Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

233f95c87f...31.exe

windows7-x64

7

233f95c87f...31.exe

windows10-2004-x64

7

2d8ea1230d...aa.exe

windows7-x64

10

2d8ea1230d...aa.exe

windows10-2004-x64

10

34dba85bb2...1a.exe

windows10-2004-x64

7

463d0b0903...ea.exe

windows7-x64

1

463d0b0903...ea.exe

windows10-2004-x64

1

4bcf45bde8...39.exe

windows7-x64

10

4bcf45bde8...39.exe

windows10-2004-x64

10

5292b8004f...ce.exe

windows7-x64

10

5292b8004f...ce.exe

windows10-2004-x64

10

6babc5b52d...53.dll

windows7-x64

3

6babc5b52d...53.dll

windows10-2004-x64

3

85b73b7b3c...45.exe

windows7-x64

10

85b73b7b3c...45.exe

windows10-2004-x64

10

8eb41b097a...ff.exe

windows7-x64

10

8eb41b097a...ff.exe

windows10-2004-x64

8

932380926b...ef.exe

windows7-x64

7

932380926b...ef.exe

windows10-2004-x64

7

9d8729b9ca...de.exe

windows7-x64

10

9d8729b9ca...de.exe

windows10-2004-x64

8

9e147a3bb2...53.dll

windows7-x64

8

9e147a3bb2...53.dll

windows10-2004-x64

8

bccfdc8e1a...96.exe

windows7-x64

7

bccfdc8e1a...96.exe

windows10-2004-x64

7

bf5a9bb619...d7.exe

windows7-x64

3

bf5a9bb619...d7.exe

windows10-2004-x64

3

d0017384df...0a.exe

windows7-x64

3

d0017384df...0a.exe

windows10-2004-x64

3

d72aa8fe30...89.exe

windows7-x64

3

d72aa8fe30...89.exe

windows10-2004-x64

7

fa622e0a4d...52.exe

windows7-x64

1

Analysis

  • max time kernel
    137s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/11/2024, 15:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231.exe

  • Size

    3.5MB

  • MD5

    d0c77a8d28ac7ed062de16103b7b7a9e

  • SHA1

    2aff43098626864c0bbb1ab5463683321b54cdcd

  • SHA256

    233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231

  • SHA512

    05d6e0f5d3677e1cc268ecc1ad3d5e1b7925f61bfa0e91516805d19b44a776fc7bad0725809109ab62b73916d5bc92a09e22d8f4fdfa3e191347c2ba066a7120

  • SSDEEP

    49152:bDLaXbiwy/9Zxi9wrxqeMho8OYetIqRLC4GBN0ILUMh+l4Im2ZvrOYa7DYya/Ku8:3OXzEnkGxqeQohS8LCR4kL7Hcdfro/o

Score
7/10
spywarestealervmprotect

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231.exe
    "C:\Users\Admin\AppData\Local\Temp\233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231.exe"
    1⤵
      PID:3044

