Analysis

  • max time kernel
    124s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 00:17 UTC

General

  • Target

    MyPigPrincess.exe

  • Size

    269KB

  • MD5

    0abede34f4b18049c4dc7bddb9bb0080

  • SHA1

    d6bfb7ea85482b345499cefd4e41cd7ce604637c

  • SHA256

    1648038fd245e6039979f6488029d56b06520d728a237af9ad471ee9d6189c3e

  • SHA512

    a4b172d1b3d9e8e5f3aabb5208066c30c03943b7bebfe3c759fc6c6592eca7273f9cec675bb603f6aeef5ff058a4ea4a34ef9ecd4485caeaeef9eb6d5d61cea3

  • SSDEEP

    6144:AnAlOPl7hWKsmMrDZ6UhukTUG3EEXMsWtvV2j9OAq8ecUxILImQG8j:YrlNWKsmMrDZ6UhukTUG3EEXMsWtvV2s

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MyPigPrincess.exe
    "C:\Users\Admin\AppData\Local\Temp\MyPigPrincess.exe"
    1⤵
      PID:1876
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3748
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\Opened.docx" /o ""
      1⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:4696
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:412

      Network

      • flag-us
        DNS
        73.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        73.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        73.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        73.159.190.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        107.135.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        107.135.221.88.in-addr.arpa
        IN PTR
        Response
        107.135.221.88.in-addr.arpa
        IN PTR
        a88-221-135-107deploystaticakamaitechnologiescom
      • flag-us
        DNS
        43.58.199.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        43.58.199.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        41.110.16.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        41.110.16.96.in-addr.arpa
        IN PTR
        Response
        41.110.16.96.in-addr.arpa
        IN PTR
        a96-16-110-41deploystaticakamaitechnologiescom
      • flag-us
        DNS
        146.78.124.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        146.78.124.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        103.169.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        103.169.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        103.169.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        103.169.127.40.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        15.164.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        15.164.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        18.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.134.221.88.in-addr.arpa
        IN PTR
        Response
        18.134.221.88.in-addr.arpa
        IN PTR
        a88-221-134-18deploystaticakamaitechnologiescom
      • flag-us
        DNS
        114.110.16.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        114.110.16.96.in-addr.arpa
        IN PTR
        Response
        114.110.16.96.in-addr.arpa
        IN PTR
        a96-16-110-114deploystaticakamaitechnologiescom
      • flag-us
        DNS
        130.238.56.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        130.238.56.23.in-addr.arpa
        IN PTR
        Response
        130.238.56.23.in-addr.arpa
        IN PTR
        a23-56-238-130deploystaticakamaitechnologiescom
      • flag-us
        DNS
        29.243.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        29.243.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        97.32.109.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        97.32.109.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        88.65.42.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        88.65.42.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        205.47.74.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        205.47.74.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340418544_1U65HGUXV07UFEU5B&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239340418544_1U65HGUXV07UFEU5B&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 506638
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: FEE183B90A854C579F5AF200746C8A2A Ref B: LON04EDGE0918 Ref C: 2024-01-12T00:19:33Z
        date: Fri, 12 Jan 2024 00:19:32 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301580_1F1XSUIT7JJ8XLYPA&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301580_1F1XSUIT7JJ8XLYPA&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 582460
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 852D5D291E7B4DC39D0468A7E7FD4490 Ref B: LON04EDGE0918 Ref C: 2024-01-12T00:19:33Z
        date: Fri, 12 Jan 2024 00:19:32 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301255_1JJTCDF3S80817GOI&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301255_1JJTCDF3S80817GOI&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 205233
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 513ACE35E9B04A8997103960A1DD0655 Ref B: LON04EDGE0918 Ref C: 2024-01-12T00:19:33Z
        date: Fri, 12 Jan 2024 00:19:32 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301664_1DL2E71ET3JINATLK&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301664_1DL2E71ET3JINATLK&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 541836
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 2D7914EC13464666B50B031B731F00A1 Ref B: LON04EDGE0918 Ref C: 2024-01-12T00:19:33Z
        date: Fri, 12 Jan 2024 00:19:33 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301171_1NGPNIQ68LQQ3GSOB&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301171_1NGPNIQ68LQQ3GSOB&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 208770
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 45409B25563B48AF80955B4764269FDC Ref B: LON04EDGE0918 Ref C: 2024-01-12T00:19:34Z
        date: Fri, 12 Jan 2024 00:19:33 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340418543_1PQIQEA9PYCCTOZ9T&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239340418543_1PQIQEA9PYCCTOZ9T&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 490296
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 0395E4EBD30C46FB81D2CB4AD81DF1FE Ref B: LON04EDGE0918 Ref C: 2024-01-12T00:19:35Z
        date: Fri, 12 Jan 2024 00:19:34 GMT
      • flag-us
        DNS
        200.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.197.79.204.in-addr.arpa
        IN PTR
        Response
        200.197.79.204.in-addr.arpa
        IN PTR
        a-0001a-msedgenet
      • flag-us
        DNS
        200.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.197.79.204.in-addr.arpa
        IN PTR
        Response
        200.197.79.204.in-addr.arpa
        IN PTR
        a-0001a-msedgenet
      • flag-us
        DNS
        81.171.91.138.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        81.171.91.138.in-addr.arpa
        IN PTR
        Response
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.7kB
        8.2kB
        18
        13
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.5kB
        10.6kB
        18
        15
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.5kB
        8.4kB
        18
        15
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.7kB
        9.1kB
        18
        13
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239340418543_1PQIQEA9PYCCTOZ9T&pid=21.2&w=1080&h=1920&c=4
        tls, http2
        95.0kB
        2.6MB
        1921
        1913

