Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5bd267095b...80.exe

windows7_x64

10

5bd267095b...80.exe

windows10_x64

1

Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    09/12/2020, 00:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5bd267095b25bea0d5a95b4d6c22b871056ca7b8dc137351850d6a577ba62b80.exe

  • Size

    150KB

  • MD5

    a8864ed2fc43a52cb42127c37720c88e

  • SHA1

    96a8f93afd9c2835ee1d22ab58cdd0399bfdfc21

  • SHA256

    5bd267095b25bea0d5a95b4d6c22b871056ca7b8dc137351850d6a577ba62b80

  • SHA512

    5502b38b0ca9921c9cf9c3667cef846f1f495302c89290ba7351c169cb50ad9153a7d097af9cc882a6d7353e7b118647a59a07aaa293c25dd243132f82e43deb

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 131 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SetWindowsHookEx 32 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5bd267095b25bea0d5a95b4d6c22b871056ca7b8dc137351850d6a577ba62b80.exe
    "C:\Users\Admin\AppData\Local\Temp\5bd267095b25bea0d5a95b4d6c22b871056ca7b8dc137351850d6a577ba62b80.exe"
    1⤵
      PID:756
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3472
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3472 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1932
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2020
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2716
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1100
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1100 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:3972
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3172
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3172 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2096
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1452
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1452 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2752
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2912
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:3164
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1372
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1372 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1020
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3212
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3212 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:3172

