Overview

overview

8

Static

static

3

acbb1db51e...9d.exe

windows7-x64

8

acbb1db51e...9d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/11/2023, 18:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe

  • Size

    853KB

  • MD5

    dbf67f7f28604cab1644c0f6b7964a96

  • SHA1

    5e787962936e37a00826a4edae473e1cc8e7ace7

  • SHA256

    acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d

  • SHA512

    5675c7a947fce4cfb0d2601274a1691daa892996d5f5c52e15f6042d8aeda40f35d275a85c4d39bed1a29c20d45da36777064d3304eb294e8109c217681dce89

  • SSDEEP

    24576:/ifxgP1zXgMG1kT0Gqgr1iuXXABG8L4Yfs:6fxgP18rOvqgrZHj8LJs

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Program crash 8 IoCs
  • Checks SCSI registry key(s) 3 TTPs 58 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 62 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
    "C:\Users\Admin\AppData\Local\Temp\acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4836
    • C:\Users\Admin\AppData\Local\Temp\acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
      C:\Users\Admin\AppData\Local\Temp\acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      • System policy modification
      PID:4876
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 324
        3⤵
        • Program crash
        PID:5040
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 668
        3⤵
        • Program crash
        PID:4316
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 792
        3⤵
        • Program crash
        PID:4120
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 800
        3⤵
        • Program crash
        PID:3884
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 928
        3⤵
        • Program crash
        PID:3268
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 968
        3⤵
        • Program crash
        PID:700
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 964
        3⤵
        • Program crash
        PID:2268
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 1284
        3⤵
        • Program crash
        PID:3692
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4836 -ip 4836
    1⤵
      PID:3268
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4876 -ip 4876
      1⤵
        PID:3472
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4876 -ip 4876
        1⤵
          PID:2716
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4876 -ip 4876
          1⤵
            PID:2520
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4876 -ip 4876
            1⤵
              PID:1248
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4876 -ip 4876
              1⤵
                PID:5008
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4876 -ip 4876
                1⤵
                  PID:1528
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4876 -ip 4876
                  1⤵
                    PID:1608
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4876 -ip 4876
                    1⤵
                      PID:4532
                    • C:\Windows\system32\sihost.exe
                      sihost.exe
                      1⤵
                      • Modifies registry class
                      • Suspicious use of WriteProcessMemory
                      PID:2112
                      • C:\Windows\explorer.exe
                        explorer.exe /LOADSAVEDWINDOWS
                        2⤵
                        • Modifies registry class
                        PID:3720
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                      • Modifies Installed Components in the registry
                      • Enumerates connected drives
                      • Checks SCSI registry key(s)
                      • Modifies Internet Explorer settings
                      • Modifies registry class
                      • Suspicious behavior: AddClipboardFormatListener
                      • Suspicious behavior: GetForegroundWindowSpam
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      • Suspicious use of SetWindowsHookEx
                      PID:5000
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                      1⤵
                      • Suspicious behavior: AddClipboardFormatListener
                      PID:4428
                    • C:\Windows\System32\rundll32.exe
                      C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                      1⤵
                        PID:2180
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                        1⤵
                          PID:1156
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                          • Modifies registry class
                          • Suspicious use of SetWindowsHookEx
                          PID:4336
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                          • Modifies Internet Explorer settings
                          • Modifies registry class
                          • Suspicious use of SetWindowsHookEx
                          PID:760
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                          • Modifies Internet Explorer settings
                          • Modifies registry class
                          • Suspicious use of SetWindowsHookEx
                          PID:2992
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                          • Modifies Internet Explorer settings
                          • Modifies registry class
                          • Suspicious use of SetWindowsHookEx
                          PID:2340
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:4128

