2110ab9145eb713326e795f37cfd853d4434756738db301881c81dd94e325dbb

Analysis

max time kernel
170s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 10:30 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

174f3c937aa26c41e8c5fa6865a99179.exe
Size

328KB
MD5

174f3c937aa26c41e8c5fa6865a99179
SHA1

dd5083da2acde1ea12bb36a485a6983304a6708e
SHA256

2110ab9145eb713326e795f37cfd853d4434756738db301881c81dd94e325dbb
SHA512

6c5d5645f80b84e5e46c721db336bff46d4ece80942512a0c3fb7a0f4786569ae147e36d3dca0b5b0bb9d4a99e4fdf75064b5da378bc7cb16382eff02dc2e6af
SSDEEP

6144:nePJYhcvhLxotp++sCTHUIKz3JWGYBjWo80I/G13YtcOmq81yOgfkJzq12:nePJYIh9of++skOYBjD5wG13YtcOncyQ

Score

7^/10

bootkit persistence upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1884-0-0x0000000000400000-0x00000000004BC000-memory.dmp	upx
behavioral2/memory/1884-9-0x0000000000400000-0x00000000004BC000-memory.dmp	upx
behavioral2/memory/1884-10-0x0000000000400000-0x00000000004BC000-memory.dmp	upx
behavioral2/memory/1884-15-0x0000000000400000-0x00000000004BC000-memory.dmp	upx

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\m:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\o:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\p:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\q:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\r:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\w:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\j:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\l:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\n:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\u:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\z:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\e:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\i:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\s:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\t:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\v:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\y:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\h:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\k:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\g:	174f3c937aa26c41e8c5fa6865a99179.exe
File opened (read-only)	\??\x:	174f3c937aa26c41e8c5fa6865a99179.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	174f3c937aa26c41e8c5fa6865a99179.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\SAItest.txt	174f3c937aa26c41e8c5fa6865a99179.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	174f3c937aa26c41e8c5fa6865a99179.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	174f3c937aa26c41e8c5fa6865a99179.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	174f3c937aa26c41e8c5fa6865a99179.exe

C:\Users\Admin\AppData\Local\Temp\174f3c937aa26c41e8c5fa6865a99179.exe
"C:\Users\Admin\AppData\Local\Temp\174f3c937aa26c41e8c5fa6865a99179.exe"
1⤵
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Modifies system certificate store
PID:1884

Network

DNS

9.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.134.221.88.in-addr.arpa

IN PTR

Response

9.134.221.88.in-addr.arpa

IN PTR

a88-221-134-9deploystaticakamaitechnologiescom
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A

Response
DNS

17.53.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.53.126.40.in-addr.arpa

IN PTR

Response
DNS

79.121.231.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.121.231.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

74.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.19.199.152.in-addr.arpa

IN PTR

Response
DNS

csc3-2010-crl.verisign.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

csc3-2010-crl.verisign.com

IN A

Response

csc3-2010-crl.verisign.com

IN CNAME

crl-symcprod.digicert.com

crl-symcprod.digicert.com

IN CNAME

crl.edge.digicert.com

crl.edge.digicert.com

IN CNAME

fp2e7a.wpc.2be4.phicdn.net

fp2e7a.wpc.2be4.phicdn.net

IN CNAME

fp2e7a.wpc.phicdn.net

fp2e7a.wpc.phicdn.net

IN A

192.229.221.95
GET

http://csc3-2010-crl.verisign.com/CSC3-2010.crl

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

192.229.221.95:80

Request

GET /CSC3-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: csc3-2010-crl.verisign.com

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Age: 5678
Cache-Control: public, max-age=3600
Content-Type: application/pkix-crl
Date: Tue, 26 Dec 2023 00:45:47 GMT
Last-Modified: Mon, 25 Dec 2023 23:11:09 GMT
Server: ECAcc (lhd/35E5)
X-Cache: HIT
X-Content-Type-Options: nosniff
X-EC-BBR-Enable: 1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 107803
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
GET

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D

Remote address:

192.229.221.95:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.digicert.com

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Age: 202
Cache-Control: max-age=7200
Content-Type: application/ocsp-response
Date: Tue, 26 Dec 2023 00:45:48 GMT
Last-Modified: Tue, 26 Dec 2023 00:42:26 GMT
Server: ECAcc (lhd/35F8)
X-Cache: HIT
Content-Length: 471
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
GET

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEA6Nvl6mEObLtWnHNvbXAEs%3D

Remote address:

