Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
4294372s -
max time network
318s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
25/03/2022, 06:59 UTC
Static task
static1
Behavioral task
behavioral1
Sample
Taleb.Ransom.exe
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Taleb.Ransom.exe
Resource
win10v2004-20220310-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
Taleb.Ransom.exe
-
Size
10.8MB
-
MD5
ac09b7550eda13e03a55448fd8367e2d
-
SHA1
8266a12669a4a3952cb9af86e75ed74c27c71013
-
SHA256
4b78968928cfa5437ffdd56a39a5ea8c10a7b6dc5d3f342d003260088876b3cf
-
SHA512
44cace3038bd96fa36a9d3b16251573f625f5e7cb53f0233d87f6e8ab564e731bd8719088feec44f47a460c0a096b964c2c0e77f3f1c371b773e66407aef5d29
Score
10/10
Malware Config
Extracted
Path
C:\Decryption-Guide.txt
Ransom Note
Your Files Are Has Been Locked
Your Files Has Been Encrypted with cryptography Algorithm
If You Need Your Files And They are Important to You, Dont be shy Send Me an Email
Send Test File + The Key File on Your System (File Exist in C:/ProgramData example : RSAKEY-SE-24r6t523 pr RSAKEY.KEY) to Make Sure Your Files Can be Restored
Make an Agreement on Price with me and Pay
Get Decryption Tool + RSA Key AND Instruction For Decryption Process
Attention:
1- Do Not Rename or Modify The Files (You May loose That file)
2- Do Not Try To Use 3rd Party Apps or Recovery Tools ( if You want to do that make an copy from Files and try on them and Waste Your time )
3-Do not Reinstall Operation System(Windows) You may loose the key File and Loose Your Files
4-Do Not Always Trust to Middle mans and negotiators (some of them are good but some of them agree on 4000usd for example and Asked 10000usd From Client) this Was happened
Your Case ID :MJ-PH7316520894
OUR Email :Folperdock@gmail.com
Emails
Folperdock@gmail.com
Signatures
-
Modifies Installed Components in the registry 2 TTPs
-
Modifies Windows Firewall 1 TTPs
-
Modifies extensions of user files 2 IoCs
Ransomware generally changes the extension on encrypted files.
description ioc Process File opened for modification C:\Users\Admin\Pictures\FindPush.tiff Taleb.Ransom.exe File opened for modification C:\Users\Admin\Pictures\RegisterProtect.tiff Taleb.Ransom.exe -
Drops startup file 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini Taleb.Ransom.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 64 IoCs
description ioc Process File opened for modification C:\Windows\Media\Heritage\Desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini Taleb.Ransom.exe File opened for modification C:\Windows\assembly\Desktop.ini Taleb.Ransom.exe File created C:\Program Files\Microsoft Games\Purble Place\desktop.ini Taleb.Ransom.exe File opened for modification C:\Windows\Media\Landscape\Desktop.ini Taleb.Ransom.exe File opened for modification C:\Windows\Media\Sonata\Desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini Taleb.Ransom.exe File opened for modification C:\Windows\Downloaded Program Files\desktop.ini Taleb.Ransom.exe File opened for modification C:\$Recycle.Bin\S-1-5-21-2199625441-3471261906-229485034-1000\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini Taleb.Ransom.exe File created C:\Program Files\Microsoft Games\FreeCell\desktop.ini Taleb.Ransom.exe File created C:\Program Files\Microsoft Games\Solitaire\desktop.ini Taleb.Ransom.exe File opened for modification C:\Windows\Globalization\MCT\MCT-AU\Wallpaper\desktop.ini Taleb.Ransom.exe File created C:\Program Files (x86)\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini Taleb.Ransom.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini Taleb.Ransom.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini Taleb.Ransom.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Admin\Contacts\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Public\Music\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Public\Libraries\desktop.ini Taleb.Ransom.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini Taleb.Ransom.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Public\Recorded TV\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini Taleb.Ransom.exe File opened for modification C:\Program Files\Microsoft Games\FreeCell\desktop.ini Taleb.Ransom.