    Network

    • flag-unknown
      DNS
      go.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      go.microsoft.com
      IN A
      Response
      go.microsoft.com
      IN CNAME
      go.microsoft.com.edgekey.net
      go.microsoft.com.edgekey.net
      IN CNAME
      e11290.dspg.akamaiedge.net
      e11290.dspg.akamaiedge.net
      IN A
      23.2.226.89
    • flag-unknown
      DNS
      gormaire.website
      Remote address:
      8.8.8.8:53
      Request
      gormaire.website
      IN A
      Response
      gormaire.website
      IN A
      45.142.215.136
    • flag-unknown
      POST
      https://gormaire.website/index.htm
      IEXPLORE.EXE
      Remote address:
      45.142.215.136:443
      Request
      POST /index.htm HTTP/1.1
      Accept: text/html, application/xhtml+xml, image/jxr, */*
      Content-Type: multipart/form-data; boundary=7bcd18a1fe29323f
      Accept-Language: en-US
      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
      Accept-Encoding: gzip, deflate
      Host: gormaire.website
      Content-Length: 562
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Server: nginx/1.14.0 (Ubuntu)
      Date: Wed, 09 Dec 2020 00:12:50 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
    • flag-unknown
      POST
      https://gormaire.website/index.htm
      5bd267095b25bea0d5a95b4d6c22b871056ca7b8dc137351850d6a577ba62b80.exe
      Remote address:
      45.142.215.136:443
      Request
      POST /index.htm HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Content-Type: multipart/form-data; boundary=72aa300ffe29323f
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
      Content-Length: 559
      Host: gormaire.website
      Response
      HTTP/1.1 404 Not Found
      Server: nginx/1.14.0 (Ubuntu)
      Date: Wed, 09 Dec 2020 00:13:04 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
    • flag-unknown
      POST
      https://gormaire.website/index.htm
      5bd267095b25bea0d5a95b4d6c22b871056ca7b8dc137351850d6a577ba62b80.exe
      Remote address:
      45.142.215.136:443
      Request
      POST /index.htm HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Content-Type: multipart/form-data; boundary=6b7271c3fe29323f
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
      Content-Length: 558
      Host: gormaire.website
      Response
      HTTP/1.1 404 Not Found
      Server: nginx/1.14.0 (Ubuntu)
      Date: Wed, 09 Dec 2020 00:13:15 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
    • flag-unknown
      POST
      https://gormaire.website/index.htm
      5bd267095b25bea0d5a95b4d6c22b871056ca7b8dc137351850d6a577ba62b80.exe
      Remote address:
      45.142.215.136:443
      Request
      POST /index.htm HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Content-Type: multipart/form-data; boundary=4b47773bfe29323f
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
      Content-Length: 581
      Host: gormaire.website
      Response
      HTTP/1.1 404 Not Found
      Server: nginx/1.14.0 (Ubuntu)
      Date: Wed, 09 Dec 2020 00:14:10 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
    • flag-unknown
      DNS
      iecvlist.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      iecvlist.microsoft.com
      IN A
      Response
      iecvlist.microsoft.com
      IN CNAME
      ie9comview.vo.msecnd.net
      ie9comview.vo.msecnd.net
      IN CNAME
      cs9.wpc.v0cdn.net
      cs9.wpc.v0cdn.net
      IN A
      72.21.81.200
    • flag-unknown
      GET
      https://iecvlist.microsoft.com/ie11blocklist/1401746408/versionlist.xml
      iexplore.exe
      Remote address:
      72.21.81.200:443
      Request
      GET /ie11blocklist/1401746408/versionlist.xml HTTP/1.1
      Accept: text/xml
      Accept-Encoding: gzip
      Host: iecvlist.microsoft.com
      Connection: Keep-Alive
      Cookie: MUID=156B8F486CA765E81D6580396D23643B; MUIDB=156B8F486CA765E81D6580396D23643B; _EDGE_V=1
      Response
      HTTP/1.1 200 OK
      Accept-Ranges: bytes
      Age: 2031
      Cache-Control: max-age=3600
      Content-MD5: CVxyaI3n2Q5lJtwNiHjz9g==
      Content-Type: text/xml
      Date: Wed, 09 Dec 2020 00:13:17 GMT
      Etag: 0x8D58936D97F913B
      Last-Modified: Tue, 13 Mar 2018 23:05:01 GMT
      Server: ECAcc (bsa/EA9F)
      X-Cache: HIT
      x-ms-blob-type: BlockBlob
      x-ms-lease-status: unlocked
      x-ms-request-id: e00d8221-001e-00a2-5abb-cd209e000000
      x-ms-version: 2009-09-19
      Content-Length: 15845
    • flag-unknown
      DNS
      go.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      go.microsoft.com
      IN A
      Response
      go.microsoft.com
      IN CNAME
      go.microsoft.com.edgekey.net
      go.microsoft.com.edgekey.net
      IN CNAME
      e11290.dspg.akamaiedge.net
      e11290.dspg.akamaiedge.net
      IN A
      23.2.226.89
    • flag-unknown
      POST
      https://gormaire.website/index.htm
      IEXPLORE.EXE
      Remote address:
      45.142.215.136:443
      Request
      POST /index.htm HTTP/1.1
      Accept: text/html, application/xhtml+xml, image/jxr, */*
      Content-Type: multipart/form-data; boundary=64849bf4fe29323f
      Accept-Language: en-US
      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
      Accept-Encoding: gzip, deflate
      Host: gormaire.website
      Content-Length: 568
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Server: nginx/1.14.0 (Ubuntu)
      Date: Wed, 09 Dec 2020 00:13:28 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
    • flag-unknown
      POST
      https://gormaire.website/index.htm
