Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
05/10/2023, 17:35 UTC
Static task
static1
Behavioral task
behavioral1
Sample
1a306aed8c1f9da61606ce1edb133ee6_JC.exe
Resource
win7-20230831-en
General
-
Target
1a306aed8c1f9da61606ce1edb133ee6_JC.exe
-
Size
220KB
-
MD5
1a306aed8c1f9da61606ce1edb133ee6
-
SHA1
bef581bb9cb5dcf77d7851d972be5a84e7cb45d6
-
SHA256
7899680f19eb277229c9f463aab1bb4af99cc1a063068efbcc2f752012754a5b
-
SHA512
342d8ee7d9ce977adfb0ec0fb6e23fecca1b5f036436c5fcfd7f86b1466a018b5691c360b7a82c05d18b1c5379c318667025acfdc0f089e162807fae09ec5502
-
SSDEEP
1536:wMASiLNFZdO/ssgbBd6DeT9BbUbJesmW8eYGdisdZtxjwiiGaWAajzaks6cGjxH:w3vO/0seX2gQisLzwivaW/HaMjxH
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 1432 1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe 1212 1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe -
resource yara_rule behavioral2/memory/1212-15-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral2/memory/1212-17-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral2/memory/1212-20-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral2/memory/1212-22-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral2/memory/1212-27-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral2/memory/1212-26-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral2/memory/1212-30-0x0000000000400000-0x000000000041A000-memory.dmp upx behavioral2/memory/1432-34-0x0000000000400000-0x0000000000439000-memory.dmp upx -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31061938" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1766123416" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1813623277" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31061938" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1766123416" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1766279703" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{94B797C2-63A5-11EE-9359-CA4DF275542E} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31061938" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31061938" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1766279703" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403292310" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{94B53595-63A5-11EE-9359-CA4DF275542E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31061938" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31061938" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1813623277" IEXPLORE.EXE -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 1432 1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe 1212 1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe 1212 1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe 1432 1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe 1432 1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe 1432 1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe 1212 1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe 1212 1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe 1432 1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe 1212 1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe 1212 1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe 1432 1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe 1212 1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe 1432 1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe 1212 1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe 1432 1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2112 iexplore.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 1432 1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe Token: SeDebugPrivilege 1212 1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 1984 iexplore.exe 2112 iexplore.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
pid Process 2112 iexplore.exe 2112 iexplore.exe 1984 iexplore.exe 1984 iexplore.exe 2748 IEXPLORE.EXE 2748 IEXPLORE.EXE 4832 IEXPLORE.EXE 4832 IEXPLORE.EXE 4832 IEXPLORE.EXE 4832 IEXPLORE.EXE -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1212 1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe 1432 1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe -
