Overview

overview

7

Static

static

3

Synthesia.exe

windows7-x64

7

Synthesia.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...al.ini

windows7-x64

1

$PLUGINSDI...al.ini

windows10-2004-x64

1

$PLUGINSDI...rd.bmp

windows7-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

Synthesia.exe

windows7-x64

3

Synthesia.exe

windows10-2004-x64

3

bass.dll

windows7-x64

1

bass.dll

windows10-2004-x64

1

bassmidi.dll

windows7-x64

1

bassmidi.dll

windows10-2004-x64

1

msvcp140.dll

windows7-x64

1

msvcp140.dll

windows10-2004-x64

1

readme.html

windows7-x64

1

readme.html

windows10-2004-x64

1

vccorlib140.dll

windows7-x64

1

vccorlib140.dll

windows10-2004-x64

1

vcruntime140.dll

windows7-x64

1

vcruntime140.dll

windows10-2004-x64

1

vcruntime140_1.dll

windows7-x64

1

vcruntime140_1.dll

windows10-2004-x64

1

win10-midi.dll

windows7-x64

1

win10-midi.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 14:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Synthesia.exe

  • Size

    12.6MB

  • MD5

    a367aa2fbce65bd03509076fa4656dd4

  • SHA1

    db07c17b5736472d2061096cefda9a86c0e6c1b6

  • SHA256

    9b9016b5402fd2bba74ca80fbd4c1fd33424276a5d909bfd6d3e88246276bc9f

  • SHA512

    2d60368ec1452eb74f35d4167b21bc2ae4cd230a86a3bf7f62ca0b57ab8fb8b78a5b6dacc6d90deee2f65184aa4c83cdbd60dbd19fdb0ad5f12ec4ae3cc49500

  • SSDEEP

    393216:jQDiKZYqASUg/nHArZfCWbUFuF9NB7I3M07FRQ:jgiKZDX/grZfCWzF9vIcE7

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\Synthesia.exe
    "C:\Users\Admin\AppData\Local\Temp\Synthesia.exe"
    1⤵
    • Loads dropped DLL
    PID:2628

