Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    93s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 00:07 UTC

General

  • Target

    4edb786a77b0bab6829d8a6b570d60f0_NeikiAnalytics.exe

  • Size

    12KB

  • MD5

    4edb786a77b0bab6829d8a6b570d60f0

  • SHA1

    11f5d60f4acc562fcf145d9886cdcbd8539885a2

  • SHA256

    384787235065f529d81f53826c0f9d34ebd52c1643250e64d1911faea633cc3b

  • SHA512

    45230eee011f32f75ff775c83d92a219ac9576567e3254fc479385ec121dbd0caca1f04648dd7c5ff5def568971f97c38cfc328fd5074f98f9bd91ae3cdc3805

  • SSDEEP

    384:GL7li/2zNq2DcEQvdQcJKLTp/NK9xaPA:g9MCQ9cPA

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Uses the VBS compiler for execution 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4edb786a77b0bab6829d8a6b570d60f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4edb786a77b0bab6829d8a6b570d60f0_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gewrzlfr\gewrzlfr.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4740
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES41DB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc5DF3EAC966BC428DB02DC1725244492.TMP"
        3⤵
          PID:5008
      • C:\Users\Admin\AppData\Local\Temp\tmp40C3.tmp.exe
        "C:\Users\Admin\AppData\Local\Temp\tmp40C3.tmp.exe" C:\Users\Admin\AppData\Local\Temp\4edb786a77b0bab6829d8a6b570d60f0_NeikiAnalytics.exe
        2⤵
        • Deletes itself
        • Executes dropped EXE
        PID:5032