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340418544_1U65HGUXV07UFEU5B&pid=21.2&w=1920&h=1080&c=4

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301580_1F1XSUIT7JJ8XLYPA&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301255_1JJTCDF3S80817GOI&pid=21.2&w=1920&h=1080&c=4

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301664_1DL2E71ET3JINATLK&pid=21.2&w=1080&h=1920&c=4

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301171_1NGPNIQ68LQQ3GSOB&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340418543_1PQIQEA9PYCCTOZ9T&pid=21.2&w=1080&h=1920&c=4

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200
      • 8.8.8.8:53
        73.159.190.20.in-addr.arpa
        dns
        144 B
        158 B
        2
        1

        DNS Request

        73.159.190.20.in-addr.arpa

        DNS Request

        73.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
        144 B
        1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        241.154.82.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        241.154.82.20.in-addr.arpa

      • 8.8.8.8:53
        107.135.221.88.in-addr.arpa
        dns
        73 B
        139 B
        1
        1

        DNS Request

        107.135.221.88.in-addr.arpa

      • 8.8.8.8:53
        43.58.199.20.in-addr.arpa
        dns
        71 B
        157 B
        1
        1

        DNS Request

        43.58.199.20.in-addr.arpa

      • 8.8.8.8:53
        41.110.16.96.in-addr.arpa
        dns
        71 B
        135 B
        1
        1

        DNS Request

        41.110.16.96.in-addr.arpa

      • 8.8.8.8:53
        146.78.124.51.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        146.78.124.51.in-addr.arpa

      • 8.8.8.8:53
        103.169.127.40.in-addr.arpa
        dns
        146 B
        147 B
        2
        1

        DNS Request

        103.169.127.40.in-addr.arpa

        DNS Request

        103.169.127.40.in-addr.arpa

      • 8.8.8.8:53
        15.164.165.52.in-addr.arpa
        dns
        72 B
        146 B
        1
        1

        DNS Request

        15.164.165.52.in-addr.arpa

      • 8.8.8.8:53
        18.134.221.88.in-addr.arpa
        dns
        72 B
        137 B
        1
        1

        DNS Request

        18.134.221.88.in-addr.arpa

      • 8.8.8.8:53
        114.110.16.96.in-addr.arpa
        dns
        72 B
        137 B
        1
        1

        DNS Request

        114.110.16.96.in-addr.arpa

      • 8.8.8.8:53
        130.238.56.23.in-addr.arpa
        dns
        72 B
        137 B
        1
        1

        DNS Request

        130.238.56.23.in-addr.arpa

      • 8.8.8.8:53
        29.243.111.52.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        29.243.111.52.in-addr.arpa

      • 8.8.8.8:53
        97.32.109.52.in-addr.arpa
        dns
        71 B
        145 B
        1
        1

