Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2024, 17:49 UTC

General

  • Target

    15fe618d8e827be3368fde96b031e617f1b5d0a491e7f301197039274c27938e.exe

  • Size

    35KB

  • MD5

    ef6aff1c3857293362924a4a7ffeb8ac

  • SHA1

    5bcd17af196edfbee1a1ae8ded04807000dd5a3c

  • SHA256

    15fe618d8e827be3368fde96b031e617f1b5d0a491e7f301197039274c27938e

  • SHA512

    681d31bb1dd967cac47ec2d8ac240627d1242e87bc6d61588c214c39d30c3c9ef6bacf3235098db9491d58811cea725c02dc2e61459c66202ef39c460b76b8b6

  • SSDEEP

    768:wHGGaSawqnwjRQ6ESlmFOsPoOdQtOOtEvwDpjm6WaJIOc+UPPb6b:YGzl5wjRQBBOsP1QMOtEvwDpjgarJb

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 3 IoCs
  • Detection of Cryptolocker Samples 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15fe618d8e827be3368fde96b031e617f1b5d0a491e7f301197039274c27938e.exe
    "C:\Users\Admin\AppData\Local\Temp\15fe618d8e827be3368fde96b031e617f1b5d0a491e7f301197039274c27938e.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4644
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1784
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4168 --field-trial-handle=2288,i,11069632825633797559,14829202121434726371,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1600

    Network

    • flag-us
      DNS
      147.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      147.177.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      133.211.185.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.211.185.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      emrlogistics.com
      asih.exe
      Remote address:
      8.8.8.8:53
      Request
      emrlogistics.com
      IN A
      Response
      emrlogistics.com
      IN CNAME
      traff-6.hugedomains.com
      traff-6.hugedomains.com
      IN CNAME
      hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com
      hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com
      IN A
      3.140.13.188
      hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com
      IN A
      18.119.154.66
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      105.211.222.173.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      105.211.222.173.in-addr.arpa
      IN PTR
      Response
      105.211.222.173.in-addr.arpa
      IN PTR
      a173-222-211-105deploystaticakamaitechnologiescom
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      13.86.106.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.86.106.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      196.249.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      196.249.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.134.221.88.in-addr.arpa
      IN PTR
      Response
      18.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-18deploystaticakamaitechnologiescom
    • flag-us
      DNS
      5.179.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      5.179.17.96.in-addr.arpa
      IN PTR
      Response
      5.179.17.96.in-addr.arpa
      IN PTR
      a96-17-179-5deploystaticakamaitechnologiescom
    • flag-us
      DNS
      107.211.222.173.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      107.211.222.173.in-addr.arpa
      IN PTR
      Response
      107.211.222.173.in-addr.arpa
      IN PTR
      a173-222-211-107deploystaticakamaitechnologiescom
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      19.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388216_1SP7N5FKYH04QEW3Y&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239339388216_1SP7N5FKYH04QEW3Y&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 364778
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 4BAFC6F4DCB94CCF9EDA53C1946A8F60 Ref B: LON04EDGE1110 Ref C: 2024-03-27T17:51:46Z
      date: Wed, 27 Mar 2024 17:51:46 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388217_1U4N1IRR5P78Z350M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239339388217_1U4N1IRR5P78Z350M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 577346
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: B4E451F136594BEF8F05AB99E32D0A97 Ref B: LON04EDGE1110 Ref C: 2024-03-27T17:51:46Z
      date: Wed, 27 Mar 2024 17:51:46 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418539_1KFG8UNZE5MUR2Y24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340418539_1KFG8UNZE5MUR2Y24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 374313
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 8E7E8CE22C894791925BAD20601E7F62 Ref B: LON04EDGE1110 Ref C: 2024-03-27T17:51:46Z
      date: Wed, 27 Mar 2024 17:51:46 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418540_1UQTKN6JO04LNXB5Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340418540_1UQTKN6JO04LNXB5Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 676162
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: AD1D697A400A4A42B3A3B8A4FE105ABA Ref B: LON04EDGE1110 Ref C: 2024-03-27T17:51:46Z
      date: Wed, 27 Mar 2024 17:51:46 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360266662_1HDPCEFCKT80ZHIEH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360266662_1HDPCEFCKT80ZHIEH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 734405
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 6401DEE3EF014073AF80BC1607FFFC02 Ref B: LON04EDGE1110 Ref C: 2024-03-27T17:51:46Z
      date: Wed, 27 Mar 2024 17:51:46 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360266663_1E57D2H6MI54M9FR3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360266663_1E57D2H6MI54M9FR3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 737668
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: B878399A3A994D369DFF8733E4F2188B Ref B: LON04EDGE1110 Ref C: 2024-03-27T17:51:46Z
      date: Wed, 27 Mar 2024 17:51:46 GMT
    • flag-us
      DNS
      209.80.50.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.80.50.20.in-addr.arpa
      IN PTR
      Response
    • 20.231.121.79:80
      46 B
      1
    • 3.140.13.188:443
      emrlogistics.com
      asih.exe
      260 B
      5
    • 18.119.154.66:443
      emrlogistics.com
      asih.exe
      260 B
      5
    • 13.105.221.16:443
      46 B
      40 B
      1
      1
    • 3.140.13.188:443
      emrlogistics.com
      asih.exe
      260 B
      5
    • 18.119.154.66:443
      emrlogistics.com
      asih.exe
      260 B
      5
    • 3.140.13.188:443
      emrlogistics.com
      asih.exe
      260 B
      5
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      8.1kB
      16
      14
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239360266663_1E57D2H6MI54M9FR3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      tls, http2
      128.4kB
      3.6MB
      2635
      2630

