Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

220ae97ebf...0a.exe

windows7-x64

7

220ae97ebf...0a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2023, 02:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe

  • Size

    1.4MB

  • MD5

    e44b7f07c1d799f41790318441c01386

  • SHA1

    8f694a6a308765e1bba8b99cdeded146be6647f9

  • SHA256

    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a

  • SHA512

    783b907c491004696fd192d736cae66d1c1e6b237d2053a79a1f59a2b6a66678407422e069bd519d4c99203c1f932abbc7b0c931965454eec40269fe67f2af26

  • SSDEEP

    24576:ggXTYxqtx3y1CGSUhY3fVkBNse2TyHpDxAEDwg/5pM8vgKeX9I+t+vJRn8w:6xqfCCaAmuTyxzPM8Y4+cRRnt

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 13 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    "C:\Users\Admin\AppData\Local\Temp\220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1856

Network

  • flag-us
    DNS
    75.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    75.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    254.178.238.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    254.178.238.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    myip.ipip.net
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    Remote address:
    8.8.8.8:53
    Request
    myip.ipip.net
    IN A
    Response
    myip.ipip.net
    IN CNAME
    myip.ipip.net.cdn.cloudflare.net
    myip.ipip.net.cdn.cloudflare.net
    IN A
    104.22.31.153
    myip.ipip.net.cdn.cloudflare.net
    IN A
    172.67.22.102
    myip.ipip.net.cdn.cloudflare.net
    IN A
    104.22.30.153
  • flag-us
    GET
    http://myip.ipip.net/
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    Remote address:
    104.22.31.153:80
    Request
    GET / HTTP/1.1
    Accept: */*
    Referer: http://myip.ipip.net/
    Accept-Language: zh-cn
    User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
    Host: myip.ipip.net
    Cache-Control: no-cache
    Response
    HTTP/1.1 520
    Date: Sat, 14 Oct 2023 16:09:04 GMT
    Content-Length: 0
    Connection: keep-alive
    Cache-Control: no-store, no-cache
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 816115a95b8e0b42-AMS
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b22d56c6f170444c9dd7c65b9767ae23&localId=w:B3ECE6FF-2B87-B2CF-0F51-300E8C2A2AF2&deviceId=6896185928743255&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b22d56c6f170444c9dd7c65b9767ae23&localId=w:B3ECE6FF-2B87-B2CF-0F51-300E8C2A2AF2&deviceId=6896185928743255&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=3273342F7D9867D1096627857C3266DF; domain=.bing.com; expires=Thu, 07-Nov-2024 16:09:04 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 638243F412F34A1A8DCCB22D44DA90B8 Ref B: DUS30EDGE0909 Ref C: 2023-10-14T16:09:04Z
    date: Sat, 14 Oct 2023 16:09:04 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b22d56c6f170444c9dd7c65b9767ae23&localId=w:B3ECE6FF-2B87-B2CF-0F51-300E8C2A2AF2&deviceId=6896185928743255&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b22d56c6f170444c9dd7c65b9767ae23&localId=w:B3ECE6FF-2B87-B2CF-0F51-300E8C2A2AF2&deviceId=6896185928743255&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=3273342F7D9867D1096627857C3266DF
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: DE8D17FB61DD4799A5FAE334F5F962BB Ref B: DUS30EDGE0909 Ref C: 2023-10-14T16:09:04Z
    date: Sat, 14 Oct 2023 16:09:04 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b22d56c6f170444c9dd7c65b9767ae23&localId=w:B3ECE6FF-2B87-B2CF-0F51-300E8C2A2AF2&deviceId=6896185928743255&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b22d56c6f170444c9dd7c65b9767ae23&localId=w:B3ECE6FF-2B87-B2CF-0F51-300E8C2A2AF2&deviceId=6896185928743255&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=3273342F7D9867D1096627857C3266DF
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 42D5D29A00F64A7E9123AB63C744CECB Ref B: DUS30EDGE0909 Ref C: 2023-10-14T16:09:04Z
    date: Sat, 14 Oct 2023 16:09:04 GMT
  • flag-us
    DNS
    tools.2345.com
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    Remote address:
    8.8.8.8:53
    Request
    tools.2345.com
    IN A
    Response
    tools.2345.com
    IN CNAME
    tools.2345.com.w.kunluncan.com
    tools.2345.com.w.kunluncan.com
    IN A
    61.170.79.233
    tools.2345.com.w.kunluncan.com
    IN A
    61.170.79.238
    tools.2345.com.w.kunluncan.com
    IN A
    61.170.79.232
    tools.2345.com.w.kunluncan.com
    IN A
    61.170.79.236
    tools.2345.com.w.kunluncan.com
    IN A
    61.170.79.231
    tools.2345.com.w.kunluncan.com
    IN A
    61.170.79.235
    tools.2345.com.w.kunluncan.com
    IN A
    61.170.79.237
    tools.2345.com.w.kunluncan.com
    IN A
    61.170.79.234
  • flag-cn
    GET
    http://tools.2345.com/api/getip.php?act=getips
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    Remote address:
    61.170.79.233:80
    Request
    GET /api/getip.php?act=getips HTTP/1.1
    Accept: */*
    Referer: http://tools.2345.com/api/getip.php?act=getips
    Accept-Language: zh-cn
    User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
    Host: tools.2345.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Server: Tengine
    Date: Sat, 14 Oct 2023 16:09:12 GMT
    Content-Type: text/html
    Content-Length: 262
    Connection: keep-alive
    Location: https://tools.2345.com/api/getip.php?act=getips
    Via: ens-cache23.cn6011[,0]
    Timing-Allow-Origin: *
    EagleId: 3daa4f2b16972997529563612e
  • flag-us
    DNS
    153.31.22.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    153.31.22.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    29.81.57.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.81.57.23.in-addr.arpa
    IN PTR
    Response
    29.81.57.23.in-addr.arpa
    IN PTR
    a23-57-81-29deploystaticakamaitechnologiescom
  • flag-us
    DNS
    233.79.170.61.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    233.79.170.61.in-addr.arpa
    IN PTR
    Response
    233.79.170.61.in-addr.arpa
    IN PTR
    2337917061broadxwshdynamic163datacomcn
  • flag-cn
    GET
    https://tools.2345.com/api/getip.php?act=getips
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    Remote address:
    61.170.79.233:443
    Request
    GET /api/getip.php?act=getips HTTP/1.1
    Accept: */*
    Referer: http://tools.2345.com/api/getip.php?act=getips
    Accept-Language: zh-cn
    User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
    Cache-Control: no-cache
    Host: tools.2345.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Moved Temporarily
    Server: Tengine
    Content-Length: 0
    Connection: keep-alive
    date: Sat, 14 Oct 2023 16:09:25 GMT
    location: /rili.htm
    Ali-Swift-Global-Savetime: 1697299765
    Via: cache53.l2cn2647[9,9,302-0,M], cache38.l2cn2647[10,0], ens-cache1.cn6011[26,27,302-0,M], ens-cache22.cn6011[29,0]
    X-Cache: MISS TCP_MISS dirn:-2:-2
    X-Swift-SaveTime: Sat, 14 Oct 2023 16:09:25 GMT
    X-Swift-CacheTime: 0
    Timing-Allow-Origin: *
    EagleId: 3daa4f2a16972997656544595e
  • flag-cn
    GET
    https://tools.2345.com/rili.htm
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    Remote address:
    61.170.79.233:443
    Request
    GET /rili.htm HTTP/1.1
    Accept: */*
    Referer: http://tools.2345.com/api/getip.php?act=getips
    Accept-Language: zh-cn
    User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
    Cache-Control: no-cache
    Host: tools.2345.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: Tengine
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Accept-Encoding
    date: Sat, 14 Oct 2023 16:09:05 GMT
    cache-control: max-age=600
    etag: "74eb-rw4L88cigi8iyAyeeInseSqTa2g"
    vary: Accept-Encoding
    Ali-Swift-Global-Savetime: 1697299745
    Via: cache64.l2cn2647[0,0,200-0,H], cache63.l2cn2647[1,0], ens-cache11.cn6011[14,13,200-0,M], ens-cache22.cn6011[18,0]
    Age: 21
    X-Cache: MISS TCP_REFRESH_MISS dirn:-2:-2
    X-Swift-SaveTime: Sat, 14 Oct 2023 16:09:26 GMT
    X-Swift-CacheTime: 579
    Timing-Allow-Origin: *
    EagleId: 3daa4f2a16972997667632226e
  • flag-us
    DNS
    101.14.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    101.14.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ocsp.trust-provider.cn
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    Remote address:
    8.8.8.8:53
    Request
    ocsp.trust-provider.cn
    IN A
    Response
    ocsp.trust-provider.cn
    IN CNAME
    ocsp.trust-provider.cn.c.vedcdnlb.com
    ocsp.trust-provider.cn.c.vedcdnlb.com
    IN CNAME
    bd-l7-online-tob-oversea-opt.s.vedsalb.com
    bd-l7-online-tob-oversea-opt.s.vedsalb.com
    IN A
    119.36.90.164
    bd-l7-online-tob-oversea-opt.s.vedsalb.com
    IN A
    36.143.236.7
    bd-l7-online-tob-oversea-opt.s.vedsalb.com
    IN A
    36.248.38.100
    bd-l7-online-tob-oversea-opt.s.vedsalb.com
    IN A
    111.13.153.152
    bd-l7-online-tob-oversea-opt.s.vedsalb.com
    IN A
    111.48.138.18
    bd-l7-online-tob-oversea-opt.s.vedsalb.com
    IN A
    111.206.23.199
    bd-l7-online-tob-oversea-opt.s.vedsalb.com
    IN A
    112.50.95.96
    bd-l7-online-tob-oversea-opt.s.vedsalb.com
    IN A
    117.27.246.96
  • flag-cn
    GET
    http://ocsp.trust-provider.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQfY0iMel%2FQ3ObiccFYuQscrpnsSwQUyjEhNwzeObfSKy1VmlypqVxQ%2BiYCEEPFqsG1ZhrmUXaXmFgfZk4%3D
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    Remote address:
    119.36.90.164:80
    Request
    GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQfY0iMel%2FQ3ObiccFYuQscrpnsSwQUyjEhNwzeObfSKy1VmlypqVxQ%2BiYCEEPFqsG1ZhrmUXaXmFgfZk4%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: ocsp.trust-provider.cn