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De844484JN8pnJK9DHZ5jb9czVUCUyt4HjTkzgn2rp3m91H2h9p6qAZZCjUcsJIFjTK1INPwmqbVcomDDMu_2uq77RCGBqrOWCZoXR5rTtLRUz3ZppjpwO2TBU7XHVkSOkJViIRX-XFoiXm4MmRWBlLDx3g7X3BvqIPEzTzR5HLkFWSYPkw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3D96604a7c6744153f3d2f2c14ce61e77c&TIME=20240611T194541Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De844484JN8pnJK9DHZ5jb9czVUCUyt4HjTkzgn2rp3m91H2h9p6qAZZCjUcsJIFjTK1INPwmqbVcomDDMu_2uq77RCGBqrOWCZoXR5rTtLRUz3ZppjpwO2TBU7XHVkSOkJViIRX-XFoiXm4MmRWBlLDx3g7X3BvqIPEzTzR5HLkFWSYPkw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3D96604a7c6744153f3d2f2c14ce61e77c&TIME=20240611T194541Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=045209D68B3968B13AF21D4B8AD96932; domain=.bing.com; expires=Tue, 08-Jul-2025 00:07:44 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E82607AF7EBE4C1EA77767AA2FE25E46 Ref B: LON04EDGE1014 Ref C: 2024-06-13T00:07:44Z
      date: Thu, 13 Jun 2024 00:07:43 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De844484JN8pnJK9DHZ5jb9czVUCUyt4HjTkzgn2rp3m91H2h9p6qAZZCjUcsJIFjTK1INPwmqbVcomDDMu_2uq77RCGBqrOWCZoXR5rTtLRUz3ZppjpwO2TBU7XHVkSOkJViIRX-XFoiXm4MmRWBlLDx3g7X3BvqIPEzTzR5HLkFWSYPkw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3D96604a7c6744153f3d2f2c14ce61e77c&TIME=20240611T194541Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De844484JN8pnJK9DHZ5jb9czVUCUyt4HjTkzgn2rp3m91H2h9p6qAZZCjUcsJIFjTK1INPwmqbVcomDDMu_2uq77RCGBqrOWCZoXR5rTtLRUz3ZppjpwO2TBU7XHVkSOkJViIRX-XFoiXm4MmRWBlLDx3g7X3BvqIPEzTzR5HLkFWSYPkw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3D96604a7c6744153f3d2f2c14ce61e77c&TIME=20240611T194541Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=045209D68B3968B13AF21D4B8AD96932; _EDGE_S=SID=0024E734EF4E6059048EF3A9EEED6160
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=7-wjwSM9SwxCitap7UI9dO2-aKkOr98LerAtFYvL87c; domain=.bing.com; expires=Tue, 08-Jul-2025 00:07:45 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: B2146CBA1D974425ADC1849B0EBB1B09 Ref B: LON04EDGE1014 Ref C: 2024-06-13T00:07:44Z
      date: Thu, 13 Jun 2024 00:07:44 GMT
    • flag-nl
      GET
      https://www.bing.com/aes/c.gif?RG=b339c1dbe8d549faae3685c7ad5a8b74&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194541Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373
      Remote address:
      23.62.61.194:443
      Request
      GET /aes/c.gif?RG=b339c1dbe8d549faae3685c7ad5a8b74&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194541Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=045209D68B3968B13AF21D4B8AD96932
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: B16ABA7260CB417F96BAD88689CD74B8 Ref B: AMS04EDGE1620 Ref C: 2024-06-13T00:07:44Z
      content-length: 0
      date: Thu, 13 Jun 2024 00:07:44 GMT
      set-cookie: _EDGE_S=SID=0024E734EF4E6059048EF3A9EEED6160; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=045209D68B3968B13AF21D4B8AD96932; path=/; httponly; expires=Tue, 08-Jul-2025 00:07:44 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.be3d3e17.1718237264.811224
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      17.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      17.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      91.90.14.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      91.90.14.23.in-addr.arpa
      IN PTR
      Response
      91.90.14.23.in-addr.arpa
      IN PTR
      a23-14-90-91deploystaticakamaitechnologiescom
    • flag-nl
      GET
      https://www.bing.com/th?id=OADD2.10239368184744_14DPBWVU0KKOKDZ8E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90
      Remote address:
      23.62.61.194:443
      Request
      GET /th?id=OADD2.10239368184744_14DPBWVU0KKOKDZ8E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90 HTTP/2.0
      host: www.bing.com
      accept: */*
      cookie: MUID=045209D68B3968B13AF21D4B8AD96932; _EDGE_S=SID=0024E734EF4E6059048EF3A9EEED6160; MUIDB=045209D68B3968B13AF21D4B8AD96932
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-type: image/png
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      content-length: 5773
      date: Thu, 13 Jun 2024 00:07:45 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.be3d3e17.1718237265.811386
    • flag-us
      DNS
      194.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      194.61.62.23.in-addr.arpa
      IN PTR
      Response
      194.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-194deploystaticakamaitechnologiescom
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      30.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      30.243.111.52.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De844484JN8pnJK9DHZ5jb9czVUCUyt4HjTkzgn2rp3m91H2h9p6qAZZCjUcsJIFjTK1INPwmqbVcomDDMu_2uq77RCGBqrOWCZoXR5rTtLRUz3ZppjpwO2TBU7XHVkSOkJViIRX-XFoiXm4MmRWBlLDx3g7X3BvqIPEzTzR5HLkFWSYPkw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3D96604a7c6744153f3d2f2c14ce61e77c&TIME=20240611T194541Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
      tls, http2
      2.6kB
      9.0kB
      20
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De844484JN8pnJK9DHZ5jb9czVUCUyt4HjTkzgn2rp3m91H2h9p6qAZZCjUcsJIFjTK1INPwmqbVcomDDMu_2uq77RCGBqrOWCZoXR5rTtLRUz3ZppjpwO2TBU7XHVkSOkJViIRX-XFoiXm4MmRWBlLDx3g7X3BvqIPEzTzR5HLkFWSYPkw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3D96604a7c6744153f3d2f2c14ce61e77c&TIME=20240611T194541Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De844484JN8pnJK9DHZ5jb9czVUCUyt4HjTkzgn2rp3m91H2h9p6qAZZCjUcsJIFjTK1INPwmqbVcomDDMu_2uq77RCGBqrOWCZoXR5rTtLRUz3ZppjpwO2TBU7XHVkSOkJViIRX-XFoiXm4MmRWBlLDx3g7X3BvqIPEzTzR5HLkFWSYPkw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3D96604a7c6744153f3d2f2c14ce61e77c&TIME=20240611T194541Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

      HTTP Response

      204
    • 23.62.61.194:443
      https://www.bing.com/aes/c.gif?RG=b339c1dbe8d549faae3685c7ad5a8b74&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194541Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373
      tls, http2
      1.5kB
      5.4kB
      17
      12

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=b339c1dbe8d549faae3685c7ad5a8b74&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194541Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373

      HTTP Response

      200
    • 23.62.61.194:443
      https://www.bing.com/th?id=OADD2.10239368184744_14DPBWVU0KKOKDZ8E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90
      tls, http2
      1.7kB
      11.2kB
      21
      16

      HTTP Request

      GET https://www.bing.com/th?id=OADD2.10239368184744_14DPBWVU0KKOKDZ8E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90

      HTTP Response

      200
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      151 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
      143 B
      1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      17.160.190.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      17.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      91.90.14.23.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      91.90.14.23.in-addr.arpa

    • 8.8.8.8:53
      194.61.62.23.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      194.61.62.23.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
      156 B
      1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      30.243.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      30.243.111.52.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\RE.resources

