6913c031a7a6760f9e3e4b33e9af78f8356560ad226c63d38e27bc5ee000d04d

Analysis

max time kernel
154s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 12:53 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36da5fb7d36252b40e344840e9485388.exe
Size

298KB
MD5

36da5fb7d36252b40e344840e9485388
SHA1

c9baa883fdb22261a3bbe9430bba16819441dc58
SHA256

6913c031a7a6760f9e3e4b33e9af78f8356560ad226c63d38e27bc5ee000d04d
SHA512

32f51482ab567c839e89ecdcc006f0f3719b0c42eaeac603b9a47e3d7595f3d0069efed9738be0b2c0e0e782c190f8beb763dd8eacc658e74286211f057c5843
SSDEEP

3072:QlmYSgrFEeArrX8VF0vaF7yeCWfeEPSFi3ymbUgoi1g4r8iShjoAGO89D8BGhkw:6SgrFeMMChCIPx2Y8bhhp8zkw

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe
4828	36da5fb7d36252b40e344840e9485388.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4828	36da5fb7d36252b40e344840e9485388.exe
Token: SeIncBasePriorityPrivilege	4828	36da5fb7d36252b40e344840e9485388.exe

C:\Users\Admin\AppData\Local\Temp\36da5fb7d36252b40e344840e9485388.exe
"C:\Users\Admin\AppData\Local\Temp\36da5fb7d36252b40e344840e9485388.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4828

Network

DNS

3.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.181.190.20.in-addr.arpa

IN PTR

Response
DNS

202.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.135.221.88.in-addr.arpa

IN PTR

Response

202.135.221.88.in-addr.arpa

IN PTR

a88-221-135-202deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

settings-win.data.microsoft.com

Remote address:

8.8.8.8:53

Request

settings-win.data.microsoft.com

IN A

Response

settings-win.data.microsoft.com

IN CNAME

atm-settingsfe-prod-geo2.trafficmanager.net

atm-settingsfe-prod-geo2.trafficmanager.net

IN CNAME

settings-prod-neu-3.northeurope.cloudapp.azure.com

settings-prod-neu-3.northeurope.cloudapp.azure.com

IN A

4.231.128.59
DNS

settings-win.data.microsoft.com

Remote address:

8.8.8.8:53

Request

settings-win.data.microsoft.com

IN A
DNS

settings-win.data.microsoft.com

Remote address:

8.8.8.8:53

Request

settings-win.data.microsoft.com

IN A
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301013_1R2AO9YZ4I5BGB4K2&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301013_1R2AO9YZ4I5BGB4K2&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 605112
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 133B53F8609E49EEA493CA82964A796B Ref B: LON04EDGE0622 Ref C: 2024-01-04T18:12:35Z
date: Thu, 04 Jan 2024 18:12:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301655_1DZQZV6Z7ZOAU893W&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301655_1DZQZV6Z7ZOAU893W&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 532606
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 70B43B36A2DA41259AC58AC890193EA3 Ref B: LON04EDGE0622 Ref C: 2024-01-04T18:12:35Z
date: Thu, 04 Jan 2024 18:12:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301446_1EN88Z1GJDY90F0IF&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301446_1EN88Z1GJDY90F0IF&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 350429
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FDF86AEDDD554D12868E0EE74F406594 Ref B: LON04EDGE0622 Ref C: 2024-01-04T18:12:35Z
date: Thu, 04 Jan 2024 18:12:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301246_1WJH3TXXVOGBRWUGS&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301246_1WJH3TXXVOGBRWUGS&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 344167
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0F90CBCA3B7A43E89F8434CB16934ED3 Ref B: LON04EDGE0622 Ref C: 2024-01-04T18:12:35Z
date: Thu, 04 Jan 2024 18:12:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301074_13X6HGWAR197W3ZYM&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301074_13X6HGWAR197W3ZYM&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 628594
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1787733C10AE4242B9646E173DC27C13 Ref B: LON04EDGE0622 Ref C: 2024-01-04T18:12:35Z
date: Thu, 04 Jan 2024 18:12:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301507_1JETHNZGWEYGZFF79&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301507_1JETHNZGWEYGZFF79&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 460710
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0CCDBF0053284969980FF9F4E859EFD7 Ref B: LON04EDGE0622 Ref C: 2024-01-04T18:12:40Z
date: Thu, 04 Jan 2024 18:12:40 GMT
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

