Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

cryptolaemus

windows10-2004-x64

7

cryptolaemus

windows11-21h2-x64

7

Analysis

  • max time kernel
    125s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 18:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac74f3f026d6b6bc4029150dac45ce5c57fa82faded5baf95b41878e1134da7a.exe

  • Size

    266KB

  • MD5

    c54f50c263b33bc4a73a0182acfb35fe

  • SHA1

    70298162f28e83ad0fe8c0e2f257507a8c519955

  • SHA256

    ac74f3f026d6b6bc4029150dac45ce5c57fa82faded5baf95b41878e1134da7a

  • SHA512

    6491985e2d2f95a087eb5a190d3032f576ccc4c709c5922ae8d821eb2f372b90d2b917dff0cb421a8207ce217c4d454f31780d02b792c4c4eb0978ac0eb68725

  • SSDEEP

    3072:r7NXEGZJWhfNFC4S60+XoLczrVmXGBAA84I1FLL5r6jQ6yGl1KH01ne4PK:VXzKdNY49u8rVf+1Glw01net

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac74f3f026d6b6bc4029150dac45ce5c57fa82faded5baf95b41878e1134da7a.exe
    "C:\Users\Admin\AppData\Local\Temp\ac74f3f026d6b6bc4029150dac45ce5c57fa82faded5baf95b41878e1134da7a.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:636
    • C:\Users\Admin\AppData\Local\Temp\ITS\wincsecb\264\Production\ITS SB App Switch.exe
      "C:\Users\Admin\AppData\Local\Temp\ITS\wincsecb\264\Production\ITS SB App Switch.exe"
      2⤵
      • Executes dropped EXE
      PID:3720
    • C:\Users\Admin\AppData\Local\Temp\ITS\wincsecb\264\Production\ITS SB App Switch.exe
      "C:\Users\Admin\AppData\Local\Temp\ITS\wincsecb\264\Production\ITS SB App Switch.exe"
      2⤵
      • Executes dropped EXE
      PID:2468
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2408,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:8
    1⤵
      PID:2396

