Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

photo2scr.exe

windows7-x64

7

photo2scr.exe

windows10-2004-x64

7

安装说明.url

windows7-x64

1

安装说明.url

windows10-2004-x64

1

Analysis

  • max time kernel
    162s
  • max time network
    172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 05:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    photo2scr.exe

  • Size

    1.5MB

  • MD5

    3dd264e94f98b5628efe2e7fec99b5fa

  • SHA1

    1e3f5f152da577b0d67fd4f97017e031dde54426

  • SHA256

    ef7a5cf8e4c927ea847e966943dd9da773b6698e60c1578913650ae28fac32df

  • SHA512

    fec20f9c6d4c0eaccef7e4881d21b968fc080eac2593c92e351408a5f9c1e6d40b1002b3780b8db2f55045e2e8eb9331fb199597de830e84f92be05412e3f434

  • SSDEEP

    24576:gpniOA5rBBMPyZ1ZRZBrbn9p6FbMA/i5/AyGyB4v9VfFZjECNpSB2+GIxnsvsdyl:eiOAnBW+XxrBpmK5jGm41jZugBkyl

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\photo2scr.exe
    "C:\Users\Admin\AppData\Local\Temp\photo2scr.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3492
    • C:\Users\Admin\AppData\Local\Temp\is-Q98PD.tmp\is-DUL3G.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-Q98PD.tmp\is-DUL3G.tmp" /SL4 $60162 "C:\Users\Admin\AppData\Local\Temp\photo2scr.exe" 1352839 52224
      2⤵
      • Executes dropped EXE
      PID:4568

Network

  • flag-us
    DNS
    1.181.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.181.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    92.123.241.137
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt
    Remote address:
    92.123.241.137:80
    Request
    GET /pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: www.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1126
    Content-Type: application/octet-stream
    Content-MD5: YAUaFgF7vUODUG8XQQW6BQ==
    Last-Modified: Fri, 28 Sep 2018 22:50:05 GMT
    ETag: 0x8D62594BC0C84D8
    x-ms-request-id: 9327f1ba-601e-004f-4648-1536e4000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 02 Jan 2024 09:12:28 GMT
    Connection: keep-alive
    TLS_version: UNKNOWN
    ms-cv: CASMicrosoftCV11c0158d.0
    ms-cv-esi: CASMicrosoftCV11c0158d.0
    X-RTag: RT
  • flag-us
    GET
    http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt
    Remote address:
    92.123.241.137:80
    Request
    GET /pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: www.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1126
    Content-Type: application/octet-stream
    Content-MD5: YAUaFgF7vUODUG8XQQW6BQ==
    Last-Modified: Fri, 28 Sep 2018 22:50:05 GMT
    ETag: 0x8D62594BC0C84D8
    x-ms-request-id: 9327f1ba-601e-004f-4648-1536e4000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    X-EdgeConnect-Origin-MEX-Latency: 108
    Date: Tue, 02 Jan 2024 09:12:29 GMT
    Connection: keep-alive
    TLS_version: UNKNOWN
    ms-cv: CASMicrosoftCV8a6316ef.0
    ms-cv-esi: CASMicrosoftCV8a6316ef.0
    X-RTag: RT
  • flag-us
    DNS
    137.241.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    137.241.123.92.in-addr.arpa
    IN PTR
    Response
    137.241.123.92.in-addr.arpa
    IN PTR
    a92-123-241-137deploystaticakamaitechnologiescom
  • flag-us
    DNS
    137.241.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    137.241.123.92.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    114.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    114.110.16.96.in-addr.arpa
    IN PTR
    Response
    114.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-114deploystaticakamaitechnologiescom
  • flag-us
    DNS
    21.53.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.53.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    187.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    187.178.17.96.in-addr.arpa
    IN PTR
    Response
    187.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-187deploystaticakamaitechnologiescom
  • flag-us
    DNS
    43.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.229.111.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    43.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.229.111.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    173.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    173.178.17.96.in-addr.arpa
    IN PTR
    Response
    173.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-173deploystaticakamaitechnologiescom
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301174_1DZVP9RMU2XGXAR8U&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301174_1DZVP9RMU2XGXAR8U&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 203882
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4670A962646C4ABC8355D315B125F23F Ref B: LON04EDGE0609 Ref C: 2024-01-02T09:14:04Z
    date: Tue, 02 Jan 2024 09:14:03 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301685_171YK8L2RNOTOWUB0&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301685_171YK8L2RNOTOWUB0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 278820
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 55A70BEFC6B443F5AA124950DF1FD03D Ref B: LON04EDGE0609 Ref C: 2024-01-02T09:14:04Z
    date: Tue, 02 Jan 2024 09:14:03 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301276_1FHQU2O53GKUUYZPS&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301276_1FHQU2O53GKUUYZPS&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 203137
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4518C771CE004B278A08A4F830C0C8CD Ref B: LON04EDGE0609 Ref C: 2024-01-02T09:14:05Z
    date: Tue, 02 Jan 2024 09:14:04 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301583_1IGYRX9U1IBYYG0PV&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301583_1IGYRX9U1IBYYG0PV&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 363285
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 522F60C9B38140AEA9DCB003D389017F Ref B: LON04EDGE0609 Ref C: 2024-01-02T09:14:06Z
    date: Tue, 02 Jan 2024 09:14:05 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301011_1Q64Y8U9UJ0Y7FTOQ&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301011_1Q64Y8U9UJ0Y7FTOQ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 171891
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 1386A8F3943648DC86CA7B878C2C63B5 Ref B: LON04EDGE0609 Ref C: 2024-01-02T09:14:06Z
    date: Tue, 02 Jan 2024 09:14:05 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301444_1ADW5UG9KMTHYULQ8&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301444_1ADW5UG9KMTHYULQ8&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    DNS
    58.189.79.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.189.79.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.189.79.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.189.79.40.in-addr.arpa
    IN PTR
    Response
  • 92.123.241.137:80
    http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt
    http
    418 B
     1.8kB
     5
    4

