Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    147s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2023, 17:35 UTC

General

  • Target

    1a306aed8c1f9da61606ce1edb133ee6_JC.exe

  • Size

    220KB

  • MD5

    1a306aed8c1f9da61606ce1edb133ee6

  • SHA1

    bef581bb9cb5dcf77d7851d972be5a84e7cb45d6

  • SHA256

    7899680f19eb277229c9f463aab1bb4af99cc1a063068efbcc2f752012754a5b

  • SHA512

    342d8ee7d9ce977adfb0ec0fb6e23fecca1b5f036436c5fcfd7f86b1466a018b5691c360b7a82c05d18b1c5379c318667025acfdc0f089e162807fae09ec5502

  • SSDEEP

    1536:wMASiLNFZdO/ssgbBd6DeT9BbUbJesmW8eYGdisdZtxjwiiGaWAajzaks6cGjxH:w3vO/0seX2gQisLzwivaW/HaMjxH

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

  • Executes dropped EXE 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Modifies Internet Explorer settings 1 TTPs 51 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe
      C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:1432
      • C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe
        C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:1212
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1984
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:17410 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2748
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2112
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4832

Network

  • flag-us
    DNS
    68.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    254.209.247.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    254.209.247.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    api.bing.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
    Response
    api.bing.com
    IN CNAME
    api-bing-com.e-0001.e-msedge.net
    api-bing-com.e-0001.e-msedge.net
    IN CNAME
    e-0001.e-msedge.net
    e-0001.e-msedge.net
    IN A
    13.107.5.80
  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    126.211.247.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    126.211.247.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.81.21.72.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.81.21.72.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    126.20.238.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    126.20.238.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301143_11K66B0WIWZ9F4H58&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301143_11K66B0WIWZ9F4H58&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 273239
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 072C2A8794AB4A458B3526BBBB1467D6 Ref B: DUS30EDGE0411 Ref C: 2023-10-05T17:37:21Z
    date: Thu, 05 Oct 2023 17:37:20 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301276_1FHQU2O53GKUUYZPS&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301276_1FHQU2O53GKUUYZPS&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 203137
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8C18E14627FB42E5B053B57120A9B693 Ref B: DUS30EDGE0411 Ref C: 2023-10-05T17:37:21Z
    date: Thu, 05 Oct 2023 17:37:20 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301506_1F0FLOT3FW11VH0B0&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301506_1F0FLOT3FW11VH0B0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 488784
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3929C5E1A08940C49EF1C5C7529BA1D5 Ref B: DUS30EDGE0411 Ref C: 2023-10-05T17:37:21Z
    date: Thu, 05 Oct 2023 17:37:20 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301073_18LC40ETNMF8SEVBD&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301073_18LC40ETNMF8SEVBD&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 547436
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C297664642B7470F9F62676A48A3CFB9 Ref B: DUS30EDGE0411 Ref C: 2023-10-05T17:37:21Z
    date: Thu, 05 Oct 2023 17:37:20 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301552_1IFO1SSFDEAP7NXRO&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301552_1IFO1SSFDEAP7NXRO&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 297105
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E95CB0F31A6C4A24BE6B5FC60EB21F8F Ref B: DUS30EDGE0411 Ref C: 2023-10-05T17:37:21Z
    date: Thu, 05 Oct 2023 17:37:20 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301685_171YK8L2RNOTOWUB0&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301685_171YK8L2RNOTOWUB0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 203882
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 53926AACF9EE4F4B9CB1C32DC0A62220 Ref B: DUS30EDGE0411 Ref C: 2023-10-05T17:37:22Z
    date: Thu, 05 Oct 2023 17:37:22 GMT
  • flag-us
    DNS
    6.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    6.173.189.20.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls, http2
    iexplore.exe
    1.2kB
    8.3kB
    15
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301685_171YK8L2RNOTOWUB0&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    70.9kB
    2.1MB
    1516
    1511

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301143_11K66B0WIWZ9F4H58&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301276_1FHQU2O53GKUUYZPS&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301506_1F0FLOT3FW11VH0B0&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301073_18LC40ETNMF8SEVBD&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301552_1IFO1SSFDEAP7NXRO&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301685_171YK8L2RNOTOWUB0&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.3kB
    16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.3kB
    16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
    8.3kB
    17
    15
  • 8.8.8.8:53
    68.159.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    68.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    254.209.247.8.in-addr.arpa
    dns
    72 B
    126 B
    1
    1

    DNS Request

    254.209.247.8.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    api.bing.com
    dns
    iexplore.exe
    58 B
    134 B
    1
    1

    DNS Request

    api.bing.com

    DNS Response

    13.107.5.80

  • 8.8.8.8:53
    208.194.73.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    208.194.73.20.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    126.211.247.8.in-addr.arpa
    dns
    72 B
    126 B
    1
    1