      Filesize

      2KB

      MD5

      7665274363a0be54977172a3009859ed

      SHA1

      a56cdcd8bf95094f4bd0da74a600a9ae75d198bf

      SHA256

      3f8067875728b43b5b6325920d67c59a8228d309208851e1ef9d928ef4cd1243

      SHA512

      610821b24b1a68874563bcd997b9bec2811d6fdbede2cb86f773da142ccc14c30294f52c9a74c3e5c06f259a22189831388a2496507fc32ab4e043de13b3d1e3

    • C:\Users\Admin\AppData\Local\Temp\RES41DB.tmp

      Filesize

      1KB

      MD5

      e36c597863214be11400dd6cfed8e53e

      SHA1

      d2d2e1f059c52ae85ced5f6633b98cf23263c425

      SHA256

      548ba3ac7f217ef845d7271f30532a2971e6c6be8feff7f455ee63bae1e8492d

      SHA512

      dd00600f4459e3a5ebec3ca85da88620cc9777958804630586719a469c0377fd31563f5558081966747aec6b0830ac4f70377a5b06265d047c317ee4d7b612e3

    • C:\Users\Admin\AppData\Local\Temp\gewrzlfr\gewrzlfr.0.vb

      Filesize

      2KB

      MD5

      583d0003540c746f3a0bdf53d7165256

      SHA1

      ffe6abe3906c630b7e4c2bdacab8665b2d7fa97e

      SHA256

      f0355d615a41ed84cdc8f72a395038c1c4da76f4aa47a8df29f2cdd8384c3a53

      SHA512

      5e6ed0d1744c10ba499c40eb05741b1aae7d2a8ed4abd1a2251fa78a1da8f36ebf37df9d72ebfc8f55e6d2764403ce9e22d4e5179366d920071eddb4c112612f

    • C:\Users\Admin\AppData\Local\Temp\gewrzlfr\gewrzlfr.cmdline

      Filesize

      273B

      MD5

      774c32d1e6b8b3f39717effe472f40c4

      SHA1

      f629990c03921a7aa7dfa1c651abc85aa9134c3d

      SHA256

      5b77c56ccef6dfa0964c5d5646d32f5a0e2aeaf57fc3dcce3f1c9007d6d4e0d5

      SHA512

      e5cbc45e29381131b39c54621ca88a8fe415ff8876b895390ee698cd89566e7ceb305991009b5400088e56cdbb260cc7d0d80a51206a647a0478a4af00561e3b

    • C:\Users\Admin\AppData\Local\Temp\tmp40C3.tmp.exe

      Filesize

      12KB

      MD5

      3f2bcd0db5c4d81f345be3550755631b

      SHA1

      eaca9621df5045e0eaf762f6431111ae7a3d443f

      SHA256

      2fbf14d82e3bf6660f69f1b6434a14fe8fabc0294abee395707b3c0314fef864

      SHA512

      350c2a1d79bf33adf6f1d0d9c3c7dd4f18ff0c66f179db739915785f90b831255e416631bf3b6308fed5f3ed7cf08402fb0629d5423e60b8cb4c5e8433e8de90

    • C:\Users\Admin\AppData\Local\Temp\vbc5DF3EAC966BC428DB02DC1725244492.TMP

      Filesize

      1KB

      MD5

      90b063e776c8f8555c2d9d0523bc6d7f

      SHA1

      d4e4a53425e27b47389465d437b23db4b487ae2a

      SHA256

      9c3b9987f24ed16543b52cf2b5c41bbb47a57db7954b901b688518abe30cc89b

      SHA512

      72a7bde739a8e974dec6e71bc1d1f53ca5145b438918a29e24d7a01bd04958d928a8b92c6e9497914ca93a7bb6aa822d9382aaf18c3dd9a1e19a5eb46af84e0b

    • memory/2104-8-0x0000000074EE0000-0x0000000075690000-memory.dmp

      Filesize

      7.7MB

    • memory/2104-0-0x0000000074EEE000-0x0000000074EEF000-memory.dmp

      Filesize

      4KB

    • memory/2104-2-0x0000000005030000-0x00000000050CC000-memory.dmp

      Filesize

      624KB

    • memory/2104-1-0x0000000000680000-0x000000000068A000-memory.dmp

      Filesize

      40KB

    • memory/2104-24-0x0000000074EE0000-0x0000000075690000-memory.dmp

      Filesize

      7.7MB

    • memory/5032-25-0x0000000074EE0000-0x0000000075690000-memory.dmp

      Filesize

      7.7MB

    • memory/5032-26-0x0000000000010000-0x000000000001A000-memory.dmp

      Filesize

      40KB

    • memory/5032-27-0x0000000004EF0000-0x0000000005494000-memory.dmp

      Filesize

      5.6MB

    • memory/5032-28-0x00000000049E0000-0x0000000004A72000-memory.dmp

      Filesize

      584KB

    • memory/5032-30-0x0000000074EE0000-0x0000000075690000-memory.dmp

      Filesize

      7.7MB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.