Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e231a1341c...cs.exe

windows7-x64

7

e231a1341c...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2024, 09:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e231a1341ced50815580646f8823e920_NeikiAnalytics.exe

  • Size

    2.7MB

  • MD5

    e231a1341ced50815580646f8823e920

  • SHA1

    87f388d6add431386df3593aa339089c10d50320

  • SHA256

    8a15c447962d7bd823fc5d3e5366d2e70cd3f7571a24e862d4bd2a4c4cf13b72

  • SHA512

    c455a4c84afa28dfebacbf6dfb07c69d24c7101df63c7310b038de788792a0476f3bfbbd228d3fb24a4d2699bcb4c7aef63d0401cea9a852395fe31ccc4ce164

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LB+9w4Sx:+R0pI/IQlUoMPdmpSp44

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e231a1341ced50815580646f8823e920_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e231a1341ced50815580646f8823e920_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\IntelprocNF\xbodloc.exe
      C:\IntelprocNF\xbodloc.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1732

Network

  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8RroeyIz4MxbrZMg5-glX5jVUCUzdOpuvoVAa2OdYPjMnIuIub2APTECzSz6JWa8aiJQv1TMTC_AO5GkRybiQDoHh8zpXviEb3ls7vjP5Zv5of9gIBiqeHbF2VC2_G_rZK1_1-_ZDwVgG9x8liSnBgo5rjAJ_PSXJTfAH9lKeM7WZhoGA%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd68d3534a22a1e927f78530fca68401d&TIME=20240508T115648Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8RroeyIz4MxbrZMg5-glX5jVUCUzdOpuvoVAa2OdYPjMnIuIub2APTECzSz6JWa8aiJQv1TMTC_AO5GkRybiQDoHh8zpXviEb3ls7vjP5Zv5of9gIBiqeHbF2VC2_G_rZK1_1-_ZDwVgG9x8liSnBgo5rjAJ_PSXJTfAH9lKeM7WZhoGA%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd68d3534a22a1e927f78530fca68401d&TIME=20240508T115648Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=30AA90CF7E37663E3519844A7F8C679E; domain=.bing.com; expires=Sat, 14-Jun-2025 09:56:17 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3125BAA3B11244898500E1DB66AF57C2 Ref B: LON04EDGE0815 Ref C: 2024-05-20T09:56:17Z
    date: Mon, 20 May 2024 09:56:16 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8RroeyIz4MxbrZMg5-glX5jVUCUzdOpuvoVAa2OdYPjMnIuIub2APTECzSz6JWa8aiJQv1TMTC_AO5GkRybiQDoHh8zpXviEb3ls7vjP5Zv5of9gIBiqeHbF2VC2_G_rZK1_1-_ZDwVgG9x8liSnBgo5rjAJ_PSXJTfAH9lKeM7WZhoGA%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd68d3534a22a1e927f78530fca68401d&TIME=20240508T115648Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8RroeyIz4MxbrZMg5-glX5jVUCUzdOpuvoVAa2OdYPjMnIuIub2APTECzSz6JWa8aiJQv1TMTC_AO5GkRybiQDoHh8zpXviEb3ls7vjP5Zv5of9gIBiqeHbF2VC2_G_rZK1_1-_ZDwVgG9x8liSnBgo5rjAJ_PSXJTfAH9lKeM7WZhoGA%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd68d3534a22a1e927f78530fca68401d&TIME=20240508T115648Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=30AA90CF7E37663E3519844A7F8C679E; _EDGE_S=SID=03E86DBEAC8560640375793BAD456167
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=x7ABS4BhS0pEQOFaCVNCxJc8GgcCxB2T40EcfA-JIfM; domain=.bing.com; expires=Sat, 14-Jun-2025 09:56:17 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0C9D5F2EB31C42BDAB115C8B45742A0A Ref B: LON04EDGE0815 Ref C: 2024-05-20T09:56:17Z
    date: Mon, 20 May 2024 09:56:17 GMT
  • flag-nl
    GET
    https://www.bing.com/aes/c.gif?RG=05f400f9adad4661b5a04bcb85c6b8af&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T115648Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182
    Remote address:
    23.62.61.72:443
    Request
    GET /aes/c.gif?RG=05f400f9adad4661b5a04bcb85c6b8af&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T115648Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=30AA90CF7E37663E3519844A7F8C679E
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4D53AEC75ACB44608320847B1502A7D9 Ref B: DUS30EDGE0420 Ref C: 2024-05-20T09:56:17Z
    content-length: 0
    date: Mon, 20 May 2024 09:56:17 GMT
    set-cookie: _EDGE_S=SID=03E86DBEAC8560640375793BAD456167; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=30AA90CF7E37663E3519844A7F8C679E; path=/; httponly; expires=Sat, 14-Jun-2025 09:56:17 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.443d3e17.1716198977.1ccc6a7f
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    64.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    64.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-nl
    GET
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    23.62.61.72:443
    Request
    GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    cookie: MUID=30AA90CF7E37663E3519844A7F8C679E; _EDGE_S=SID=03E86DBEAC8560640375793BAD456167; MSPTC=x7ABS4BhS0pEQOFaCVNCxJc8GgcCxB2T40EcfA-JIfM; MUIDB=30AA90CF7E37663E3519844A7F8C679E
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 1107
    date: Mon, 20 May 2024 09:56:18 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.443d3e17.1716198978.1ccc6d74
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    72.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.61.62.23.in-addr.arpa
    IN PTR
    Response
    72.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-72deploystaticakamaitechnologiescom
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    79.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.190.18.2.in-addr.arpa
    IN PTR
    Response
    79.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-79deploystaticakamaitechnologiescom
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 329579
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: FD61EB629FCE4980A4C380B039DE00B0 Ref B: LON04EDGE0614 Ref C: 2024-05-20T09:57:56Z
    date: Mon, 20 May 2024 09:57:55 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 381531
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 20C89A6F6B5D463FA4980CB5FB6CBDAA Ref B: LON04EDGE0614 Ref C: 2024-05-20T09:57:56Z
    date: Mon, 20 May 2024 09:57:55 GMT
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    91.16.208.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    91.16.208.104.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8RroeyIz4MxbrZMg5-glX5jVUCUzdOpuvoVAa2OdYPjMnIuIub2APTECzSz6JWa8aiJQv1TMTC_AO5GkRybiQDoHh8zpXviEb3ls7vjP5Zv5of9gIBiqeHbF2VC2_G_rZK1_1-_ZDwVgG9x8liSnBgo5rjAJ_PSXJTfAH9lKeM7WZhoGA%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd68d3534a22a1e927f78530fca68401d&TIME=20240508T115648Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
    tls, http2
    2.5kB
     9.0kB
     20
    17