    DNS Request

    126.211.247.8.in-addr.arpa

  • 8.8.8.8:53
    200.81.21.72.in-addr.arpa
    dns
    71 B
    142 B
    1
    1

    DNS Request

    200.81.21.72.in-addr.arpa

  • 8.8.8.8:53
    126.20.238.8.in-addr.arpa
    dns
    71 B
    125 B
    1
    1

    DNS Request

    126.20.238.8.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
    106 B
    1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    173 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    6.173.189.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    6.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{94B53595-63A5-11EE-9359-CA4DF275542E}.dat

    Filesize

    5KB

    MD5

    ee32cd408e808cbf0156aab7fb30eaa0

    SHA1

    42b57dd2d3589c7e60e42ba8b69d86ec36c94908

    SHA256

    93bf8f81010541208a809dc2f8e0fa9027c7579db609bd4e2724962596fbd4f6

    SHA512

    df9e38c824a15ccf90922c26883f59cb3a6515704cb78298003763410aecde8952a8f49b23b143b25f9971340eaed0324be8ff544fb8bbb692188ed40e6a1813

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{94B797C2-63A5-11EE-9359-CA4DF275542E}.dat

    Filesize

    4KB

    MD5

    a6241ce7f37f8b5d83661ad1608adcdb

    SHA1

    633c7e110bf5861b36e2c89fac44cef2bddde5c3

    SHA256

    8b35b8419f0f6f8b7fb1eccdf8c70350e66e5e51076f44bb908740bd4cc7b75c

    SHA512

    a23263dd08ba2c2530d5e674f486858a1ad7a3af609c522fd1ce6008fdde9f409f91b5771efdc5756dc1281a2d8379dcd91a5c7dff257a1cebeff60aa835ac50

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver4CE3.tmp

    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7A5L91DP\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe

    Filesize

    184KB

    MD5

    4cefc6da56aea9fa5fdcfd9f05cd479b

    SHA1

    aa428bff48c4e4cf3599311609bd28cf5d89fa44

    SHA256

    31b286fa56ef6991ba8575c00d7fbd1d585bcd6f68369b31f46c0246c31f8d33

    SHA512

    71282cb46e762377d74dc2681de5bd92e0b4d50b857f049d9dc06e5545f2a4530bd890a45ddfe11f8657a90935a0bc9ffdc08a09b28c9960b42b6dcae69fc24d

  • C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe

    Filesize

    184KB

    MD5

    4cefc6da56aea9fa5fdcfd9f05cd479b

    SHA1

    aa428bff48c4e4cf3599311609bd28cf5d89fa44

    SHA256

    31b286fa56ef6991ba8575c00d7fbd1d585bcd6f68369b31f46c0246c31f8d33

    SHA512

    71282cb46e762377d74dc2681de5bd92e0b4d50b857f049d9dc06e5545f2a4530bd890a45ddfe11f8657a90935a0bc9ffdc08a09b28c9960b42b6dcae69fc24d

  • C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe

    Filesize

    91KB

    MD5

    551161ba25d6c58cf6a4afe7587f7dcb

    SHA1

    3f36d947c0d082433bb121a9914b4841ffbfb5af

    SHA256

    f676ab20252c6ff437c7e3db1a8a3875715bf1a5a59812439f296cb5cd724b58

    SHA512

    f68a52bcfafccaf9b4390f7cdd9a57544d82a1f41656aeaf98f46ddc0198e636a790088cf8b734244cc5144a00704a8430e469c46284387d04c5a38cba17b00e

  • C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe

    Filesize

    91KB

    MD5

    551161ba25d6c58cf6a4afe7587f7dcb

    SHA1

    3f36d947c0d082433bb121a9914b4841ffbfb5af

    SHA256

    f676ab20252c6ff437c7e3db1a8a3875715bf1a5a59812439f296cb5cd724b58

    SHA512

    f68a52bcfafccaf9b4390f7cdd9a57544d82a1f41656aeaf98f46ddc0198e636a790088cf8b734244cc5144a00704a8430e469c46284387d04c5a38cba17b00e

  • memory/1212-15-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/1212-13-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

  • memory/1212-12-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

  • memory/1212-17-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/1212-18-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

  • memory/1212-20-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/1212-22-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/1212-27-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/1212-26-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/1212-30-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/1384-11-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

  • memory/1384-0-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

  • memory/1432-9-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

  • memory/1432-37-0x0000000077422000-0x0000000077423000-memory.dmp

    Filesize

    4KB

  • memory/1432-34-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

  • memory/1432-32-0x0000000077422000-0x0000000077423000-memory.dmp

    Filesize

    4KB

  • memory/1432-31-0x0000000000060000-0x0000000000061000-memory.dmp

    Filesize

    4KB

  • memory/1432-5-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.