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388216_1SP7N5FKYH04QEW3Y&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388217_1U4N1IRR5P78Z350M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418539_1KFG8UNZE5MUR2Y24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418540_1UQTKN6JO04LNXB5Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360266662_1HDPCEFCKT80ZHIEH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360266663_1E57D2H6MI54M9FR3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      8.1kB
      16
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      8.1kB
      16
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      8.1kB
      16
      14
    • 18.119.154.66:443
      emrlogistics.com
      asih.exe
      260 B
      5
    • 3.140.13.188:443
      emrlogistics.com
      asih.exe
      260 B
      5
    • 18.119.154.66:443
      emrlogistics.com
      asih.exe
      52 B
      1
    • 8.8.8.8:53
      147.177.190.20.in-addr.arpa
      dns
      73 B
      159 B
      1
      1

      DNS Request

      147.177.190.20.in-addr.arpa

    • 8.8.8.8:53
      133.211.185.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      133.211.185.52.in-addr.arpa

    • 8.8.8.8:53
      emrlogistics.com
      dns
      asih.exe
      62 B
      193 B
      1
      1

      DNS Request

      emrlogistics.com

      DNS Response

      3.140.13.188
      18.119.154.66

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
      156 B
      1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      105.211.222.173.in-addr.arpa
      dns
      74 B
      141 B
      1
      1

      DNS Request

      105.211.222.173.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      13.86.106.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      13.86.106.20.in-addr.arpa

    • 8.8.8.8:53
      196.249.167.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      196.249.167.52.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
      144 B
      1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      18.134.221.88.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      18.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      5.179.17.96.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      5.179.17.96.in-addr.arpa

    • 8.8.8.8:53
      107.211.222.173.in-addr.arpa
      dns
      74 B
      141 B
      1
      1

      DNS Request

      107.211.222.173.in-addr.arpa

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    • 8.8.8.8:53
      19.229.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      19.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
      173 B
      1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      209.80.50.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      209.80.50.20.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\asih.exe

      Filesize

      35KB

      MD5

      936d0589287f5718bbab3e40c38278bb

      SHA1

      affc83e5301e34f30eaddbe04230cc98a0b593aa

      SHA256

      f3eb17514730195a49e00d35ebaecb9dee20aebdc72c782e4551c1218f0b157a

      SHA512

      cf57243b9380852935c96d5106875152ef65c1515a419d33522f37599ec803ade934c220ed37a43b21170669d29be7e81e5e2b22263c75f758907a9a459ff93d

    • memory/1784-19-0x00000000005E0000-0x00000000005E6000-memory.dmp

      Filesize

      24KB

    • memory/1784-25-0x00000000004D0000-0x00000000004D6000-memory.dmp

      Filesize

      24KB

    • memory/4644-0-0x0000000000500000-0x000000000050B000-memory.dmp

      Filesize

      44KB

    • memory/4644-1-0x00000000006A0000-0x00000000006A6000-memory.dmp

      Filesize

      24KB

    • memory/4644-2-0x00000000006A0000-0x00000000006A6000-memory.dmp

      Filesize

      24KB

    • memory/4644-3-0x00000000006C0000-0x00000000006C6000-memory.dmp

      Filesize

      24KB

    • memory/4644-17-0x0000000000500000-0x000000000050B000-memory.dmp

      Filesize

      44KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.