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8RroeyIz4MxbrZMg5-glX5jVUCUzdOpuvoVAa2OdYPjMnIuIub2APTECzSz6JWa8aiJQv1TMTC_AO5GkRybiQDoHh8zpXviEb3ls7vjP5Zv5of9gIBiqeHbF2VC2_G_rZK1_1-_ZDwVgG9x8liSnBgo5rjAJ_PSXJTfAH9lKeM7WZhoGA%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd68d3534a22a1e927f78530fca68401d&TIME=20240508T115648Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8RroeyIz4MxbrZMg5-glX5jVUCUzdOpuvoVAa2OdYPjMnIuIub2APTECzSz6JWa8aiJQv1TMTC_AO5GkRybiQDoHh8zpXviEb3ls7vjP5Zv5of9gIBiqeHbF2VC2_G_rZK1_1-_ZDwVgG9x8liSnBgo5rjAJ_PSXJTfAH9lKeM7WZhoGA%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd68d3534a22a1e927f78530fca68401d&TIME=20240508T115648Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48

    HTTP Response

    204
  • 23.62.61.72:443
    https://www.bing.com/aes/c.gif?RG=05f400f9adad4661b5a04bcb85c6b8af&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T115648Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182
    tls, http2
    1.4kB
     5.3kB
     16
    10

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=05f400f9adad4661b5a04bcb85c6b8af&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T115648Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182

    HTTP Response

    200
  • 23.62.61.72:443
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    1.6kB
     6.4kB
     17
    12

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    tls, http2
    27.4kB
     743.9kB
     551
    549

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200
  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    64.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    64.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
     143 B
     1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    72.61.62.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    72.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    142 B
     145 B
     2
    1

    DNS Request

    206.23.85.13.in-addr.arpa

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    79.190.18.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    79.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    91.16.208.104.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    91.16.208.104.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\IntelprocNF\xbodloc.exe
    Filesize

    2.7MB

    MD5

    44092c0fed7b9be96f1eb02e93556689

    SHA1

    31325a208c15897ea6a6a0abe47b8497c88edf2f

    SHA256

    2ab11d148d3e79968352de2f91b23484f8062189d87a95051ca8067d69f99f87

    SHA512

    9db5ea7898f70afff503b29466e385a7a8fe6dc4742360a41e6d636daad2b269633db8f94f71465d9182cb76bc5e6cd03de8890ab8e061932f4a5591c913c3bd

    Download Submit

  • C:\MintYH\optixec.exe
    Filesize

    2.7MB

    MD5

    059e7f6dc5c59d4bbeec645ace180aaa

    SHA1

    9a4c26c668b70d95734d3cc5852ec50907d26bd7

    SHA256

    7651bcba0f3351137372fe61e48e351da621ca521804da2d7fccca9e3127ea55

    SHA512

    e03b710191ebcc2f62ddc628b31edb966335070ff417ab99e68af2fc3575431506a75968f1d77b92a0ff947ba6849ee4c045d3c265be5a6da66c7726a4dd52d8

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    206B

    MD5

    d38ffc421d8e1247165b2a35d637202e

    SHA1

    292ee25ef22ad90e59163d82c090cbad0f69ced7

    SHA256

    1018bb3a82975b25280757b3d5efd28db26e78e7ab8a88c756b16b3585857287

    SHA512

    09f258dc0659b346699ab965ee32df51291ad2c9e598c3c44b548122f0aa58cf43438fbbfd8115069dbfb7a11d0ec93aecca1f3eaab3241797db9def0cd65905

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.