Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

a769941cd7...ca.exe

windows7-x64

7

a769941cd7...ca.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2023, 09:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe

  • Size

    12.1MB

  • MD5

    de93dfff7b92a9f928e0fa25a4e121df

  • SHA1

    09e5ad6f3e863241f9b45c949e48897cef731c9a

  • SHA256

    a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca

  • SHA512

    ccf8bc04734ebcd8e437506fc2fe28308be37ee876c9bda85f3697de1b4ed89fad1ebb4a5550ba895ecf2a143a468febff75d88fdf4efa29c948de71c259cd4a

  • SSDEEP

    196608:9wCdpQl0tT2DaPKEw3H1lUzQwDBPMqJNdXqHtjHNLCwpiIqBi0fdHxTrXHNZ5yhQ:dsl4jPKEUaNXHXMJLHpsx9xPHLEhjU

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
    "C:\Users\Admin\AppData\Local\Temp\a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1388
    • C:\Âê·¨¾õÐÑ\14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
      C:\Âê·¨¾õÐÑ\14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2256

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    138.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    138.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    8.3.197.209.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.3.197.209.in-addr.arpa
    IN PTR
    Response
    8.3.197.209.in-addr.arpa
    IN PTR
    vip0x008map2sslhwcdnnet
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=57d99c7230f74451b16f39ed4734594f&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=57d99c7230f74451b16f39ed4734594f&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=0E777D5E3DCD65FC27F56EFB3C676426; domain=.bing.com; expires=Sat, 02-Nov-2024 09:41:29 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 6E84484C9C21465382046EE31B79097C Ref B: DUS30EDGE0922 Ref C: 2023-10-09T09:41:29Z
    date: Mon, 09 Oct 2023 09:41:29 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=57d99c7230f74451b16f39ed4734594f&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=57d99c7230f74451b16f39ed4734594f&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0E777D5E3DCD65FC27F56EFB3C676426
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5311FB048DA249BFAFD21CC7E4AB0558 Ref B: DUS30EDGE0922 Ref C: 2023-10-09T09:41:29Z
    date: Mon, 09 Oct 2023 09:41:29 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=57d99c7230f74451b16f39ed4734594f&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=57d99c7230f74451b16f39ed4734594f&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0E777D5E3DCD65FC27F56EFB3C676426
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 1CB5652D85DB4CDD92687278429AC9A2 Ref B: DUS30EDGE0922 Ref C: 2023-10-09T09:41:29Z
    date: Mon, 09 Oct 2023 09:41:29 GMT
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-cn
    GET
    http://103.53.124.179:9527/lb11.txt
    14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
    Remote address:
    103.53.124.179:9527
    Request
    GET /lb11.txt HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    Accept-Language: zh-cn
    Referer: http://103.53.124.179:9527/lb11.txt
    User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
    Host: 103.53.124.179:9527
  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    179.124.53.103.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    179.124.53.103.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    126.179.238.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    126.179.238.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301042_1MAX6G538S7UXPEO9&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301042_1MAX6G538S7UXPEO9&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 83160
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A7C4C453B3C54978A9633FD1BAE9739F Ref B: BRU30EDGE0809 Ref C: 2023-10-09T09:43:09Z
    date: Mon, 09 Oct 2023 09:43:09 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301236_1F0R8LNJXXE73BCIY&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301236_1F0R8LNJXXE73BCIY&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 394186
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4BC9BAD2504341FEB218FF625939F181 Ref B: BRU30EDGE0809 Ref C: 2023-10-09T09:43:09Z
    date: Mon, 09 Oct 2023 09:43:09 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301645_1DQ842AA5KWZY6AM7&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301645_1DQ842AA5KWZY6AM7&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 76071
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 2DB3A67A75DD4D939F38DD0DC73456F0 Ref B: BRU30EDGE0809 Ref C: 2023-10-09T09:43:09Z
    date: Mon, 09 Oct 2023 09:43:09 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301475_1TMICQ2AO32NACDU0&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301475_1TMICQ2AO32NACDU0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 305935
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F1E674E8DF4E4C52833A7F64BCB98B00 Ref B: BRU30EDGE0809 Ref C: 2023-10-09T09:43:09Z
    date: Mon, 09 Oct 2023 09:43:09 GMT
  • flag-us
    DNS
    15.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.173.189.20.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.200:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=57d99c7230f74451b16f39ed4734594f&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=
    tls, http2
    1.9kB
     9.3kB
     22
    18

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=57d99c7230f74451b16f39ed4734594f&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=57d99c7230f74451b16f39ed4734594f&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=57d99c7230f74451b16f39ed4734594f&localId=w:31F834CF-BC45-37ED-F489-F6738C9E752F&deviceId=6755458044225800&anid=

    HTTP Response

    204
  • 103.53.124.179:9527
    http://103.53.124.179:9527/lb11.txt
    http
    14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
    408 B
     132 B
     4
    3