    Network

    • flag-us
      DNS
      www.programworkshop.com
      ac74f3f026d6b6bc4029150dac45ce5c57fa82faded5baf95b41878e1134da7a.exe
      Remote address:
      8.8.8.8:53
      Request
      www.programworkshop.com
      IN A
      Response
      www.programworkshop.com
      IN A
      161.47.163.214
    • flag-us
      GET
      http://www.programworkshop.com/sbrowser/ws/getconfiguration.aspx?agentidentifier=wincsecb&programid=264&environment=production&starturl=ahr0chm6ly9ldgvzdhnvbmxpbmuub3jnl2h0bww1lymvvgvzdexvz2lul0xvz2lulya=&shortcut=0&cmd=download&sc=0cd898db665ede681f83200836a09aa8593fc92a/
      ac74f3f026d6b6bc4029150dac45ce5c57fa82faded5baf95b41878e1134da7a.exe
      Remote address:
      161.47.163.214:80
      Request
      GET /sbrowser/ws/getconfiguration.aspx?agentidentifier=wincsecb&programid=264&environment=production&starturl=ahr0chm6ly9ldgvzdhnvbmxpbmuub3jnl2h0bww1lymvvgvzdexvz2lul0xvz2lulya=&shortcut=0&cmd=download&sc=0cd898db665ede681f83200836a09aa8593fc92a/ HTTP/1.1
      User-Agent: /DownloadSecureBrowser
      Host: www.programworkshop.com
      Response
      HTTP/1.1 403 Url not valid
      Cache-Control: private
      Content-Type: text/html
      From: ILP03
      p3p: CP="ALL DSP COR CURa ADMo DEVa TAIa CONi OUR DELa STP BUS PHY ONL UNI PUR COM NAV DEM STA"
      Date: Thu, 13 Jun 2024 18:55:09 GMT
      Content-Length: 1233
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8NSweD8PuSmyxBO8jpPN0HjVUCUynAUVCJ_Y0t2EPOSDuIeUcyUg4hGjd9ZPQYxpZrxMYQCkEVKHc_pVUjtsHujWKFmJ9p_FK6DTjPHAmqkpqRykaL6eSvMmd5_G-EznBc_MxnGudkBXo6zvEc1C4J04PRCyiJZsMtr49wRuTVubTsaz6%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Dfd878205eaa7181a4861e46d3a47f8dd&TIME=20240611T223513Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8NSweD8PuSmyxBO8jpPN0HjVUCUynAUVCJ_Y0t2EPOSDuIeUcyUg4hGjd9ZPQYxpZrxMYQCkEVKHc_pVUjtsHujWKFmJ9p_FK6DTjPHAmqkpqRykaL6eSvMmd5_G-EznBc_MxnGudkBXo6zvEc1C4J04PRCyiJZsMtr49wRuTVubTsaz6%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Dfd878205eaa7181a4861e46d3a47f8dd&TIME=20240611T223513Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=2B669BABF4FF6DB517478F36F51F6C69; domain=.bing.com; expires=Tue, 08-Jul-2025 18:55:10 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: A03EFF12877A4FD8A2566635E4A35BB3 Ref B: LON04EDGE1118 Ref C: 2024-06-13T18:55:10Z
      date: Thu, 13 Jun 2024 18:55:09 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8NSweD8PuSmyxBO8jpPN0HjVUCUynAUVCJ_Y0t2EPOSDuIeUcyUg4hGjd9ZPQYxpZrxMYQCkEVKHc_pVUjtsHujWKFmJ9p_FK6DTjPHAmqkpqRykaL6eSvMmd5_G-EznBc_MxnGudkBXo6zvEc1C4J04PRCyiJZsMtr49wRuTVubTsaz6%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Dfd878205eaa7181a4861e46d3a47f8dd&TIME=20240611T223513Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8NSweD8PuSmyxBO8jpPN0HjVUCUynAUVCJ_Y0t2EPOSDuIeUcyUg4hGjd9ZPQYxpZrxMYQCkEVKHc_pVUjtsHujWKFmJ9p_FK6DTjPHAmqkpqRykaL6eSvMmd5_G-EznBc_MxnGudkBXo6zvEc1C4J04PRCyiJZsMtr49wRuTVubTsaz6%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Dfd878205eaa7181a4861e46d3a47f8dd&TIME=20240611T223513Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2B669BABF4FF6DB517478F36F51F6C69; _EDGE_S=SID=0F6E3036E07E6E1326FC24ABE1366F6B
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=WGzMcOaHfbZk3S_bBz2GNAiYEBNfHBR_WgJqm6FKt_k; domain=.bing.com; expires=Tue, 08-Jul-2025 18:55:10 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: DA68C655E9E343A7ACBB78567AA7C3A9 Ref B: LON04EDGE1118 Ref C: 2024-06-13T18:55:10Z
      date: Thu, 13 Jun 2024 18:55:10 GMT
    • flag-be
      GET
      https://www.bing.com/aes/c.gif?RG=13c77992cab944f986cfb7fa5e611351&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T223513Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640
      Remote address:
      88.221.83.234:443
      Request
      GET /aes/c.gif?RG=13c77992cab944f986cfb7fa5e611351&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T223513Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2B669BABF4FF6DB517478F36F51F6C69
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E6A90C7DCE4548C7A51E1F5C653B8242 Ref B: BRU30EDGE0806 Ref C: 2024-06-13T18:55:10Z
      content-length: 0
      date: Thu, 13 Jun 2024 18:55:10 GMT
      set-cookie: _EDGE_S=SID=0F6E3036E07E6E1326FC24ABE1366F6B; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=2B669BABF4FF6DB517478F36F51F6C69; path=/; httponly; expires=Tue, 08-Jul-2025 18:55:10 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.e653dd58.1718304910.eec67d8
    • flag-us
      DNS
      214.163.47.161.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      214.163.47.161.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      74.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      74.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.24.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.24.18.2.in-addr.arpa
      IN PTR
      Response
      9.24.18.2.in-addr.arpa
      IN PTR
      a2-18-24-9deploystaticakamaitechnologiescom
    • flag-us
      DNS
      234.83.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      234.83.221.88.in-addr.arpa
      IN PTR
      Response
      234.83.221.88.in-addr.arpa
      IN PTR
      a88-221-83-234deploystaticakamaitechnologiescom
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      21.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      21.236.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      91.90.14.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      91.90.14.23.in-addr.arpa
      IN PTR
      Response
      91.90.14.23.in-addr.arpa
      IN PTR
      a23-14-90-91deploystaticakamaitechnologiescom
    • 161.47.163.214:80
      http://www.programworkshop.com/sbrowser/ws/getconfiguration.aspx?agentidentifier=wincsecb&programid=264&environment=production&starturl=ahr0chm6ly9ldgvzdhnvbmxpbmuub3jnl2h0bww1lymvvgvzdexvz2lul0xvz2lulya=&shortcut=0&cmd=download&sc=0cd898db665ede681f83200836a09aa8593fc92a/
      http
      ac74f3f026d6b6bc4029150dac45ce5c57fa82faded5baf95b41878e1134da7a.exe
      649 B
       1.7kB
       7
      5