                          Network

                          • flag-us
                            DNS
                            8.8.8.8.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            Response
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            dnsgoogle
                          • flag-us
                            DNS
                            35.77.123.92.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            35.77.123.92.in-addr.arpa
                            IN PTR
                            Response
                            35.77.123.92.in-addr.arpa
                            IN PTR
                            a92-123-77-35deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            20.160.190.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            20.160.190.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            95.221.229.192.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            95.221.229.192.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            241.154.82.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            241.154.82.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            g.bing.com
                            Remote address:
                            8.8.8.8:53
                            Request
                            g.bing.com
                            IN A
                            Response
                            g.bing.com
                            IN CNAME
                            g-bing-com.a-0001.a-msedge.net
                            g-bing-com.a-0001.a-msedge.net
                            IN CNAME
                            dual-a-0001.a-msedge.net
                            dual-a-0001.a-msedge.net
                            IN A
                            204.79.197.200
                            dual-a-0001.a-msedge.net
                            IN A
                            13.107.21.200
                          • flag-us
                            GET
                            https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6d9a47760e74357aa0b1122a4108565&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6d9a47760e74357aa0b1122a4108565&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid= HTTP/2.0
                            host: g.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            Response
                            HTTP/2.0 204
                            cache-control: no-cache, must-revalidate
                            pragma: no-cache
                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                            set-cookie: MUID=099F09863D7B60DB32401A4F3C176155; domain=.bing.com; expires=Sun, 08-Dec-2024 18:54:20 GMT; path=/; SameSite=None; Secure; Priority=High;
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            access-control-allow-origin: *
                            x-cache: CONFIG_NOCACHE
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 7741FE6919E145F586901F373F774451 Ref B: BRU30EDGE0520 Ref C: 2023-11-14T18:54:20Z
                            date: Tue, 14 Nov 2023 18:54:19 GMT
                          • flag-us
                            GET
                            https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c6d9a47760e74357aa0b1122a4108565&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c6d9a47760e74357aa0b1122a4108565&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid= HTTP/2.0
                            host: g.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            cookie: MUID=099F09863D7B60DB32401A4F3C176155
                            Response
                            HTTP/2.0 204
                            cache-control: no-cache, must-revalidate
                            pragma: no-cache
                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            access-control-allow-origin: *
                            x-cache: CONFIG_NOCACHE
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: FE8D25DEF5EA4AC98D14067FB7A47CA6 Ref B: BRU30EDGE0520 Ref C: 2023-11-14T18:54:20Z
                            date: Tue, 14 Nov 2023 18:54:19 GMT
                          • flag-us
                            GET
                            https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6d9a47760e74357aa0b1122a4108565&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6d9a47760e74357aa0b1122a4108565&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid= HTTP/2.0
                            host: g.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            cookie: MUID=099F09863D7B60DB32401A4F3C176155
                            Response
                            HTTP/2.0 204
                            cache-control: no-cache, must-revalidate
                            pragma: no-cache
                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            access-control-allow-origin: *
                            x-cache: CONFIG_NOCACHE
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 4EBA67D2D88E41A190E09D5AF3B5BD14 Ref B: BRU30EDGE0520 Ref C: 2023-11-14T18:54:20Z
                            date: Tue, 14 Nov 2023 18:54:19 GMT
                          • flag-us
                            DNS
                            58.99.105.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            58.99.105.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            2.136.104.51.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            2.136.104.51.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            157.123.68.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            157.123.68.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            56.126.166.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            56.126.166.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            218.240.110.104.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            218.240.110.104.in-addr.arpa
                            IN PTR
                            Response
                            218.240.110.104.in-addr.arpa
                            IN PTR
                            a104-110-240-218deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            43.77.123.92.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            43.77.123.92.in-addr.arpa
                            IN PTR
                            Response
                            43.77.123.92.in-addr.arpa
                            IN PTR
                            a92-123-77-43deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            tse1.mm.bing.net
                            Remote address:
                            8.8.8.8:53
                            Request
                            tse1.mm.bing.net
                            IN A
                            Response
                            tse1.mm.bing.net
                            IN CNAME
                            mm-mm.bing.net.trafficmanager.net
                            mm-mm.bing.net.trafficmanager.net
                            IN CNAME
                            dual-a-0001.a-msedge.net
                            dual-a-0001.a-msedge.net
                            IN A
                            204.79.197.200
                            dual-a-0001.a-msedge.net
                            IN A
                            13.107.21.200
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239317301690_19HMV4L26ZBX2EBOQ&pid=21.2&w=1080&h=1920&c=4
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239317301690_19HMV4L26ZBX2EBOQ&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 341990
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: E0CEA21FD4854F5BA1B54C235BC3700A Ref B: AMS04EDGE3419 Ref C: 2023-11-14T18:55:15Z
                            date: Tue, 14 Nov 2023 18:55:14 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239317301374_13OLU7GJIAZBI3QGK&pid=21.2&w=1080&h=1920&c=4
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239317301374_13OLU7GJIAZBI3QGK&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 362493
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 0D425B813DC3411DAB2FD79D7E188061 Ref B: AMS04EDGE3419 Ref C: 2023-11-14T18:55:15Z
                            date: Tue, 14 Nov 2023 18:55:14 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239317300941_1T733J08WF3629NM7&pid=21.2&w=1920&h=1080&c=4
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239317300941_1T733J08WF3629NM7&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 345334
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: A857EA1B1BE74EA882F495A0C48292EA Ref B: AMS04EDGE3419 Ref C: 2023-11-14T18:55:15Z
                            date: Tue, 14 Nov 2023 18:55:14 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239317301169_1B5BA0C4QNKYTONE8&pid=21.2&w=1920&h=1080&c=4
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239317301169_1B5BA0C4QNKYTONE8&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 315308
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 7A53B540F662437D8FC86E27AB58C0B1 Ref B: AMS04EDGE3419 Ref C: 2023-11-14T18:55:15Z
                            date: Tue, 14 Nov 2023 18:55:14 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239317301281_10M090P7WEZJN7Y3I&pid=21.2&w=1920&h=1080&c=4
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239317301281_10M090P7WEZJN7Y3I&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 365744
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 61D1E558DEB2401A8A5D952FDE3400BD Ref B: AMS04EDGE3419 Ref C: 2023-11-14T18:55:15Z
                            date: Tue, 14 Nov 2023 18:55:14 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239317301578_16RTS3GAZ3AT29YOT&pid=21.2&w=1080&h=1920&c=4