40.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.134.221.88.in-addr.arpa

IN PTR

Response

40.134.221.88.in-addr.arpa

IN PTR

a88-221-134-40deploystaticakamaitechnologiescom
DNS

40.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.134.221.88.in-addr.arpa

IN PTR
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR
DNS

100.5.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.5.17.2.in-addr.arpa

IN PTR

Response

100.5.17.2.in-addr.arpa

IN PTR

a2-17-5-100deploystaticakamaitechnologiescom
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

219.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

219.135.221.88.in-addr.arpa

IN PTR

Response

219.135.221.88.in-addr.arpa

IN PTR

a88-221-135-219deploystaticakamaitechnologiescom
DNS

219.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

219.135.221.88.in-addr.arpa

IN PTR
DNS

50.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.134.221.88.in-addr.arpa

IN PTR

Response

50.134.221.88.in-addr.arpa

IN PTR

a88-221-134-50deploystaticakamaitechnologiescom
DNS

232.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.135.221.88.in-addr.arpa

IN PTR

Response

232.135.221.88.in-addr.arpa

IN PTR

a88-221-135-232deploystaticakamaitechnologiescom
DNS

41.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.134.221.88.in-addr.arpa

IN PTR

Response

41.134.221.88.in-addr.arpa

IN PTR

a88-221-134-41deploystaticakamaitechnologiescom
DNS

9.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.173.189.20.in-addr.arpa

IN PTR

Response
DNS

80.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.135.221.88.in-addr.arpa

IN PTR

Response

80.135.221.88.in-addr.arpa

IN PTR

a88-221-135-80deploystaticakamaitechnologiescom

52.142.223.178:80

52 B
1
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.2kB
16
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.3kB
17
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301507_1JETHNZGWEYGZFF79&pid=21.2&w=1080&h=1920&c=4

tls, http2

110.4kB
3.1MB
2265
2254

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301013_1R2AO9YZ4I5BGB4K2&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301655_1DZQZV6Z7ZOAU893W&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301446_1EN88Z1GJDY90F0IF&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301246_1WJH3TXXVOGBRWUGS&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301074_13X6HGWAR197W3ZYM&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301507_1JETHNZGWEYGZFF79&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.2kB
16
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.3kB
17
14

8.8.8.8:53

3.181.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

3.181.190.20.in-addr.arpa
8.8.8.8:53

202.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

202.135.221.88.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

304 B
355 B
4
2

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

settings-win.data.microsoft.com

DNS Request

settings-win.data.microsoft.com

DNS Request

settings-win.data.microsoft.com

DNS Response

4.231.128.59
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

146 B
147 B
2
1

DNS Request

158.240.127.40.in-addr.arpa

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

213 B
157 B
3
1

DNS Request

59.128.231.4.in-addr.arpa

DNS Request

59.128.231.4.in-addr.arpa

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

57.169.31.20.in-addr.arpa

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

40.134.221.88.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

40.134.221.88.in-addr.arpa

DNS Request

40.134.221.88.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

14.227.111.52.in-addr.arpa

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

100.5.17.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

100.5.17.2.in-addr.arpa
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

219.135.221.88.in-addr.arpa

dns

146 B
139 B
2
1

DNS Request

219.135.221.88.in-addr.arpa

DNS Request

219.135.221.88.in-addr.arpa
8.8.8.8:53

50.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

50.134.221.88.in-addr.arpa
8.8.8.8:53

232.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

232.135.221.88.in-addr.arpa
8.8.8.8:53

41.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

41.134.221.88.in-addr.arpa
8.8.8.8:53

9.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

9.173.189.20.in-addr.arpa
8.8.8.8:53

80.135.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

80.135.221.88.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4828-0-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/4828-1-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/4828-2-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/4828-5-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/4828-6-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/4828-7-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/4828-8-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/4828-9-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/4828-10-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/4828-11-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/4828-12-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/4828-13-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/4828-14-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/4828-15-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/4828-16-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/4828-17-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/4828-18-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/4828-19-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.