    Network

    • flag-us
      DNS
      www.facebook.com
      233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231.exe
      Remote address:
      8.8.8.8:53
      Request
      www.facebook.com
      IN A
      Response
      www.facebook.com
      IN CNAME
      star-mini.c10r.facebook.com
      star-mini.c10r.facebook.com
      IN A
      157.240.221.35
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      97.17.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.17.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.210.23.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.210.23.2.in-addr.arpa
      IN PTR
      Response
      88.210.23.2.in-addr.arpa
      IN PTR
      a2-23-210-88deploystaticakamaitechnologiescom
    • flag-gb
      GET
      https://www.facebook.com/ads/manager/account_settings/account_billing
      233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231.exe
      Remote address:
      157.240.221.35:443
      Request
      GET /ads/manager/account_settings/account_billing HTTP/1.1
      Connection: Keep-Alive
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
      Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
      Host: www.facebook.com
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
      viewport-width: 1920
      sec-ch-ua: "Chromium";v="104", " Not A; Brand";v="99", "Google Chrome";v="104"
      sec-ch-ua-mobile: ?0
      sec-ch-ua-platform: "Windows"
      sec-ch-prefers-color-scheme: light
      Upgrade-Insecure-Requests: 1
      Sec-Fetch-Site: none
      Sec-Fetch-Mode: navigate
      Sec-Fetch-User: ?1
      Sec-Fetch-Dest: document
      Response
      HTTP/1.1 302 Found
      Location: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fads%2Fmanager%2Faccount_settings%2Faccount_billing
      content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src 'report-sample' *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net facebook.com fbwifigateway.net *.fbwifigateway.net fbcdn.net cdninstagram.com *.cdninstagram.com oculuscdn.com *.oculuscdn.com www.meta.com *.www.meta.com https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
      content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src 'report-sample' *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net facebook.com fbwifigateway.net *.fbwifigateway.net fbcdn.net cdninstagram.com *.cdninstagram.com oculuscdn.com *.oculuscdn.com www.meta.com *.www.meta.com https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
      document-policy: force-load-at-top
      permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
      cross-origin-resource-policy: same-origin
      cross-origin-opener-policy: same-origin-allow-popups
      Pragma: no-cache
      Cache-Control: private, no-cache, no-store, must-revalidate
      Expires: Sat, 01 Jan 2000 00:00:00 GMT
      X-Content-Type-Options: nosniff
      X-XSS-Protection: 0
      X-Frame-Options: DENY
      Strict-Transport-Security: max-age=15552000; preload
      Content-Type: text/html; charset="utf-8"
      X-FB-Debug: swW24q//lU3Udlewo+nWvd+71wloxac4ozlVunRm+BqDkBdU4ii5gHzgr7PXkWVYrv6QxY0fPD8/OH5NljAqxQ==
      Date: Tue, 05 Nov 2024 15:23:43 GMT
      X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=43, rtx=0, c=10, mss=1357, tbw=3228, tp=-1, tpl=-1, uplat=122, ullat=0
      Alt-Svc: h3=":443"; ma=86400
      Connection: keep-alive
      Content-Length: 0
    • flag-gb
      GET
      https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fads%2Fmanager%2Faccount_settings%2Faccount_billing
      233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231.exe
      Remote address:
      157.240.221.35:443
      Request
      GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Fads%2Fmanager%2Faccount_settings%2Faccount_billing HTTP/1.1
      Connection: Keep-Alive
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
      Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
      Host: www.facebook.com
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
      viewport-width: 1920
      sec-ch-ua: "Chromium";v="104", " Not A; Brand";v="99", "Google Chrome";v="104"
      sec-ch-ua-mobile: ?0
      sec-ch-ua-platform: "Windows"
      sec-ch-prefers-color-scheme: light
      Upgrade-Insecure-Requests: 1
      Sec-Fetch-Site: none
      Sec-Fetch-Mode: navigate
      Sec-Fetch-User: ?1
      Sec-Fetch-Dest: document
      Response
      HTTP/1.1 200 OK
      Vary: Accept-Encoding
      reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7433816255051901469", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
      report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7433816255051901469"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
      content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src 'report-sample' *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
      content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src 'report-sample' *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
      document-policy: force-load-at-top
      permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
      cross-origin-resource-policy: same-origin
      cross-origin-opener-policy: unsafe-none
      Pragma: no-cache
      Cache-Control: private, no-cache, no-store, must-revalidate
      Expires: Sat, 01 Jan 2000 00:00:00 GMT
      X-Content-Type-Options: nosniff
      X-XSS-Protection: 0
      X-Frame-Options: DENY
      Strict-Transport-Security: max-age=15552000; preload
      Content-Type: text/html; charset="utf-8"
      X-FB-Debug: S+wlHlRVBAa1V6WUfVoKaqC2EinTp2FtWSKu7bCEx/XfJ98Gc/fOOxCsiz1+gddFtvD1uB2aonfjgBqLNTHzMQ==
      Date: Tue, 05 Nov 2024 15:23:43 GMT
      Transfer-Encoding: chunked
      X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=43, rtx=0, c=10, mss=1357, tbw=7944, tp=-1, tpl=-1, uplat=201, ullat=0
      Alt-Svc: h3=":443"; ma=86400
      Connection: keep-alive
    • flag-us
      DNS
      aaa.apiaaaeg.com
      233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231.exe
      Remote address:
      8.8.8.8:53
      Request
      aaa.apiaaaeg.com
      IN A
      Response
    • flag-us
      DNS
      35.221.240.157.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      35.221.240.157.in-addr.arpa
      IN PTR
      Response
      35.221.240.157.in-addr.arpa
      IN PTR
      edge-star-mini-shv-01-lhr8facebookcom
    • flag-us
      DNS
      74.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      74.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      196.249.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      196.249.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      aaa.apiaaaeg.com
      233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231.exe
      Remote address:
      8.8.8.8:53
      Request
      aaa.apiaaaeg.com
      IN A
      Response
    • flag-us
      DNS
      200.163.202.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.163.202.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      75.209.201.84.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      75.209.201.84.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301214_1PJAY06J5HO947G63&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239317301214_1PJAY06J5HO947G63&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 592830
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 5106F40B46A24D3B990BCC8347DF5125 Ref B: LON601060101031 Ref C: 2024-11-05T15:25:22Z
      date: Tue, 05 Nov 2024 15:25:21 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418589_1A7GR0X7EOYKFPJ56&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239340418589_1A7GR0X7EOYKFPJ56&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 620192
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: C9D3044BD29C4BB19633C59AE2867F56 Ref B: LON601060101031 Ref C: 2024-11-05T15:25:22Z
      date: Tue, 05 Nov 2024 15:25:21 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388160_16ZRTS9JM6TCD49ZM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239339388160_16ZRTS9JM6TCD49ZM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 417325
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 991CC373165048C194EA7930AE849FCD Ref B: LON601060101031 Ref C: 2024-11-05T15:25:22Z
      date: Tue, 05 Nov 2024 15:25:21 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301623_1VUR2KBQVO06G93HJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239317301623_1VUR2KBQVO06G93HJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 399216
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: B86799D17D274F6387D2AFE47B36DDFC Ref B: LON601060101031 Ref C: 2024-11-05T15:25:23Z
      date: Tue, 05 Nov 2024 15:25:22 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388159_1NBF8GOWJ5DM8FFCH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239339388159_1NBF8GOWJ5DM8FFCH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 658494
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 1A22491D337B4A158A3F1301E911C63A Ref B: LON601060101031 Ref C: 2024-11-05T15:25:25Z
      date: Tue, 05 Nov 2024 15:25:24 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418590_1Z5SLYPYIFLU5OB7B&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239340418590_1Z5SLYPYIFLU5OB7B&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 525311
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: DD1BC3DD043F45FD9BD31A0064DCE4D5 Ref B: LON601060101031 Ref C: 2024-11-05T15:25:26Z
      date: Tue, 05 Nov 2024 15:25:25 GMT
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      10.27.171.150.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.27.171.150.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      10.27.171.150.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.27.171.150.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      26.73.42.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.73.42.20.in-addr.arpa
      IN PTR
      Response
    • 157.240.221.35:443
      https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fads%2Fmanager%2Faccount_settings%2Faccount_billing
      tls, http
      233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231.exe
      4.7kB
       138.3kB
       57
      106