      IEXPLORE.EXE
      Remote address:
      45.142.215.136:443
      Request
      POST /index.htm HTTP/1.1
      Accept: text/html, application/xhtml+xml, image/jxr, */*
      Content-Type: multipart/form-data; boundary=5c0176fffe29323f
      Accept-Language: en-US
      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
      Accept-Encoding: gzip, deflate
      Host: gormaire.website
      Content-Length: 552
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Server: nginx/1.14.0 (Ubuntu)
      Date: Wed, 09 Dec 2020 00:13:42 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
    • flag-unknown
      DNS
      go.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      go.microsoft.com
      IN A
      Response
      go.microsoft.com
      IN CNAME
      go.microsoft.com.edgekey.net
      go.microsoft.com.edgekey.net
      IN CNAME
      e11290.dspg.akamaiedge.net
      e11290.dspg.akamaiedge.net
      IN A
      23.2.226.89
    • flag-unknown
      POST
      https://gormaire.website/index.htm
      IEXPLORE.EXE
      Remote address:
      45.142.215.136:443
      Request
      POST /index.htm HTTP/1.1
      Accept: text/html, application/xhtml+xml, image/jxr, */*
      Content-Type: multipart/form-data; boundary=53c3758bfe29323f
      Accept-Language: en-US
      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
      Accept-Encoding: gzip, deflate
      Host: gormaire.website
      Content-Length: 550
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Server: nginx/1.14.0 (Ubuntu)
      Date: Wed, 09 Dec 2020 00:13:57 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
    • flag-unknown
      DNS
      go.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      go.microsoft.com
      IN A
      Response
      go.microsoft.com
      IN CNAME
      go.microsoft.com.edgekey.net
      go.microsoft.com.edgekey.net
      IN CNAME
      e11290.dspg.akamaiedge.net
      e11290.dspg.akamaiedge.net
      IN A
      23.2.226.89
    • flag-unknown
      POST
      https://gormaire.website/index.htm
      IEXPLORE.EXE
      Remote address:
      45.142.215.136:443
      Request
      POST /index.htm HTTP/1.1
      Accept: text/html, application/xhtml+xml, image/jxr, */*
      Content-Type: multipart/form-data; boundary=440d56bafe29323f
      Accept-Language: en-US
      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
      Accept-Encoding: gzip, deflate
      Host: gormaire.website
      Content-Length: 551
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Server: nginx/1.14.0 (Ubuntu)
      Date: Wed, 09 Dec 2020 00:14:23 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
    • flag-unknown
      DNS
      go.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      go.microsoft.com
      IN A
      Response
      go.microsoft.com
      IN CNAME
      go.microsoft.com.edgekey.net
      go.microsoft.com.edgekey.net
      IN CNAME
      e11290.dspg.akamaiedge.net
      e11290.dspg.akamaiedge.net
      IN A
      23.2.226.89
    • flag-unknown
      POST
      https://gormaire.website/index.htm
      IEXPLORE.EXE
      Remote address:
      45.142.215.136:443
      Request
      POST /index.htm HTTP/1.1
      Accept: text/html, application/xhtml+xml, image/jxr, */*
      Content-Type: multipart/form-data; boundary=3be2684cfe29323f
      Accept-Language: en-US
      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
      Accept-Encoding: gzip, deflate
      Host: gormaire.website
      Content-Length: 569
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Server: nginx/1.14.0 (Ubuntu)
      Date: Wed, 09 Dec 2020 00:14:37 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
    • flag-unknown
      DNS
      go.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      go.microsoft.com
      IN A
      Response
      go.microsoft.com
      IN CNAME
      go.microsoft.com.edgekey.net
      go.microsoft.com.edgekey.net
      IN CNAME
      e11290.dspg.akamaiedge.net
      e11290.dspg.akamaiedge.net
      IN A
      23.2.226.89
    • flag-unknown
      POST
      https://gormaire.website/index.htm
      IEXPLORE.EXE
      Remote address:
      45.142.215.136:443
      Request
      POST /index.htm HTTP/1.1
      Accept: text/html, application/xhtml+xml, image/jxr, */*
      Content-Type: multipart/form-data; boundary=331a1ecefe29323f
      Accept-Language: en-US
      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
      Accept-Encoding: gzip, deflate
      Host: gormaire.website
      Content-Length: 552
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Server: nginx/1.14.0 (Ubuntu)
      Date: Wed, 09 Dec 2020 00:14:52 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
    • flag-unknown
      POST
      https://gormaire.website/index.htm
      IEXPLORE.EXE
      Remote address:
      45.142.215.136:443
      Request
      POST /index.htm HTTP/1.1
      Accept: text/html, application/xhtml+xml, image/jxr, */*
      Content-Type: multipart/form-data; boundary=2a96f980fe29323f
      Accept-Language: en-US
      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
      Accept-Encoding: gzip, deflate
      Host: gormaire.website
      Content-Length: 553
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Server: nginx/1.14.0 (Ubuntu)
      Date: Wed, 09 Dec 2020 00:15:07 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
    • 52.109.8.21:443
      322 B
       7
    • 45.142.215.136:443
      https://gormaire.website/index.htm
      tls, http
      IEXPLORE.EXE
      1.8kB
       4.0kB
       11
      8

