Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    1791s
  • max time network
    1163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    15/07/2023, 16:19 UTC

General

  • Target

    hitpaw-video-enhancer.exe

  • Size

    2.2MB

  • MD5

    2613687b43fb2e509fce47e8b0b2444d

  • SHA1

    e852da21c8c388edd4ed569d3be0fd63d9aa3897

  • SHA256

    640201ba830e9420516377b100409a490f0623a508b3085acc7e7ac721915f4f

  • SHA512

    d0ef88c6c3c87517957275d8ad2f06ff4aa6e98bd7a6020aca2ae524b98f2cb4a8519f1f6afe63e1832e8bbae4415c590121823d2a24d07aa2aa2c58a5f3c3eb

  • SSDEEP

    49152:5BfoNtu1abLX7EzIXXpT3yDeoOZdft+aXMEV8av5sW6aRHm1TN3zID:5BfBSHhZTCDeoOZPD8EVzRsWvRD

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\hitpaw-video-enhancer.exe
    "C:\Users\Admin\AppData\Local\Temp\hitpaw-video-enhancer.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2100

Network

  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.tenorshare.com
    hitpaw-video-enhancer.exe
    Remote address:
    8.8.8.8:53
    Request
    www.tenorshare.com
    IN A
    Response
    www.tenorshare.com
    IN CNAME
    www.tenorshare.com.cdn.cloudflare.net
    www.tenorshare.com.cdn.cloudflare.net
    IN A
    104.18.24.249
    www.tenorshare.com.cdn.cloudflare.net
    IN A
    104.18.25.249
  • flag-us
    GET
    http://www.tenorshare.com/downloads/service/softwarelog.txt
    hitpaw-video-enhancer.exe
    Remote address:
    104.18.24.249:80
    Request
    GET /downloads/service/softwarelog.txt HTTP/1.1
    Accept: */*
    Accept-Language: zh-cn
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MyIE2; .NET CLR 1.1.4322)
    Host: www.tenorshare.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 15 Jul 2023 16:19:27 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: keep-alive
    Location: https://www.tenorshare.com/downloads/service/softwarelog.txt
    CF-Cache-Status: DYNAMIC
    Set-Cookie: __cf_bm=YyUk5rmuuxZ07YfPay6xrdkWpfxcL8SlJcSEK0CB9FE-1689437967-0-AboJ065/whPdz4xyVouNeeotQxt2IJ/b/u7Z3ULgjQI17zvL4kjNrMgm2CjjvPoriIL+Zz/i1a4LYLbA+03XLaw=; path=/; expires=Sat, 15-Jul-23 16:49:27 GMT; domain=.tenorshare.com; HttpOnly; SameSite=None
    Set-Cookie: __cflb=0H28vTnsmZRERARmj9rgetyEAdpv4vfMRLpCcqkogZi; SameSite=Lax; path=/; expires=Sun, 16-Jul-23 15:19:27 GMT; HttpOnly
    Server: cloudflare
    CF-RAY: 7e7353bdd8eeb7ac-AMS
  • flag-us
    GET
    https://www.tenorshare.com/downloads/service/softwarelog.txt
    hitpaw-video-enhancer.exe
    Remote address:
    104.18.24.249:443
    Request
    GET /downloads/service/softwarelog.txt HTTP/1.1
    Accept: */*
    Accept-Language: zh-cn
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MyIE2; .NET CLR 1.1.4322)
    Cache-Control: no-cache
    Host: www.tenorshare.com
    Connection: Keep-Alive
    Cookie: __cf_bm=YyUk5rmuuxZ07YfPay6xrdkWpfxcL8SlJcSEK0CB9FE-1689437967-0-AboJ065/whPdz4xyVouNeeotQxt2IJ/b/u7Z3ULgjQI17zvL4kjNrMgm2CjjvPoriIL+Zz/i1a4LYLbA+03XLaw=; __cflb=0H28vTnsmZRERARmj9rgetyEAdpv4vfMRLpCcqkogZi
    Response
    HTTP/1.1 200 OK
    Date: Sat, 15 Jul 2023 16:19:27 GMT
    Content-Type: text/plain; charset=utf-8
    Content-Length: 5
    Connection: keep-alive
    Last-Modified: Mon, 21 Oct 2019 04:28:53 GMT
    ETag: "5dad3405-5"
    Accept-Ranges: bytes
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 7e7353c0dbd50b5e-AMS
  • flag-us
    DNS
    249.24.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    249.24.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    update.tenorshare.com
    hitpaw-video-enhancer.exe
    Remote address:
    8.8.8.8:53
    Request
    update.tenorshare.com
    IN A
    Response
    update.tenorshare.com
    IN CNAME
