Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

NEAS.aff30...20.exe

windows7-x64

9

NEAS.aff30...20.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    155s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/11/2023, 07:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.aff304cc057719fd11fc0963f6f2e020.exe

  • Size

    209KB

  • MD5

    aff304cc057719fd11fc0963f6f2e020

  • SHA1

    f95d14377df84f49db54b99b9de854d857b5629d

  • SHA256

    083778c7aeb3dac361e3df12de8bb1ea392ff8a4d8ee35c4b8e965724d5b8276

  • SHA512

    e9e480607adf0af1d1221cf1fd0447f2d48c8bc3485b59f28d349f3646fda9389d537ef0531f397fc7613d615b9e76f3aa97e5b5993add756c2d1f115fc03d6e

  • SSDEEP

    768:W7BlphA7pARFbhKKVeIuKVeIaCgx+qsaCgx+qs9lRlCaw85nd5ntAXJ2KfQQtkYl:W7ZhA7pApaX0aX09r5w8NdNoQpVQpD

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (1075) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.aff304cc057719fd11fc0963f6f2e020.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.aff304cc057719fd11fc0963f6f2e020.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4412

Network

  • flag-us
    DNS
    20.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    20.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    126.177.238.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    126.177.238.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.52.96.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.52.96.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b0529e669e32496981203d8c43944418&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b0529e669e32496981203d8c43944418&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=1B58461D15476A152ED355D714E46BE6; domain=.bing.com; expires=Mon, 09-Dec-2024 07:37:27 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9F8AF1620DC24840AA899F46E4AD3937 Ref B: AMS04EDGE1615 Ref C: 2023-11-15T07:37:27Z
    date: Wed, 15 Nov 2023 07:37:27 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b0529e669e32496981203d8c43944418&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b0529e669e32496981203d8c43944418&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=1B58461D15476A152ED355D714E46BE6
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3612BB3176894FC48D922576BD705F59 Ref B: AMS04EDGE1615 Ref C: 2023-11-15T07:37:27Z
    date: Wed, 15 Nov 2023 07:37:27 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b0529e669e32496981203d8c43944418&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b0529e669e32496981203d8c43944418&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=1B58461D15476A152ED355D714E46BE6
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B4ED115B2FF74F87A2FA650E17C2CA54 Ref B: AMS04EDGE1615 Ref C: 2023-11-15T07:37:27Z
    date: Wed, 15 Nov 2023 07:37:27 GMT
  • flag-us
    DNS
    39.142.81.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    39.142.81.104.in-addr.arpa
    IN PTR
    Response
    39.142.81.104.in-addr.arpa
    IN PTR
    a104-81-142-39deploystaticakamaitechnologiescom
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    120.208.253.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    120.208.253.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301145_1Y8CXK45BT2OHNQQQ&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301145_1Y8CXK45BT2OHNQQQ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 300661
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5CC0254B4738426D98626F98C1813F37 Ref B: DUS30EDGE0906 Ref C: 2023-11-15T07:38:06Z
    date: Wed, 15 Nov 2023 07:38:06 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301334_1WMRLWCL1PT75T92E&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301334_1WMRLWCL1PT75T92E&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 371643
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 593106CB166747FB986691D925B4DB5E Ref B: DUS30EDGE0906 Ref C: 2023-11-15T07:38:06Z
    date: Wed, 15 Nov 2023 07:38:06 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301554_133DWC45UAH2W18HX&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301554_133DWC45UAH2W18HX&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 262756
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5E4DB32D52E5441A9F0D36A6B06CE056 Ref B: DUS30EDGE0906 Ref C: 2023-11-15T07:38:06Z
    date: Wed, 15 Nov 2023 07:38:06 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301149_1C7UDVEUE5Q4XJNTT&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301149_1C7UDVEUE5Q4XJNTT&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 518274
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 6ED3BAA647654653BE6B376D0F06637C Ref B: DUS30EDGE0906 Ref C: 2023-11-15T07:38:07Z
    date: Wed, 15 Nov 2023 07:38:06 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300901_1GFSIP06IOS6OQIXA&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317300901_1GFSIP06IOS6OQIXA&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 410097
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9500310C4FA2495FA31885299C1F86F6 Ref B: DUS30EDGE0906 Ref C: 2023-11-15T07:38:07Z
    date: Wed, 15 Nov 2023 07:38:06 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301558_105IVW87X3HJ5L2KP&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301558_105IVW87X3HJ5L2KP&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 503415
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A7900785596C4E8BA1969E03EDCE88CC Ref B: DUS30EDGE0906 Ref C: 2023-11-15T07:38:07Z
    date: Wed, 15 Nov 2023 07:38:07 GMT
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    11.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.173.189.20.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.200:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b0529e669e32496981203d8c43944418&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=
    tls, http2
    1.9kB
     9.3kB
     22
    18

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b0529e669e32496981203d8c43944418&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b0529e669e32496981203d8c43944418&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b0529e669e32496981203d8c43944418&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=

    HTTP Response

    204
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301558_105IVW87X3HJ5L2KP&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    88.0kB
     2.5MB
     1791
    1787

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301145_1Y8CXK45BT2OHNQQQ&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301334_1WMRLWCL1PT75T92E&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301554_133DWC45UAH2W18HX&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301149_1C7UDVEUE5Q4XJNTT&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300901_1GFSIP06IOS6OQIXA&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301558_105IVW87X3HJ5L2KP&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200
  • 8.8.8.8:53
    20.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    20.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    126.177.238.8.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    126.177.238.8.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    198.52.96.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.52.96.20.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     158 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    39.142.81.104.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    39.142.81.104.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    208.194.73.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    208.194.73.20.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    120.208.253.8.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    120.208.253.8.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    21.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    21.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    11.173.189.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.173.189.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3125601242-331447593-1512828465-1000\desktop.ini.tmp
    Filesize

    209KB

    MD5

    528abc55f9d0258af7c62e73a8b4245f

    SHA1

    82f0dfceb4570a9a8fb23a0c373a4769fba2a5c6

    SHA256

    55cc24ae9845f2f5095ad451d8d91ac8c4f7e2fb38adeba598828bc3ac63d34c

    SHA512

    a659ba4a2a1f3a472b904ec3015e509b57b3b4674bee9ff66af74b7792b78b1c84ad3ec31dd031d605bd3b7cb608d4564005b1f3fc6e6b2879d252c8b38e44cd

    Download Submit

  • C:\odt\config.xml.tmp
    Filesize

    210KB

    MD5

    ab50e5e9bf1ebd058b928c7a40fe006f

    SHA1

    36b2b4db0917463234011993de3deca9be74724b

    SHA256

    badf7bd67654f54b561845404dae2c99db57c5ed543a9adc5049457f385c4c15

    SHA512

    15bfa81aeb4587d2478c70d13952089c9c6ead9c6600909d3090d0e6d163a300855c56d6b16358fbecc5d59a9fb96458d93be63f787de9218406e6e352d187e5

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.