Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

main - Copy (2).exe

windows10-2004-x64

10

main - Copy (2).exe

windows11-21h2-x64

10

main - Copy (3).exe

windows10-2004-x64

10

main - Copy (3).exe

windows11-21h2-x64

1

main - Copy (4).exe

windows10-2004-x64

10

main - Copy (4).exe

windows11-21h2-x64

10

main - Copy (5).exe

windows10-2004-x64

10

main - Copy (5).exe

windows11-21h2-x64

10

main - Copy (6).exe

windows10-2004-x64

1

main - Copy (6).exe

windows11-21h2-x64

10

main - Copy (7).exe

windows10-2004-x64

10

main - Copy (7).exe

windows11-21h2-x64

10

main - Copy (8).exe

windows10-2004-x64

10

main - Copy (8).exe

windows11-21h2-x64

1

main - Copy (9).exe

windows10-2004-x64

10

main - Copy (9).exe

windows11-21h2-x64

10

main - Copy.exe

windows10-2004-x64

10

main - Copy.exe

windows11-21h2-x64

10

main.exe

windows10-2004-x64

10

main.exe

windows11-21h2-x64

10

Resubmissions

30/12/2023, 13:31 UTC

231230-qsrkaahffl 10

30/12/2023, 12:06 UTC

231230-n98h1sdhfj 10

30/12/2023, 12:06 UTC

231230-n9779adhep 10

30/12/2023, 12:06 UTC

231230-n97xgsgaf7 10

30/12/2023, 12:06 UTC

231230-n97aysgaf6 10

30/12/2023, 12:06 UTC

231230-n96z7adhej 10

30/12/2023, 12:06 UTC

231230-n96pesdhdq 10

29/12/2023, 23:47 UTC

231229-3sy1ksader 10

29/12/2023, 23:47 UTC

231229-3syd2saden 10

29/12/2023, 23:47 UTC

231229-3sxgrachf3 10

Analysis

  • max time kernel
    1393s
  • max time network
    1161s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    29/12/2023, 23:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    main - Copy (3).exe

  • Size

    6.9MB

  • MD5

    22c978ffaefef3389bf29068b9621661

  • SHA1

    5671972c1d70826fb85dced4c83c700dd282ea21

  • SHA256

    e6ee8e9b38e10a92a89e61b8655ca4fedcc381fd93cb36f43fe323132923dfcf

  • SHA512

    8a280cb782f0afab171d2e7955b75362e98cefd449d382004ef2568c2c230cd633a754b1dd5f0dc5e17407819e4dceb5b0cbb2647e279a6ec674b8d9484be26a

  • SSDEEP

    98304:7b5Ak7khMiyw0VREqfnle5EEPbxVhCQHSIMf:5LUMiywZqshDxaQHh

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\main - Copy (3).exe
    "C:\Users\Admin\AppData\Local\Temp\main - Copy (3).exe"
    1⤵
      PID:3548