    update.tenorshare.com.cdn.cloudflare.net
    update.tenorshare.com.cdn.cloudflare.net
    IN A
    104.18.24.249
    update.tenorshare.com.cdn.cloudflare.net
    IN A
    104.18.25.249
  • flag-us
    DNS
    ip-api.com
    hitpaw-video-enhancer.exe
    Remote address:
    8.8.8.8:53
    Request
    ip-api.com
    IN A
    Response
    ip-api.com
    IN A
    208.95.112.1
  • flag-us
    GET
    http://ip-api.com/csv
    hitpaw-video-enhancer.exe
    Remote address:
    208.95.112.1:80
    Request
    GET /csv HTTP/1.1
    Accept: */*
    Accept-Language: zh-cn
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MyIE2; .NET CLR 1.1.4322)
    Host: ip-api.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Date: Sat, 15 Jul 2023 16:19:27 GMT
    Content-Type: text/plain; charset=utf-8
    Content-Length: 182
    Access-Control-Allow-Origin: *
    X-Ttl: 59
    X-Rl: 43
  • flag-de
    POST
    http://www.google-analytics.com/collect
    hitpaw-video-enhancer.exe
    Remote address:
    172.217.23.206:80
    Request
    POST /collect HTTP/1.1
    Host: www.google-analytics.com
    Accept: */*
    Accept-Encoding: identity
    Content-Length: 238
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Date: Sat, 15 Jul 2023 16:19:28 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    Last-Modified: Sun, 17 May 1998 03:00:00 GMT
    X-Content-Type-Options: nosniff
    Content-Type: image/gif
    Cross-Origin-Resource-Policy: cross-origin
    Server: Golfe2
    Content-Length: 35
  • flag-de
    POST
    http://www.google-analytics.com/collect
    hitpaw-video-enhancer.exe
    Remote address:
    172.217.23.206:80
    Request
    POST /collect HTTP/1.1
    Host: www.google-analytics.com
    Accept: */*
    Accept-Encoding: identity
    Content-Length: 247
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Date: Sat, 15 Jul 2023 16:19:28 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    Last-Modified: Sun, 17 May 1998 03:00:00 GMT
    X-Content-Type-Options: nosniff
    Content-Type: image/gif
    Cross-Origin-Resource-Policy: cross-origin
    Server: Golfe2
    Content-Length: 35
  • flag-de
    POST
    http://www.google-analytics.com/collect
    hitpaw-video-enhancer.exe
    Remote address:
    172.217.23.206:80
    Request
    POST /collect HTTP/1.1
    Host: www.google-analytics.com
    Accept: */*
    Accept-Encoding: identity
    Content-Length: 271
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Date: Sat, 15 Jul 2023 16:19:28 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    Last-Modified: Sun, 17 May 1998 03:00:00 GMT
    X-Content-Type-Options: nosniff
    Content-Type: image/gif
    Cross-Origin-Resource-Policy: cross-origin
    Server: Golfe2
    Content-Length: 35
  • flag-de
    POST
    http://www.google-analytics.com/collect
    hitpaw-video-enhancer.exe
    Remote address:
    172.217.23.206:80
    Request
    POST /collect HTTP/1.1
    Host: www.google-analytics.com
    Accept: */*
    Accept-Encoding: identity
    Content-Length: 253
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Date: Sat, 15 Jul 2023 16:19:28 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    Last-Modified: Sun, 17 May 1998 03:00:00 GMT
    X-Content-Type-Options: nosniff
    Content-Type: image/gif
    Cross-Origin-Resource-Policy: cross-origin
    Server: Golfe2
    Content-Length: 35
  • flag-de
    POST
    http://www.google-analytics.com/collect
    hitpaw-video-enhancer.exe
    Remote address:
    172.217.23.206:80
    Request
    POST /collect HTTP/1.1
    Host: www.google-analytics.com
    Accept: */*
    Accept-Encoding: identity
    Content-Length: 240