192.229.221.95:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEA6Nvl6mEObLtWnHNvbXAEs%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.digicert.com

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Age: 164
Cache-Control: max-age=7200
Content-Type: application/ocsp-response
Date: Tue, 26 Dec 2023 00:45:53 GMT
Last-Modified: Tue, 26 Dec 2023 00:43:09 GMT
Server: ECAcc (lhd/35BD)
X-Cache: HIT
Content-Length: 313
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A

Response
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A

Response
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A

Response
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A

Response
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A
DNS

183.1.37.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.1.37.23.in-addr.arpa

IN PTR

Response

183.1.37.23.in-addr.arpa

IN PTR

a23-37-1-183deploystaticakamaitechnologiescom
DNS

183.1.37.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.1.37.23.in-addr.arpa

IN PTR

Response

183.1.37.23.in-addr.arpa

IN PTR

a23-37-1-183deploystaticakamaitechnologiescom
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301663_1QHQXW81RF8E6NQ10&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301663_1QHQXW81RF8E6NQ10&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 384106
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F072C434F42E4EF7973B007DF255557F Ref B: LON04EDGE1006 Ref C: 2023-12-26T00:46:26Z
date: Tue, 26 Dec 2023 00:46:25 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301662_176VB0P3XGJB59KS3&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301662_176VB0P3XGJB59KS3&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 319171
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 21693B933C994EEA891102C5742A1B7B Ref B: LON04EDGE1006 Ref C: 2023-12-26T00:46:26Z
date: Tue, 26 Dec 2023 00:46:25 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301254_1Y97V3K1Y4OI79J21&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301254_1Y97V3K1Y4OI79J21&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 344185
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7A2CA8FF1EF941A2B896848032E1F5AE Ref B: LON04EDGE1006 Ref C: 2023-12-26T00:46:26Z
date: Tue, 26 Dec 2023 00:46:25 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301253_1ITZSO8YS9ZANR3WZ&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301253_1ITZSO8YS9ZANR3WZ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 388086
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D56C57CA3AB541A19D680DBDFAEBEFCB Ref B: LON04EDGE1006 Ref C: 2023-12-26T00:46:27Z
date: Tue, 26 Dec 2023 00:46:26 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300924_1N7S5A2UISE5XQ4TY&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300924_1N7S5A2UISE5XQ4TY&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301357_1M7VV0SOSJXWEGMMP&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301357_1M7VV0SOSJXWEGMMP&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D

Remote address:

192.229.221.95:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.digicert.com

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Age: 5533
Cache-Control: max-age=7200
Content-Type: application/ocsp-response
Date: Tue, 26 Dec 2023 00:46:26 GMT
Last-Modified: Mon, 25 Dec 2023 23:14:13 GMT
Server: ECAcc (lhd/35A2)
X-Cache: HIT
Content-Length: 471
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A

Response
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A

Response
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A

Response
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A

Response
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A

Response
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A

Response
DNS

178.223.142.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.223.142.52.in-addr.arpa

IN PTR

Response
DNS

178.223.142.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.223.142.52.in-addr.arpa

IN PTR
DNS

30.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR
DNS

30.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR
DNS

30.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR
DNS

30.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR
DNS

30.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A

Response
DNS

b.liteflames.com

174f3c937aa26c41e8c5fa6865a99179.exe

Remote address:

8.8.8.8:53

Request

b.liteflames.com

IN A
DNS

59.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.134.221.88.in-addr.arpa

IN PTR

Response

59.134.221.88.in-addr.arpa

IN PTR

a88-221-134-59deploystaticakamaitechnologiescom
DNS

59.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.134.221.88.in-addr.arpa

IN PTR
DNS

59.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.134.221.88.in-addr.arpa

IN PTR
DNS

59.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.134.221.88.in-addr.arpa

IN PTR
DNS

59.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.134.221.88.in-addr.arpa

IN PTR
DNS

43.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.134.221.88.in-addr.arpa

IN PTR

Response

43.134.221.88.in-addr.arpa

IN PTR

a88-221-134-43deploystaticakamaitechnologiescom
DNS

43.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.134.221.88.in-addr.arpa

IN PTR

Response

43.134.221.88.in-addr.arpa

IN PTR

a88-221-134-43deploystaticakamaitechnologiescom
DNS

232.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.135.221.88.in-addr.arpa

