61f7de94de78e5f56bac7dc2ff6719fe7786d8acbbf5215aa18729f24a8cd0db

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 19:55 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

097ffcef08922f90e664c366679133aa.exe
Size

63KB
MD5

097ffcef08922f90e664c366679133aa
SHA1

3eba442bb42fe25153b96c5d1d91dc4bf23f89f3
SHA256

61f7de94de78e5f56bac7dc2ff6719fe7786d8acbbf5215aa18729f24a8cd0db
SHA512

3efc22eb8e3369e9676ad7f41e2e4d4b049fbf8557824d209a59d2e68b8c8a2a2b3d18a51b6f45f2f503dc2186345c71cda8efb304a131f5a1b909bd37a8c9aa
SSDEEP

1536:pY8KpQL5eYFGp+kOj+GyjBazkaskwkzLdtuFIoGBaXYEKG:EpQL5etrOyGaBazFsiz+NGBquG

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\twex.exe,"	097ffcef08922f90e664c366679133aa.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\twex.exe	097ffcef08922f90e664c366679133aa.exe
File created	C:\Windows\SysWOW64\twex.exe	097ffcef08922f90e664c366679133aa.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2148	097ffcef08922f90e664c366679133aa.exe
2148	097ffcef08922f90e664c366679133aa.exe
2148	097ffcef08922f90e664c366679133aa.exe
2148	097ffcef08922f90e664c366679133aa.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2148	097ffcef08922f90e664c366679133aa.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3
PID 2148 wrote to memory of 624	2148	097ffcef08922f90e664c366679133aa.exe	3

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:624

C:\Users\Admin\AppData\Local\Temp\097ffcef08922f90e664c366679133aa.exe
"C:\Users\Admin\AppData\Local\Temp\097ffcef08922f90e664c366679133aa.exe"
1⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2148

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

3.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.181.190.20.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8ac239962511421593be887fc14180a4&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8ac239962511421593be887fc14180a4&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0CA6273FF58160A81E6A34C6F43A6195; domain=.bing.com; expires=Sat, 25-Jan-2025 20:00:38 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7B6478D5599A42BB817D8B15A513095F Ref B: LON04EDGE0814 Ref C: 2024-01-01T20:00:38Z
date: Mon, 01 Jan 2024 20:00:38 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8ac239962511421593be887fc14180a4&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8ac239962511421593be887fc14180a4&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0CA6273FF58160A81E6A34C6F43A6195

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=81inzNhb120wQAbwyKDoAVwaPJ5LxghoAWig2jbhsTo; domain=.bing.com; expires=Sat, 25-Jan-2025 20:00:39 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 928330D56E9C417E8430833B980F432A Ref B: LON04EDGE0814 Ref C: 2024-01-01T20:00:39Z
date: Mon, 01 Jan 2024 20:00:39 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8ac239962511421593be887fc14180a4&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8ac239962511421593be887fc14180a4&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0CA6273FF58160A81E6A34C6F43A6195; MSPTC=81inzNhb120wQAbwyKDoAVwaPJ5LxghoAWig2jbhsTo

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 26DFD7AA842F43E8BBCAAC93B7C9E740 Ref B: LON04EDGE0814 Ref C: 2024-01-01T20:00:39Z
date: Mon, 01 Jan 2024 20:00:39 GMT
DNS

204.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

204.178.17.96.in-addr.arpa

IN PTR

Response

204.178.17.96.in-addr.arpa

IN PTR

a96-17-178-204deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

167.109.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.109.18.2.in-addr.arpa

IN PTR

Response

167.109.18.2.in-addr.arpa

IN PTR

a2-18-109-167deploystaticakamaitechnologiescom
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

57.110.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.110.18.2.in-addr.arpa

IN PTR

Response

57.110.18.2.in-addr.arpa

IN PTR

a2-18-110-57deploystaticakamaitechnologiescom
DNS

57.110.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.110.18.2.in-addr.arpa

IN PTR
DNS

57.110.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.110.18.2.in-addr.arpa

IN PTR
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

2.36.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.36.159.162.in-addr.arpa

IN PTR

Response
DNS

2.36.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.36.159.162.in-addr.arpa

IN PTR
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

23.160.77.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.160.77.104.in-addr.arpa

IN PTR

Response

23.160.77.104.in-addr.arpa

IN PTR

a104-77-160-23deploystaticakamaitechnologiescom
DNS

209.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.178.17.96.in-addr.arpa

IN PTR

Response

209.178.17.96.in-addr.arpa

IN PTR

a96-17-178-209deploystaticakamaitechnologiescom
DNS

30.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR

Response
DNS

183.1.37.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.1.37.23.in-addr.arpa