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239317301578_16RTS3GAZ3AT29YOT&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 299573
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: DF29141219F042A4BB5BE4D05B57E7FB Ref B: AMS04EDGE3419 Ref C: 2023-11-14T18:55:26Z
                            date: Tue, 14 Nov 2023 18:55:25 GMT
                          • flag-us
                            DNS
                            www.NQVFDyCX8o.com
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.NQVFDyCX8o.com
                            IN A
                            Response
                          • flag-us
                            DNS
                            138.32.126.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            138.32.126.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            208.194.73.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            208.194.73.20.in-addr.arpa
                            IN PTR
                          • flag-us
                            DNS
                            208.194.73.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            208.194.73.20.in-addr.arpa
                            IN PTR
                          • flag-us
                            DNS
                            208.194.73.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            208.194.73.20.in-addr.arpa
                            IN PTR
                          • flag-us
                            DNS
                            208.194.73.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            208.194.73.20.in-addr.arpa
                            IN PTR
                          • flag-us
                            DNS
                            208.194.73.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            208.194.73.20.in-addr.arpa
                            IN PTR
                          • flag-us
                            DNS
                            13.227.111.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            13.227.111.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            www.7gaIpjCOiM.com
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.7gaIpjCOiM.com
                            IN A
                            Response
                          • flag-us
                            DNS
                            www.DqbnSgVD7m.com
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.DqbnSgVD7m.com
                            IN A
                            Response
                          • flag-us
                            DNS
                            www.y2Aw8r68Cq.com
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.y2Aw8r68Cq.com
                            IN A
                            Response
                          • flag-us
                            DNS
                            www.yV9XmSLwMA.com
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.yV9XmSLwMA.com
                            IN A
                            Response
                          • flag-us
                            DNS
                            www.rZEMk82gLB.com
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.rZEMk82gLB.com
                            IN A
                            Response
                          • flag-us
                            DNS
                            w.google.com
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            w.google.com
                            IN A
                            Response
                            w.google.com
                            IN CNAME
                            www3.l.google.com
                            www3.l.google.com
                            IN A
                            142.250.179.206
                          • flag-us
                            DNS
                            www.W8Qw7OobgE.com
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.W8Qw7OobgE.com
                            IN A
                            Response
                          • flag-nl
                            GET
                            http://w.google.com/
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            Remote address:
                            142.250.179.206:80
                            Request
                            GET / HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Accept: */*, ???@, ?????????????????
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
                            Host: w.google.com
                            Response
                            HTTP/1.1 404 Not Found
                            Content-Type: text/html; charset=UTF-8
                            Referrer-Policy: no-referrer
                            Content-Length: 1561
                            Date: Tue, 14 Nov 2023 18:55:44 GMT
                          • flag-us
                            DNS
                            pastebin.com
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            pastebin.com
                            IN A
                            Response
                            pastebin.com
                            IN A
                            104.20.68.143
                            pastebin.com
                            IN A
                            172.67.34.170
                            pastebin.com
                            IN A
                            104.20.67.143
                          • flag-us
                            GET
                            http://pastebin.com/raw/AqndxJKK
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            Remote address:
                            104.20.68.143:80
                            Request
                            GET /raw/AqndxJKK HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Accept: */*, ???@, ?????????????????
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
                            Host: pastebin.com
                            Response
                            HTTP/1.1 301 Moved Permanently
                            Date: Tue, 14 Nov 2023 18:55:44 GMT
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Cache-Control: max-age=3600
                            Expires: Tue, 14 Nov 2023 19:55:44 GMT
                            Location: https://pastebin.com/raw/AqndxJKK
                            Server: cloudflare
                            CF-RAY: 82617871bdd50e70-AMS
                          • flag-us
                            DNS
                            206.179.250.142.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            206.179.250.142.in-addr.arpa
                            IN PTR
                            Response
                            206.179.250.142.in-addr.arpa
                            IN PTR
                            ams15s42-in-f141e100net
                          • flag-us
                            DNS
                            143.68.20.104.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            143.68.20.104.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            232.194.19.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            232.194.19.2.in-addr.arpa
                            IN PTR
                            Response
                            232.194.19.2.in-addr.arpa
                            IN PTR
                            a2-19-194-232deploystaticakamaitechnologiescom
                          • flag-us
                            GET
                            https://pastebin.com/raw/AqndxJKK
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            Remote address:
                            104.20.68.143:443
                            Request
                            GET /raw/AqndxJKK HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Accept: */*, ???@, ?????????????????
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
                            Host: pastebin.com
                            Response
                            HTTP/1.1 404 Not Found
                            Date: Tue, 14 Nov 2023 18:55:46 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            x-frame-options: DENY
                            x-frame-options: DENY
                            x-content-type-options: nosniff
                            x-content-type-options: nosniff
                            x-xss-protection: 1;mode=block
                            x-xss-protection: 1;mode=block
                            cache-control: public, max-age=1801
                            CF-Cache-Status: HIT
                            Age: 272
                            Server: cloudflare
                            CF-RAY: 82617879987e1c77-AMS
                          • flag-us
                            DNS
                            203.197.79.204.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            203.197.79.204.in-addr.arpa
                            IN PTR
                            Response
                            203.197.79.204.in-addr.arpa
                            IN PTR
                            a-0003a-msedgenet
                          • flag-us
                            DNS
                            16.173.189.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            16.173.189.20.in-addr.arpa
                            IN PTR
                            Response
                          • 204.79.197.200:443
                            https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6d9a47760e74357aa0b1122a4108565&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=
                            tls, http2
                            1.9kB
                             9.3kB
                             22
                            19