IN PTR

Response

232.135.221.88.in-addr.arpa

IN PTR

a88-221-135-232deploystaticakamaitechnologiescom
DNS

232.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.135.221.88.in-addr.arpa

IN PTR
DNS

33.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.134.221.88.in-addr.arpa

IN PTR

Response

33.134.221.88.in-addr.arpa

IN PTR

a88-221-134-33deploystaticakamaitechnologiescom
DNS

33.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.134.221.88.in-addr.arpa

IN PTR
DNS

210.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.135.221.88.in-addr.arpa

IN PTR

Response

210.135.221.88.in-addr.arpa

IN PTR

a88-221-135-210deploystaticakamaitechnologiescom
DNS

210.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.135.221.88.in-addr.arpa

IN PTR

Response

210.135.221.88.in-addr.arpa

IN PTR

a88-221-135-210deploystaticakamaitechnologiescom
DNS

17.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.134.221.88.in-addr.arpa

IN PTR

Response

17.134.221.88.in-addr.arpa

IN PTR

a88-221-134-17deploystaticakamaitechnologiescom
DNS

17.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.134.221.88.in-addr.arpa

IN PTR
GET

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D

Remote address:

192.229.221.95:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.digicert.com

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Age: 5274
Cache-Control: max-age=7200
Content-Type: application/ocsp-response
Date: Tue, 26 Dec 2023 00:47:40 GMT
Last-Modified: Mon, 25 Dec 2023 23:19:46 GMT
Server: ECAcc (lhd/35FB)
X-Cache: HIT
Content-Length: 471
DNS

8.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.173.189.20.in-addr.arpa

IN PTR

Response
DNS

8.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.173.189.20.in-addr.arpa

IN PTR
DNS

8.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.173.189.20.in-addr.arpa

IN PTR

192.229.221.95:80

http://csc3-2010-crl.verisign.com/CSC3-2010.crl

http

174f3c937aa26c41e8c5fa6865a99179.exe

2.4kB
112.0kB
49
87

HTTP Request

GET http://csc3-2010-crl.verisign.com/CSC3-2010.crl

HTTP Response

200
192.229.221.95:80

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D

http

470 B
868 B
5
3

HTTP Request

GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D

HTTP Response

200
192.229.221.95:80

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEA6Nvl6mEObLtWnHNvbXAEs%3D

http

510 B
750 B
6
4

HTTP Request

GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEA6Nvl6mEObLtWnHNvbXAEs%3D

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
15
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.6kB
929 B
14
9
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301357_1M7VV0SOSJXWEGMMP&pid=21.2&w=1080&h=1920&c=4

tls, http2

49.2kB
1.3MB
984
977

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301663_1QHQXW81RF8E6NQ10&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301662_176VB0P3XGJB59KS3&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301254_1Y97V3K1Y4OI79J21&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301253_1ITZSO8YS9ZANR3WZ&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300924_1N7S5A2UISE5XQ4TY&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301357_1M7VV0SOSJXWEGMMP&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.8kB
8.2kB
18
12
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.3kB
16
14
192.229.221.95:80

