strrat | 577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 19:46 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a.jar
Size

269KB
MD5

829d44fb0c9719389cc4a191713e2a8b
SHA1

261eeaf23d8aadcdbb460eb78b6d37128b948762
SHA256

577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a
SHA512

f2879605b296203b5d852a5f75705a25d8577a788981a5353f7ae45d1eb58773462413893be7ca1a5bb2cdf95a966591e849d8146e388a8cb9cb512bd09ca330
SSDEEP

3072:UN8T+EmCfoDab3nBKuUILo4pnl6nGJ8Op6weJ1C6bO3DMAuHNJjiKgPnq5:UCiEmCgDat0KnEne8UW1wzMAmuK3

Score

10^/10

strrat stealer trojan

Malware Config

Extracted

Family

strrat

lozado.duia.ro:9553

pingyoung.duckdns.org:9553

Attributes

license_id
MB4Q-SLG2-7HDN-EM52-K3JL
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
false
secondary_startup
true
startup
false

Signatures

STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
trojan stealer strrat

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a.jar	java.exe

Loads dropped DLL 1 IoCs

pid	Process
736	java.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 688	1192	java.exe	95
PID 1192 wrote to memory of 688	1192	java.exe	95
PID 688 wrote to memory of 736	688	java.exe	97
PID 688 wrote to memory of 736	688	java.exe	97

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Program Files\Java\jre-1.8\bin\java.exe
  "C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a.jar"
  2⤵
  - Drops startup file
  - Suspicious use of WriteProcessMemory
  PID:688
- - C:\Program Files\Java\jre-1.8\bin\java.exe
    "C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\AppData\Roaming\577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a.jar"
    3⤵
    - Loads dropped DLL
    PID:736

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

73.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.144.22.2.in-addr.arpa

IN PTR

Response

73.144.22.2.in-addr.arpa

IN PTR

a2-22-144-73deploystaticakamaitechnologiescom
DNS

repo1.maven.org

java.exe

Remote address:

8.8.8.8:53

Request

repo1.maven.org

IN A

Response

repo1.maven.org

IN CNAME

dualstack.sonatype.map.fastly.net

dualstack.sonatype.map.fastly.net

IN A

199.232.192.209

dualstack.sonatype.map.fastly.net

IN A

199.232.196.209
DNS

github.com

java.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

objects.githubusercontent.com

java.exe

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN A

Response

objects.githubusercontent.com

IN A

185.199.111.133

objects.githubusercontent.com

IN A

185.199.110.133

objects.githubusercontent.com

IN A

185.199.109.133

objects.githubusercontent.com

IN A

185.199.108.133
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e6f8354e9ff4ebca6bb6bede9928a34&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e6f8354e9ff4ebca6bb6bede9928a34&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0DC45439E22262AF249C40D9E3C26365; domain=.bing.com; expires=Sat, 13-Sep-2025 19:46:33 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3BF78E0A7CD441A3A1FB59732FDD86BE Ref B: LON04EDGE1017 Ref C: 2024-08-19T19:46:33Z
date: Mon, 19 Aug 2024 19:46:33 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0e6f8354e9ff4ebca6bb6bede9928a34&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0e6f8354e9ff4ebca6bb6bede9928a34&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0DC45439E22262AF249C40D9E3C26365

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=10pWmuqv7LdR2BT5hsmOnt0xl7-ymXudcMW02nogW-g; domain=.bing.com; expires=Sat, 13-Sep-2025 19:46:33 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F7B2B75EA75341B8BF8D95F3BB66D205 Ref B: LON04EDGE1017 Ref C: 2024-08-19T19:46:33Z
date: Mon, 19 Aug 2024 19:46:33 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e6f8354e9ff4ebca6bb6bede9928a34&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e6f8354e9ff4ebca6bb6bede9928a34&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0DC45439E22262AF249C40D9E3C26365; MSPTC=10pWmuqv7LdR2BT5hsmOnt0xl7-ymXudcMW02nogW-g

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 75E3976A06364BE39AD4AAC6290C5FAB Ref B: LON04EDGE1017 Ref C: 2024-08-19T19:46:34Z
date: Mon, 19 Aug 2024 19:46:33 GMT
DNS

