Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
179s -
max time network
222s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 02:42 UTC
Static task
static1
Behavioral task
behavioral1
Sample
37a4d697049b6150c95f65f9e791a208ea410502179702ee013fd331d6759993.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
37a4d697049b6150c95f65f9e791a208ea410502179702ee013fd331d6759993.exe
Resource
win10v2004-20231215-en
General
-
Target
37a4d697049b6150c95f65f9e791a208ea410502179702ee013fd331d6759993.exe
-
Size
1.3MB
-
MD5
432c291c7b5797ae2455691a3f6d5870
-
SHA1
ed2bed7877b07ebc11e0878fed87d0669c65a923
-
SHA256
37a4d697049b6150c95f65f9e791a208ea410502179702ee013fd331d6759993
-
SHA512
a8e997698adbead82414332a4195b5c86ef9aacad2ed70666d110973f668fbf24e9970494cc591fd6f4c92a86f491f1c00892c64517b4d2c78d5d3636998bb4b
-
SSDEEP
12288:z3P/aK2vB+IBXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtW:z/CKABnBsqjnhMgeiCl7G0nehbGZpbD
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4688 alg.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\alg.exe 37a4d697049b6150c95f65f9e791a208ea410502179702ee013fd331d6759993.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 1444 37a4d697049b6150c95f65f9e791a208ea410502179702ee013fd331d6759993.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\37a4d697049b6150c95f65f9e791a208ea410502179702ee013fd331d6759993.exe"C:\Users\Admin\AppData\Local\Temp\37a4d697049b6150c95f65f9e791a208ea410502179702ee013fd331d6759993.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1444
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
PID:4688
Network
-
Remote address:8.8.8.8:53Request79.121.231.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request79.121.231.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request191.178.17.96.in-addr.arpaIN PTRResponse191.178.17.96.in-addr.arpaIN PTRa96-17-178-191deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestpywolwnvd.bizIN AResponsepywolwnvd.bizIN A34.41.229.245
-
Remote address:8.8.8.8:53Request140.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.154.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request22.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request55.36.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.a-0001.a-msedge.netg-bing-com.a-0001.a-msedge.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d39d3c9d2f1d4ee6a410328e015e906d&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d39d3c9d2f1d4ee6a410328e015e906d&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0DA015EB84026FFC3690061885E26E0D; domain=.bing.com; expires=Sun, 19-Jan-2025 02:44:25 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 08E20F27397745CEBDD5AD5E1D4D3FB5 Ref B: LON04EDGE1217 Ref C: 2023-12-26T02:44:25Z
date: Tue, 26 Dec 2023 02:44:24 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d39d3c9d2f1d4ee6a410328e015e906d&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d39d3c9d2f1d4ee6a410328e015e906d&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0DA015EB84026FFC3690061885E26E0D
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=5D4qFg-tCp284g49OSXAU10-7AiGAFVzuV3-1LDDWZw; domain=.bing.com; expires=Sun, 19-Jan-2025 02:44:27 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 628203971DA347F0AF6A37B990BBE92F Ref B: LON04EDGE1217 Ref C: 2023-12-26T02:44:27Z
date: Tue, 26 Dec 2023 02:44:27 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d39d3c9d2f1d4ee6a410328e015e906d&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d39d3c9d2f1d4ee6a410328e015e906d&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0DA015EB84026FFC3690061885E26E0D; MSPTC=5D4qFg-tCp284g49OSXAU10-7AiGAFVzuV3-1LDDWZw
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B4E12F5036D04B32903CD29A77D6AC8E Ref B: LON04EDGE1217 Ref C: 2023-12-26T02:44:27Z
date: Tue, 26 Dec 2023 02:44:27 GMT
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request41.110.16.96.in-addr.arpaIN PTRResponse41.110.16.96.in-addr.arpaIN PTRa96-16-110-41deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request209.178.17.96.in-addr.arpaIN PTRResponse209.178.17.96.in-addr.arpaIN PTRa96-17-178-209deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request194.178.17.96.in-addr.arpaIN PTRResponse194.178.17.96.in-addr.arpaIN PTRa96-17-178-194deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request194.178.17.96.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request194.178.17.96.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request194.178.17.96.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request169.117.168.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301003_1YB4PVOTMR4FU8F3Z&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301003_1YB4PVOTMR4FU8F3Z&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 277687