      HTTP Request

      GET http://www.programworkshop.com/sbrowser/ws/getconfiguration.aspx?agentidentifier=wincsecb&programid=264&environment=production&starturl=ahr0chm6ly9ldgvzdhnvbmxpbmuub3jnl2h0bww1lymvvgvzdexvz2lul0xvz2lulya=&shortcut=0&cmd=download&sc=0cd898db665ede681f83200836a09aa8593fc92a/

      HTTP Response

      403
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8NSweD8PuSmyxBO8jpPN0HjVUCUynAUVCJ_Y0t2EPOSDuIeUcyUg4hGjd9ZPQYxpZrxMYQCkEVKHc_pVUjtsHujWKFmJ9p_FK6DTjPHAmqkpqRykaL6eSvMmd5_G-EznBc_MxnGudkBXo6zvEc1C4J04PRCyiJZsMtr49wRuTVubTsaz6%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Dfd878205eaa7181a4861e46d3a47f8dd&TIME=20240611T223513Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E
      tls, http2
      2.5kB
       9.0kB
       19
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8NSweD8PuSmyxBO8jpPN0HjVUCUynAUVCJ_Y0t2EPOSDuIeUcyUg4hGjd9ZPQYxpZrxMYQCkEVKHc_pVUjtsHujWKFmJ9p_FK6DTjPHAmqkpqRykaL6eSvMmd5_G-EznBc_MxnGudkBXo6zvEc1C4J04PRCyiJZsMtr49wRuTVubTsaz6%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Dfd878205eaa7181a4861e46d3a47f8dd&TIME=20240611T223513Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8NSweD8PuSmyxBO8jpPN0HjVUCUynAUVCJ_Y0t2EPOSDuIeUcyUg4hGjd9ZPQYxpZrxMYQCkEVKHc_pVUjtsHujWKFmJ9p_FK6DTjPHAmqkpqRykaL6eSvMmd5_G-EznBc_MxnGudkBXo6zvEc1C4J04PRCyiJZsMtr49wRuTVubTsaz6%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Dfd878205eaa7181a4861e46d3a47f8dd&TIME=20240611T223513Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

      HTTP Response

      204
    • 88.221.83.234:443
      https://www.bing.com/aes/c.gif?RG=13c77992cab944f986cfb7fa5e611351&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T223513Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640
      tls, http2
      1.4kB
       5.3kB
       16
      10

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=13c77992cab944f986cfb7fa5e611351&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T223513Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640

      HTTP Response

      200
    • 8.8.8.8:53
      www.programworkshop.com
      dns
      ac74f3f026d6b6bc4029150dac45ce5c57fa82faded5baf95b41878e1134da7a.exe
      69 B
       85 B
       1
      1

      DNS Request

      www.programworkshop.com

      DNS Response

      161.47.163.214

    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      214.163.47.161.in-addr.arpa
      dns
      73 B
       136 B
       1
      1

      DNS Request

      214.163.47.161.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
       143 B
       1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      74.32.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      74.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      9.24.18.2.in-addr.arpa
      dns
      68 B
       129 B
       1
      1

      DNS Request

      9.24.18.2.in-addr.arpa

    • 8.8.8.8:53
      234.83.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      234.83.221.88.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      140 B
       144 B
       2
      1

      DNS Request

      86.23.85.13.in-addr.arpa

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      21.236.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      21.236.111.52.in-addr.arpa

    • 8.8.8.8:53
      91.90.14.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      91.90.14.23.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ITS\wincsecb\264\Production\ITS SB App Switch.exe
      Filesize

      87KB

      MD5

      368332fca74f48697d842c5f4698ae1d

      SHA1

      0275153a1e62bd0eca0b02168895517ed66aac56

      SHA256

      3a4a5b128c3a042010824fd33b719466b0d9320aa051ca3d5f1690124766ad59

      SHA512

      fd9f1d1a4337e00fef5e9ea10a7fdf553e98df2cf2fdf818b68689a89de3c1d324de389e0c9ef863fef08a3dff8150db173b2203e9e92efaea67865e8d2805b5

      Download Submit

    • memory/636-0-0x0000000000250000-0x00000000002F0000-memory.dmp

      Filesize

      640KB

      Download

    • memory/636-15-0x0000000000250000-0x00000000002F0000-memory.dmp

      Filesize

      640KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.