209.192.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.192.232.199.in-addr.arpa

IN PTR

Response
DNS

215.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.156.26.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

4.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.181.190.20.in-addr.arpa

IN PTR

Response
DNS

133.111.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.111.199.185.in-addr.arpa

IN PTR

Response

133.111.199.185.in-addr.arpa

IN PTR

cdn-185-199-111-133githubcom
DNS

133.111.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.111.199.185.in-addr.arpa

IN PTR
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

lozado.duia.ro

java.exe

Remote address:

8.8.8.8:53

Request

lozado.duia.ro

IN A

Response

lozado.duia.ro

IN A

94.156.68.72
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

pingyoung.duckdns.org

java.exe

Remote address:

8.8.8.8:53

Request

pingyoung.duckdns.org

IN A

Response

pingyoung.duckdns.org

IN A

94.156.68.72
DNS

pingyoung.duckdns.org

java.exe

Remote address:

8.8.8.8:53

Request

pingyoung.duckdns.org

IN A

Response

pingyoung.duckdns.org

IN A

94.156.68.72
DNS

pingyoung.duckdns.org

java.exe

Remote address:

8.8.8.8:53

Request

pingyoung.duckdns.org

IN A

Response

pingyoung.duckdns.org

IN A

94.156.68.72
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

34.58.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.58.20.217.in-addr.arpa

IN PTR

Response
DNS

101.58.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

101.58.20.217.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

lozado.duia.ro

java.exe

Remote address:

8.8.8.8:53

Request

lozado.duia.ro

IN A

Response

lozado.duia.ro

IN A

94.156.68.72
DNS

pingyoung.duckdns.org

java.exe

Remote address:

8.8.8.8:53

Request

pingyoung.duckdns.org

IN A

Response

pingyoung.duckdns.org

IN A

94.156.68.72
DNS

pingyoung.duckdns.org

java.exe

Remote address:

8.8.8.8:53

Request

pingyoung.duckdns.org

IN A

Response
DNS

pingyoung.duckdns.org

java.exe

Remote address:

8.8.8.8:53

Request

pingyoung.duckdns.org

IN A

Response
DNS

pingyoung.duckdns.org

java.exe

Remote address:

8.8.8.8:53

Request

pingyoung.duckdns.org

IN A

Response
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR

Response

81.144.22.2.in-addr.arpa

IN PTR

a2-22-144-81deploystaticakamaitechnologiescom
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360264545_1QMDV0ZFDT4MYHVM6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360264545_1QMDV0ZFDT4MYHVM6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 727780
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B5CD1507FD604496B741B7054CE61BA4 Ref B: LON04EDGE0916 Ref C: 2024-08-19T19:48:11Z
date: Mon, 19 Aug 2024 19:48:11 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301659_1X4L46L6ILPPQI95F&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301659_1X4L46L6ILPPQI95F&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 845518
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6F2EAA1AEDFA4654BDD35BEA9819C6A3 Ref B: LON04EDGE0916 Ref C: 2024-08-19T19:48:11Z
date: Mon, 19 Aug 2024 19:48:11 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360264546_1VIJ7TSH89LPKUMDM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360264546_1VIJ7TSH89LPKUMDM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 675736
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5127804E64234CC484D7334D0E53BF8E Ref B: LON04EDGE0916 Ref C: 2024-08-19T19:48:11Z
date: Mon, 19 Aug 2024 19:48:11 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301250_1MLG2SHGO160JKUMX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301250_1MLG2SHGO160JKUMX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 553950
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 15D21F44396E43659E10DF03DE7E1457 Ref B: LON04EDGE0916 Ref C: 2024-08-19T19:48:11Z
date: Mon, 19 Aug 2024 19:48:11 GMT
DNS

10.28.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.28.171.150.in-addr.arpa