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A992ACB842554714859CA6E9C4703914 Ref B: LON04EDGE1012 Ref C: 2023-12-26T02:45:36Z
date: Tue, 26 Dec 2023 02:45:35 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317300946_1P1UG9CSCCI5XW90K&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317300946_1P1UG9CSCCI5XW90K&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 373265
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1DDB5608EEE345DBB058482DB8EC5C4A Ref B: LON04EDGE1012 Ref C: 2023-12-26T02:45:36Z
date: Tue, 26 Dec 2023 02:45:35 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301255_1JJTCDF3S80817GOI&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301255_1JJTCDF3S80817GOI&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 582460
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 03F40255146C46D1839D03BCAC17E69F Ref B: LON04EDGE1012 Ref C: 2023-12-26T02:45:36Z
date: Tue, 26 Dec 2023 02:45:35 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301664_1DL2E71ET3JINATLK&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301664_1DL2E71ET3JINATLK&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 541836
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 72F9FD7207C54CAB93B463E7FD94B7E3 Ref B: LON04EDGE1012 Ref C: 2023-12-26T02:45:36Z
date: Tue, 26 Dec 2023 02:45:35 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301379_16KHQ7CGXXVYGQR5V&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301379_16KHQ7CGXXVYGQR5V&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 151034
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 41C8E8D451264ADFAFE7276F6ED3A713 Ref B: LON04EDGE1012 Ref C: 2023-12-26T02:45:36Z
date: Tue, 26 Dec 2023 02:45:35 GMT
-
204.79.197.200:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d39d3c9d2f1d4ee6a410328e015e906d&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=tls, http22.3kB 9.6kB 23 20
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d39d3c9d2f1d4ee6a410328e015e906d&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d39d3c9d2f1d4ee6a410328e015e906d&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d39d3c9d2f1d4ee6a410328e015e906d&localId=w:540EFEE2-46B3-9BC5-3ED2-F59CCE5C5963&deviceId=6896190263018008&anid=HTTP Response
204 -
1.2kB 8.3kB 15 14
-
1.2kB 9.2kB 15 14
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317301379_16KHQ7CGXXVYGQR5V&pid=21.2&w=1080&h=1920&c=4tls, http272.0kB 2.0MB 1458 1453
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301003_1YB4PVOTMR4FU8F3Z&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317300946_1P1UG9CSCCI5XW90K&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301255_1JJTCDF3S80817GOI&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301664_1DL2E71ET3JINATLK&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301379_16KHQ7CGXXVYGQR5V&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Response
200HTTP Response
200 -
1.2kB 8.3kB 15 14
-
1.2kB 8.2kB 15 13
-
144 B 158 B 2 1
DNS Request
79.121.231.20.in-addr.arpa
DNS Request
79.121.231.20.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
191.178.17.96.in-addr.arpa
-
213 B 145 B 3 1
DNS Request
206.23.85.13.in-addr.arpa
DNS Request
206.23.85.13.in-addr.arpa
DNS Request
206.23.85.13.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
59 B 75 B 1 1
DNS Request
pywolwnvd.biz
DNS Response
34.41.229.245
-
72 B 158 B 1 1
DNS Request
140.32.126.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
241.154.82.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.236.111.52.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
55.36.223.20.in-addr.arpa
-
56 B 158 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.20013.107.21.200
-
73 B 106 B 1 1
DNS Request
200.197.79.204.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
41.110.16.96.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
209.178.17.96.in-addr.arpa
-
288 B 137 B 4 1
DNS Request
194.178.17.96.in-addr.arpa
DNS Request
194.178.17.96.in-addr.arpa
DNS Request
194.178.17.96.in-addr.arpa
DNS Request
194.178.17.96.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
169.117.168.52.in-addr.arpa
-
213 B 157 B 3 1
DNS Request
57.169.31.20.in-addr.arpa
DNS Request
57.169.31.20.in-addr.arpa
DNS Request
57.169.31.20.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5f47cf3e67d125957055eb765ed3fe193
SHA1eda09a9655b74e2102c80d39665467cfa88a39eb
SHA256d736dc0525ee53caeff308d0dba5a73abb4d9a3ca909d4e5abe7c1a7f00bf3c1
SHA5123e7aaa51ab8f7bcc8fa76a608f9216fc510477ffe01022f1afe7a54755bcd92adfa466bc6444a7ee504d793e718f728ae7af0e1605be5dd94439875293fa77f7