509fe9bd83964ba50e7e2f7f25f5b69

      SHA256

      5f7ad0df1eb08e81f66d4006d3a9e5cb40fc05e381f36d7bd0513f334f6a251f

      SHA512

      6bc8e27457fa700af4fec9f3515069a7f0d116f33ca67bdd0713562f9a0c1aeaab075de446d040f028ec4f508db482c34d5a6d787c76e89daeee36c5ef67dc6a

      Download Submit

    • C:\Users\Admin\Desktop\Bitguard Pro 4.4 Cracked by 31Cracks\BitGuard.exe
      Filesize

      2.5MB

      MD5

      0a03f1c39ecec04d044b661a7feb4b67

      SHA1

      ef7acf458e42d7a5a3d963455fb4f828c494abea

      SHA256

      6deee133a5f12c4705a9d3961d71b68309a6ddf4f2966733e59eaba3ae237e7d

      SHA512

      939b52e5a77ba415dd6bdbcedc33a6655c908bbe2d7876da02e1cfe0e30a58b794b7dc1117329d0dd62120389079e9412e9659c685497bc4ff16c9e8861bcdd1

      Download Submit

    • C:\Users\Admin\Desktop\Bitguard Pro 4.4 Cracked by 31Cracks\BitGuardCracked.exe
      Filesize

      3.3MB

      MD5

      7f460969a3aacd3a3f875ae3e936f6c5

      SHA1

      04b8d4a4251e2bf1047e47423c36a3d40e4d8047

      SHA256

      20d99480a8e4c066aee9bbaf70c4aa5a273c4d8a0bc22ab5660ffe7986d37484

      SHA512

      8604ee612b012c1391b0fa01ad4b273c5d46058eba1fb2161886fa2cf945b2241671e507eff1cbbf8ca46ba54e2b1b55449ba4246f49aad85caa27343be4dda7

      Download Submit

    • C:\Users\Admin\Desktop\Bitguard Pro 4.4 Cracked by 31Cracks\BouncyCastle.Crypto.dll
      Filesize

      3.2MB

      MD5

      0cf454b6ed4d9e46bc40306421e4b800

      SHA1

      9611aa929d35cbd86b87e40b628f60d5177d2411

      SHA256

      e51721dc0647f4838b1abc592bd95fd8cb924716e8a64f83d4b947821fa1fa42

      SHA512

      85262f1bc67a89911640f59a759b476b30ca644bd1a1d9cd3213cc8aae16d7cc6ea689815f19b146db1d26f7a75772ceb48e71e27940e3686a83eb2cf7e46048

      Download Submit

    • C:\Users\Admin\Desktop\Bitguard Pro 4.4 Cracked by 31Cracks\Renamed\BitGuardCracked.exe
      Filesize

      3.1MB

      MD5

      af39ef68cf43e234df56a8fe1897568d

      SHA1

      4d1969a9c4d83607e46364dd2fa933975a86b48e

      SHA256

      a077eb57bbcdc2ebeae61704a794b6d382c8984222e81bc7210f3d8c686cee82

      SHA512

      cf68bcc683a4b44e8b980e2c45f79af9bccd47ae4fa0dd793c94626adb6fa69b07b29748f71c1a9192553c8285327bba59106d3582f813b4fd50dcdca2d8e530

      Download Submit

    • C:\Users\Admin\Desktop\Bitguard Pro 4.4 Cracked by 31Cracks\Utils\customRenamer.txt
      Filesize

      8B

      MD5

      e26832d5d8bc1116f5c002aa4f0a7280

      SHA1

      c6dab8635cc7bb906c626734e60d3895e42e3d2e

      SHA256

      9ab6fcd10c82aa9f690cbd11d1cffdb52503b1ce0017079f47a69cfc082b0e9b

      SHA512

      f8c128dc2501f8dc0c671d553d6a1ce9f24d7ab93abbe8001a5e06969de045f6c6ccae8026cd456c59f1a861537031b395b546c8697c075b43dc0bf1f36a1a48

      Download Submit

    • memory/1416-165-0x000001FACAFA0000-0x000001FACAFB4000-memory.dmp

      Filesize

      80KB

      Download

    • memory/1416-168-0x000001FACAFC0000-0x000001FACAFC8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1416-161-0x000001FAE4640000-0x000001FAE4762000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1416-156-0x000001FAC9570000-0x000001FAC957C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1416-163-0x000001FACAF70000-0x000001FACAFA0000-memory.dmp

      Filesize

      192KB

      Download

    • memory/1416-158-0x000001FAC95D0000-0x000001FAC960A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1416-154-0x000001FAC91B0000-0x000001FAC91BA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1416-167-0x000001FAE4510000-0x000001FAE4572000-memory.dmp

      Filesize

      392KB

      Download

    • memory/3308-79-0x0000000005A00000-0x0000000005A10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3308-82-0x0000000005BA0000-0x0000000005BB2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3308-141-0x0000000074980000-0x0000000075130000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3308-142-0x0000000074980000-0x0000000075130000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3308-139-0x0000000008820000-0x000000000882A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3308-145-0x0000000074980000-0x0000000075130000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3308-138-0x00000000064A0000-0x00000000064B4000-memory.dmp

      Filesize

      80KB

      Download

    • memory/3308-149-0x0000000004B90000-0x0000000004BCA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/3308-137-0x00000000074F0000-0x000000000763E000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3308-136-0x0000000074980000-0x0000000075130000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3308-135-0x000000007498E000-0x000000007498F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3308-134-0x0000000006460000-0x000000000647C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/3308-133-0x0000000006BD0000-0x0000000006CF4000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/3308-132-0x0000000006230000-0x000000000623A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3308-131-0x0000000006260000-0x00000000062F2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/3308-140-0x0000000074980000-0x0000000075130000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3308-84-0x0000000005C00000-0x0000000005C0A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3308-83-0x0000000074980000-0x0000000075130000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3308-78-0x0000000074980000-0x0000000075130000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3308-77-0x0000000005990000-0x0000000005996000-memory.dmp

      Filesize

      24KB

      Download

    • memory/3308-76-0x0000000005960000-0x0000000005966000-memory.dmp

      Filesize

      24KB

      Download

    • memory/3308-75-0x0000000006520000-0x0000000006AC4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/3308-74-0x0000000074980000-0x0000000075130000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3308-72-0x0000000005D50000-0x0000000005F6E000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/3308-73-0x0000000074980000-0x0000000075130000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3308-66-0x0000000005650000-0x00000000058D0000-memory.dmp

      Filesize

      2.5MB

      Download

    • memory/3308-62-0x0000000074980000-0x0000000075130000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3308-177-0x000000000E9F0000-0x000000000EA12000-memory.dmp

      Filesize

      136KB

      Download

    • memory/3308-179-0x0000000074980000-0x0000000075130000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3308-61-0x0000000000460000-0x00000000007B8000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/3308-60-0x000000007498E000-0x000000007498F000-memory.dmp

      Filesize

      4KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.