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini Taleb.Ransom.exe File created C:\Program Files\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Public\Pictures\desktop.ini Taleb.Ransom.exe File opened for modification C:\Windows\Media\Desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini Taleb.Ransom.exe File opened for modification C:\$RECYCLE.BIN\S-1-5-21-2199625441-3471261906-229485034-1000\desktop.ini explorer.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini Taleb.Ransom.exe File created C:\Program Files\Microsoft Games\Chess\desktop.ini Taleb.Ransom.exe File opened for modification C:\Windows\Globalization\MCT\MCT-GB\Link\desktop.ini Taleb.Ransom.exe File opened for modification C:\Windows\Globalization\MCT\MCT-US\Wallpaper\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Public\Music\Sample Music\desktop.ini Taleb.Ransom.exe File opened for modification C:\Windows\Media\Savanna\Desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\GMEWETP4\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\desktop.ini Taleb.Ransom.exe File opened for modification C:\Windows\Media\Characters\Desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Admin\Desktop\desktop.ini Taleb.Ransom.exe File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini Taleb.Ransom.exe File opened for modification C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XIWRAWIU\desktop.ini Taleb.Ransom.exe File opened for modification C:\Windows\Media\Afternoon\Desktop.ini Taleb.Ransom.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Admin\Favorites\Links for United States\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Public\Downloads\desktop.ini Taleb.Ransom.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\DL4J84XN\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\Admin\Links\desktop.ini Taleb.Ransom.exe File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini Taleb.Ransom.exe File opened for modification C:\Program Files\Microsoft Games\Purble Place\desktop.ini Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI Taleb.Ransom.exe -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 4 api.my-ip.io 5 api.my-ip.io -
Drops autorun.inf file 1 TTPs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\regedit.exe Taleb.Ransom.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\OUTLOOK.DEV_K_COL.HXK Taleb.Ransom.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi Taleb.Ransom.exe File opened for modification C:\Program Files\Windows Journal\Templates\Memo.jtp Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107090.WMF Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00530_.WMF Taleb.Ransom.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\attention.gif Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\SWBELL.NET.XML Taleb.Ransom.exe File opened for modification C:\Program Files\DenyRestore.html.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange.css Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCDRESPL.ICO Taleb.Ransom.exe File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\PREVIEW.GIF.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar Taleb.Ransom.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_cloudy.png Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\PAPYRUS.ELM Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0237759.WMF Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBlankPage.html Taleb.Ransom.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File created C:\Program Files\VideoLAN\VLC\lua\http\index.html.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\PREVIEW.GIF.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\FDFFile_8.ico Taleb.Ransom.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\QuickStyles\Thatch.dotx Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Windows Media Player\Skins\Revert.wmz Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\LETTHEAD.XML Taleb.Ransom.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libadf_plugin.dll.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png Taleb.Ransom.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search.api.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01761_.WMF Taleb.Ransom.exe File created C:\Program Files\Java\jre7\bin\jaas_nt.dll.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File created C:\Program Files\7-Zip\Lang\ta.txt.