Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

1c7b51fc42...3a.exe

windows7-x64

10

1c7b51fc42...3a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 21:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c7b51fc42a4cb6f04c7bcad06152d3a.exe

  • Size

    536KB

  • MD5

    1c7b51fc42a4cb6f04c7bcad06152d3a

  • SHA1

    087011b2bdbe8ad0a2486fbb5c0f6817259dc785

  • SHA256

    4644517d2806702549b846419b6535fe1f921619f9d1beed5227b46417e97880

  • SHA512

    54ae9f8dbb6f3d5da6c88edbec1f3608160a6c6ddcba30f55a106d2c59be0f8751f5297bbcaa5e24794ef2e24e4aa593154967838767815cbdf67850d359af45

  • SSDEEP

    12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NPd:q0P/k4lb2wKatd

Score
10/10
urelastrojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c7b51fc42a4cb6f04c7bcad06152d3a.exe
    "C:\Users\Admin\AppData\Local\Temp\1c7b51fc42a4cb6f04c7bcad06152d3a.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Users\Admin\AppData\Local\Temp\zoweu.exe
      "C:\Users\Admin\AppData\Local\Temp\zoweu.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3048
      • C:\Users\Admin\AppData\Local\Temp\nohao.exe
        "C:\Users\Admin\AppData\Local\Temp\nohao.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:3972
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_uinsey.bat" "
      2⤵
        PID:4896

    Network

    • flag-us
      DNS
      0.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      146.78.124.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      146.78.124.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      146.78.124.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      146.78.124.51.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      158.240.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.240.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301233_1DW93FPGEP2PWMOD7&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301233_1DW93FPGEP2PWMOD7&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 272929
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E72D8E8E5206416AA27FBEB96645F7D0 Ref B: LON04EDGE0713 Ref C: 2024-01-04T08:21:17Z
      date: Thu, 04 Jan 2024 08:21:16 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301404_13LUGLF1IFM9LJZ63&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301404_13LUGLF1IFM9LJZ63&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 471951
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 28F016EBC10A412699F43729E4A51E9C Ref B: LON04EDGE0713 Ref C: 2024-01-04T08:21:17Z
      date: Thu, 04 Jan 2024 08:21:16 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301642_146AN3TCLR6376QGX&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301642_146AN3TCLR6376QGX&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 301043
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 4A7914C12D3A4E4A9C307F027AC990AB Ref B: LON04EDGE0713 Ref C: 2024-01-04T08:21:17Z
      date: Thu, 04 Jan 2024 08:21:16 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301180_12QE0TUIBFKPVIEKD&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301180_12QE0TUIBFKPVIEKD&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 485755
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 18807F0D966A49FDA20C0AB49BD00084 Ref B: LON04EDGE0713 Ref C: 2024-01-04T08:21:17Z
      date: Thu, 04 Jan 2024 08:21:16 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317300971_1O5B0F861TRRZWX2T&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317300971_1O5B0F861TRRZWX2T&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 498886
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E49ED60E77554B2DAF15A060A82CB974 Ref B: LON04EDGE0713 Ref C: 2024-01-04T08:21:17Z
      date: Thu, 04 Jan 2024 08:21:16 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301589_1ELTX2YB56L7P0UAL&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301589_1ELTX2YB56L7P0UAL&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 543528
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: D25327D9E4AA4A0BA180A057906295C2 Ref B: LON04EDGE0713 Ref C: 2024-01-04T08:21:39Z
      date: Thu, 04 Jan 2024 08:21:39 GMT
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      104.241.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.241.123.92.in-addr.arpa
      IN PTR
      Response
      104.241.123.92.in-addr.arpa
      IN PTR
      a92-123-241-104deploystaticakamaitechnologiescom
    • flag-us
      DNS
      104.241.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.241.123.92.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      119.110.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      119.110.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      187.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      187.178.17.96.in-addr.arpa
      IN PTR
      Response
      187.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-187deploystaticakamaitechnologiescom
    • flag-us
      DNS
      174.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      174.178.17.96.in-addr.arpa
      IN PTR
      Response
      174.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-174deploystaticakamaitechnologiescom
    • flag-us
      DNS
      136.71.105.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      136.71.105.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      136.71.105.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      136.71.105.51.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      136.71.105.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      136.71.105.51.in-addr.arpa
      IN PTR
    • 20.231.121.79:80
      104 B
       2
    • 218.54.31.226:11110
      zoweu.exe
      260 B
       5
    • 1.234.83.146:11170
      zoweu.exe
      260 B
       5
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      2.4kB
       9.8kB
       22
      16
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      2.4kB
       9.8kB
       22
      16
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      2.4kB
       8.3kB
       21
      13
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239317301589_1ELTX2YB56L7P0UAL&pid=21.2&w=1080&h=1920&c=4
      tls, http2
      99.7kB
       2.7MB
       2001
      1991

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301233_1DW93FPGEP2PWMOD7&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301404_13LUGLF1IFM9LJZ63&pid=21.2&w=1080&h=1920&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301642_146AN3TCLR6376QGX&pid=21.2&w=1080&h=1920&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301180_12QE0TUIBFKPVIEKD&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317300971_1O5B0F861TRRZWX2T&pid=21.2&w=1920&h=1080&c=4