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Date: Sat, 15 Jul 2023 16:19:28 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    Last-Modified: Sun, 17 May 1998 03:00:00 GMT
    X-Content-Type-Options: nosniff
    Content-Type: image/gif
    Cross-Origin-Resource-Policy: cross-origin
    Server: Golfe2
    Content-Length: 35
  • flag-de
    POST
    http://www.google-analytics.com/collect
    hitpaw-video-enhancer.exe
    Remote address:
    172.217.23.206:80
    Request
    POST /collect HTTP/1.1
    Host: www.google-analytics.com
    Accept: */*
    Accept-Encoding: identity
    Content-Length: 252
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Date: Sat, 15 Jul 2023 16:19:28 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    Last-Modified: Sun, 17 May 1998 03:00:00 GMT
    X-Content-Type-Options: nosniff
    Content-Type: image/gif
    Cross-Origin-Resource-Policy: cross-origin
    Server: Golfe2
    Content-Length: 35
  • flag-de
    POST
    http://www.google-analytics.com/collect
    hitpaw-video-enhancer.exe
    Remote address:
    172.217.23.206:80
    Request
    POST /collect HTTP/1.1
    Host: www.google-analytics.com
    Accept: */*
    Accept-Encoding: identity
    Content-Length: 278
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Date: Sat, 15 Jul 2023 16:19:28 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    Last-Modified: Sun, 17 May 1998 03:00:00 GMT
    X-Content-Type-Options: nosniff
    Content-Type: image/gif
    Cross-Origin-Resource-Policy: cross-origin
    Server: Golfe2
    Content-Length: 35
  • flag-de
    POST
    http://www.google-analytics.com/collect
    hitpaw-video-enhancer.exe
    Remote address:
    172.217.23.206:80
    Request
    POST /collect HTTP/1.1
    Host: www.google-analytics.com
    Accept: */*
    Accept-Encoding: identity
    Content-Length: 278
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Date: Sat, 15 Jul 2023 16:19:28 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    Last-Modified: Sun, 17 May 1998 03:00:00 GMT
    X-Content-Type-Options: nosniff
    Content-Type: image/gif
    Cross-Origin-Resource-Policy: cross-origin
    Server: Golfe2
    Content-Length: 35
  • flag-de
    POST
    http://www.google-analytics.com/collect
    hitpaw-video-enhancer.exe
    Remote address:
    172.217.23.206:80
    Request
    POST /collect HTTP/1.1
    Host: www.google-analytics.com
    Accept: */*
    Accept-Encoding: identity
    Content-Length: 247
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Date: Sat, 15 Jul 2023 16:19:28 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    Last-Modified: Sun, 17 May 1998 03:00:00 GMT
    X-Content-Type-Options: nosniff
    Content-Type: image/gif
    Cross-Origin-Resource-Policy: cross-origin
    Server: Golfe2
    Content-Length: 35
  • flag-de
    POST
    http://www.google-analytics.com/collect
    hitpaw-video-enhancer.exe
    Remote address:
    172.217.23.206:80
    Request
    POST /collect HTTP/1.1
    Host: www.google-analytics.com
    Accept: */*
    Accept-Encoding: identity
    Content-Length: 259
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Date: Sat, 15 Jul 2023 16:19:28 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    Last-Modified: Sun, 17 May 1998 03:00:00 GMT
    X-Content-Type-Options: nosniff
    Content-Type: image/gif
    Cross-Origin-Resource-Policy: cross-origin
    Server: Golfe2
    Content-Length: 35
  • flag-de
    POST
    http://www.google-analytics.com/collect
    hitpaw-video-enhancer.exe
    Remote address:
    172.217.23.206:80
    Request
    POST /collect HTTP/1.1
    Host: www.google-analytics.com
    Accept: */*
    Accept-Encoding: identity