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MSOCF.DLL.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_disable.gif Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\NUMERIC.JPG Taleb.Ransom.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt Taleb.Ransom.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File created C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\VBE6EXT.OLB.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.71\goopdateres_ro.dll.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Common Files\System\msadc\es-ES\msdaprsr.dll.mui Taleb.Ransom.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png Taleb.Ransom.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\BlackTieLetter.dotx.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.71\goopdateres_ta.dll.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.71\GoogleUpdateOnDemand.exe Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.71\psmachine_64.dll Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01265U.BMP Taleb.Ransom.exe File created C:\Program Files\7-Zip\Lang\zh-tw.txt.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif Taleb.Ransom.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js Taleb.Ransom.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvSOFT.x3d.(MJ-PH7316520894)(Folperdock@gmail.com).Godox Taleb.Ransom.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsImageTemplate.html Taleb.Ransom.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp Taleb.Ransom.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\1.0.0.0_ja_31bf3856ad364e35\Microsoft.PowerShell.Security.Resources.dll Taleb.Ransom.exe File opened for modification C:\Windows\inf\mdmusrf.PNF Taleb.Ransom.exe File opened for modification C:\Windows\Media\Heritage\Windows Battery Critical.wav Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\peverify.dll Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\legacy.web_lowtrust.config.default Taleb.Ransom.exe File opened for modification C:\Windows\ehome\loadmxf.exe Taleb.Ransom.exe File opened for modification C:\Windows\Media\chimes.wav Taleb.Ransom.exe File opened for modification C:\Windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll Taleb.Ransom.exe File opened for modification C:\Windows\assembly\GAC_MSIL\system.io.log.resources\3.0.0.0_fr_b03f5f7f11d50a3a\System.IO.Log.Resources.dll Taleb.Ransom.exe File opened for modification C:\Windows\Help\mui\0C0A\perfmon.CHM Taleb.Ransom.exe File opened for modification C:\Windows\inf\ts_wpdmtp.inf Taleb.Ransom.exe File opened for modification C:\Windows\Media\Characters\Windows Hardware Fail.wav Taleb.Ransom.exe File opened for modification C:\Windows\inf\ServiceModelService 3.0.0.0\0407\_ServiceModelServicePerfCounters_D.ini Taleb.Ransom.exe File opened for modification C:\Windows\Media\Characters\Windows Pop-up Blocked.wav Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\AppConfigHome.aspx.it.resx Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\es\System.ServiceModel.Install.Resources.dll Taleb.Ransom.exe File opened for modification C:\Windows\IME\IMESC5\DICTS\PINTLGCF.IMD Taleb.Ransom.exe File opened for modification C:\Windows\inf\usbcir.PNF Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Win32.Primitives.dll Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\netmemorycache.ini Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\addUser.aspx.fr.resx Taleb.Ransom.exe File opened for modification C:\Windows\Fonts\serifeg.fon Taleb.Ransom.exe File opened for modification C:\Windows\Globalization\ELS\Transliteration\malayalam-to-latin.nlt Taleb.Ransom.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0000000010\9.0.0\ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E Taleb.Ransom.exe File opened for modification C:\Windows\it-IT\bootfix.bin Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest Taleb.Ransom.exe File opened for modification C:\Windows\Help\Windows\es-ES\appman.h1s Taleb.Ransom.exe File opened for modification C:\Windows\inf\acpipmi.PNF Taleb.Ransom.exe File opened for modification C:\Windows\inf\netimm.inf Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v3.5\SQL\ja\SqlPersistenceProviderLogic.sql Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\legacy.web_mediumtrust.config Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\EditAppSetting.aspx.fr.resx