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JEUxl7MCeeKPieELhmbHtjVUCUz7p8Z-MAP-3KyEqjdbmnP5_8l_kE6TkabC3J0hoiFOtWQkCkAd_OETbCdDCebz0Qf-NVZyCIyhEf2Tq7sB1Iy1AjZB2rlTudOwsI4Z65Pv_S64QMgyXjn10mIjnc1kgvcEtLWm-ynlwDrUxjEJAci5%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmJ1eSUyZmNvbXBhcmUtYWxsLW1pY3Jvc29mdC0zNjUtcHJvZHVjdHMlM2ZvY2lkJTNkY21tYmV1bWVkNTU%26rlid%3D505b171018131a21c7937178bd7eba36&TIME=20240611T192916Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JEUxl7MCeeKPieELhmbHtjVUCUz7p8Z-MAP-3KyEqjdbmnP5_8l_kE6TkabC3J0hoiFOtWQkCkAd_OETbCdDCebz0Qf-NVZyCIyhEf2Tq7sB1Iy1AjZB2rlTudOwsI4Z65Pv_S64QMgyXjn10mIjnc1kgvcEtLWm-ynlwDrUxjEJAci5%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmJ1eSUyZmNvbXBhcmUtYWxsLW1pY3Jvc29mdC0zNjUtcHJvZHVjdHMlM2ZvY2lkJTNkY21tYmV1bWVkNTU%26rlid%3D505b171018131a21c7937178bd7eba36&TIME=20240611T192916Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=174ED96AB689654E0C3CCDC3B7AE6443; domain=.bing.com; expires=Sun, 20-Jul-2025 14:54:17 GMT; path=/; SameSite=None; Secure; Priority=High;
    set-cookie: MR=0; domain=g.bing.com; expires=Tue, 02-Jul-2024 14:54:17 GMT; path=/; SameSite=None; Secure;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 2C3C7774EB38468A98B9C929DE568354 Ref B: LON04EDGE0616 Ref C: 2024-06-25T14:54:17Z
    date: Tue, 25 Jun 2024 14:54:16 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JEUxl7MCeeKPieELhmbHtjVUCUz7p8Z-MAP-3KyEqjdbmnP5_8l_kE6TkabC3J0hoiFOtWQkCkAd_OETbCdDCebz0Qf-NVZyCIyhEf2Tq7sB1Iy1AjZB2rlTudOwsI4Z65Pv_S64QMgyXjn10mIjnc1kgvcEtLWm-ynlwDrUxjEJAci5%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmJ1eSUyZmNvbXBhcmUtYWxsLW1pY3Jvc29mdC0zNjUtcHJvZHVjdHMlM2ZvY2lkJTNkY21tYmV1bWVkNTU%26rlid%3D505b171018131a21c7937178bd7eba36&TIME=20240611T192916Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JEUxl7MCeeKPieELhmbHtjVUCUz7p8Z-MAP-3KyEqjdbmnP5_8l_kE6TkabC3J0hoiFOtWQkCkAd_OETbCdDCebz0Qf-NVZyCIyhEf2Tq7sB1Iy1AjZB2rlTudOwsI4Z65Pv_S64QMgyXjn10mIjnc1kgvcEtLWm-ynlwDrUxjEJAci5%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmJ1eSUyZmNvbXBhcmUtYWxsLW1pY3Jvc29mdC0zNjUtcHJvZHVjdHMlM2ZvY2lkJTNkY21tYmV1bWVkNTU%26rlid%3D505b171018131a21c7937178bd7eba36&TIME=20240611T192916Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=174ED96AB689654E0C3CCDC3B7AE6443; _EDGE_S=SID=32D5AF975B446618238DBB3E5AEE6724; MR=0
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=0zh_GlBsDSNaYUrawgmBQldTgUl4_haosD9GpdXYH3Y; domain=.bing.com; expires=Sun, 20-Jul-2025 14:54:18 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 68D0DCBC7BE84BEFADC9A9F6EECE18BD Ref B: LON04EDGE0616 Ref C: 2024-06-25T14:54:18Z
    date: Tue, 25 Jun 2024 14:54:17 GMT
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    144.107.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    144.107.17.2.in-addr.arpa
    IN PTR
    Response
    144.107.17.2.in-addr.arpa
    IN PTR
    a2-17-107-144deploystaticakamaitechnologiescom
  • flag-us
    DNS
    22.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-nl
    GET
    https://www.bing.com/aes/c.gif?RG=55857327b44b489fac83198868e2ba10&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T192916Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373
    Remote address:
    23.62.61.194:443
    Request
    GET /aes/c.gif?RG=55857327b44b489fac83198868e2ba10&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T192916Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=174ED96AB689654E0C3CCDC3B7AE6443
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5E39E9C7A2EE470599D36E203D05D116 Ref B: DUS30EDGE0720 Ref C: 2024-06-25T14:54:18Z
    content-length: 0
    date: Tue, 25 Jun 2024 14:54:18 GMT
    set-cookie: _EDGE_S=SID=32D5AF975B446618238DBB3E5AEE6724; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=174ED96AB689654E0C3CCDC3B7AE6443; path=/; httponly; expires=Sun, 20-Jul-2025 14:54:18 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.be3d3e17.1719327258.106a7a8d
  • flag-us
    DNS
    237.21.107.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.21.107.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    194.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.61.62.23.in-addr.arpa
    IN PTR
    Response
    194.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-194deploystaticakamaitechnologiescom
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    57.15.31.184.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.15.31.184.in-addr.arpa
    IN PTR
    Response
    57.15.31.184.in-addr.arpa
    IN PTR
    a184-31-15-57deploystaticakamaitechnologiescom
  • flag-us
    DNS
    29.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 612524
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B462D65917F6461C85336B65EE2B94F2 Ref B: LON04EDGE0815 Ref C: 2024-06-25T14:55:57Z
    date: Tue, 25 Jun 2024 14:55:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 664170
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: DDEEE5CC66654C27AD68E361D7A6C577 Ref B: LON04EDGE0815 Ref C: 2024-06-25T14:55:57Z
    date: Tue, 25 Jun 2024 14:55:57 GMT
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    10.27.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.27.171.150.in-addr.arpa
    IN PTR
    Response
  • 13.107.21.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JEUxl7MCeeKPieELhmbHtjVUCUz7p8Z-MAP-3KyEqjdbmnP5_8l_kE6TkabC3J0hoiFOtWQkCkAd_OETbCdDCebz0Qf-NVZyCIyhEf2Tq7sB1Iy1AjZB2rlTudOwsI4Z65Pv_S64QMgyXjn10mIjnc1kgvcEtLWm-ynlwDrUxjEJAci5%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmJ1eSUyZmNvbXBhcmUtYWxsLW1pY3Jvc29mdC0zNjUtcHJvZHVjdHMlM2ZvY2lkJTNkY21tYmV1bWVkNTU%26rlid%3D505b171018131a21c7937178bd7eba36&TIME=20240611T192916Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
    tls, http2
    2.6kB
     9.2kB
     20
    18