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D

http

424 B
869 B
4
3

HTTP Request

GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D

HTTP Response

200
192.229.221.95:80

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D

http

424 B
869 B
4
3

HTTP Request

GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D

HTTP Response

200

8.8.8.8:53

9.134.221.88.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

9.134.221.88.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

b.liteflames.com

dns

174f3c937aa26c41e8c5fa6865a99179.exe

62 B
121 B
1
1

DNS Request

b.liteflames.com
8.8.8.8:53

17.53.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

17.53.126.40.in-addr.arpa
8.8.8.8:53

79.121.231.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

79.121.231.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

74.19.199.152.in-addr.arpa

dns

72 B
143 B
1
1

DNS Request

74.19.199.152.in-addr.arpa
8.8.8.8:53

csc3-2010-crl.verisign.com

dns

174f3c937aa26c41e8c5fa6865a99179.exe

72 B
212 B
1
1

DNS Request

csc3-2010-crl.verisign.com

DNS Response

192.229.221.95
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

b.liteflames.com

dns

174f3c937aa26c41e8c5fa6865a99179.exe

62 B
121 B
1
1

DNS Request

b.liteflames.com
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

b.liteflames.com

dns

174f3c937aa26c41e8c5fa6865a99179.exe

62 B
121 B
1
1

DNS Request

b.liteflames.com
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

b.liteflames.com

dns

174f3c937aa26c41e8c5fa6865a99179.exe

62 B
121 B
1
1

DNS Request

b.liteflames.com
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

b.liteflames.com

dns

174f3c937aa26c41e8c5fa6865a99179.exe

124 B
121 B
2
1

DNS Request

b.liteflames.com

DNS Request

b.liteflames.com
8.8.8.8:53

b.liteflames.com

dns

174f3c937aa26c41e8c5fa6865a99179.exe

62 B
121 B
1
1

DNS Request

b.liteflames.com
8.8.8.8:53

b.liteflames.com

dns

174f3c937aa26c41e8c5fa6865a99179.exe

62 B
121 B
1
1

DNS Request

b.liteflames.com
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

b.liteflames.com

dns

174f3c937aa26c41e8c5fa6865a99179.exe

124 B
121 B
2
1

DNS Request

b.liteflames.com

DNS Request

b.liteflames.com
8.8.8.8:53

183.1.37.23.in-addr.arpa

dns

140 B
266 B
2
2

DNS Request

183.1.37.23.in-addr.arpa

DNS Request

183.1.37.23.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

b.liteflames.com

dns

174f3c937aa26c41e8c5fa6865a99179.exe

124 B
242 B
2
2

DNS Request

b.liteflames.com

DNS Request

b.liteflames.com
8.8.8.8:53

b.liteflames.com

dns

174f3c937aa26c41e8c5fa6865a99179.exe

124 B
121 B
2
1

DNS Request

b.liteflames.com

DNS Request

b.liteflames.com
8.8.8.8:53

b.liteflames.com

dns

174f3c937aa26c41e8c5fa6865a99179.exe

124 B
121 B
2
1

DNS Request

b.liteflames.com

DNS Request

b.liteflames.com
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

119.110.54.20.in-addr.arpa

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

b.liteflames.com

dns

174f3c937aa26c41e8c5fa6865a99179.exe

124 B
242 B
2
2

DNS Request

b.liteflames.com

DNS Request

b.liteflames.com
8.8.8.8:53

178.223.142.52.in-addr.arpa

dns

146 B
147 B
2
1

DNS Request

178.223.142.52.in-addr.arpa

DNS Request

178.223.142.52.in-addr.arpa
8.8.8.8:53

30.243.111.52.in-addr.arpa

dns

360 B
5

DNS Request

30.243.111.52.in-addr.arpa

DNS Request

30.243.111.52.in-addr.arpa

DNS Request

30.243.111.52.in-addr.arpa

DNS Request

30.243.111.52.in-addr.arpa

DNS Request

30.243.111.52.in-addr.arpa
8.8.8.8:53

b.liteflames.com

dns

174f3c937aa26c41e8c5fa6865a99179.exe

124 B
121 B
2
1

DNS Request

b.liteflames.com

DNS Request

b.liteflames.com
8.8.8.8:53

59.134.221.88.in-addr.arpa

dns

360 B
137 B
5
1

DNS Request

59.134.221.88.in-addr.arpa

DNS Request

59.134.221.88.in-addr.arpa

DNS Request

59.134.221.88.in-addr.arpa

DNS Request

59.134.221.88.in-addr.arpa

DNS Request

59.134.221.88.in-addr.arpa
8.8.8.8:53

43.134.221.88.in-addr.arpa

dns

144 B
274 B
2
2

DNS Request

43.134.221.88.in-addr.arpa

DNS Request

43.134.221.88.in-addr.arpa
8.8.8.8:53

232.135.221.88.in-addr.arpa

dns

146 B
139 B
2
1

DNS Request

232.135.221.88.in-addr.arpa

DNS Request

232.135.221.88.in-addr.arpa
8.8.8.8:53

33.134.221.88.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

33.134.221.88.in-addr.arpa

DNS Request

33.134.221.88.in-addr.arpa
8.8.8.8:53

210.135.221.88.in-addr.arpa

dns

146 B
278 B
2
2

DNS Request

210.135.221.88.in-addr.arpa

DNS Request

210.135.221.88.in-addr.arpa
8.8.8.8:53

17.134.221.88.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

17.134.221.88.in-addr.arpa

DNS Request

17.134.221.88.in-addr.arpa
8.8.8.8:53

8.173.189.20.in-addr.arpa

dns

213 B
157 B
3
1

DNS Request

8.173.189.20.in-addr.arpa

DNS Request

8.173.189.20.in-addr.arpa

DNS Request

8.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-0-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1884-9-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1884-10-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1884-15-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request