        DNS Request

        97.32.109.52.in-addr.arpa

      • 8.8.8.8:53
        88.65.42.20.in-addr.arpa
        dns
        70 B
        156 B
        1
        1

        DNS Request

        88.65.42.20.in-addr.arpa

      • 8.8.8.8:53
        205.47.74.20.in-addr.arpa
        dns
        71 B
        157 B
        1
        1

        DNS Request

        205.47.74.20.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        124 B
        346 B
        2
        2

        DNS Request

        tse1.mm.bing.net

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        200.197.79.204.in-addr.arpa
        dns
        146 B
        212 B
        2
        2

        DNS Request

        200.197.79.204.in-addr.arpa

        DNS Request

        200.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        81.171.91.138.in-addr.arpa
        dns
        72 B
        146 B
        1
        1

        DNS Request

        81.171.91.138.in-addr.arpa

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

        Filesize

        202B

        MD5

        dd0c1d22223d8d0e4e271a25a6576eb5

        SHA1

        24db1209d718bd8eb443da6eec2ee28d39aaecd8

        SHA256

        c5b636a315f8af0aac9068a2517dbb1fe136a77b9baefd12af102e65b28a13e2

        SHA512

        fe7568b22218c10b268c115f2209ffa8282777e354a9ce0980857879c0364f005fb6af69627e95286a8229191d34e97479498986c657c6d4a394e54731653195

      • memory/1876-0-0x0000000140000000-0x000000014004B000-memory.dmp

        Filesize

        300KB

      • memory/3748-1-0x0000025D2F8A0000-0x0000025D2F8B0000-memory.dmp

        Filesize

        64KB

      • memory/3748-17-0x0000025D2F9A0000-0x0000025D2F9B0000-memory.dmp

        Filesize

        64KB

      • memory/3748-33-0x0000025D37D10000-0x0000025D37D11000-memory.dmp

        Filesize

        4KB

      • memory/3748-35-0x0000025D37D30000-0x0000025D37D31000-memory.dmp

        Filesize

        4KB

      • memory/3748-36-0x0000025D37D30000-0x0000025D37D31000-memory.dmp

        Filesize

        4KB

      • memory/3748-37-0x0000025D37D40000-0x0000025D37D41000-memory.dmp

        Filesize

        4KB

      • memory/4696-41-0x00007FFC24D90000-0x00007FFC24DA0000-memory.dmp

        Filesize

        64KB

      • memory/4696-52-0x00007FFC22430000-0x00007FFC22440000-memory.dmp

        Filesize

        64KB

      • memory/4696-40-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      • memory/4696-43-0x00007FFC24D90000-0x00007FFC24DA0000-memory.dmp

        Filesize

        64KB

      • memory/4696-42-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      • memory/4696-45-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      • memory/4696-44-0x00007FFC24D90000-0x00007FFC24DA0000-memory.dmp

        Filesize

        64KB

      • memory/4696-46-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      • memory/4696-47-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      • memory/4696-48-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      • memory/4696-49-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      • memory/4696-50-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      • memory/4696-51-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      • memory/4696-39-0x00007FFC24D90000-0x00007FFC24DA0000-memory.dmp

        Filesize

        64KB

      • memory/4696-53-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      • memory/4696-54-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      • memory/4696-55-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      • memory/4696-56-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      • memory/4696-57-0x00007FFC22430000-0x00007FFC22440000-memory.dmp

        Filesize

        64KB

      • memory/4696-38-0x00007FFC24D90000-0x00007FFC24DA0000-memory.dmp

        Filesize

        64KB

      • memory/4696-95-0x00007FFC24D90000-0x00007FFC24DA0000-memory.dmp

        Filesize

        64KB

      • memory/4696-94-0x00007FFC24D90000-0x00007FFC24DA0000-memory.dmp

        Filesize

        64KB

      • memory/4696-98-0x00007FFC24D90000-0x00007FFC24DA0000-memory.dmp

        Filesize

        64KB

      • memory/4696-96-0x00007FFC24D90000-0x00007FFC24DA0000-memory.dmp

        Filesize

        64KB

      • memory/4696-97-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      • memory/4696-99-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      • memory/4696-100-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      • memory/4696-101-0x00007FFC64D10000-0x00007FFC64F05000-memory.dmp

        Filesize

        2.0MB

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.