Report - tevmwaremedia01.blob.core.windows.net/setup-media/Computerinfo_and_reports.zip?sp=r&st=2024-04-19T09:56:23Z&se=2024-05-16T17:56:23Z&spr=https&sv=2022-11-02&sr=b&sig=4ma5Sdg3EWvFnqsNg2iRsRg5nqcg76Kgii6VOPhtnBM=

Report Overview

Submitted URL
tevmwaremedia01.blob.core.windows.net/setup-media/Computerinfo_and_reports.zip?sp=r&st=2024-04-19T09:56:23Z&se=2024-05-16T17:56:23Z&spr=https&sv=2022-11-02&sr=b&sig=4ma5Sdg3EWvFnqsNg2iRsRg5nqcg76Kgii6VOPhtnBM=
IP
20.150.42.228
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-04-19 12:53:59
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tevmwaremedia01.blob.core.windows.net	unknown	unknown	No data	No data	663 B	18 kB	20.150.42.228

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
tevmwaremedia01.blob.core.windows.net/setup-media/Computerinfo_and_reports.zip?sp=r&st=2024-04-19T09:56:23Z&se=2024-05-16T17:56:23Z&spr=https&sv=2022-11-02&sr=b&sig=4ma5Sdg3EWvFnqsNg2iRsRg5nqcg76Kgii6VOPhtnBM=
IP
20.150.42.228
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
17 kB (17426 bytes)
Hash
dfbbade9d758a552b4105c46a4e15a7f
1b49ea8f8fdcc3b58c913cedf84d8a9d8f907033
3c371821c7f785f852b990b37a982eb0231bea5361b318875b99819a7bf37bdd

Archive (7)

Filename

Md5

File type

BackGround.jpg

945f6618544ccd8a892a9518d4fd8330

JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, software=Greenshot], baseline, precision 8, 1388x1210, components 3

Computer info.lnk

13fb38a05fc267884b6288fc6f3f86ec

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=56, Archive, ctime=Sat Mar 5 13:47:21 2022, mtime=Fri Mar 18 11:08:49 2022, atime=Sat Mar 5 13:47:21 2022, length=516096, window=hide