                            HTTP Request

                            GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6d9a47760e74357aa0b1122a4108565&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=

                            HTTP Response

                            204

                            HTTP Request

                            GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c6d9a47760e74357aa0b1122a4108565&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=

                            HTTP Response

                            204

                            HTTP Request

                            GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6d9a47760e74357aa0b1122a4108565&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=

                            HTTP Response

                            204
                          • 204.79.197.200:443
                            tse1.mm.bing.net
                            tls, http2
                            1.2kB
                             8.3kB
                             16
                            14
                          • 204.79.197.200:443
                            tse1.mm.bing.net
                            tls, http2
                            1.2kB
                             8.3kB
                             16
                            14
                          • 204.79.197.200:443
                            https://tse1.mm.bing.net/th?id=OADD2.10239317301578_16RTS3GAZ3AT29YOT&pid=21.2&w=1080&h=1920&c=4
                            tls, http2
                            76.5kB
                             2.1MB
                             1536
                            1534

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239317301690_19HMV4L26ZBX2EBOQ&pid=21.2&w=1080&h=1920&c=4

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239317301374_13OLU7GJIAZBI3QGK&pid=21.2&w=1080&h=1920&c=4

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239317300941_1T733J08WF3629NM7&pid=21.2&w=1920&h=1080&c=4

                            HTTP Response

                            200

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239317301169_1B5BA0C4QNKYTONE8&pid=21.2&w=1920&h=1080&c=4

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239317301281_10M090P7WEZJN7Y3I&pid=21.2&w=1920&h=1080&c=4

                            HTTP Response

                            200

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239317301578_16RTS3GAZ3AT29YOT&pid=21.2&w=1080&h=1920&c=4

                            HTTP Response

                            200
                          • 142.250.179.206:80
                            http://w.google.com/
                            http
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            465 B
                             1.9kB
                             5
                            4