    HTTP Request

    GET http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt

    HTTP Response

    200
  • 92.123.241.137:80
    http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt
    http
    418 B
     1.8kB
     5
    4

    HTTP Request

    GET http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt

    HTTP Response

    200
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301444_1ADW5UG9KMTHYULQ8&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    45.4kB
     1.3MB
     922
    917

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301174_1DZVP9RMU2XGXAR8U&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301685_171YK8L2RNOTOWUB0&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301276_1FHQU2O53GKUUYZPS&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301583_1IGYRX9U1IBYYG0PV&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301011_1Q64Y8U9UJ0Y7FTOQ&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301444_1ADW5UG9KMTHYULQ8&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.8kB
     561 B
     11
    7
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     8.4kB
     17
    15
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
     8.2kB
     16
    12
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
     8.3kB
     16
    14
  • 8.8.8.8:53
    1.181.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    1.181.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    www.microsoft.com
    dns
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    92.123.241.137

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    137.241.123.92.in-addr.arpa
    dns
    146 B
     139 B
     2
    1

    DNS Request

    137.241.123.92.in-addr.arpa

    DNS Request

    137.241.123.92.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    114.110.16.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    114.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    21.53.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    21.53.126.40.in-addr.arpa

  • 8.8.8.8:53
    208.194.73.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    208.194.73.20.in-addr.arpa

  • 8.8.8.8:53
    187.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    187.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    43.229.111.52.in-addr.arpa
    dns
    216 B
     158 B
     3
    1

    DNS Request

    43.229.111.52.in-addr.arpa

    DNS Request

    43.229.111.52.in-addr.arpa

    DNS Request

    43.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    173.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    173.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    43.58.199.20.in-addr.arpa

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    213 B
     157 B
     3
    1

    DNS Request

    57.169.31.20.in-addr.arpa

    DNS Request

    57.169.31.20.in-addr.arpa

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
     173 B
     2
    1

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    58.189.79.40.in-addr.arpa
    dns
    142 B
     290 B
     2
    2

    DNS Request

    58.189.79.40.in-addr.arpa

    DNS Request

    58.189.79.40.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-Q98PD.tmp\is-DUL3G.tmp
    Filesize

    642KB

    MD5

    3c9f925549a51f9017e08a072332fa47

    SHA1

    1bff860e744467a58ef986b1016a4454844f5ad7

    SHA256

    1eb6ba689a47d91d01c9b3caa93daacec49c7b6daafb217678b9ad8f545c8ac2

    SHA512

    86112ec0d9f4254bceb0a576bc03e09384a15a4a5e94b08ca65ddfbc60d9d8d459885138c2644c9309ac86bca0b86d41c92dbc8ed23d7d381cdbeb2d7963ec18

    Download Submit

  • memory/3492-0-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3492-2-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3492-7-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4568-8-0x0000000002250000-0x0000000002251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4568-14-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/4568-16-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/4568-19-0x0000000002250000-0x0000000002251000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.