Taleb.Ransom.exe File opened for modification C:\Windows\assembly\GAC_MSIL\System.Data.Services.resources\3.5.0.0_de_b77a5c561934e089\System.Data.Services.resources.dll Taleb.Ransom.exe File opened for modification C:\Windows\Boot\EFI\pl-PL\bootmgfw.efi.mui Taleb.Ransom.exe File opened for modification C:\Windows\Help\mui\0411\ipsecpolicy.CHM Taleb.Ransom.exe File opened for modification C:\Windows\Help\Windows\de-DE\basics2.h1s Taleb.Ransom.exe File opened for modification C:\Windows\Media\Garden\Windows Battery Low.wav Taleb.Ransom.exe File opened for modification C:\Windows\Cursors\up_m.cur Taleb.Ransom.exe File opened for modification C:\Windows\Help\Windows\it-IT\journal.h1s Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XPath\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XPath.dll Taleb.Ransom.exe File opened for modification C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.Resources\1.0.0.0_en_31bf3856ad364e35\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.resources.dll Taleb.Ransom.exe File opened for modification C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv14259fd9#\b6a1466f4c910dd8d83b4592bef36aff\System.ServiceModel.Activities.ni.dll Taleb.Ransom.exe File opened for modification C:\Windows\Help\Windows\it-IT\uap.h1s Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_LocalResources\navigationBar.ascx.it.resx Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Internals.aspx.fr.resx Taleb.Ransom.exe File opened for modification C:\Windows\Fonts\vgafix.fon Taleb.Ransom.exe File opened for modification C:\Windows\Help\Windows\en-US\sniptoo.h1s Taleb.Ransom.exe File opened for modification C:\Windows\Help\Windows\ja-JP\wu.h1s Taleb.Ransom.exe File opened for modification C:\Windows\inf\prnlx00b.PNF Taleb.Ransom.exe File opened for modification C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl\14.0.0.0__71e9bce111e9429c\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl.config Taleb.Ransom.exe File opened for modification C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\7f0531cbaadefd63fb9c1f7ae51fc668\Microsoft.CSharp.ni.dll Taleb.Ransom.exe File opened for modification C:\Windows\diagnostics\system\WindowsMediaPlayerMediaLibrary\en-US\CL_LocalizationData.psd1 Taleb.Ransom.exe File opened for modification C:\Windows\Fonts\mriam.ttf Taleb.Ransom.exe File opened for modification C:\Windows\Help\mui\0409\ipsecpolicy.CHM Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardInit.ascx Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql Taleb.Ransom.exe File opened for modification C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.1.0.0_ja_31bf3856ad364e35\microsoft.tpm.resources.dll Taleb.Ransom.exe File opened for modification C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Activities\39f02628df6b23733fbe777a55e7ffdc\System.Activities.ni.dll Taleb.Ransom.exe File opened for modification C:\Windows\diagnostics\system\WindowsMediaPlayerConfiguration\DiagPackage.dll Taleb.Ransom.exe File opened for modification C:\Windows\Help\Windows\it-IT\appman.h1s Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll Taleb.Ransom.exe File opened for modification C:\Windows\Help\Windows\es-ES\Windows.H1T Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.Management.dll Taleb.Ransom.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\DE\caspol.resources.dll Taleb.Ransom.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe -
Modifies registry class 11 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\TV_FolderType = "{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\TV_TopViewVersion = "0" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000_Classes\Local Settings explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2199625441-3471261906-229485034-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff explorer.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 9 IoCs
pid Process 1844 Taleb.Ransom.exe 1844 Taleb.Ransom.exe 1844 Taleb.Ransom.exe 1844 Taleb.Ransom.exe 1844 Taleb.Ransom.exe 1844 Taleb.Ransom.exe 1844 Taleb.Ransom.exe 1844 Taleb.Ransom.exe 1844 Taleb.Ransom.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 840 explorer.exe -
Suspicious use of AdjustPrivilegeToken 17 IoCs