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301589_1ELTX2YB56L7P0UAL&pid=21.2&w=1080&h=1920&c=4

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      2.4kB
       8.3kB
       21
      14
    • 218.54.31.165:11110
      zoweu.exe
      260 B
       5
    • 133.242.129.155:11110
      zoweu.exe
      260 B
       5
    • 8.8.8.8:53
      0.159.190.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      0.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      146 B
       144 B
       2
      1

      DNS Request

      95.221.229.192.in-addr.arpa

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      146.78.124.51.in-addr.arpa
      dns
      144 B
       158 B
       2
      1

      DNS Request

      146.78.124.51.in-addr.arpa

      DNS Request

      146.78.124.51.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      142 B
       157 B
       2
      1

      DNS Request

      43.58.199.20.in-addr.arpa

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      158.240.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      158.240.127.40.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      142 B
       135 B
       2
      1

      DNS Request

      41.110.16.96.in-addr.arpa

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       173 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      73 B
       106 B
       1
      1

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      146 B
       144 B
       2
      1

      DNS Request

      240.221.184.93.in-addr.arpa

      DNS Request

      240.221.184.93.in-addr.arpa

    • 8.8.8.8:53
      104.241.123.92.in-addr.arpa
      dns
      146 B
       139 B
       2
      1

      DNS Request

      104.241.123.92.in-addr.arpa

      DNS Request

      104.241.123.92.in-addr.arpa

    • 8.8.8.8:53
      119.110.54.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      119.110.54.20.in-addr.arpa

    • 8.8.8.8:53
      187.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      187.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      174.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      174.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      136.71.105.51.in-addr.arpa
      dns
      216 B
       158 B
       3
      1

      DNS Request

      136.71.105.51.in-addr.arpa

      DNS Request

      136.71.105.51.in-addr.arpa

      DNS Request

      136.71.105.51.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_uinsey.bat
      Filesize

      276B

      MD5

      be61fc447437aa4134c851bdb3fee6b1

      SHA1

      6b825d287562aa5c5b469f95335d90bb876efdaf

      SHA256

      346b80e2400a436a53466bea29af678ee0cf5181d7f3b3d9dc5e6ca83db25008

      SHA512

      4ba0834b05968e8f71869585c17f8e50a99b1a85defe7b56411ff0bd7af745210884d8d47e24a661754072d5ff134d35717a2a7c92f3d13f2cd130e030143d6e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
      Filesize

      512B

      MD5

      6347295e6ebf3b4f1c398c07e38a9249

      SHA1

      d54de15cb7aee4b3c3a8f26d9e6b5656a07e2332

      SHA256

      efb7e9f8bb9613384657ebe22964b874a4bcce3e499eec628433d595ce5baf64

      SHA512

      ff6d92a7e920c42813cfb58e974844470d80385a689899558a02b04fe4b1c14d106b6b0be0457b67e5bcc255e4be2a7c0a963ad2b7ffbbdc84e5ea912bdf76de

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nohao.exe
      Filesize

      236KB

      MD5

      d8269210115cfae997b0158a175d9b23

      SHA1

      1264c7ececc8417fd161526dbdc76d3b48322953

      SHA256

      3254e31dc379424292dc7cccb4bd798725a2840a67a453d1906b1d2b0367bed7

      SHA512

      851c6836a447ae4b9ed7961b3a53870e538e234396d5c1193a4460359482886c7cd82c2947ebd9e41dd92ae8c3b29030258340f322b5fe2fd13b122e93416db8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\zoweu.exe
      Filesize

      536KB

      MD5

      dcc09284a37edf435461561925c7271a

      SHA1

      5f911b5915664d68cf55cd907c9e77eb158d8dbc

      SHA256

      cfb3661d8ff6123688c490c0a72ed4ffb32088f33868937329d03b6055edd811

      SHA512

      ccfbd40516123c01601de198651fe82977749b9f0831153d7904f6b239dae3925dae210a79296309add2d6d2224109142a506e026e70328366bfab2ed1e98105

      Download Submit

    • memory/2376-14-0x0000000000400000-0x000000000048C000-memory.dmp

      Filesize

      560KB

      Download

    • memory/2376-0-0x0000000000400000-0x000000000048C000-memory.dmp

      Filesize

      560KB

      Download

    • memory/3048-12-0x0000000000400000-0x000000000048C000-memory.dmp

      Filesize

      560KB

      Download

    • memory/3048-26-0x0000000000400000-0x000000000048C000-memory.dmp

      Filesize

      560KB

      Download

    • memory/3972-25-0x00000000005A0000-0x0000000000643000-memory.dmp

      Filesize

      652KB

      Download

    • memory/3972-27-0x0000000000E20000-0x0000000000E21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3972-29-0x00000000005A0000-0x0000000000643000-memory.dmp

      Filesize

      652KB

      Download

    • memory/3972-30-0x00000000005A0000-0x0000000000643000-memory.dmp

      Filesize

      652KB

      Download

    • memory/3972-31-0x00000000005A0000-0x0000000000643000-memory.dmp

      Filesize

      652KB

      Download

    • memory/3972-32-0x00000000005A0000-0x0000000000643000-memory.dmp

      Filesize

      652KB

      Download

    • memory/3972-33-0x00000000005A0000-0x0000000000643000-memory.dmp

      Filesize

      652KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.