IN PTR

Response

183.1.37.23.in-addr.arpa

IN PTR

a23-37-1-183deploystaticakamaitechnologiescom
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

203.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.178.17.96.in-addr.arpa

IN PTR

Response

203.178.17.96.in-addr.arpa

IN PTR

a96-17-178-203deploystaticakamaitechnologiescom
DNS

59.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.179.17.96.in-addr.arpa

IN PTR

Response

59.179.17.96.in-addr.arpa

IN PTR

a96-17-179-59deploystaticakamaitechnologiescom
DNS

59.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.179.17.96.in-addr.arpa

IN PTR
DNS

59.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.179.17.96.in-addr.arpa

IN PTR
DNS

59.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.179.17.96.in-addr.arpa

IN PTR
DNS

28.160.77.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.160.77.104.in-addr.arpa

IN PTR

Response

28.160.77.104.in-addr.arpa

IN PTR

a104-77-160-28deploystaticakamaitechnologiescom
DNS

28.160.77.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.160.77.104.in-addr.arpa

IN PTR
DNS

28.160.77.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.160.77.104.in-addr.arpa

IN PTR
DNS

28.160.77.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.160.77.104.in-addr.arpa

IN PTR
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301232_1SUK3KC676MXT5G7N&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301232_1SUK3KC676MXT5G7N&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 342507
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 901235790BCF4B59A03CC9154A0EC2C6 Ref B: LON04EDGE1013 Ref C: 2024-01-01T20:02:24Z
date: Mon, 01 Jan 2024 20:02:23 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301527_1R0WB31C7EYYSTJK4&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301527_1R0WB31C7EYYSTJK4&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 297187
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F55D63FCEB534883B2AD3703A0BFA253 Ref B: LON04EDGE1013 Ref C: 2024-01-01T20:02:24Z
date: Mon, 01 Jan 2024 20:02:23 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301094_1ZX0523MAABCARXR5&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301094_1ZX0523MAABCARXR5&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 459590
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E5051ABAAD284CE1A9E02B4CD7C8CCE9 Ref B: LON04EDGE1013 Ref C: 2024-01-01T20:02:24Z
date: Mon, 01 Jan 2024 20:02:23 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301641_15XCVCUU89WZACE51&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301641_15XCVCUU89WZACE51&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 275490
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4193756A3CDE40C4A4808CDE6B643ABD Ref B: LON04EDGE1013 Ref C: 2024-01-01T20:02:24Z
date: Mon, 01 Jan 2024 20:02:23 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300897_1II1YIPQNQ7MCYUAK&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300897_1II1YIPQNQ7MCYUAK&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 268025
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9149A1243CA64CBFB837354AB3411AE4 Ref B: LON04EDGE1013 Ref C: 2024-01-01T20:02:24Z
date: Mon, 01 Jan 2024 20:02:24 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301330_16DHBP5UB5EI8DA4M&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301330_16DHBP5UB5EI8DA4M&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 193918
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6CEC1183AC9A476A8C5D2BDB5316503E Ref B: LON04EDGE1013 Ref C: 2024-01-01T20:02:36Z
date: Mon, 01 Jan 2024 20:02:35 GMT
DNS

89.16.208.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

89.16.208.104.in-addr.arpa

IN PTR

Response
DNS

89.16.208.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

89.16.208.104.in-addr.arpa

IN PTR

20.231.121.79:80

208 B
4
204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8ac239962511421593be887fc14180a4&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=

tls, http2

2.9kB
11.1kB
25
17

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8ac239962511421593be887fc14180a4&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8ac239962511421593be887fc14180a4&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8ac239962511421593be887fc14180a4&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=

HTTP Response

204
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301330_16DHBP5UB5EI8DA4M&pid=21.2&w=1080&h=1920&c=4

tls, http2

68.7kB
1.9MB
1412
1401

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301232_1SUK3KC676MXT5G7N&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301527_1R0WB31C7EYYSTJK4&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301094_1ZX0523MAABCARXR5&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301641_15XCVCUU89WZACE51&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300897_1II1YIPQNQ7MCYUAK&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301330_16DHBP5UB5EI8DA4M&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.8kB
10.0kB
19
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.8kB
10.0kB
19
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
589 B
11
8