description pid Process Token: SeShutdownPrivilege 840 explorer.exe Token: SeShutdownPrivilege 840 explorer.exe Token: SeShutdownPrivilege 840 explorer.exe Token: SeShutdownPrivilege 840 explorer.exe Token: SeShutdownPrivilege 840 explorer.exe Token: SeShutdownPrivilege 840 explorer.exe Token: SeShutdownPrivilege 840 explorer.exe Token: SeShutdownPrivilege 840 explorer.exe Token: SeShutdownPrivilege 840 explorer.exe Token: SeShutdownPrivilege 840 explorer.exe Token: SeShutdownPrivilege 840 explorer.exe Token: SeShutdownPrivilege 840 explorer.exe Token: SeShutdownPrivilege 840 explorer.exe Token: SeShutdownPrivilege 840 explorer.exe Token: SeShutdownPrivilege 840 explorer.exe Token: SeShutdownPrivilege 840 explorer.exe Token: SeShutdownPrivilege 840 explorer.exe -
Suspicious use of FindShellTrayWindow 30 IoCs
pid Process 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe -
Suspicious use of SendNotifyMessage 53 IoCs
pid Process 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe 840 explorer.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 840 explorer.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1844 wrote to memory of 816 1844 Taleb.Ransom.exe 28 PID 1844 wrote to memory of 816 1844 Taleb.Ransom.exe 28 PID 1844 wrote to memory of 816 1844 Taleb.Ransom.exe 28 PID 1844 wrote to memory of 816 1844 Taleb.Ransom.exe 28 PID 816 wrote to memory of 1756 816 cmd.exe 30 PID 816 wrote to memory of 1756 816 cmd.exe 30 PID 816 wrote to memory of 1756 816 cmd.exe 30 PID 816 wrote to memory of 1756 816 cmd.exe 30 PID 1756 wrote to memory of 556 1756 net.exe 31 PID 1756 wrote to memory of 556 1756 net.exe 31 PID 1756 wrote to memory of 556 1756 net.exe 31 PID 1756 wrote to memory of 556 1756 net.exe 31 PID 1844 wrote to memory of 392 1844 Taleb.Ransom.exe 32 PID 1844 wrote to memory of 392 1844 Taleb.Ransom.exe 32 PID 1844 wrote to memory of 392 1844 Taleb.Ransom.exe 32 PID 1844 wrote to memory of 392 1844 Taleb.Ransom.exe 32 PID 1844 wrote to memory of 2000 1844 Taleb.Ransom.exe 34 PID 1844 wrote to memory of 2000 1844 Taleb.Ransom.exe 34 PID 1844 wrote to memory of 2000 1844 Taleb.Ransom.exe 34 PID 1844 wrote to memory of 2000 1844 Taleb.Ransom.exe 34 PID 1844 wrote to memory of 2016 1844 Taleb.Ransom.exe 36 PID 1844 wrote to memory of 2016 1844 Taleb.Ransom.exe 36 PID 1844 wrote to memory of 2016 1844 Taleb.Ransom.exe 36 PID 1844 wrote to memory of 2016 1844 Taleb.Ransom.exe 36 PID 1844 wrote to memory of 1824 1844 Taleb.Ransom.exe 38 PID 1844 wrote to memory of 1824 1844 Taleb.Ransom.exe 38 PID 1844 wrote to memory of 1824 1844 Taleb.Ransom.exe 38 PID 1844 wrote to memory of 1824 1844 Taleb.Ransom.exe 38 PID 1824 wrote to memory of 1656 1824 cmd.exe 40 PID 1824 wrote to memory of 1656 1824 cmd.exe 40 PID 1824 wrote to memory of 1656 1824 cmd.exe 40 PID 1824 wrote to memory of 1656 1824 cmd.exe 40 PID 1656 wrote to memory of 1344 1656 net.exe 41 PID 1656 wrote to memory of 1344 1656 net.exe 41 PID 1656 wrote to memory of 1344 1656 net.exe 41 PID 1656 wrote to memory of 1344 1656 net.exe 41 PID 1844 wrote to memory of 1996 1844 Taleb.Ransom.exe 42 PID 1844 wrote to memory of 1996 1844 Taleb.Ransom.exe 42 PID 1844 wrote to memory of 1996 1844 Taleb.Ransom.exe 42 PID 1844 wrote to memory of 1996 1844 Taleb.Ransom.exe 42 PID 1996 wrote to memory of 1900 1996 cmd.exe 44 PID 1996 wrote to memory of 1900 1996 cmd.exe 44 PID 1996 wrote to memory of 1900 1996 cmd.exe 44 PID 1996 wrote to memory of 1900 1996 cmd.exe 44 PID 1900 wrote to memory of 316 1900 net.exe 45 PID 1900 wrote to memory of 316 1900 net.exe 45 PID 1900 wrote to memory of 316 1900 net.exe 45 PID 1900 wrote to memory of 316 1900 net.exe 45 PID 1844 wrote to memory of 1784 1844 Taleb.Ransom.exe 46 PID 1844 wrote to memory of 1784 1844 Taleb.Ransom.exe 46 PID 1844 wrote to memory of 1784 1844 Taleb.Ransom.exe 46 PID 1844 wrote to memory of 1784 1844 Taleb.Ransom.exe 46 PID 1784 wrote to memory of 1540 1784 cmd.exe 48 PID 1784 wrote to memory of 1540 1784 cmd.exe 48 PID 1784 wrote to memory of 1540 1784 cmd.exe 48 PID 1784 wrote to memory of 1540 1784 cmd.exe 48 PID 1540 wrote to memory of 1556 1540 net.exe 49 PID 1540 wrote to memory of 1556 1540 net.exe 49 PID 1540 wrote to memory of 1556 1540 net.exe 49 PID 1540 wrote to memory of 1556 1540 net.exe 49 PID 1844 wrote to memory of 840 1844 Taleb.Ransom.exe 50 PID 1844 wrote to memory of 840 1844 Taleb.Ransom.exe 50 PID 1844 wrote to memory of 840 1844 Taleb.Ransom.exe 50 PID 1844 wrote to memory of 840 1844 Taleb.Ransom.exe 50