                            HTTP Request

                            GET http://w.google.com/

                            HTTP Response

                            404
                          • 104.20.68.143:80
                            http://pastebin.com/raw/AqndxJKK
                            http
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            764 B
                             424 B
                             6
                            3

                            HTTP Request

                            GET http://pastebin.com/raw/AqndxJKK

                            HTTP Response

                            301
                          • 104.20.68.143:443
                            https://pastebin.com/raw/AqndxJKK
                            tls, http
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            904 B
                             4.4kB
                             8
                            8

                            HTTP Request

                            GET https://pastebin.com/raw/AqndxJKK

                            HTTP Response

                            404
                          • 8.8.8.8:53
                            8.8.8.8.in-addr.arpa
                            dns
                            66 B
                             90 B
                             1
                            1

                            DNS Request

                            8.8.8.8.in-addr.arpa

                          • 8.8.8.8:53
                            35.77.123.92.in-addr.arpa
                            dns
                            71 B
                             135 B
                             1
                            1

                            DNS Request

                            35.77.123.92.in-addr.arpa

                          • 8.8.8.8:53
                            20.160.190.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            20.160.190.20.in-addr.arpa

                          • 8.8.8.8:53
                            95.221.229.192.in-addr.arpa
                            dns
                            73 B
                             144 B
                             1
                            1

                            DNS Request

                            95.221.229.192.in-addr.arpa

                          • 8.8.8.8:53
                            241.154.82.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            241.154.82.20.in-addr.arpa

                          • 8.8.8.8:53
                            g.bing.com
                            dns
                            56 B
                             158 B
                             1
                            1

                            DNS Request

                            g.bing.com

                            DNS Response

                            204.79.197.200
                            13.107.21.200

                          • 8.8.8.8:53
                            58.99.105.20.in-addr.arpa
                            dns
                            71 B
                             157 B
                             1
                            1

                            DNS Request

                            58.99.105.20.in-addr.arpa

                          • 8.8.8.8:53
                            2.136.104.51.in-addr.arpa
                            dns
                            71 B
                             157 B
                             1
                            1

                            DNS Request

                            2.136.104.51.in-addr.arpa

                          • 8.8.8.8:53
                            157.123.68.40.in-addr.arpa
                            dns
                            72 B
                             146 B
                             1
                            1

                            DNS Request

                            157.123.68.40.in-addr.arpa

                          • 8.8.8.8:53
                            56.126.166.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            56.126.166.20.in-addr.arpa

                          • 8.8.8.8:53
                            218.240.110.104.in-addr.arpa
                            dns
                            74 B
                             141 B
                             1
                            1

                            DNS Request

                            218.240.110.104.in-addr.arpa

                          • 8.8.8.8:53
                            43.77.123.92.in-addr.arpa
                            dns
                            71 B
                             135 B
                             1
                            1

                            DNS Request

                            43.77.123.92.in-addr.arpa

                          • 8.8.8.8:53
                            tse1.mm.bing.net
                            dns
                            62 B
                             173 B
                             1
                            1

                            DNS Request

                            tse1.mm.bing.net

                            DNS Response

                            204.79.197.200
                            13.107.21.200

                          • 8.8.8.8:53
                            www.NQVFDyCX8o.com
                            dns
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            64 B
                             137 B
                             1
                            1

                            DNS Request

                            www.NQVFDyCX8o.com

                          • 8.8.8.8:53
                            138.32.126.40.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            138.32.126.40.in-addr.arpa

                          • 8.8.8.8:53
                            208.194.73.20.in-addr.arpa
                            dns
                            360 B
                             5

                            DNS Request

                            208.194.73.20.in-addr.arpa

                            DNS Request

                            208.194.73.20.in-addr.arpa

                            DNS Request

                            208.194.73.20.in-addr.arpa

                            DNS Request

                            208.194.73.20.in-addr.arpa

                            DNS Request

                            208.194.73.20.in-addr.arpa

                          • 8.8.8.8:53
                            13.227.111.52.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            13.227.111.52.in-addr.arpa

                          • 8.8.8.8:53
                            www.7gaIpjCOiM.com
                            dns
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            64 B
                             137 B
                             1
                            1

                            DNS Request

                            www.7gaIpjCOiM.com

                          • 8.8.8.8:53
                            www.DqbnSgVD7m.com
                            dns
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            64 B
                             137 B
                             1
                            1