    Network

    • flag-us
      DNS
      github.com
      main - Copy (3).exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
    • flag-us
      DNS
      github.com
      main - Copy (3).exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
    • flag-us
      DNS
      github.com
      main - Copy (3).exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
    • flag-us
      DNS
      github.com
      main - Copy (3).exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
    • flag-us
      DNS
      github.com
      main - Copy (3).exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-weu-b.westeurope.cloudapp.azure.com
      iris-de-prod-azsc-v2-weu-b.westeurope.cloudapp.azure.com
      IN A
      20.31.169.57
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
      Response
      ctldl.windowsupdate.com
      IN CNAME
      wu-bg-shim.trafficmanager.net
      wu-bg-shim.trafficmanager.net
      IN CNAME
      wu.azureedge.net
      wu.azureedge.net
      IN CNAME
      wu.ec.azureedge.net
      wu.ec.azureedge.net
      IN CNAME
      bg.apr-52dd2-0503.edgecastdns.net
      bg.apr-52dd2-0503.edgecastdns.net
      IN CNAME
      hlb.apr-52dd2-0.edgecastdns.net
      hlb.apr-52dd2-0.edgecastdns.net
      IN CNAME
      cs11.wpc.v0cdn.net
      cs11.wpc.v0cdn.net
      IN A
      93.184.221.240
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      ocsp.digicert.com
      Remote address:
      8.8.8.8:53
      Request
      ocsp.digicert.com
      IN A
      Response
      ocsp.digicert.com
      IN CNAME
      ocsp.edge.digicert.com
      ocsp.edge.digicert.com
      IN CNAME
      fp2e7a.wpc.2be4.phicdn.net
      fp2e7a.wpc.2be4.phicdn.net
      IN CNAME
      fp2e7a.wpc.phicdn.net
      fp2e7a.wpc.phicdn.net
      IN A
      192.229.221.95
    • flag-us
      DNS
      ocsp.digicert.com
      Remote address:
      8.8.8.8:53
      Request
      ocsp.digicert.com
      IN A
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      login.live.com
      Remote address:
      8.8.8.8:53
      Request
      login.live.com
      IN A
      Response
      login.live.com
      IN CNAME
      login.msa.msidentity.com
      login.msa.msidentity.com
      IN CNAME
      www.tm.lg.prod.aadmsa.trafficmanager.net
      www.tm.lg.prod.aadmsa.trafficmanager.net
      IN CNAME
      prdv4a.aadg.msidentity.com
      prdv4a.aadg.msidentity.com
      IN CNAME
      www.tm.v4.a.prd.aadg.trafficmanager.net
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.181.6
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.53.19
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.53.17
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.181.3
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.53.21
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.181.5
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.181.2
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.181.23
    • flag-us
      DNS
      6.181.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      6.181.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.com
      iris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.com
      IN A
      20.74.47.205
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      205.47.74.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      205.47.74.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      nexusrules.officeapps.live.com
      Remote address:
      8.8.8.8:53
      Request
      nexusrules.officeapps.live.com
      IN A
      Response
      nexusrules.officeapps.live.com
      IN CNAME
      prod.nexusrules.live.com.akadns.net
      prod.nexusrules.live.com.akadns.net
      IN A
      52.111.227.13
    • flag-us
      DNS
      ris.api.iris.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      ris.api.iris.microsoft.com
      IN A
      Response
      ris.api.iris.microsoft.com
      IN CNAME
      ris-prod.trafficmanager.net
      ris-prod.trafficmanager.net
      IN CNAME
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      IN A
      20.234.120.54
    • flag-us
      DNS
      ris.api.iris.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      ris.api.iris.microsoft.com
      IN A
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239351692218_1C2G5NA0D2U7KB730&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239351692218_1C2G5NA0D2U7KB730&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 412540
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: C0069137555C4BE9876FCE3A1C2FB8C0 Ref B: LON04EDGE0913 Ref C: 2023-12-30T02:32:03Z
      date: Sat, 30 Dec 2023 02:32:02 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239351692257_1HIZ251INBOILWVAX&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239351692257_1HIZ251INBOILWVAX&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 207140
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: D699773A5F834753899B0A74441C0FCA Ref B: LON04EDGE0913 Ref C: 2023-12-30T02:32:03Z
      date: Sat, 30 Dec 2023 02:32:02 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239351692194_136002WU93FKUBGFQ&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239351692194_136002WU93FKUBGFQ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 414644
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 31371BC9044344E4A520382102E186C7 Ref B: LON04EDGE0913 Ref C: 2023-12-30T02:32:03Z
      date: Sat, 30 Dec 2023 02:32:02 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239351692256_1WQM6RJXKTQXXQ775&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239351692256_1WQM6RJXKTQXXQ775&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 399443
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 5F0302846AD94311B9895C15C615BA91 Ref B: LON04EDGE0913 Ref C: 2023-12-30T02:32:03Z
      date: Sat, 30 Dec 2023 02:32:02 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239351692219_16RSQD6Q5T7P1QOIL&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239351692219_16RSQD6Q5T7P1QOIL&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 225069
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 2D4EAB1BA0144C8EA0DE22599ED1E583 Ref B: LON04EDGE0913 Ref C: 2023-12-30T02:32:03Z
      date: Sat, 30 Dec 2023 02:32:02 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239351692195_1JV8M5U9CCF462N7K&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239351692195_1JV8M5U9CCF462N7K&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 331750
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: BE2AC9DC039E49F3B1D0053F89A1B274 Ref B: LON04EDGE0913 Ref C: 2023-12-30T02:32:08Z
      date: Sat, 30 Dec 2023 02:32:07 GMT
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
      Response
      ctldl.windowsupdate.com
      IN CNAME
      wu-bg-shim.trafficmanager.net
      wu-bg-shim.trafficmanager.net
      IN CNAME
      wu.azureedge.net
      wu.azureedge.net
      IN CNAME
      wu.ec.azureedge.net
      wu.ec.azureedge.net
      IN CNAME
      bg.apr-52dd2-0503.edgecastdns.net
      bg.apr-52dd2-0503.edgecastdns.net
      IN CNAME
      hlb.apr-52dd2-0.edgecastdns.net
      hlb.apr-52dd2-0.edgecastdns.net
      IN CNAME
      cs11.wpc.v0cdn.net
      cs11.wpc.v0cdn.net
      IN A
      93.184.221.240
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com
      iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com
      IN A
      20.103.156.88
    • flag-us
      DNS
      88.156.103.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.156.103.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      54.120.234.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      54.120.234.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
      Response
      ctldl.windowsupdate.com
      IN CNAME
      wu-bg-shim.trafficmanager.net
      wu-bg-shim.trafficmanager.net
      IN CNAME
      download.windowsupdate.com.edgesuite.net
      download.windowsupdate.com.edgesuite.net
      IN CNAME
      a767.dspw65.akamai.net
      a767.dspw65.akamai.net
      IN A
      96.17.178.173
      a767.dspw65.akamai.net
      IN A
      96.17.178.180
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
    • flag-us
      DNS
      173.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      173.178.17.96.in-addr.arpa
      IN PTR
      Response
      173.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-173deploystaticakamaitechnologiescom
    • flag-us
      DNS
      self.events.data.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      self.events.data.microsoft.com
      IN A
      Response
      self.events.data.microsoft.com
      IN CNAME
      self-events-data.trafficmanager.net
      self-events-data.trafficmanager.net
      IN CNAME
      onedscolprdjpw00.japanwest.cloudapp.azure.com
      onedscolprdjpw00.japanwest.cloudapp.azure.com
      IN A
      40.74.98.192
    • flag-us
      DNS
      192.98.74.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      192.98.74.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      192.98.74.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      192.98.74.40.in-addr.arpa
      IN PTR
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.5kB
       9.2kB
       17
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.6kB
       8.2kB
       17
      13
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239351692195_1JV8M5U9CCF462N7K&pid=21.2&w=1080&h=1920&c=4
      tls, http2
      75.4kB
       2.1MB
       1558
      1553