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 1384 wrote to memory of 1432 1384 1a306aed8c1f9da61606ce1edb133ee6_JC.exe 85 PID 1384 wrote to memory of 1432 1384 1a306aed8c1f9da61606ce1edb133ee6_JC.exe 85 PID 1384 wrote to memory of 1432 1384 1a306aed8c1f9da61606ce1edb133ee6_JC.exe 85 PID 1432 wrote to memory of 1212 1432 1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe 86 PID 1432 wrote to memory of 1212 1432 1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe 86 PID 1432 wrote to memory of 1212 1432 1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe 86 PID 1432 wrote to memory of 2112 1432 1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe 87 PID 1432 wrote to memory of 2112 1432 1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe 87 PID 1212 wrote to memory of 1984 1212 1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe 88 PID 1212 wrote to memory of 1984 1212 1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe 88 PID 1984 wrote to memory of 2748 1984 iexplore.exe 91 PID 1984 wrote to memory of 2748 1984 iexplore.exe 91 PID 1984 wrote to memory of 2748 1984 iexplore.exe 91 PID 2112 wrote to memory of 4832 2112 iexplore.exe 92 PID 2112 wrote to memory of 4832 2112 iexplore.exe 92 PID 2112 wrote to memory of 4832 2112 iexplore.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JC.exe"C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1384 -
C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exeC:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgr.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1432 -
C:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exeC:\Users\Admin\AppData\Local\Temp\1a306aed8c1f9da61606ce1edb133ee6_JCmgrmgr.exe3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1212 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1984 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:17410 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2748
-
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:17410 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4832
-
-
-
Network
-
Remote address:8.8.8.8:53Request68.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request254.209.247.8.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request41.110.16.96.in-addr.arpaIN PTRResponse41.110.16.96.in-addr.arpaIN PTRa96-16-110-41deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request158.240.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestapi.bing.comIN AResponseapi.bing.comIN CNAMEapi-bing-com.e-0001.e-msedge.netapi-bing-com.e-0001.e-msedge.netIN CNAMEe-0001.e-msedge.nete-0001.e-msedge.netIN A13.107.5.80
-
Remote address:8.8.8.8:53Request208.194.73.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request126.211.247.8.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request200.81.21.72.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request126.20.238.8.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301143_11K66B0WIWZ9F4H58&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301143_11K66B0WIWZ9F4H58&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 273239
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 072C2A8794AB4A458B3526BBBB1467D6 Ref B: DUS30EDGE0411 Ref C: 2023-10-05T17:37:21Z
date: Thu, 05 Oct 2023 17:37:20 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301276_1FHQU2O53GKUUYZPS&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301276_1FHQU2O53GKUUYZPS&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 203137
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8C18E14627FB42E5B053B57120A9B693 Ref B: DUS30EDGE0411 Ref C: 2023-10-05T17:37:21Z
date: Thu, 05 Oct 2023 17:37:20 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301506_1F0FLOT3FW11VH0B0&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301506_1F0FLOT3FW11VH0B0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 488784
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3929C5E1A08940C49EF1C5C7529BA1D5 Ref B: DUS30EDGE0411 Ref C: 2023-10-05T17:37:21Z
date: Thu, 05 Oct 2023 17:37:20 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301073_18LC40ETNMF8SEVBD&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301073_18LC40ETNMF8SEVBD&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 547436
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C297664642B7470F9F62676A48A3CFB9 Ref B: DUS30EDGE0411 Ref C: 2023-10-05T17:37:21Z
date: Thu, 05 Oct 2023 17:37:20 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301552_1IFO1SSFDEAP7NXRO&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301552_1IFO1SSFDEAP7NXRO&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 297105