      HTTP Request

      GET https://www.facebook.com/ads/manager/account_settings/account_billing

      HTTP Response

      302

      HTTP Request

      GET https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fads%2Fmanager%2Faccount_settings%2Faccount_billing

      HTTP Response

      200
    • 150.171.27.10:443
      https://tse1.mm.bing.net/th?id=OADD2.10239340418590_1Z5SLYPYIFLU5OB7B&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      tls, http2
      117.9kB
       3.3MB
       2413
      2410

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301214_1PJAY06J5HO947G63&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418589_1A7GR0X7EOYKFPJ56&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388160_16ZRTS9JM6TCD49ZM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301623_1VUR2KBQVO06G93HJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388159_1NBF8GOWJ5DM8FFCH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418590_1Z5SLYPYIFLU5OB7B&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       593 B
       12
      8
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      2.1kB
       7.0kB
       18
      14
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 8.8.8.8:53
      www.facebook.com
      dns
      233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231.exe
      62 B
       107 B
       1
      1

      DNS Request

      www.facebook.com

      DNS Response

      157.240.221.35

    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      97.17.167.52.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      97.17.167.52.in-addr.arpa

    • 8.8.8.8:53
      88.210.23.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      88.210.23.2.in-addr.arpa

    • 8.8.8.8:53
      aaa.apiaaaeg.com
      dns
      233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231.exe
      62 B
       135 B
       1
      1

      DNS Request

      aaa.apiaaaeg.com

    • 8.8.8.8:53
      35.221.240.157.in-addr.arpa
      dns
      73 B
       126 B
       1
      1

      DNS Request

      35.221.240.157.in-addr.arpa

    • 8.8.8.8:53
      74.32.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      74.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      196.249.167.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      196.249.167.52.in-addr.arpa

    • 8.8.8.8:53
      aaa.apiaaaeg.com
      dns
      233f95c87f4930fc7608e264cf8be9d4ff0d5f073c411dc986c7aa8ac2055231.exe
      62 B
       135 B
       1
      1

      DNS Request

      aaa.apiaaaeg.com

    • 8.8.8.8:53
      200.163.202.172.in-addr.arpa
      dns
      74 B
       160 B
       1
      1

      DNS Request

      200.163.202.172.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      75.209.201.84.in-addr.arpa
      dns
      72 B
       132 B
       1
      1

      DNS Request

      75.209.201.84.in-addr.arpa

    • 8.8.8.8:53
      43.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      43.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       170 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      150.171.27.10
      150.171.28.10

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      10.27.171.150.in-addr.arpa
      dns
      144 B
       158 B
       2
      1

      DNS Request

      10.27.171.150.in-addr.arpa

      DNS Request

      10.27.171.150.in-addr.arpa

    • 8.8.8.8:53
      26.73.42.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      26.73.42.20.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3044-0-0x0000000140000000-0x0000000140615000-memory.dmp

      Filesize

      6.1MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.