IN PTR

Response

199.232.192.209:443

repo1.maven.org

tls

java.exe

33.8kB
1.6MB
676
1124
20.26.156.215:443

github.com

tls

java.exe

1.4kB
8.4kB
16
15
199.232.192.209:443

repo1.maven.org

tls

java.exe

85.3kB
4.5MB
1780
3203
199.232.192.209:443

repo1.maven.org

tls

java.exe

54.4kB
2.8MB
1125
1992
185.199.111.133:443

objects.githubusercontent.com

tls

java.exe

21.1kB
822.2kB
397
597
204.79.197.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e6f8354e9ff4ebca6bb6bede9928a34&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=

tls, http2

2.0kB
9.3kB
21
18

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e6f8354e9ff4ebca6bb6bede9928a34&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0e6f8354e9ff4ebca6bb6bede9928a34&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e6f8354e9ff4ebca6bb6bede9928a34&localId=w:46BA0F9A-9D8F-F2F0-D464-1297A0CDD8CE&deviceId=6825833576093963&anid=

HTTP Response

204
94.156.68.72:9553

lozado.duia.ro

java.exe

260 B
200 B
5
5
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
200 B
5
5
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
200 B
5
5
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
200 B
5
5
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
160 B
5
4
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
160 B
5
4
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
160 B
5
4
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
200 B
5
5
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
200 B
5
5
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
160 B
5
4
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
160 B
5
4
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
200 B
5
5
94.156.68.72:9553

lozado.duia.ro

java.exe

260 B
200 B
5
5
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
200 B
5
5
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
200 B
5
5
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
160 B
5
4
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.8kB
15
12
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301250_1MLG2SHGO160JKUMX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

100.1kB
2.9MB
2118
2112

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360264545_1QMDV0ZFDT4MYHVM6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301659_1X4L46L6ILPPQI95F&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360264546_1VIJ7TSH89LPKUMDM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301250_1MLG2SHGO160JKUMX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
200 B
5
5
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
200 B
5
5
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
200 B
5
5
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
200 B
5
5
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
200 B
5
5
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
200 B
5
5
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
200 B
5
5
94.156.68.72:9553

pingyoung.duckdns.org

java.exe

260 B
160 B
5
4

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

73.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

73.144.22.2.in-addr.arpa
8.8.8.8:53

repo1.maven.org

dns

java.exe

61 B
140 B
1
1

DNS Request

repo1.maven.org

DNS Response

199.232.192.209

199.232.196.209
8.8.8.8:53

github.com

dns

java.exe

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

objects.githubusercontent.com

dns

java.exe

75 B
139 B
1
1

DNS Request

objects.githubusercontent.com

DNS Response

185.199.111.133

185.199.110.133

185.199.109.133

185.199.108.133
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

209.192.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

209.192.232.199.in-addr.arpa
8.8.8.8:53

215.156.26.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

215.156.26.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

4.181.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

4.181.190.20.in-addr.arpa
8.8.8.8:53

133.111.199.185.in-addr.arpa

dns

148 B
118 B
2
1

DNS Request

133.111.199.185.in-addr.arpa

DNS Request

133.111.199.185.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

lozado.duia.ro

dns

java.exe

60 B
76 B
1
1

DNS Request

lozado.duia.ro

DNS Response

94.156.68.72
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

pingyoung.duckdns.org

dns

java.exe

201 B
249 B
3
3

DNS Request

pingyoung.duckdns.org

DNS Request

pingyoung.duckdns.org

DNS Request

pingyoung.duckdns.org

DNS Response

94.156.68.72

DNS Response

94.156.68.72

DNS Response

94.156.68.72
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

34.58.20.217.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

34.58.20.217.in-addr.arpa
8.8.8.8:53

101.58.20.217.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

101.58.20.217.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

lozado.duia.ro

dns

java.exe

60 B
76 B
1
1

DNS Request

lozado.duia.ro

DNS Response

94.156.68.72
8.8.8.8:53

pingyoung.duckdns.org

dns

java.exe

268 B
284 B
4
4

DNS Request

pingyoung.duckdns.org

DNS Request

pingyoung.duckdns.org

DNS Request

pingyoung.duckdns.org

DNS Request

pingyoung.duckdns.org

DNS Response

94.156.68.72
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

81.144.22.2.in-addr.arpa
8.8.8.8:53

31.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

31.243.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

10.28.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.28.171.150.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
1e0f743c1c2d9c5b37e95b6a406499df