    Response
    HTTP/1.1 200 OK
    Server: volc-dcdn
    Content-Type: application/ocsp-response
    Content-Length: 599
    Connection: keep-alive
    Date: Sat, 14 Oct 2023 16:09:22 GMT
    Age: 1
    CF-Cache-Status: EXPIRED
    CF-RAY: 815d5f982905fad6-SJC
    ETag: "a371b98f1202d289f1d11bbc72eef18b33f92019"
    Expires: Sat, 21 Oct 2023 04:54:57 GMT
    Last-Modified: Sat, 14 Oct 2023 04:54:58 GMT
    WS-Cache-Status: 0
    X-CCACDN-Proxy-ID: scdpinlb3
    X-Frame-Options: SAMEORIGIN
    X-Via: 1.1 PS-HFE-01dTk144:2 (Cdn Cache Server V2.0), 1.1 PS-000-01fG29:14 (Cdn Cache Server V2.0)
    X-Ws-Request-Id: 652ab1af_PS-000-01VkG8_42692-65421
    cache-via: cache.n173-114-139.bdcdn-hbxtcu
    x-request-ip: 154.61.71.13
    x-tt-trace-tag: id=5
    x-dsa-trace-id: 1697299762fdd9096c62b99e1439dbc2e99b186a5f
    X-Bdsa-Cache-Status: HIT
    Cache-Via-Status: cache.n173-114-139.bdcdn-hbxtcu(HIT)
    X-Bdsa-Cache-Tm: 1697296815-653
    Accept-Ranges: bytes
    via: n173-114-140.bdcdn-hbxtcu.ToB
    X-Dsa-Origin-Status: 200
    server-timing: cdn-cache;desc=HIT, origin;dur=0, edge;dur=1
  • flag-us
    DNS
    164.90.36.119.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    164.90.36.119.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    164.90.36.119.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    164.90.36.119.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    38.148.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    38.148.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.3322.org
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    Remote address:
    8.8.8.8:53
    Request
    www.3322.org
    IN A
    Response
    www.3322.org
    IN CNAME
    members.3322.net
    members.3322.net
    IN CNAME
    dyndns.s.3322.net
    dyndns.s.3322.net
    IN A
    118.184.169.48
  • flag-cn
    GET
    http://www.3322.org/dyndns/getip
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    Remote address:
    118.184.169.48:80
    Request
    GET /dyndns/getip HTTP/1.1
    Accept: */*
    Referer: http://www.3322.org/dyndns/getip
    Accept-Language: zh-cn
    User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
    Host: www.3322.org
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: nginx
    date: Sat, 14 Oct 2023 16:09:37 GMT
    content-type: text/plain; charset=utf-8
    transfer-encoding: chunked
    vary: Accept-Encoding
  • flag-us
    DNS
    48.169.184.118.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.169.184.118.in-addr.arpa
    IN PTR
    Response
    48.169.184.118.in-addr.arpa
    IN PTR
    h118-184-169-48pubyuncom
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    126.178.238.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    126.178.238.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301105_1JNSTI1JTODLEAZZ0&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301105_1JNSTI1JTODLEAZZ0&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 188873
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C9BBD7AFF23042198200CC480579791C Ref B: BRU30EDGE0518 Ref C: 2023-10-14T16:11:31Z
    date: Sat, 14 Oct 2023 16:11:31 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301538_1614650K4PASEMZPL&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301538_1614650K4PASEMZPL&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 202114
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7A4181AB2C964FE19AA540EC3CD1E67A Ref B: BRU30EDGE0518 Ref C: 2023-10-14T16:11:31Z
    date: Sat, 14 Oct 2023 16:11:31 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301325_1YMIRALDGCWA4284D&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301325_1YMIRALDGCWA4284D&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 149126
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 70F55BAC138740E4ABE912149BB43394 Ref B: BRU30EDGE0518 Ref C: 2023-10-14T16:11:31Z
    date: Sat, 14 Oct 2023 16:11:31 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301457_1V7ZJVRAXG9TQ5156&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301457_1V7ZJVRAXG9TQ5156&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 361762
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: EC5D67A5AC9E469BAEA7F5220D8AEB49 Ref B: BRU30EDGE0518 Ref C: 2023-10-14T16:11:31Z
    date: Sat, 14 Oct 2023 16:11:31 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301024_1S39Y613MNXDQQG0C&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301024_1S39Y613MNXDQQG0C&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 407668
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5DD4BB58D13747ECB2CDF7186A9979A0 Ref B: BRU30EDGE0518 Ref C: 2023-10-14T16:11:32Z
    date: Sat, 14 Oct 2023 16:11:31 GMT
  • 104.22.31.153:80
    http://myip.ipip.net/
    http
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    473 B
     410 B
     6
    4