8.8.8.8:53

g.bing.com

dns

112 B
158 B
2
1

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

3.181.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

3.181.190.20.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

204.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

204.178.17.96.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

167.109.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

167.109.18.2.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

57.110.18.2.in-addr.arpa

dns

210 B
133 B
3
1

DNS Request

57.110.18.2.in-addr.arpa

DNS Request

57.110.18.2.in-addr.arpa

DNS Request

57.110.18.2.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

216 B
158 B
3
1

DNS Request

241.154.82.20.in-addr.arpa

DNS Request

241.154.82.20.in-addr.arpa

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

2.36.159.162.in-addr.arpa

dns

142 B
133 B
2
1

DNS Request

2.36.159.162.in-addr.arpa

DNS Request

2.36.159.162.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

23.160.77.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

23.160.77.104.in-addr.arpa
8.8.8.8:53

209.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

209.178.17.96.in-addr.arpa
8.8.8.8:53

30.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

30.243.111.52.in-addr.arpa
8.8.8.8:53

183.1.37.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

183.1.37.23.in-addr.arpa
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

119.110.54.20.in-addr.arpa

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

203.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

203.178.17.96.in-addr.arpa
8.8.8.8:53

59.179.17.96.in-addr.arpa

dns

284 B
135 B
4
1

DNS Request

59.179.17.96.in-addr.arpa

DNS Request

59.179.17.96.in-addr.arpa

DNS Request

59.179.17.96.in-addr.arpa

DNS Request

59.179.17.96.in-addr.arpa
8.8.8.8:53

28.160.77.104.in-addr.arpa

dns

288 B
137 B
4
1

DNS Request

28.160.77.104.in-addr.arpa

DNS Request

28.160.77.104.in-addr.arpa

DNS Request

28.160.77.104.in-addr.arpa

DNS Request

28.160.77.104.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

89.16.208.104.in-addr.arpa

dns

144 B
146 B
2
1

DNS Request

89.16.208.104.in-addr.arpa

DNS Request

89.16.208.104.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/624-10-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/624-15-0x000000001F3A0000-0x000000001F3B7000-memory.dmp