SHA1
8a5d0a6895321bc8a62c0d8febe1779a8da36c68

SHA256
542d391c418b33c7039156be48e497feedc28c101b4fb14354b33a5a77ef6964

SHA512
e110376d286fe9a97c1d27da1593655dfd6ea5e9750fdfc17140a00393999d7af5e0395af67dec9914e5cb2c8bdbd2187fd443bc6236c28469001545a114164b

Download Submit
C:\Users\Admin\577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a.jar

Filesize
269KB

MD5
829d44fb0c9719389cc4a191713e2a8b

SHA1
261eeaf23d8aadcdbb460eb78b6d37128b948762

SHA256
577c1dc5c427f698ff69e356c40d131072b0ec01a45eb61f2d24f9df5c79570a

SHA512
f2879605b296203b5d852a5f75705a25d8577a788981a5353f7ae45d1eb58773462413893be7ca1a5bb2cdf95a966591e849d8146e388a8cb9cb512bd09ca330

Download Submit
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna6951243448024926388.dll

Filesize
241KB

MD5
e02979ecd43bcc9061eb2b494ab5af50

SHA1
3122ac0e751660f646c73b10c4f79685aa65c545

SHA256
a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a

SHA512
1e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1194130065-3471212556-1656947724-1000\83aa4cc77f591dfc2374580bbd95f6ba_a53bb4ca-6113-48bb-9609-441860fdd0d7

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\lib\jna-5.5.0.jar

Filesize
1.4MB

MD5
acfb5b5fd9ee10bf69497792fd469f85

SHA1
0e0845217c4907822403912ad6828d8e0b256208

SHA256
b308faebfe4ed409de8410e0a632d164b2126b035f6eacff968d3908cafb4d9e

SHA512
e52575f58a195ceb3bd16b9740eadf5bc5b1d4d63c0734e8e5fd1d1776aa2d068d2e4c7173b83803f95f72c0a6759ae1c9b65773c734250d4cfcdf47a19f82aa

Download Submit
C:\Users\Admin\lib\jna-platform-5.5.0.jar

Filesize
2.6MB

MD5
2f4a99c2758e72ee2b59a73586a2322f

SHA1
af38e7c4d0fc73c23ecd785443705bfdee5b90bf

SHA256
24d81621f82ac29fcdd9a74116031f5907a2343158e616f4573bbfa2434ae0d5

SHA512
b860459a0d3bf7ccb600a03aa1d2ac0358619ee89b2b96ed723541e182b6fdab53aefef7992acb4e03fca67aa47cbe3907b1e6060a60b57ed96c4e00c35c7494

Download Submit
C:\Users\Admin\lib\sqlite-jdbc-3.14.2.1.jar

Filesize
4.1MB

MD5
b33387e15ab150a7bf560abdc73c3bec

SHA1
66b8075784131f578ef893fd7674273f709b9a4c

SHA256
2eae3dea1c3dde6104c49f9601074b6038ff6abcf3be23f4b56f6720a4f6a491

SHA512
25cfb0d6ce35d0bcb18527d3aa12c63ecb2d9c1b8b78805d1306e516c13480b79bb0d74730aa93bd1752f9ac2da9fdd51781c48844cea2fd52a06c62852c8279

Download Submit
C:\Users\Admin\lib\system-hook-3.5.jar

Filesize
772KB

MD5
e1aa38a1e78a76a6de73efae136cdb3a

SHA1
c463da71871f780b2e2e5dba115d43953b537daf

SHA256
2ddda8af6faef8bde46acf43ec546603180bcf8dcb2e5591fff8ac9cd30b5609

SHA512
fee16fe9364926ec337e52f551fd62ed81984808a847de2fd68ff29b6c5da0dcc04ef6d8977f0fe675662a7d2ea1065cdcdd2a5259446226a7c7c5516bd7d60d

Download Submit
memory/688-212-0x000001801A3B0000-0x000001801A3B1000-memory.dmp

Filesize
4KB

Download
memory/736-269-0x0000019DA6BB0000-0x0000019DA6BB1000-memory.dmp

Filesize
4KB

Download
memory/1192-103-0x00000221B1620000-0x00000221B1630000-memory.dmp

Filesize
64KB

Download
memory/1192-57-0x00000221B1570000-0x00000221B1580000-memory.dmp

Filesize
64KB

Download
memory/1192-26-0x00000221B1570000-0x00000221B1580000-memory.dmp

Filesize
64KB

Download
memory/1192-28-0x00000221B1590000-0x00000221B15A0000-memory.dmp

Filesize
64KB

Download
memory/1192-35-0x00000221B12A0000-0x00000221B1510000-memory.dmp

Filesize
2.4MB

Download
memory/1192-38-0x00000221B15B0000-0x00000221B15C0000-memory.dmp

Filesize
64KB

Download
memory/1192-37-0x00000221B1510000-0x00000221B1520000-memory.dmp

Filesize
64KB

Download
memory/1192-36-0x00000221B15A0000-0x00000221B15B0000-memory.dmp

Filesize
64KB

Download
memory/1192-40-0x00000221B1280000-0x00000221B1281000-memory.dmp

Filesize
4KB

Download
memory/1192-42-0x00000221B15C0000-0x00000221B15D0000-memory.dmp

Filesize
64KB

Download
memory/1192-41-0x00000221B1520000-0x00000221B1530000-memory.dmp

Filesize
64KB

Download
memory/1192-52-0x00000221B15F0000-0x00000221B1600000-memory.dmp

Filesize
64KB

Download
memory/1192-53-0x00000221B1560000-0x00000221B1570000-memory.dmp

Filesize
64KB

Download
memory/1192-51-0x00000221B15E0000-0x00000221B15F0000-memory.dmp

Filesize
64KB

Download
memory/1192-50-0x00000221B1550000-0x00000221B1560000-memory.dmp

Filesize
64KB

Download
memory/1192-49-0x00000221B1540000-0x00000221B1550000-memory.dmp

Filesize
64KB

Download
memory/1192-45-0x00000221B15D0000-0x00000221B15E0000-memory.dmp

Filesize
64KB

Download
memory/1192-44-0x00000221B1530000-0x00000221B1540000-memory.dmp

Filesize
64KB

Download
memory/1192-54-0x00000221B1600000-0x00000221B1610000-memory.dmp

Filesize
64KB

Download
memory/1192-59-0x00000221B1610000-0x00000221B1620000-memory.dmp

Filesize
64KB

Download
memory/1192-58-0x00000221B1580000-0x00000221B1590000-memory.dmp

Filesize
64KB

Download
memory/1192-110-0x00000221B1640000-0x00000221B1650000-memory.dmp

Filesize
64KB

Download
memory/1192-62-0x00000221B1620000-0x00000221B1630000-memory.dmp

Filesize
64KB

Download
memory/1192-63-0x00000221B1280000-0x00000221B1281000-memory.dmp

Filesize
4KB

Download
memory/1192-66-0x00000221B15A0000-0x00000221B15B0000-memory.dmp

Filesize
64KB

Download
memory/1192-113-0x00000221B1650000-0x00000221B1660000-memory.dmp

Filesize
64KB

Download
memory/1192-65-0x00000221B1590000-0x00000221B15A0000-memory.dmp

Filesize
64KB

Download
memory/1192-71-0x00000221B1640000-0x00000221B1650000-memory.dmp

Filesize
64KB

Download
memory/1192-74-0x00000221B1650000-0x00000221B1660000-memory.dmp

Filesize
64KB

Download
memory/1192-73-0x00000221B15B0000-0x00000221B15C0000-memory.dmp

Filesize
64KB

Download
memory/1192-82-0x00000221B15D0000-0x00000221B15E0000-memory.dmp

Filesize
64KB

Download
memory/1192-81-0x00000221B1680000-0x00000221B1690000-memory.dmp

Filesize
64KB

Download
memory/1192-80-0x00000221B1670000-0x00000221B1680000-memory.dmp

Filesize
64KB

Download
memory/1192-79-0x00000221B1660000-0x00000221B1670000-memory.dmp

Filesize