    HTTP Request

    GET http://myip.ipip.net/

    HTTP Response

    520
  • 204.79.197.200:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b22d56c6f170444c9dd7c65b9767ae23&localId=w:B3ECE6FF-2B87-B2CF-0F51-300E8C2A2AF2&deviceId=6896185928743255&anid=
    tls, http2
    1.9kB
     9.3kB
     22
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b22d56c6f170444c9dd7c65b9767ae23&localId=w:B3ECE6FF-2B87-B2CF-0F51-300E8C2A2AF2&deviceId=6896185928743255&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b22d56c6f170444c9dd7c65b9767ae23&localId=w:B3ECE6FF-2B87-B2CF-0F51-300E8C2A2AF2&deviceId=6896185928743255&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b22d56c6f170444c9dd7c65b9767ae23&localId=w:B3ECE6FF-2B87-B2CF-0F51-300E8C2A2AF2&deviceId=6896185928743255&anid=

    HTTP Response

    204
  • 61.170.79.233:80
    http://tools.2345.com/api/getip.php?act=getips
    http
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    1.4kB
     977 B
     13
    9

    HTTP Request

    GET http://tools.2345.com/api/getip.php?act=getips

    HTTP Response

    301
  • 61.170.79.233:443
    https://tools.2345.com/rili.htm
    tls, http
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    3.1kB
     33.7kB
     37
    31

    HTTP Request

    GET https://tools.2345.com/api/getip.php?act=getips

    HTTP Response

    302

    HTTP Request

    GET https://tools.2345.com/rili.htm

    HTTP Response

    200
  • 119.36.90.164:80
    http://ocsp.trust-provider.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQfY0iMel%2FQ3ObiccFYuQscrpnsSwQUyjEhNwzeObfSKy1VmlypqVxQ%2BiYCEEPFqsG1ZhrmUXaXmFgfZk4%3D
    http
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    615 B
     1.9kB
     8
    7

    HTTP Request

    GET http://ocsp.trust-provider.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQfY0iMel%2FQ3ObiccFYuQscrpnsSwQUyjEhNwzeObfSKy1VmlypqVxQ%2BiYCEEPFqsG1ZhrmUXaXmFgfZk4%3D

    HTTP Response

    200
  • 118.184.169.48:80
    http://www.3322.org/dyndns/getip
    http
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    881 B
     544 B
     14
    4

    HTTP Request

    GET http://www.3322.org/dyndns/getip

    HTTP Response

    200
  • 52.111.227.13:443
    322 B
     7
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     15
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301024_1S39Y613MNXDQQG0C&pid=21.2&w=1920&h=1080&c=4
    tls, http2
    39.3kB
     1.3MB
     830
    934

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301105_1JNSTI1JTODLEAZZ0&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301538_1614650K4PASEMZPL&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301325_1YMIRALDGCWA4284D&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301457_1V7ZJVRAXG9TQ5156&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301024_1S39Y613MNXDQQG0C&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     15
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     15
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     15
    14
  • 8.8.8.8:53
    75.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    75.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    254.178.238.8.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    254.178.238.8.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    myip.ipip.net
    dns
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    59 B
     150 B
     1
    1

    DNS Request

    myip.ipip.net

    DNS Response

    104.22.31.153
    172.67.22.102
    104.22.30.153

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     158 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    tools.2345.com
    dns
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    60 B
     229 B
     1
    1

    DNS Request

    tools.2345.com

    DNS Response

    61.170.79.233
    61.170.79.238
    61.170.79.232
    61.170.79.236
    61.170.79.231
    61.170.79.235
    61.170.79.237
    61.170.79.234

  • 8.8.8.8:53
    153.31.22.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    153.31.22.104.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    29.81.57.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    29.81.57.23.in-addr.arpa

  • 8.8.8.8:53
    233.79.170.61.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    233.79.170.61.in-addr.arpa

  • 8.8.8.8:53
    101.14.18.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    101.14.18.104.in-addr.arpa

  • 8.8.8.8:53
    ocsp.trust-provider.cn
    dns
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    68 B
     300 B
     1
    1

    DNS Request

    ocsp.trust-provider.cn

    DNS Response

    119.36.90.164
    36.143.236.7
    36.248.38.100
    111.13.153.152
    111.48.138.18
    111.206.23.199
    112.50.95.96
    117.27.246.96

  • 8.8.8.8:53
    164.90.36.119.in-addr.arpa
    dns
    144 B
     144 B
     2
    2

    DNS Request

    164.90.36.119.in-addr.arpa

    DNS Request

    164.90.36.119.in-addr.arpa

  • 8.8.8.8:53
    38.148.119.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    38.148.119.40.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    www.3322.org
    dns
    220ae97ebf91b3cf1f4430fb0cbd6be6359b01eb39c9dc1c82b0e1edb0c3fd0a.exe
    58 B
     127 B
     1
    1

    DNS Request

    www.3322.org

    DNS Response

    118.184.169.48

  • 8.8.8.8:53
    48.169.184.118.in-addr.arpa
    dns
    73 B
     113 B
     1
    1

    DNS Request

    48.169.184.118.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    126.178.238.8.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    126.178.238.8.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1856-0-0x0000000000400000-0x0000000000AC7000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/1856-1-0x0000000000400000-0x0000000000AC7000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/1856-13-0x0000000000400000-0x0000000000AC7000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/1856-14-0x0000000000400000-0x0000000000AC7000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/1856-15-0x0000000000400000-0x0000000000AC7000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/1856-16-0x0000000000400000-0x0000000000AC7000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/1856-17-0x0000000000400000-0x0000000000AC7000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/1856-18-0x0000000000400000-0x0000000000AC7000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/1856-19-0x0000000000400000-0x0000000000AC7000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/1856-20-0x0000000000400000-0x0000000000AC7000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/1856-21-0x0000000000400000-0x0000000000AC7000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/1856-22-0x0000000000400000-0x0000000000AC7000-memory.dmp

    Filesize

    6.8MB

    Download

  • memory/1856-23-0x0000000000400000-0x0000000000AC7000-memory.dmp

    Filesize

    6.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.