    Content-Length: 245
    Content-Type: application/x-www-form-urlencoded
    Response
    HTTP/1.1 200 OK
    Access-Control-Allow-Origin: *
    Date: Sat, 15 Jul 2023 16:19:31 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-cache, no-store, must-revalidate
    Last-Modified: Sun, 17 May 1998 03:00:00 GMT
    X-Content-Type-Options: nosniff
    Content-Type: image/gif
    Cross-Origin-Resource-Policy: cross-origin
    Server: Golfe2
    Content-Length: 35
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    1.112.95.208.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.112.95.208.in-addr.arpa
    IN PTR
    Response
    1.112.95.208.in-addr.arpa
    IN PTR
    ip-apicom
  • flag-us
    DNS
    206.23.217.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.217.172.in-addr.arpa
    IN PTR
    Response
    206.23.217.172.in-addr.arpa
    IN PTR
    prg03s05-in-f2061e100net
    206.23.217.172.in-addr.arpa
    IN PTR
    prg03s05-in-f14�J
    206.23.217.172.in-addr.arpa
    IN PTR
    ams16s37-in-f14�J
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.81.21.72.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.81.21.72.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    226.162.46.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.162.46.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    69.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    69.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.57.101.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.57.101.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.99.105.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.99.105.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.8.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.8.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    8.3.197.209.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.3.197.209.in-addr.arpa
    IN PTR
    Response
    8.3.197.209.in-addr.arpa
    IN PTR
    vip0x008map2sslhwcdnnet
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    216.74.101.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    216.74.101.95.in-addr.arpa
    IN PTR
    Response
    216.74.101.95.in-addr.arpa
    IN PTR
    a95-101-74-216deploystaticakamaitechnologiescom
  • flag-us
    DNS
    131.72.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    131.72.42.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    131.72.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    131.72.42.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    assets.msn.com
    Remote address:
    8.8.8.8:53
    Request
    assets.msn.com
    IN A
    Response
    assets.msn.com
    IN CNAME
    assets.msn.com.edgekey.net
    assets.msn.com.edgekey.net
    IN CNAME
    e28578.d.akamaiedge.net
    e28578.d.akamaiedge.net
    IN A
    2.19.194.72
    e28578.d.akamaiedge.net
    IN A
    2.19.194.121
  • flag-us
    DNS
    assets.msn.com
    Remote address:
    8.8.8.8:53
    Request
    assets.msn.com
    IN A
    Response
    assets.msn.com
    IN CNAME
    assets.msn.com.edgekey.net
    assets.msn.com.edgekey.net
    IN CNAME
    e28578.d.akamaiedge.net
    e28578.d.akamaiedge.net
    IN A
    2.19.194.72
    e28578.d.akamaiedge.net
    IN A
    2.19.194.121
  • flag-nl
    GET
    https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=0dc0086c-7599-413f-b9f8-d261278775b3&ocid=windows-windowsShell-feeds&user=m-70c31f41647e46938fbaa0e2f28afd05&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=es-ES&caller=bgtask
    Remote address:
    2.19.194.72:443
    Request