computerinfo.ps1

9c94491ee159720419d491e006d084ef

HTML document, ASCII text, with CRLF line terminators

Readme.txt

bd7f3df03cd574b797e9ae6fab55961a

Unicode text, UTF-8 text, with CRLF line terminators

Wartsila_computerinfo_Install.ps1

42be3d8d9e336b59082c89e5515ab0e5

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Create_reports.cmd

ee86811fc9d89dbb90f88820e585e908

DOS batch file, ASCII text, with CRLF line terminators

Updates_report_v4.ps1

50aba53f85b0230f79dfe4c517cbebe9

HTML document, ASCII text, with very long lines (319), with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies PowerShell artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	tevmwaremedia01.blob.core.windows.net/setup-media/Computerinfo_and_reports.zip?sp=r&st=2024-04-19T09:56:23Z&se=2024-05-16T17:56:23Z&spr=https&sv=2022-11-02&sr=b&sig=4ma5Sdg3EWvFnqsNg2iRsRg5nqcg76Kgii6VOPhtnBM=	20.150.42.228	200 OK	17 kB
URL User Request GET HTTP/1.1 tevmwaremedia01.blob.core.windows.net/setup-media/Computerinfo_and_reports.zip?sp=r&st=2024-04-19T09:56:23Z&se=2024-05-16T17:56:23Z&spr=https&sv=2022-11-02&sr=b&sig=4ma5Sdg3EWvFnqsNg2iRsRg5nqcg76Kgii6VOPhtnBM= IP 20.150.42.228:443 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Certificate IssuerMicrosoft Corporation Subject.blob.core.windows.net FingerprintDF:08:86:3D:CE:83:14:0F:E3:CC:8B:B9:34:CA:DD:5E:DE:A4:D3:6D ValidityThu, 28 Sep 2023 09:27:32 GMT - Sat, 28 Sep 2024 09:27:32 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 17 kB (17426 bytes) Hash dfbbade9d758a552b4105c46a4e15a7f 1b49ea8f8fdcc3b58c913cedf84d8a9d8f907033 3c371821c7f785f852b990b37a982eb0231bea5361b318875b99819a7bf37bdd HTTP Headers GET /setup-media/Computerinfo_and_reports.zip?sp=r&st=2024-04-19T09:56:23Z&se=2024-05-16T17:56:23Z&spr=https&sv=2022-11-02&sr=b&sig=4ma5Sdg3EWvFnqsNg2iRsRg5nqcg76Kgii6VOPhtnBM= HTTP/1.1 Host: tevmwaremedia01.blob.core.windows.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 OK Content-Length: 17426 Content-Type: application/x-zip-compressed Content-MD5: 37ut6ddYpVK0EFxGpOFafw== Last-Modified: Fri, 19 Apr 2024 09:53:26 GMT Accept-Ranges: bytes ETag: "0x8DC60568F5EB7D7" Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 3675d147-301e-0032-1558-92604b000000 x-ms-version: 2022-11-02 x-ms-creation-time: Fri, 19 Apr 2024 09:53:26 GMT x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob x-ms-server-encrypted: true Date: Fri, 19 Apr 2024 12:53:33 GMT

tevmwaremedia01.blob.core.windows.net/setup-media/Computerinfo_and_reports.zip?sp=r&st=2024-04-19T09:56:23Z&se=2024-05-16T17:56:23Z&spr=https&sv=2022-11-02&sr=b&sig=4ma5Sdg3EWvFnqsNg2iRsRg5nqcg76Kgii6VOPhtnBM=

20.150.42.228

200 OK

17 kB

URL User Request GET HTTP/1.1
tevmwaremedia01.blob.core.windows.net/setup-media/Computerinfo_and_reports.zip?sp=r&st=2024-04-19T09:56:23Z&se=2024-05-16T17:56:23Z&spr=https&sv=2022-11-02&sr=b&sig=4ma5Sdg3EWvFnqsNg2iRsRg5nqcg76Kgii6VOPhtnBM=
IP
20.150.42.228:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerMicrosoft Corporation
Subject*.blob.core.windows.net
FingerprintDF:08:86:3D:CE:83:14:0F:E3:CC:8B:B9:34:CA:DD:5E:DE:A4:D3:6D
ValidityThu, 28 Sep 2023 09:27:32 GMT - Sat, 28 Sep 2024 09:27:32 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
17 kB (17426 bytes)
Hash
dfbbade9d758a552b4105c46a4e15a7f
1b49ea8f8fdcc3b58c913cedf84d8a9d8f907033
3c371821c7f785f852b990b37a982eb0231bea5361b318875b99819a7bf37bdd

HTTP Headers

GET /setup-media/Computerinfo_and_reports.zip?sp=r&st=2024-04-19T09:56:23Z&se=2024-05-16T17:56:23Z&spr=https&sv=2022-11-02&sr=b&sig=4ma5Sdg3EWvFnqsNg2iRsRg5nqcg76Kgii6VOPhtnBM= HTTP/1.1
Host: tevmwaremedia01.blob.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 17426
Content-Type: application/x-zip-compressed
Content-MD5: 37ut6ddYpVK0EFxGpOFafw==
Last-Modified: Fri, 19 Apr 2024 09:53:26 GMT
Accept-Ranges: bytes
ETag: "0x8DC60568F5EB7D7"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3675d147-301e-0032-1558-92604b000000
x-ms-version: 2022-11-02
x-ms-creation-time: Fri, 19 Apr 2024 09:53:26 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
x-ms-server-encrypted: true
Date: Fri, 19 Apr 2024 12:53:33 GMT

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (7)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers