Overview

overview

1

Static

static

1

ea00be41a5...3.xlam

windows7-x64

1

ea00be41a5...3.xlam

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 08:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea00be41a562eaec6b2038569a26800fc79e9b827a52acafd741bec87d0de533.xlam

  • Size

    585KB

  • MD5

    a3a01d6973697c2ed8010bbb2e7e43b9

  • SHA1

    76299e5d95accbbfa6bc707b2941730a941f4cdd

  • SHA256

    ea00be41a562eaec6b2038569a26800fc79e9b827a52acafd741bec87d0de533

  • SHA512

    e4146dd96d94aefbd622e5e084e4bae62031eb80322c336aa53e0c2f36529bb0b726a50b78180be4e4a37332922bcaa38c77a6c9186c488408cafeb78394e4fe

  • SSDEEP

    12288:FpLgIj2FrDERKRnqvILuEcsmz94Tx9n9Tm4jl3DPLBvd0fna8:Dg+2xDERKxqam94Tx9n9djlzPLtufna8

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\ea00be41a562eaec6b2038569a26800fc79e9b827a52acafd741bec87d0de533.xlam"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3364

Network

  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    71.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
    Response
    180.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-180deploystaticakamaitechnologiescom
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    46.28.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    46.28.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2aa700ec781c47699745ec82deaf3f88&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2aa700ec781c47699745ec82deaf3f88&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=3636C048CC3D64E138A6D476CD86658E; domain=.bing.com; expires=Fri, 04-Apr-2025 08:28:48 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8C599F41D7824E629427BC0E3A29BB97 Ref B: LON04EDGE0917 Ref C: 2024-03-10T08:28:48Z
    date: Sun, 10 Mar 2024 08:28:47 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=2aa700ec781c47699745ec82deaf3f88&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=2aa700ec781c47699745ec82deaf3f88&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=3636C048CC3D64E138A6D476CD86658E
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=LeTTLdkZ30vuR2_6eBoyPghe9KoWfeSzqK-XE3NvJQU; domain=.bing.com; expires=Fri, 04-Apr-2025 08:28:48 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 66B43722B06142EEA7BAF1FC93CCBB3B Ref B: LON04EDGE0917 Ref C: 2024-03-10T08:28:48Z
    date: Sun, 10 Mar 2024 08:28:47 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2aa700ec781c47699745ec82deaf3f88&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2aa700ec781c47699745ec82deaf3f88&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=3636C048CC3D64E138A6D476CD86658E; MSPTC=LeTTLdkZ30vuR2_6eBoyPghe9KoWfeSzqK-XE3NvJQU
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: FE507614C0634717802CCE6B23A36FAB Ref B: LON04EDGE0917 Ref C: 2024-03-10T08:28:48Z
    date: Sun, 10 Mar 2024 08:28:47 GMT
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.73.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.73.42.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.241.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.241.123.92.in-addr.arpa
    IN PTR
    Response
    104.241.123.92.in-addr.arpa
    IN PTR
    a92-123-241-104deploystaticakamaitechnologiescom
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    174.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    174.178.17.96.in-addr.arpa
    IN PTR
    Response
    174.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-174deploystaticakamaitechnologiescom
  • flag-us
    DNS
    42.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    42.134.221.88.in-addr.arpa
    IN PTR
    Response
    42.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-42deploystaticakamaitechnologiescom
  • flag-us
    DNS
    0.204.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.204.248.87.in-addr.arpa
    IN PTR
    Response
    0.204.248.87.in-addr.arpa
    IN PTR
    https-87-248-204-0lhrllnwnet
  • flag-us
    DNS
    194.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.178.17.96.in-addr.arpa
    IN PTR
    Response
    194.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-194deploystaticakamaitechnologiescom
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    29.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301250_1MLG2SHGO160JKUMX&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301250_1MLG2SHGO160JKUMX&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 354441
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E8A198C72CAC4DFDBBDCEA13FA13EA33 Ref B: LON04EDGE0918 Ref C: 2024-03-10T08:30:25Z
    date: Sun, 10 Mar 2024 08:30:24 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301209_1YG8XJG78E6WL3S49&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301209_1YG8XJG78E6WL3S49&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 482655
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 262644C1AD144E7CABEBCD3A04EAD693 Ref B: LON04EDGE0918 Ref C: 2024-03-10T08:30:25Z
    date: Sun, 10 Mar 2024 08:30:24 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301659_1X4L46L6ILPPQI95F&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301659_1X4L46L6ILPPQI95F&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 335949
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 6C00C6F4E73C4D1AB5CCF8015D44EFA1 Ref B: LON04EDGE0918 Ref C: 2024-03-10T08:30:25Z
    date: Sun, 10 Mar 2024 08:30:24 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388093_1MGPNJH4UKSBANRNK&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239339388093_1MGPNJH4UKSBANRNK&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 448039
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: ED6D1F31804D42B5814FB18DED4B75B3 Ref B: LON04EDGE0918 Ref C: 2024-03-10T08:30:25Z
    date: Sun, 10 Mar 2024 08:30:24 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388094_13CVUFFEVHOS666S0&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239339388094_13CVUFFEVHOS666S0&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301618_18EK60OU3ULIWMD9V&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301618_18EK60OU3ULIWMD9V&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    176.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    176.178.17.96.in-addr.arpa
    IN PTR
    Response
    176.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-176deploystaticakamaitechnologiescom
  • flag-us
    DNS
    25.73.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    25.73.42.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    25.73.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    25.73.42.20.in-addr.arpa
    IN PTR
  • 138.91.171.81:80
    104 B
     2
  • 204.79.197.200:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2aa700ec781c47699745ec82deaf3f88&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=
    tls, http2
    2.5kB
     10.6kB
     24
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2aa700ec781c47699745ec82deaf3f88&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=2aa700ec781c47699745ec82deaf3f88&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2aa700ec781c47699745ec82deaf3f88&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

    HTTP Response

    204
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
     8.3kB
     18
    16
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
     8.0kB
     15
    12
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301618_18EK60OU3ULIWMD9V&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    48.1kB
     1.3MB
     995
    990

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301250_1MLG2SHGO160JKUMX&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301209_1YG8XJG78E6WL3S49&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301659_1X4L46L6ILPPQI95F&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388093_1MGPNJH4UKSBANRNK&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388094_13CVUFFEVHOS666S0&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301618_18EK60OU3ULIWMD9V&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
     8.1kB
     16
    13
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.7kB
     8.0kB
     16
    11
  • 96.17.178.176:80
  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    146 B
     147 B
     2
    1

    DNS Request

    149.220.183.52.in-addr.arpa

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    71.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    71.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    180.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    180.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    46.28.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    46.28.109.52.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     158 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    28.73.42.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    28.73.42.20.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    104.241.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    104.241.123.92.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    174.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    174.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    42.134.221.88.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    42.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    0.204.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.204.248.87.in-addr.arpa

  • 8.8.8.8:53
    194.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    194.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    48.229.111.52.in-addr.arpa

    DNS Request

    48.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    29.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    29.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    176.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    176.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    25.73.42.20.in-addr.arpa
    dns
    140 B
     156 B
     2
    1

    DNS Request

    25.73.42.20.in-addr.arpa

    DNS Request

    25.73.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3364-0-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3364-1-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3364-2-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3364-4-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3364-6-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3364-5-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3364-7-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3364-8-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3364-3-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3364-9-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3364-10-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3364-12-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3364-13-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3364-11-0x00007FFAA0210000-0x00007FFAA0220000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3364-14-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3364-15-0x00007FFAA0210000-0x00007FFAA0220000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3364-16-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3364-24-0x0000015AC5EC0000-0x0000015AC66C0000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/3364-25-0x0000015ACAF00000-0x0000015ACB100000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3364-38-0x0000015AC5EC0000-0x0000015AC66C0000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/3364-43-0x0000015AD0A50000-0x0000015AD1A20000-memory.dmp

    Filesize

    15.8MB

    Download

  • memory/3364-46-0x0000015AC5EC0000-0x0000015AC66C0000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/3364-70-0x0000015AD0A50000-0x0000015AD1A20000-memory.dmp

    Filesize

    15.8MB

    Download

  • memory/3364-77-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3364-78-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3364-81-0x0000015AC5EC0000-0x0000015AC66C0000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/3364-82-0x0000015ACAF00000-0x0000015ACB100000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3364-83-0x0000015AC5EC0000-0x0000015AC66C0000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/3364-84-0x0000015AD0A50000-0x0000015AD1A20000-memory.dmp

    Filesize

    15.8MB

    Download

  • memory/3364-85-0x0000015AC5EC0000-0x0000015AC66C0000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/3364-86-0x0000015AD0A50000-0x0000015AD1A20000-memory.dmp

    Filesize

    15.8MB

    Download

  • memory/3364-99-0x0000015AC5EC0000-0x0000015AC66C0000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/3364-110-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3364-111-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3364-112-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3364-113-0x00007FFAA26F0000-0x00007FFAA2700000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3364-114-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3364-115-0x00007FFAE2670000-0x00007FFAE2865000-memory.dmp

    Filesize

    2.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.