    GET /serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=0dc0086c-7599-413f-b9f8-d261278775b3&ocid=windows-windowsShell-feeds&user=m-70c31f41647e46938fbaa0e2f28afd05&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=es-ES&caller=bgtask HTTP/2.0
    host: assets.msn.com
    x-search-account: None
    accept-encoding: gzip, deflate
    x-device-machineid: {4F901D09-C7B3-4142-BC6B-116CA1F2D68B}
    x-userageclass: Unknown
    x-bm-market: ES
    x-bm-dateformat: dd/MM/yyyy
    x-device-ossku: 48
    x-bm-dtz: 0
    x-deviceid: 0100B2E609000CC3
    x-bm-windowsflights: FX:119E26AD,FX:11D898D7,FX:11DB147C,FX:11DE505A,FX:11E11E97,FX:11E3E2BA,FX:11E50151,FX:11E9EE98,FX:11F1992A,FX:11F4161E,FX:11F41B68,FX:11FB0F2F,FX:1201B330,FX:1202B7FC,FX:120BB68E,FX:121A20E1,FX:121BF15F,FX:121E5EC8,FX:122D8E86,FX:123031A3,FX:1231B88B,FX:123371B1,FX:1233C945,FX:123D7C31,FX:1240013C,FX:1246E4A3,FX:1248306D,FX:124B38D0,FX:1250080B,FX:125A7FDA,FX:1264FA75,FX:126DBC22,FX:127159BE,FX:12769734,FX:127C935B,FX:127DC03A,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5
    sitename: www.msn.com
    x-bm-theme: 000000;0078d7
    muid: 70C31F41647E46938FBAA0E2F28AFD05
    x-agent-deviceid: 0100B2E609000CC3
    x-bm-onlinesearchdisabled: true
    x-bm-cbt: 1689438493
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    x-device-isoptin: false
    accept-language: es-ES, es, en-US, en
    x-device-touch: false
    x-device-clientsession: 63527EF7D253454687EF0FFBE7E9717B
    cookie: MUID=70C31F41647E46938FBAA0E2F28AFD05
    Response
    HTTP/2.0 200
    content-type: application/json; charset=utf-8
    server: Kestrel
    access-control-allow-credentials: true
    access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
    access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
    access-control-allow-origin: *.msn.com
    access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
    content-encoding: gzip
    ddd-authenticatedwithjwtflow: False
    ddd-usertype: AnonymousMuid
    ddd-tmpl: daucoldcap:1;partialResponse:1;coldStartUpsell:1;winbadge:1;coldStart:1;lowC:0;lowT:0;tbn:0
    x-wpo-activityid: D19C008F-A444-4CAC-B1EB-809B431BE8CB|2023-07-15T16:28:15.2019525Z|fabric:/wpo|WEU|WPO_80
    ddd-feednewsitemcount: 0
    ddd-activityid: d19c008f-a444-4cac-b1eb-809b431be8cb
    ddd-strategyexecutionlatency: 00:00:00.1897928
    ddd-debugid: d19c008f-a444-4cac-b1eb-809b431be8cb|2023-07-15T16:28:15.2125040Z|fabric:/winfeed|WEU|WinFeed_207
    onewebservicelatency: 190
    x-msedge-responseinfo: 190
    x-ceto-ref: 64b2c91f5b054f29a66c2460c07d445c|2023-07-15T16:28:15.017Z
    expires: Sat, 15 Jul 2023 16:28:15 GMT
    date: Sat, 15 Jul 2023 16:28:15 GMT
    content-length: 3513
    akamai-request-bc: [a=2.19.194.68,b=1013928430,c=g,n=NL__AMSTERDAM,o=20940],[a=20.23.114.34,c=o]
    server-timing: clientrtt; dur=32, clienttt; dur=196, origin; dur=196 , cdntime; dur=0
    akamai-cache-status: Miss from child
    akamai-server-ip: 2.19.194.68
    akamai-request-id: 3c6f51ee
    x-as-suppresssetcookie: 1
    cache-control: private, max-age=0
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
    timing-allow-origin: *
    vary: Origin
  • flag-us
    DNS
    72.194.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.194.19.2.in-addr.arpa
    IN PTR
    Response
    72.194.19.2.in-addr.arpa
    IN PTR
    a2-19-194-72deploystaticakamaitechnologiescom
  • flag-us
    DNS
    72.194.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.194.19.2.in-addr.arpa
    IN PTR
    Response
    72.194.19.2.in-addr.arpa
    IN PTR
    a2-19-194-72deploystaticakamaitechnologiescom
  • 104.18.24.249:80
    http://www.tenorshare.com/downloads/service/softwarelog.txt
    http
    hitpaw-video-enhancer.exe
    583 B
    1.2kB
    7
    5