      HTTP Request

      POST https://gormaire.website/index.htm

      HTTP Response

      404
    • 45.142.215.136:443
      gormaire.website
      tls
      IEXPLORE.EXE
      706 B
       3.5kB
       9
      6
    • 45.142.215.136:443
      https://gormaire.website/index.htm
      tls, http
      5bd267095b25bea0d5a95b4d6c22b871056ca7b8dc137351850d6a577ba62b80.exe
      3.7kB
       5.1kB
       16
      13

      HTTP Request

      POST https://gormaire.website/index.htm

      HTTP Response

      404

      HTTP Request

      POST https://gormaire.website/index.htm

      HTTP Response

      404

      HTTP Request

      POST https://gormaire.website/index.htm

      HTTP Response

      404
    • 72.21.81.200:443
      https://iecvlist.microsoft.com/ie11blocklist/1401746408/versionlist.xml
      tls, http
      iexplore.exe
      1.7kB
       24.6kB
       25
      21

      HTTP Request

      GET https://iecvlist.microsoft.com/ie11blocklist/1401746408/versionlist.xml

      HTTP Response

      200
    • 45.142.215.136:443
      https://gormaire.website/index.htm
      tls, http
      IEXPLORE.EXE
      1.8kB
       4.0kB
       11
      8

      HTTP Request

      POST https://gormaire.website/index.htm

      HTTP Response

      404
    • 45.142.215.136:443
      https://gormaire.website/index.htm
      tls, http
      IEXPLORE.EXE
      1.8kB
       4.0kB
       11
      8

      HTTP Request

      POST https://gormaire.website/index.htm

      HTTP Response

      404
    • 45.142.215.136:443
      https://gormaire.website/index.htm
      tls, http
      IEXPLORE.EXE
      1.8kB
       4.0kB
       11
      8

      HTTP Request

      POST https://gormaire.website/index.htm

      HTTP Response

      404
    • 45.142.215.136:443
      https://gormaire.website/index.htm
      tls, http
      IEXPLORE.EXE
      1.8kB
       4.0kB
       11
      8

      HTTP Request

      POST https://gormaire.website/index.htm

      HTTP Response

      404
    • 45.142.215.136:443
      https://gormaire.website/index.htm
      tls, http
      IEXPLORE.EXE
      1.8kB
       4.0kB
       11
      8

      HTTP Request

      POST https://gormaire.website/index.htm

      HTTP Response

      404
    • 45.142.215.136:443
      https://gormaire.website/index.htm
      tls, http
      IEXPLORE.EXE
      1.8kB
       4.0kB
       11
      8

      HTTP Request

      POST https://gormaire.website/index.htm

      HTTP Response

      404
    • 45.142.215.136:443
      https://gormaire.website/index.htm
      tls, http
      IEXPLORE.EXE
      1.8kB
       4.0kB
       11
      8

      HTTP Request

      POST https://gormaire.website/index.htm

      HTTP Response

      404
    • 8.8.8.8:53
      go.microsoft.com
      dns
      62 B
       157 B
       1
      1

      DNS Request

      go.microsoft.com

      DNS Response

      23.2.226.89

    • 8.8.8.8:53
      gormaire.website
      dns
      62 B
       78 B
       1
      1

      DNS Request

      gormaire.website

      DNS Response

      45.142.215.136

    • 8.8.8.8:53
      iecvlist.microsoft.com
      dns
      68 B
       150 B
       1
      1

      DNS Request

      iecvlist.microsoft.com

      DNS Response

      72.21.81.200

    • 8.8.8.8:53
      go.microsoft.com
      dns
      62 B
       157 B
       1
      1

      DNS Request

      go.microsoft.com

      DNS Response

      23.2.226.89

    • 8.8.8.8:53
      go.microsoft.com
      dns
      62 B
       157 B
       1
      1

      DNS Request

      go.microsoft.com

      DNS Response

      23.2.226.89

    • 8.8.8.8:53
      go.microsoft.com
      dns
      62 B
       157 B
       1
      1

      DNS Request

      go.microsoft.com

      DNS Response

      23.2.226.89

    • 8.8.8.8:53
      go.microsoft.com
      dns
      62 B
       157 B
       1
      1

      DNS Request

      go.microsoft.com

      DNS Response

      23.2.226.89

    • 8.8.8.8:53
      go.microsoft.com
      dns
      62 B
       157 B
       1
      1

      DNS Request

      go.microsoft.com

      DNS Response

      23.2.226.89

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/756-2-0x0000000000470000-0x0000000000482000-memory.dmp

      Filesize

      72KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.