Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ac44be3608...e2.exe

windows7-x64

10

ac44be3608...e2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    157s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 13:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac44be360811ad7bedb0985b6c0283e2.exe

  • Size

    116KB

  • MD5

    ac44be360811ad7bedb0985b6c0283e2

  • SHA1

    77a62a4f616ea73976a266010ba59f5b75d0211a

  • SHA256

    9eb7d6b504aa4033118f7c0848869b1529f60c397a450e6f66f6772717de5575

  • SHA512

    b813f5e37d0c0bbc81ccf6fe9f12e23ab26b0e11221240e25215313a92bcb20c6c227f3d3ce414d6754f6d0f90aa023f989d0d530d64c9beb42207b947171950

  • SSDEEP

    1536:X/0TcIg9MtpJFmAGUk+++pZgGEbplftRkDhfdxoMqYjFe1Jsl0KuwOZZZZH1gMiV:P0TUMBFmAGUIRsjsO0xdZZZZVg3x

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac44be360811ad7bedb0985b6c0283e2.exe
    "C:\Users\Admin\AppData\Local\Temp\ac44be360811ad7bedb0985b6c0283e2.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4936
    • C:\Users\Admin\cauofi.exe
      "C:\Users\Admin\cauofi.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:4896

Network

  • flag-us
    DNS
    79.121.231.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.121.231.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    79.121.231.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.121.231.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    173.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    173.178.17.96.in-addr.arpa
    IN PTR
    Response
    173.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-173deploystaticakamaitechnologiescom
  • flag-us
    DNS
    0.181.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.181.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    ns1.musiczipz.com
    ac44be360811ad7bedb0985b6c0283e2.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musiczipz.com
    IN A
    Response
  • flag-us
    DNS
    ns1.musicmixa.net
    ac44be360811ad7bedb0985b6c0283e2.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixa.net
    IN A
    Response
  • flag-us
    DNS
    ns1.musicmixa.org
    ac44be360811ad7bedb0985b6c0283e2.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixa.org
    IN A
    Response
  • flag-us
    DNS
    ns1.musicmixa.org
    ac44be360811ad7bedb0985b6c0283e2.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixa.org
    IN A
  • flag-us
    DNS
    ns1.musicmixb.co
    ac44be360811ad7bedb0985b6c0283e2.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixb.co
    IN A
    Response
  • flag-us
    DNS
    ns1.musicmixc.com
    ac44be360811ad7bedb0985b6c0283e2.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixc.com
    IN A
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301687_13GOH55SKYYKR3YGC&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301687_13GOH55SKYYKR3YGC&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 345324
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 308BA8FDB23A4D5E8E40C3D20088CBEA Ref B: LON04EDGE1012 Ref C: 2023-12-23T19:58:24Z
    date: Sat, 23 Dec 2023 19:58:24 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301073_18LC40ETNMF8SEVBD&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301073_18LC40ETNMF8SEVBD&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 484032
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 846AC8FC36E5489F8600A929756005BE Ref B: LON04EDGE1012 Ref C: 2023-12-23T19:58:24Z
    date: Sat, 23 Dec 2023 19:58:24 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301506_1F0FLOT3FW11VH0B0&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301506_1F0FLOT3FW11VH0B0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 547436
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 1B56B5D26EF1437CA9E65AED49714EE1 Ref B: LON04EDGE1012 Ref C: 2023-12-23T19:58:24Z
    date: Sat, 23 Dec 2023 19:58:24 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301278_1VRPF8TFV4TZXU6S8&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301278_1VRPF8TFV4TZXU6S8&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 488784
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 2503AE66C63040F095FCE1071C5CE7C3 Ref B: LON04EDGE1012 Ref C: 2023-12-23T19:58:24Z
    date: Sat, 23 Dec 2023 19:58:24 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301001_13IM8GUOR3WVGE77H&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301001_13IM8GUOR3WVGE77H&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 289523
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 26137DC54BED48238E7532E4652105F7 Ref B: LON04EDGE1012 Ref C: 2023-12-23T19:58:24Z
    date: Sat, 23 Dec 2023 19:58:24 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301434_155CLHAG1DOW615HP&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301434_155CLHAG1DOW615HP&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 270070
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C21992A6BF4049F1929072486D68F082 Ref B: LON04EDGE1012 Ref C: 2023-12-23T19:58:28Z
    date: Sat, 23 Dec 2023 19:58:27 GMT
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    88.65.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.65.42.20.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.2kB
     15
    12
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301434_155CLHAG1DOW615HP&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    90.0kB
     2.6MB
     1903
    1900

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301687_13GOH55SKYYKR3YGC&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301073_18LC40ETNMF8SEVBD&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301506_1F0FLOT3FW11VH0B0&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301278_1VRPF8TFV4TZXU6S8&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301001_13IM8GUOR3WVGE77H&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301434_155CLHAG1DOW615HP&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 96.16.110.41:443
    322 B
     7
  • 192.229.221.95:80
    322 B
     7
  • 8.8.8.8:53
    79.121.231.20.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    79.121.231.20.in-addr.arpa

    DNS Request

    79.121.231.20.in-addr.arpa

  • 8.8.8.8:53
    173.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    173.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    0.181.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    0.181.190.20.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    213 B
     157 B
     3
    1

    DNS Request

    2.136.104.51.in-addr.arpa

    DNS Request

    2.136.104.51.in-addr.arpa

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    ns1.musiczipz.com
    dns
    ac44be360811ad7bedb0985b6c0283e2.exe
    63 B
     136 B
     1
    1

    DNS Request

    ns1.musiczipz.com

  • 8.8.8.8:53
    ns1.musicmixa.net
    dns
    ac44be360811ad7bedb0985b6c0283e2.exe
    63 B
     136 B
     1
    1

    DNS Request

    ns1.musicmixa.net

  • 8.8.8.8:53
    ns1.musicmixa.org
    dns
    ac44be360811ad7bedb0985b6c0283e2.exe
    126 B
     145 B
     2
    1

    DNS Request

    ns1.musicmixa.org

    DNS Request

    ns1.musicmixa.org

  • 8.8.8.8:53
    ns1.musicmixb.co
    dns
    ac44be360811ad7bedb0985b6c0283e2.exe
    62 B
     127 B
     1
    1

    DNS Request

    ns1.musicmixb.co

  • 8.8.8.8:53
    ns1.musicmixc.com
    dns
    ac44be360811ad7bedb0985b6c0283e2.exe
    63 B
     136 B
     1
    1

    DNS Request

    ns1.musicmixc.com

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    146 B
     106 B
     2
    1

    DNS Request

    200.197.79.204.in-addr.arpa

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    216 B
     158 B
     3
    1

    DNS Request

    48.229.111.52.in-addr.arpa

    DNS Request

    48.229.111.52.in-addr.arpa

    DNS Request

    48.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    88.65.42.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    88.65.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\cauofi.exe
    Filesize

    116KB

    MD5

    aae6a60b9b31bbca2089b7649adacd31

    SHA1

    636a9782d116cf16471eda5c2f4f46c1144edc8c

    SHA256

    16799089092dd24af98bfd3670aa99d186e536b9db0b891011ab0f4a34c432c5

    SHA512

    53bb3bf7e9a44572da8e2704d3d356af725f284deee8ff01b8ef1e7502438feeeb16225c3f46bf6c76bb1740688a840b04152eea37d828e8584c0211f533c817

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.