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JEUxl7MCeeKPieELhmbHtjVUCUz7p8Z-MAP-3KyEqjdbmnP5_8l_kE6TkabC3J0hoiFOtWQkCkAd_OETbCdDCebz0Qf-NVZyCIyhEf2Tq7sB1Iy1AjZB2rlTudOwsI4Z65Pv_S64QMgyXjn10mIjnc1kgvcEtLWm-ynlwDrUxjEJAci5%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmJ1eSUyZmNvbXBhcmUtYWxsLW1pY3Jvc29mdC0zNjUtcHJvZHVjdHMlM2ZvY2lkJTNkY21tYmV1bWVkNTU%26rlid%3D505b171018131a21c7937178bd7eba36&TIME=20240611T192916Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8JEUxl7MCeeKPieELhmbHtjVUCUz7p8Z-MAP-3KyEqjdbmnP5_8l_kE6TkabC3J0hoiFOtWQkCkAd_OETbCdDCebz0Qf-NVZyCIyhEf2Tq7sB1Iy1AjZB2rlTudOwsI4Z65Pv_S64QMgyXjn10mIjnc1kgvcEtLWm-ynlwDrUxjEJAci5%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmJ1eSUyZmNvbXBhcmUtYWxsLW1pY3Jvc29mdC0zNjUtcHJvZHVjdHMlM2ZvY2lkJTNkY21tYmV1bWVkNTU%26rlid%3D505b171018131a21c7937178bd7eba36&TIME=20240611T192916Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

    HTTP Response

    204
  • 23.62.61.194:443
    https://www.bing.com/aes/c.gif?RG=55857327b44b489fac83198868e2ba10&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T192916Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373
    tls, http2
    1.4kB
     5.3kB
     16
    13

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=55857327b44b489fac83198868e2ba10&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T192916Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    47.1kB
     1.3MB
     980
    974

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    13.107.21.237
    204.79.197.237

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    144.107.17.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    144.107.17.2.in-addr.arpa

  • 8.8.8.8:53
    22.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    22.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    237.21.107.13.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    237.21.107.13.in-addr.arpa

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    194.61.62.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    194.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    57.15.31.184.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    57.15.31.184.in-addr.arpa

  • 8.8.8.8:53
    29.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    29.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    10.27.171.150.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    10.27.171.150.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy36F0.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    09d8971beefefffd710030dd167a99e0

    SHA1

    a0117786ad77213f3eb48cfdc3819786cb796b7d

    SHA256

    caf64a4e9449220ba618a9aa2ae4ed3774c5d0f193bda44be22676c27ae0ec95

    SHA512

    3956f0c6bcdf033e4a10ab33872a66e0668da28ec31cb7a2c67ef7266d7c0845998a2a85a6cc25aba1df73909df8104119cf5f1f86c1e91f8fd201765aea49f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy36F0.tmp\ioSpecial.ini
    Filesize

    890B

    MD5

    74a2b056a099ede8297a6e258dd2da1e

    SHA1

    f770813b3dda5295947ab9c9c4247034677ced47

    SHA256

    7f0b07a5f55fbeae28da2fd04898e8c1947f73678bf1b38a91e169767b753190

    SHA512

    d0a4d78520edb560e74d957312a6514142973609e1fb52a66be7438031e515033318a598528bf100d8ebb1ea3616925cfc40a4c515e259f34596c7117c009957

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.