64KB

Download
memory/1192-78-0x00000221B15C0000-0x00000221B15D0000-memory.dmp

Filesize
64KB

Download
memory/1192-86-0x00000221B15E0000-0x00000221B15F0000-memory.dmp

Filesize
64KB

Download
memory/1192-90-0x00000221B16B0000-0x00000221B16C0000-memory.dmp

Filesize
64KB

Download
memory/1192-89-0x00000221B16A0000-0x00000221B16B0000-memory.dmp

Filesize
64KB

Download
memory/1192-88-0x00000221B1690000-0x00000221B16A0000-memory.dmp

Filesize
64KB

Download
memory/1192-87-0x00000221B15F0000-0x00000221B1600000-memory.dmp

Filesize
64KB

Download
memory/1192-111-0x00000221B1700000-0x00000221B1710000-memory.dmp

Filesize
64KB

Download
memory/1192-96-0x00000221B1600000-0x00000221B1610000-memory.dmp

Filesize
64KB

Download
memory/1192-97-0x00000221B1280000-0x00000221B1281000-memory.dmp

Filesize
4KB

Download
memory/1192-101-0x00000221B16D0000-0x00000221B16E0000-memory.dmp

Filesize
64KB

Download
memory/1192-100-0x00000221B1610000-0x00000221B1620000-memory.dmp

Filesize
64KB

Download
memory/1192-23-0x00000221B1560000-0x00000221B1570000-memory.dmp

Filesize
64KB

Download
memory/1192-104-0x00000221B16E0000-0x00000221B16F0000-memory.dmp

Filesize
64KB

Download
memory/1192-105-0x00000221B1280000-0x00000221B1281000-memory.dmp

Filesize
4KB

Download
memory/1192-107-0x00000221B1630000-0x00000221B1640000-memory.dmp

Filesize
64KB

Download
memory/1192-108-0x00000221B16F0000-0x00000221B1700000-memory.dmp

Filesize
64KB

Download
memory/1192-98-0x00000221B16C0000-0x00000221B16D0000-memory.dmp

Filesize
64KB

Download
memory/1192-27-0x00000221B1580000-0x00000221B1590000-memory.dmp

Filesize
64KB

Download
memory/1192-67-0x00000221B1630000-0x00000221B1640000-memory.dmp

Filesize
64KB

Download
memory/1192-114-0x00000221B1710000-0x00000221B1720000-memory.dmp

Filesize
64KB

Download
memory/1192-119-0x00000221B1720000-0x00000221B1730000-memory.dmp

Filesize
64KB

Download
memory/1192-118-0x00000221B1670000-0x00000221B1680000-memory.dmp

Filesize
64KB

Download
memory/1192-117-0x00000221B1660000-0x00000221B1670000-memory.dmp

Filesize
64KB

Download
memory/1192-121-0x00000221B1680000-0x00000221B1690000-memory.dmp

Filesize
64KB

Download
memory/1192-122-0x00000221B1730000-0x00000221B1740000-memory.dmp

Filesize
64KB

Download
memory/1192-124-0x00000221B1690000-0x00000221B16A0000-memory.dmp

Filesize
64KB

Download
memory/1192-127-0x00000221B1740000-0x00000221B1750000-memory.dmp

Filesize
64KB

Download
memory/1192-126-0x00000221B16B0000-0x00000221B16C0000-memory.dmp

Filesize
64KB

Download
memory/1192-125-0x00000221B16A0000-0x00000221B16B0000-memory.dmp

Filesize
64KB

Download
memory/1192-129-0x00000221B1280000-0x00000221B1281000-memory.dmp

Filesize
4KB

Download
memory/1192-132-0x00000221B1280000-0x00000221B1281000-memory.dmp

Filesize
4KB

Download
memory/1192-137-0x00000221B16C0000-0x00000221B16D0000-memory.dmp

Filesize
64KB

Download
memory/1192-138-0x00000221B1750000-0x00000221B1760000-memory.dmp

Filesize
64KB

Download
memory/1192-139-0x00000221B1280000-0x00000221B1281000-memory.dmp

Filesize
4KB

Download
memory/1192-142-0x00000221B16D0000-0x00000221B16E0000-memory.dmp

Filesize
64KB

Download
memory/1192-143-0x00000221B16E0000-0x00000221B16F0000-memory.dmp