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239351692218_1C2G5NA0D2U7KB730&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239351692257_1HIZ251INBOILWVAX&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239351692194_136002WU93FKUBGFQ&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239351692256_1WQM6RJXKTQXXQ775&pid=21.2&w=1080&h=1920&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239351692219_16RSQD6Q5T7P1QOIL&pid=21.2&w=1080&h=1920&c=4

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239351692195_1JV8M5U9CCF462N7K&pid=21.2&w=1080&h=1920&c=4

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      2.0kB
       10.5kB
       19
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      2.2kB
       8.3kB
       19
      13
    • 8.8.8.8:53
      github.com
      dns
      main - Copy (3).exe
      280 B
       5

      DNS Request

      github.com

      DNS Request

      github.com

      DNS Request

      github.com

      DNS Request

      github.com

      DNS Request

      github.com

    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      261 B
       520 B
       4
      3

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      arc.msn.com

      DNS Response

      20.31.169.57

      DNS Request

      ctldl.windowsupdate.com

      DNS Request

      ctldl.windowsupdate.com

      DNS Response

      93.184.221.240

    • 8.8.8.8:53
      57.169.31.20.in-addr.arpa
      dns
      197 B
       325 B
       3
      2

      DNS Request

      57.169.31.20.in-addr.arpa

      DNS Request

      ocsp.digicert.com

      DNS Request

      ocsp.digicert.com

      DNS Response

      192.229.221.95

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      687 B
       1.6kB
       10
      9

      DNS Request

      240.221.184.93.in-addr.arpa

      DNS Request

      95.221.229.192.in-addr.arpa

      DNS Request

      login.live.com

      DNS Response

      20.190.181.6
      40.126.53.19
      40.126.53.17
      20.190.181.3
      40.126.53.21
      20.190.181.5
      20.190.181.2
      20.190.181.23

      DNS Request

      6.181.190.20.in-addr.arpa

      DNS Request

      arc.msn.com

      DNS Response

      20.74.47.205

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

      DNS Request

      205.47.74.20.in-addr.arpa

      DNS Request

      nexusrules.officeapps.live.com

      DNS Response

      52.111.227.13

      DNS Request

      ris.api.iris.microsoft.com

      DNS Request

      ris.api.iris.microsoft.com

      DNS Response

      20.234.120.54

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      550 B
       1.1kB
       8
      6

      DNS Request

      200.197.79.204.in-addr.arpa

      DNS Request

      ctldl.windowsupdate.com

      DNS Response

      93.184.221.240

      DNS Request

      arc.msn.com

      DNS Response

      20.103.156.88

      DNS Request

      88.156.103.20.in-addr.arpa

      DNS Request

      54.120.234.20.in-addr.arpa

      DNS Request

      ctldl.windowsupdate.com

      DNS Request

      ctldl.windowsupdate.com

      DNS Request

      ctldl.windowsupdate.com

      DNS Response

      96.17.178.173
      96.17.178.180

    • 8.8.8.8:53
      173.178.17.96.in-addr.arpa
      dns
      290 B
       479 B
       4
      3

      DNS Request

      173.178.17.96.in-addr.arpa

      DNS Request

      self.events.data.microsoft.com

      DNS Response

      40.74.98.192

      DNS Request

      192.98.74.40.in-addr.arpa

      DNS Request

      192.98.74.40.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.