    HTTP Request

    GET http://www.tenorshare.com/downloads/service/softwarelog.txt

    HTTP Response

    301
  • 104.18.24.249:443
    https://www.tenorshare.com/downloads/service/softwarelog.txt
    tls, http
    hitpaw-video-enhancer.exe
    1.3kB
    4.9kB
    12
    9

    HTTP Request

    GET https://www.tenorshare.com/downloads/service/softwarelog.txt

    HTTP Response

    200
  • 104.18.24.249:443
    update.tenorshare.com
    tls
    hitpaw-video-enhancer.exe
    1.3kB
    5.6kB
    11
    12
  • 208.95.112.1:80
    http://ip-api.com/csv
    http
    hitpaw-video-enhancer.exe
    453 B
    525 B
    5
    4

    HTTP Request

    GET http://ip-api.com/csv

    HTTP Response

    200
  • 172.217.23.206:80
    http://www.google-analytics.com/collect
    http
    hitpaw-video-enhancer.exe
    5.3kB
    5.2kB
    16
    14

    HTTP Request

    POST http://www.google-analytics.com/collect

    HTTP Response

    200

    HTTP Request

    POST http://www.google-analytics.com/collect

    HTTP Response

    200

    HTTP Request

    POST http://www.google-analytics.com/collect

    HTTP Response

    200

    HTTP Request

    POST http://www.google-analytics.com/collect

    HTTP Response

    200

    HTTP Request

    POST http://www.google-analytics.com/collect

    HTTP Response

    200

    HTTP Request

    POST http://www.google-analytics.com/collect

    HTTP Response

    200

    HTTP Request

    POST http://www.google-analytics.com/collect

    HTTP Response

    200

    HTTP Request

    POST http://www.google-analytics.com/collect

    HTTP Response

    200

    HTTP Request

    POST http://www.google-analytics.com/collect

    HTTP Response

    200

    HTTP Request

    POST http://www.google-analytics.com/collect

    HTTP Response

    200

    HTTP Request

    POST http://www.google-analytics.com/collect

    HTTP Response

    200
  • 2.19.194.72:443
    https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=0dc0086c-7599-413f-b9f8-d261278775b3&ocid=windows-windowsShell-feeds&user=m-70c31f41647e46938fbaa0e2f28afd05&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=es-ES&caller=bgtask
    tls, http2
    2.7kB
    12.6kB
    22
    20

    HTTP Request

    GET https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=0dc0086c-7599-413f-b9f8-d261278775b3&ocid=windows-windowsShell-feeds&user=m-70c31f41647e46938fbaa0e2f28afd05&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=es-ES&caller=bgtask

    HTTP Response

    200
  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    www.tenorshare.com
    dns
    hitpaw-video-enhancer.exe
    64 B
    147 B
    1
    1

    DNS Request

    www.tenorshare.com

    DNS Response

    104.18.24.249
    104.18.25.249

  • 8.8.8.8:53
    249.24.18.104.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    249.24.18.104.in-addr.arpa

  • 8.8.8.8:53
    update.tenorshare.com
    dns
    hitpaw-video-enhancer.exe
    67 B
    153 B
    1
    1

    DNS Request

    update.tenorshare.com

    DNS Response

    104.18.24.249
    104.18.25.249

  • 8.8.8.8:53
    ip-api.com
    dns
    hitpaw-video-enhancer.exe
    56 B
    72 B
    1
    1

    DNS Request

    ip-api.com

    DNS Response

    208.95.112.1

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    1.112.95.208.in-addr.arpa
    dns
    71 B
    95 B
    1
    1

    DNS Request

    1.112.95.208.in-addr.arpa

  • 8.8.8.8:53
    206.23.217.172.in-addr.arpa
    dns
    73 B
    173 B
    1
    1

    DNS Request

    206.23.217.172.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    240.81.21.72.in-addr.arpa
    dns
    71 B
    142 B
    1
    1

    DNS Request

    240.81.21.72.in-addr.arpa

  • 8.8.8.8:53
    226.162.46.104.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    226.162.46.104.in-addr.arpa

  • 8.8.8.8:53
    69.31.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    69.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    9.57.101.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    9.57.101.20.in-addr.arpa

  • 8.8.8.8:53
    58.99.105.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    58.99.105.20.in-addr.arpa

  • 8.8.8.8:53
    86.8.109.52.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    86.8.109.52.in-addr.arpa

  • 8.8.8.8:53
    8.3.197.209.in-addr.arpa
    dns
    70 B
    111 B
    1
    1

    DNS Request

    8.3.197.209.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    216.74.101.95.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    216.74.101.95.in-addr.arpa

  • 8.8.8.8:53
    131.72.42.20.in-addr.arpa
    dns
    142 B
    314 B
    2
    2

    DNS Request

    131.72.42.20.in-addr.arpa

    DNS Request

    131.72.42.20.in-addr.arpa

  • 8.8.8.8:53
    assets.msn.com
    dns
    120 B
    332 B
    2
    2

    DNS Request

    assets.msn.com

    DNS Request

    assets.msn.com

    DNS Response

    2.19.194.72
    2.19.194.121

    DNS Response

    2.19.194.72
    2.19.194.121

  • 8.8.8.8:53
    72.194.19.2.in-addr.arpa
    dns
    140 B
    266 B
    2
    2

    DNS Request

    72.194.19.2.in-addr.arpa

    DNS Request

    72.194.19.2.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2100-133-0x0000000000400000-0x00000000008AD000-memory.dmp

    Filesize

    4.7MB

  • memory/2100-137-0x0000000000400000-0x00000000008AD000-memory.dmp

    Filesize

    4.7MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.