Processes
-
C:\Users\Admin\AppData\Local\Temp\Taleb.Ransom.exe"C:\Users\Admin\AppData\Local\Temp\Taleb.Ransom.exe"1⤵
- Modifies extensions of user files
- Drops startup file
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1844 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c net stop MSDTC2⤵
- Suspicious use of WriteProcessMemory
PID:816 -
C:\Windows\SysWOW64\net.exenet stop MSDTC3⤵
- Suspicious use of WriteProcessMemory
PID:1756 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSDTC4⤵PID:556
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c bcdedit /set {default} bootstatuspolicy ignoreallfailures2⤵PID:392
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c bcdedit /set {default} recoveryenabled no2⤵PID:2000
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c wbadmin delete catalog -quiet2⤵PID:2016
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c net stop SQLSERVERAGENT2⤵
- Suspicious use of WriteProcessMemory
PID:1824 -
C:\Windows\SysWOW64\net.exenet stop SQLSERVERAGENT3⤵
- Suspicious use of WriteProcessMemory
PID:1656 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLSERVERAGENT4⤵PID:1344
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c net stop MSSQLSERVER2⤵
- Suspicious use of WriteProcessMemory
PID:1996 -
C:\Windows\SysWOW64\net.exenet stop MSSQLSERVER3⤵
- Suspicious use of WriteProcessMemory
PID:1900 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQLSERVER4⤵PID:316
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c net stop vds2⤵
- Suspicious use of WriteProcessMemory
PID:1784 -
C:\Windows\SysWOW64\net.exenet stop vds3⤵
- Suspicious use of WriteProcessMemory
PID:1540 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop vds4⤵PID:1556
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c netsh advfirewall set currentprofile state off2⤵PID:840
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall set currentprofile state off3⤵PID:2044
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c netsh firewall set opmode mode=disable2⤵PID:1504
-
C:\Windows\SysWOW64\netsh.exenetsh firewall set opmode mode=disable3⤵PID:832
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c net stop SQLWriter2⤵PID:1684
-
C:\Windows\SysWOW64\net.exenet stop SQLWriter3⤵PID:560
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLWriter4⤵PID:844
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c net stop SQLBrowser2⤵PID:1524
-
C:\Windows\SysWOW64\net.exenet stop SQLBrowser3⤵PID:1756
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLBrowser4⤵PID:1776
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c net stop MSSQLSERVER2⤵PID:1976
-
C:\Windows\SysWOW64\net.exenet stop MSSQLSERVER3⤵PID:1436
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQLSERVER4⤵PID:2000
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c net stop MSSQL$CONTOSO12⤵PID:1948
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$CONTOSO13⤵PID:1820
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$CONTOSO14⤵PID:308
-
-
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:1596
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x18c1⤵PID:844
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Drops desktop.ini file(s)
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:840
Network
-
Remote address:8.8.8.8:53Requestapi.my-ip.ioIN AResponseapi.my-ip.ioIN A172.67.193.226api.my-ip.ioIN A104.21.68.98
-
Remote address:172.67.193.226:443RequestGET /ip HTTP/1.1
Host: api.my-ip.io
Accept: */*
ResponseHTTP/1.1 200 OK
Date: Fri, 25 Mar 2022 07:00:43 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 12
Connection: keep-alive
Cache-Control: no-store,no-cache
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
pragma: no-cache
x-ip-type: IPv4
last-modified: Friday, 25-Mar-2022 07:00:43 GMT
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F5jTRMR1qUYU7gBHWj1iO6ULMyNoWd8%2F9ZRWz2tKoh1bp8R4QnfA5XDbsAxQeAy2n1ISs5otrm3CVhrvMnfgrwPgtvvcyzR8%2FVMC8xiuwE3wdsdfXzQq8ZM8udPDf5U%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6f15c5690acc7276-HAM
-
-
-
681 B 4.1kB 7 8
HTTP Request
GET https://api.my-ip.io/ipHTTP Response
200