    HTTP Request

    GET http://103.53.124.179:9527/lb11.txt
  • 103.53.124.179:9527
    14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
    260 B
     160 B
     5
    4
  • 103.53.124.179:9527
    14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
    260 B
     120 B
     5
    3
  • 103.53.124.179:9527
    14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
    260 B
     160 B
     5
    4
  • 103.53.124.179:9527
    14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
    260 B
     200 B
     5
    5
  • 103.53.124.179:9527
    14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
    260 B
     200 B
     5
    5
  • 103.53.124.179:9527
    14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
    260 B
     160 B
     5
    4
  • 103.53.124.179:9527
    14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
    260 B
     200 B
     5
    5
  • 103.53.124.179:9527
    14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
    260 B
     200 B
     5
    5
  • 103.53.124.179:9527
    14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
    260 B
     200 B
     5
    5
  • 103.53.124.179:9527
    14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
    260 B
     200 B
     5
    5
  • 103.53.124.179:9527
    14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
    260 B
     200 B
     5
    5
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.2kB
     16
    13
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301475_1TMICQ2AO32NACDU0&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    31.3kB
     897.4kB
     659
    655

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301042_1MAX6G538S7UXPEO9&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301236_1F0R8LNJXXE73BCIY&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301645_1DQ842AA5KWZY6AM7&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301475_1TMICQ2AO32NACDU0&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    138.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    138.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    8.3.197.209.in-addr.arpa
    dns
    70 B
     111 B
     1
    1

    DNS Request

    8.3.197.209.in-addr.arpa

  • 224.0.0.251:5353
    1.1kB
     17
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     158 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    179.124.53.103.in-addr.arpa
    dns
    73 B
     161 B
     1
    1

    DNS Request

    179.124.53.103.in-addr.arpa

  • 8.8.8.8:53
    146.78.124.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    146.78.124.51.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    126.179.238.8.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    126.179.238.8.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    23.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    23.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    15.173.189.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    15.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H3JZN74\errorPageStrings[1]
    Filesize

    4KB

    MD5

    d65ec06f21c379c87040b83cc1abac6b

    SHA1

    208d0a0bb775661758394be7e4afb18357e46c8b

    SHA256

    a1270e90cea31b46432ec44731bf4400d22b38eb2855326bf934fe8f1b169a4f

    SHA512

    8a166d26b49a5d95aea49bc649e5ea58786a2191f4d2adac6f5fbb7523940ce4482d6a2502aa870a931224f215cb2010a8c9b99a2c1820150e4d365cab28299e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7H3JZN74\httpErrorPagesScripts[1]
    Filesize

    11KB

    MD5

    9234071287e637f85d721463c488704c

    SHA1

    cca09b1e0fba38ba29d3972ed8dcecefdef8c152

    SHA256

    65cc039890c7ceb927ce40f6f199d74e49b8058c3f8a6e22e8f916ad90ea8649

    SHA512

    87d691987e7a2f69ad8605f35f94241ab7e68ad4f55ad384f1f0d40dc59ffd1432c758123661ee39443d624c881b01dcd228a67afb8700fe5e66fc794a6c0384

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1f9d612f2f758a7971f2e9200791d894.txt
    Filesize

    12B

    MD5

    debb9f7ca4b74d83cca595469a59b68e

    SHA1

    fd26593bd4a885e9adeebf196c5a1647339627aa

    SHA256

    692db9f19c5bba25b1c69a66453556c2b237161169070e5351062eb859d99f20

    SHA512

    1624d8099757d6fe1c8ffe72e1e284b3120a07956d3cc6a28f0a80a6c4265d5c9e0d429d64f148a0314989d7ecd1ed75ad6c746f1e571eb29f7f7c33dfdf2e70

    Download Submit

  • C:\Âê·¨¾õÐÑ\14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
    Filesize

    12.1MB

    MD5

    de93dfff7b92a9f928e0fa25a4e121df

    SHA1

    09e5ad6f3e863241f9b45c949e48897cef731c9a

    SHA256

    a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca

    SHA512

    ccf8bc04734ebcd8e437506fc2fe28308be37ee876c9bda85f3697de1b4ed89fad1ebb4a5550ba895ecf2a143a468febff75d88fdf4efa29c948de71c259cd4a

    Download Submit

  • C:\Âê·¨¾õÐÑ\14174a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca.exe
    Filesize

    12.1MB

    MD5

    de93dfff7b92a9f928e0fa25a4e121df

    SHA1

    09e5ad6f3e863241f9b45c949e48897cef731c9a

    SHA256

    a769941cd79b86cb273847cb52551b378c74bc777b7e19e5701d59e7f0a63cca

    SHA512

    ccf8bc04734ebcd8e437506fc2fe28308be37ee876c9bda85f3697de1b4ed89fad1ebb4a5550ba895ecf2a143a468febff75d88fdf4efa29c948de71c259cd4a

    Download Submit

  • memory/1388-5-0x0000000004210000-0x0000000004211000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1388-4-0x0000000004370000-0x0000000004371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1388-6-0x0000000004380000-0x0000000004381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1388-7-0x0000000000400000-0x0000000000CC2000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1388-21-0x0000000000400000-0x0000000000CC2000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1388-0-0x0000000000400000-0x0000000000CC2000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/1388-41-0x0000000000400000-0x0000000000CC2000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/2256-37-0x0000000000400000-0x0000000000CC2000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/2256-44-0x0000000000400000-0x0000000000CC2000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/2256-48-0x0000000000400000-0x0000000000CC2000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/2256-43-0x0000000004130000-0x0000000004131000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2256-42-0x0000000004120000-0x0000000004121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2256-72-0x0000000000400000-0x0000000000CC2000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/2256-73-0x0000000000400000-0x0000000000CC2000-memory.dmp

    Filesize

    8.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.