                            DNS Request

                            www.DqbnSgVD7m.com

                          • 8.8.8.8:53
                            www.y2Aw8r68Cq.com
                            dns
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            64 B
                             137 B
                             1
                            1

                            DNS Request

                            www.y2Aw8r68Cq.com

                          • 8.8.8.8:53
                            www.yV9XmSLwMA.com
                            dns
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            64 B
                             137 B
                             1
                            1

                            DNS Request

                            www.yV9XmSLwMA.com

                          • 8.8.8.8:53
                            www.rZEMk82gLB.com
                            dns
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            64 B
                             137 B
                             1
                            1

                            DNS Request

                            www.rZEMk82gLB.com

                          • 8.8.8.8:53
                            w.google.com
                            dns
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            58 B
                             95 B
                             1
                            1

                            DNS Request

                            w.google.com

                            DNS Response

                            142.250.179.206

                          • 8.8.8.8:53
                            www.W8Qw7OobgE.com
                            dns
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            64 B
                             137 B
                             1
                            1

                            DNS Request

                            www.W8Qw7OobgE.com

                          • 8.8.8.8:53
                            pastebin.com
                            dns
                            acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            58 B
                             106 B
                             1
                            1

                            DNS Request

                            pastebin.com

                            DNS Response

                            104.20.68.143
                            172.67.34.170
                            104.20.67.143

                          • 8.8.8.8:53
                            206.179.250.142.in-addr.arpa
                            dns
                            74 B
                             113 B
                             1
                            1

                            DNS Request

                            206.179.250.142.in-addr.arpa

                          • 8.8.8.8:53
                            143.68.20.104.in-addr.arpa
                            dns
                            72 B
                             134 B
                             1
                            1

                            DNS Request

                            143.68.20.104.in-addr.arpa

                          • 8.8.8.8:53
                            232.194.19.2.in-addr.arpa
                            dns
                            71 B
                             135 B
                             1
                            1

                            DNS Request

                            232.194.19.2.in-addr.arpa

                          • 8.8.8.8:53
                            203.197.79.204.in-addr.arpa
                            dns
                            73 B
                             106 B
                             1
                            1

                            DNS Request

                            203.197.79.204.in-addr.arpa

                          • 8.8.8.8:53
                            16.173.189.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            16.173.189.20.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DENP3826\microsoft.windows[1].xml
                            Filesize

                            96B

                            MD5

                            da2f6534a0b18d822eafa495c037a7f4

                            SHA1

                            9a5ee14946c817ab6739bed1e22b2b5cfe742802

                            SHA256

                            e7b5b9346d1dd05e69644850e324798c30355e495e094d019973c444b6ae00a5

                            SHA512

                            d956be2de58592438cbee1b996472bea59b58245861ec4d6bbf5318efd33716047406883aefd7c4f61fe0fd23caa09d0e6efaf8abb26e982bf3f47a3073d94d3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133444617521897456.txt
                            Filesize

                            74KB

                            MD5

                            0770cd8fe6784708d08860d93a5cb762

                            SHA1

                            ec3a74a70a55ac4e73f6ccaf01a7f4b86ca45cf8

                            SHA256

                            77c4ad43697c8de81a391a842311a1331fb37da159dcfe94eaa23e193479b1c2

                            SHA512

                            40c0c9f1e3a29320f68248439afe28ab00eef45b3dfbb9a3cc743a2f83374e6c2e8f36c57131a2c1b840c9f99b6c58b29f40ed453b03cd16607745fedae8e511

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DENP3826\microsoft.windows[1].xml
                            Filesize

                            96B

                            MD5

                            da2f6534a0b18d822eafa495c037a7f4

                            SHA1

                            9a5ee14946c817ab6739bed1e22b2b5cfe742802

                            SHA256

                            e7b5b9346d1dd05e69644850e324798c30355e495e094d019973c444b6ae00a5

                            SHA512

                            d956be2de58592438cbee1b996472bea59b58245861ec4d6bbf5318efd33716047406883aefd7c4f61fe0fd23caa09d0e6efaf8abb26e982bf3f47a3073d94d3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DENP3826\microsoft.windows[1].xml
                            Filesize