Filesize
92KB

Download
memory/624-20-0x000000001F3C0000-0x000000001F3D7000-memory.dmp

Filesize
92KB

Download
memory/624-30-0x000000001F400000-0x000000001F417000-memory.dmp

Filesize
92KB

Download
memory/624-25-0x000000001F3E0000-0x000000001F3F7000-memory.dmp

Filesize
92KB

Download
memory/624-35-0x000000001F420000-0x000000001F437000-memory.dmp

Filesize
92KB

Download
memory/624-40-0x000000001F440000-0x000000001F457000-memory.dmp

Filesize
92KB

Download
memory/624-45-0x000000001F460000-0x000000001F477000-memory.dmp

Filesize
92KB

Download
memory/624-50-0x000000001F480000-0x000000001F497000-memory.dmp

Filesize
92KB

Download
memory/624-55-0x000000001F4A0000-0x000000001F4B7000-memory.dmp

Filesize
92KB

Download
memory/624-65-0x000000001F4E0000-0x000000001F4F7000-memory.dmp

Filesize
92KB

Download
memory/624-70-0x000000001F500000-0x000000001F517000-memory.dmp

Filesize
92KB

Download
memory/624-75-0x000000001F520000-0x000000001F537000-memory.dmp

Filesize
92KB

Download
memory/624-80-0x000000001F540000-0x000000001F557000-memory.dmp

Filesize
92KB

Download
memory/624-90-0x000000001F580000-0x000000001F597000-memory.dmp

Filesize
92KB

Download
memory/624-85-0x000000001F560000-0x000000001F577000-memory.dmp

Filesize
92KB

Download
memory/624-60-0x000000001F4C0000-0x000000001F4D7000-memory.dmp

Filesize
92KB

Download
memory/624-100-0x000000001F5C0000-0x000000001F5D7000-memory.dmp

Filesize
92KB

Download
memory/624-110-0x000000001F600000-0x000000001F617000-memory.dmp

Filesize
92KB

Download
memory/624-115-0x000000001F620000-0x000000001F637000-memory.dmp

Filesize
92KB

Download
memory/624-120-0x000000001F640000-0x000000001F657000-memory.dmp

Filesize
92KB

Download
memory/624-130-0x000000001F680000-0x000000001F697000-memory.dmp

Filesize
92KB

Download
memory/624-135-0x000000001F6A0000-0x000000001F6B7000-memory.dmp

Filesize
92KB

Download
memory/624-145-0x000000001F6E0000-0x000000001F6F7000-memory.dmp

Filesize
92KB

Download
memory/624-140-0x000000001F6C0000-0x000000001F6D7000-memory.dmp

Filesize
92KB

Download
memory/624-125-0x000000001F660000-0x000000001F677000-memory.dmp

Filesize
92KB

Download
memory/624-150-0x000000001F700000-0x000000001F717000-memory.dmp

Filesize
92KB

Download
memory/624-160-0x000000001F740000-0x000000001F757000-memory.dmp

Filesize
92KB

Download
memory/624-165-0x000000001F760000-0x000000001F777000-memory.dmp

Filesize
92KB

Download
memory/624-175-0x000000001F7A0000-0x000000001F7B7000-memory.dmp

Filesize
92KB

Download
memory/624-180-0x000000001F7C0000-0x000000001F7D7000-memory.dmp

Filesize
92KB

Download
memory/624-190-0x000000001F800000-0x000000001F817000-memory.dmp

Filesize
92KB

Download
memory/624-195-0x000000001F820000-0x000000001F837000-memory.dmp

Filesize
92KB

Download
memory/624-200-0x000000001F840000-0x000000001F857000-memory.dmp

Filesize
92KB

Download
memory/624-205-0x000000001F860000-0x000000001F877000-memory.dmp

Filesize
92KB

Download
memory/624-185-0x000000001F7E0000-0x000000001F7F7000-memory.dmp

Filesize
92KB

Download
memory/624-210-0x000000001F880000-0x000000001F897000-memory.dmp

Filesize
92KB

Download
memory/624-215-0x000000001F8A0000-0x000000001F8B7000-memory.dmp

Filesize
92KB

Download
memory/624-220-0x000000001F8C0000-0x000000001F8D7000-memory.dmp

Filesize
92KB

Download
memory/624-170-0x000000001F780000-0x000000001F797000-memory.dmp

Filesize
92KB

Download
memory/624-230-0x000000001F900000-0x000000001F917000-memory.dmp

Filesize
92KB

Download
memory/624-235-0x000000001F920000-0x000000001F937000-memory.dmp

Filesize
92KB

Download
memory/624-245-0x000000001F960000-0x000000001F977000-memory.dmp

Filesize
92KB

Download
memory/624-250-0x000000001F980000-0x000000001F997000-memory.dmp

Filesize
92KB

Download
memory/624-255-0x000000001F9A0000-0x000000001F9B7000-memory.dmp

Filesize
92KB

Download
memory/624-240-0x000000001F940000-0x000000001F957000-memory.dmp

Filesize
92KB

Download
memory/624-265-0x000000001F9E0000-0x000000001F9F7000-memory.dmp

Filesize
92KB

Download
memory/624-270-0x000000001FA00000-0x000000001FA17000-memory.dmp

Filesize
92KB

Download
memory/624-275-0x000000001FA20000-0x000000001FA37000-memory.dmp

Filesize
92KB

Download
memory/624-285-0x000000001FA60000-0x000000001FA77000-memory.dmp

Filesize
92KB

Download
memory/624-290-0x000000001FA80000-0x000000001FA97000-memory.dmp

Filesize
92KB

Download
memory/624-300-0x000000001FAC0000-0x000000001FAD7000-memory.dmp

Filesize
92KB

Download
memory/624-305-0x000000001FAE0000-0x000000001FAF7000-memory.dmp

Filesize
92KB

Download
memory/624-310-0x000000001FB00000-0x000000001FB17000-memory.dmp

Filesize
92KB

Download
memory/624-295-0x000000001FAA0000-0x000000001FAB7000-memory.dmp

Filesize
92KB

Download
memory/624-280-0x000000001FA40000-0x000000001FA57000-memory.dmp

Filesize
92KB

Download
memory/624-260-0x000000001F9C0000-0x000000001F9D7000-memory.dmp

Filesize
92KB

Download
memory/624-320-0x000000001FB40000-0x000000001FB57000-memory.dmp

Filesize
92KB

Download
memory/624-325-0x000000001FB60000-0x000000001FB77000-memory.dmp

Filesize
92KB

Download
memory/624-315-0x000000001FB20000-0x000000001FB37000-memory.dmp

Filesize
92KB

Download
memory/624-225-0x000000001F8E0000-0x000000001F8F7000-memory.dmp

Filesize
92KB

Download
memory/624-155-0x000000001F720000-0x000000001F737000-memory.dmp

Filesize
92KB

Download
memory/624-105-0x000000001F5E0000-0x000000001F5F7000-memory.dmp

Filesize
92KB

Download
memory/624-95-0x000000001F5A0000-0x000000001F5B7000-memory.dmp

Filesize
92KB

Download
memory/2148-0-0x0000000000680000-0x0000000000691000-memory.dmp

Filesize
68KB

Download
memory/2148-1-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.