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E95CB0F31A6C4A24BE6B5FC60EB21F8F Ref B: DUS30EDGE0411 Ref C: 2023-10-05T17:37:21Z
date: Thu, 05 Oct 2023 17:37:20 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301685_171YK8L2RNOTOWUB0&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301685_171YK8L2RNOTOWUB0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 203882
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 53926AACF9EE4F4B9CB1C32DC0A62220 Ref B: DUS30EDGE0411 Ref C: 2023-10-05T17:37:22Z
date: Thu, 05 Oct 2023 17:37:22 GMT
-
Remote address:8.8.8.8:53Request6.173.189.20.in-addr.arpaIN PTRResponse
-
1.2kB 8.3kB 15 14
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317301685_171YK8L2RNOTOWUB0&pid=21.2&w=1080&h=1920&c=4tls, http270.9kB 2.1MB 1516 1511
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301143_11K66B0WIWZ9F4H58&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301276_1FHQU2O53GKUUYZPS&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301506_1F0FLOT3FW11VH0B0&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301073_18LC40ETNMF8SEVBD&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301552_1IFO1SSFDEAP7NXRO&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301685_171YK8L2RNOTOWUB0&pid=21.2&w=1080&h=1920&c=4HTTP Response
200 -
1.2kB 8.3kB 16 14
-
1.2kB 8.3kB 16 14
-
1.3kB 8.3kB 17 15
-
72 B 158 B 1 1
DNS Request
68.159.190.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
241.154.82.20.in-addr.arpa
-
72 B 126 B 1 1
DNS Request
254.209.247.8.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
41.110.16.96.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
158.240.127.40.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
43.58.199.20.in-addr.arpa
-
58 B 134 B 1 1
DNS Request
api.bing.com
DNS Response
13.107.5.80
-
72 B 158 B 1 1
DNS Request
208.194.73.20.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
86.23.85.13.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
72 B 126 B 1 1
DNS Request
126.211.247.8.in-addr.arpa
-
71 B 142 B 1 1
DNS Request
200.81.21.72.in-addr.arpa
-
71 B 125 B 1 1
DNS Request
126.20.238.8.in-addr.arpa
-
73 B 106 B 1 1
DNS Request
200.197.79.204.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
71 B 157 B 1 1
DNS Request
6.173.189.20.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{94B53595-63A5-11EE-9359-CA4DF275542E}.dat
Filesize5KB
MD5ee32cd408e808cbf0156aab7fb30eaa0
SHA142b57dd2d3589c7e60e42ba8b69d86ec36c94908
SHA25693bf8f81010541208a809dc2f8e0fa9027c7579db609bd4e2724962596fbd4f6
SHA512df9e38c824a15ccf90922c26883f59cb3a6515704cb78298003763410aecde8952a8f49b23b143b25f9971340eaed0324be8ff544fb8bbb692188ed40e6a1813
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{94B797C2-63A5-11EE-9359-CA4DF275542E}.dat
Filesize4KB
MD5a6241ce7f37f8b5d83661ad1608adcdb
SHA1633c7e110bf5861b36e2c89fac44cef2bddde5c3
SHA2568b35b8419f0f6f8b7fb1eccdf8c70350e66e5e51076f44bb908740bd4cc7b75c
SHA512a23263dd08ba2c2530d5e674f486858a1ad7a3af609c522fd1ce6008fdde9f409f91b5771efdc5756dc1281a2d8379dcd91a5c7dff257a1cebeff60aa835ac50
-
Filesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
184KB
MD54cefc6da56aea9fa5fdcfd9f05cd479b
SHA1aa428bff48c4e4cf3599311609bd28cf5d89fa44
SHA25631b286fa56ef6991ba8575c00d7fbd1d585bcd6f68369b31f46c0246c31f8d33
SHA51271282cb46e762377d74dc2681de5bd92e0b4d50b857f049d9dc06e5545f2a4530bd890a45ddfe11f8657a90935a0bc9ffdc08a09b28c9960b42b6dcae69fc24d
-
Filesize
184KB
MD54cefc6da56aea9fa5fdcfd9f05cd479b
SHA1aa428bff48c4e4cf3599311609bd28cf5d89fa44
SHA25631b286fa56ef6991ba8575c00d7fbd1d585bcd6f68369b31f46c0246c31f8d33
SHA51271282cb46e762377d74dc2681de5bd92e0b4d50b857f049d9dc06e5545f2a4530bd890a45ddfe11f8657a90935a0bc9ffdc08a09b28c9960b42b6dcae69fc24d
-
Filesize
91KB
MD5551161ba25d6c58cf6a4afe7587f7dcb
SHA13f36d947c0d082433bb121a9914b4841ffbfb5af
SHA256f676ab20252c6ff437c7e3db1a8a3875715bf1a5a59812439f296cb5cd724b58
SHA512f68a52bcfafccaf9b4390f7cdd9a57544d82a1f41656aeaf98f46ddc0198e636a790088cf8b734244cc5144a00704a8430e469c46284387d04c5a38cba17b00e
-
Filesize
91KB
MD5551161ba25d6c58cf6a4afe7587f7dcb
SHA13f36d947c0d082433bb121a9914b4841ffbfb5af
SHA256f676ab20252c6ff437c7e3db1a8a3875715bf1a5a59812439f296cb5cd724b58
SHA512f68a52bcfafccaf9b4390f7cdd9a57544d82a1f41656aeaf98f46ddc0198e636a790088cf8b734244cc5144a00704a8430e469c46284387d04c5a38cba17b00e