                            96B

                            MD5

                            da2f6534a0b18d822eafa495c037a7f4

                            SHA1

                            9a5ee14946c817ab6739bed1e22b2b5cfe742802

                            SHA256

                            e7b5b9346d1dd05e69644850e324798c30355e495e094d019973c444b6ae00a5

                            SHA512

                            d956be2de58592438cbee1b996472bea59b58245861ec4d6bbf5318efd33716047406883aefd7c4f61fe0fd23caa09d0e6efaf8abb26e982bf3f47a3073d94d3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DENP3826\microsoft.windows[1].xml
                            Filesize

                            96B

                            MD5

                            da2f6534a0b18d822eafa495c037a7f4

                            SHA1

                            9a5ee14946c817ab6739bed1e22b2b5cfe742802

                            SHA256

                            e7b5b9346d1dd05e69644850e324798c30355e495e094d019973c444b6ae00a5

                            SHA512

                            d956be2de58592438cbee1b996472bea59b58245861ec4d6bbf5318efd33716047406883aefd7c4f61fe0fd23caa09d0e6efaf8abb26e982bf3f47a3073d94d3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\acbb1db51ecd91c8b7e62cc75e532b32df89fcfc7f318e9f925d9a4521dbd89d.exe
                            Filesize

                            853KB

                            MD5

                            c7b2678e05a84770b337fda1746200a1

                            SHA1

                            69373178d3e1b2ede4c42389c6713b2162eef1c2

                            SHA256

                            0d7eaa1cd5c40254d65df21d5f34fa91bc56e98fdd3f13d34104928be26b8375

                            SHA512

                            8129b20e698d8084f61e6193e3df5f19361d5055e26bf5b316eb53af4328a9a382c13abf1dd3fcb9e716480911d84945083d126c9307e3e7ce676f3fda3d2689

                            Download Submit

                          • memory/760-40-0x0000023D407E0000-0x0000023D40800000-memory.dmp

                            Filesize

                            128KB

                            Download

                          • memory/760-44-0x0000023D40C30000-0x0000023D40C50000-memory.dmp

                            Filesize

                            128KB

                            Download

                          • memory/760-38-0x0000023D40820000-0x0000023D40840000-memory.dmp

                            Filesize

                            128KB

                            Download

                          • memory/2340-90-0x00000125B5A00000-0x00000125B5A20000-memory.dmp

                            Filesize

                            128KB

                            Download

                          • memory/2340-88-0x00000125B5A40000-0x00000125B5A60000-memory.dmp

                            Filesize

                            128KB

                            Download

                          • memory/2340-92-0x00000125B6080000-0x00000125B60A0000-memory.dmp

                            Filesize

                            128KB

                            Download

                          • memory/2992-70-0x000002173A340000-0x000002173A360000-memory.dmp

                            Filesize

                            128KB

                            Download

                          • memory/2992-73-0x000002173A300000-0x000002173A320000-memory.dmp

                            Filesize

                            128KB

                            Download

                          • memory/2992-77-0x000002173A700000-0x000002173A720000-memory.dmp

                            Filesize

                            128KB

                            Download

                          • memory/4128-113-0x000002CF64EB0000-0x000002CF64ED0000-memory.dmp

                            Filesize

                            128KB

                            Download

                          • memory/4128-111-0x000002CF647A0000-0x000002CF647C0000-memory.dmp

                            Filesize

                            128KB

                            Download

                          • memory/4128-108-0x000002CF647E0000-0x000002CF64800000-memory.dmp

                            Filesize

                            128KB

                            Download

                          • memory/4836-0-0x0000000000400000-0x0000000000472000-memory.dmp

                            Filesize

                            456KB

                            Download

                          • memory/4836-6-0x0000000000400000-0x0000000000472000-memory.dmp

                            Filesize

                            456KB

                            Download

                          • memory/4876-23-0x0000000000400000-0x000000000045A000-memory.dmp

                            Filesize

                            360KB

                            Download

                          • memory/4876-9-0x0000000000400000-0x000000000045A000-memory.dmp

                            Filesize

                            360KB

                            Download

                          • memory/4876-7-0x0000000000400000-0x0000000000472000-memory.dmp

                            Filesize

                            456KB

                            Download

                          • memory/4876-16-0x0000000000400000-0x000000000045A000-memory.dmp

                            Filesize

                            360KB

                            Download

                          • memory/4876-8-0x0000000004F30000-0x0000000004FA2000-memory.dmp

                            Filesize

                            456KB

                            Download

                          • memory/5000-52-0x0000000002200000-0x0000000002201000-memory.dmp

                            Filesize

                            4KB

                            Download

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.