Filesize
64KB

Download
memory/1192-146-0x00000221B16F0000-0x00000221B1700000-memory.dmp

Filesize
64KB

Download
memory/1192-147-0x00000221B1280000-0x00000221B1281000-memory.dmp

Filesize
4KB

Download
memory/1192-150-0x00000221B1700000-0x00000221B1710000-memory.dmp

Filesize
64KB

Download
memory/1192-151-0x00000221B1710000-0x00000221B1720000-memory.dmp

Filesize
64KB

Download
memory/1192-152-0x00000221B1720000-0x00000221B1730000-memory.dmp

Filesize
64KB

Download
memory/1192-178-0x00000221B16A0000-0x00000221B16B0000-memory.dmp

Filesize
64KB

Download
memory/1192-177-0x00000221B1690000-0x00000221B16A0000-memory.dmp

Filesize
64KB

Download
memory/1192-176-0x00000221B15C0000-0x00000221B15D0000-memory.dmp

Filesize
64KB

Download
memory/1192-175-0x00000221B1640000-0x00000221B1650000-memory.dmp

Filesize
64KB

Download
memory/1192-174-0x00000221B1630000-0x00000221B1640000-memory.dmp

Filesize
64KB

Download
memory/1192-173-0x00000221B1620000-0x00000221B1630000-memory.dmp

Filesize
64KB

Download
memory/1192-172-0x00000221B1610000-0x00000221B1620000-memory.dmp

Filesize
64KB

Download
memory/1192-171-0x00000221B1600000-0x00000221B1610000-memory.dmp

Filesize
64KB

Download
memory/1192-170-0x00000221B15F0000-0x00000221B1600000-memory.dmp

Filesize
64KB

Download
memory/1192-169-0x00000221B15E0000-0x00000221B15F0000-memory.dmp

Filesize
64KB

Download
memory/1192-168-0x00000221B15D0000-0x00000221B15E0000-memory.dmp

Filesize
64KB

Download
memory/1192-167-0x00000221B15A0000-0x00000221B15B0000-memory.dmp

Filesize
64KB

Download
memory/1192-166-0x00000221B15B0000-0x00000221B15C0000-memory.dmp

Filesize
64KB

Download
memory/1192-165-0x00000221B1590000-0x00000221B15A0000-memory.dmp

Filesize
64KB

Download
memory/1192-164-0x00000221B1580000-0x00000221B1590000-memory.dmp

Filesize
64KB

Download
memory/1192-163-0x00000221B1570000-0x00000221B1580000-memory.dmp

Filesize
64KB

Download
memory/1192-162-0x00000221B1560000-0x00000221B1570000-memory.dmp

Filesize
64KB

Download
memory/1192-161-0x00000221B1550000-0x00000221B1560000-memory.dmp

Filesize
64KB

Download
memory/1192-160-0x00000221B1540000-0x00000221B1550000-memory.dmp

Filesize
64KB

Download
memory/1192-20-0x00000221B1540000-0x00000221B1550000-memory.dmp

Filesize
64KB

Download
memory/1192-21-0x00000221B1550000-0x00000221B1560000-memory.dmp

Filesize
64KB

Download
memory/1192-16-0x00000221B1530000-0x00000221B1540000-memory.dmp

Filesize
64KB

Download
memory/1192-14-0x00000221B1520000-0x00000221B1530000-memory.dmp

Filesize
64KB

Download
memory/1192-12-0x00000221B1510000-0x00000221B1520000-memory.dmp

Filesize
64KB

Download
memory/1192-2-0x00000221B12A0000-0x00000221B1510000-memory.dmp

Filesize
2.4MB

Download
memory/1192-159-0x00000221B1530000-0x00000221B1540000-memory.dmp

Filesize
64KB

Download
memory/1192-158-0x00000221B1520000-0x00000221B1530000-memory.dmp

Filesize
64KB

Download
memory/1192-157-0x00000221B1510000-0x00000221B1520000-memory.dmp

Filesize
64KB

Download
memory/1192-156-0x00000221B12A0000-0x00000221B1510000-memory.dmp

Filesize
2.4MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Response

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.