Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-10-2024 01:36

General

  • Target

    8999062d9e50185bc7931727064d1dde95df131c2b6e860b71ee39da284e3219.exe

  • Size

    638KB

  • MD5

    450d93e49d2b68dbc1321e044e018eec

  • SHA1

    54cdee25e2c79fa88208d4b7e5848c4d9f99f053

  • SHA256

    8999062d9e50185bc7931727064d1dde95df131c2b6e860b71ee39da284e3219

  • SHA512

    63bb49a112aa03c33d1c4736d90d3473e23fb83f76c706e6f3251d1627b6d22fef7013f6536283001ef667199cc589521ce476247aad8f9bc4907f1bcc8f53a7

  • SSDEEP

    12288:WTPF847SX3pdFRtoXyLAz68Q6awWLMoyo/0xJzWZAhj:WTd82SXRRIyaQ6aw7WMxYAhj

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    webmail.setarehatlaspars.com
  • Port:
    587
  • Username:
    info@setarehatlaspars.com
  • Password:
    Set@reh1398
  • Email To:
    OsitaDinmaa@yandex.com

Signatures

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

  • Snake Keylogger payload 5 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8999062d9e50185bc7931727064d1dde95df131c2b6e860b71ee39da284e3219.exe
    "C:\Users\Admin\AppData\Local\Temp\8999062d9e50185bc7931727064d1dde95df131c2b6e860b71ee39da284e3219.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
      2⤵
        PID:2600
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2640
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:620
          • C:\Windows\SysWOW64\choice.exe
            choice /C Y /N /D Y /T 3
            4⤵
            • System Location Discovery: System Language Discovery
            PID:1152

    Network

    • flag-us
      DNS
      checkip.dyndns.org
      InstallUtil.exe
      Remote address:
      8.8.8.8:53
      Request
      checkip.dyndns.org
      IN A
      Response
      checkip.dyndns.org
      IN CNAME
      checkip.dyndns.com
      checkip.dyndns.com
      IN A
      158.101.44.242
      checkip.dyndns.com
      IN A
      132.226.8.169
      checkip.dyndns.com
      IN A
      193.122.130.0
      checkip.dyndns.com
      IN A
      132.226.247.73
      checkip.dyndns.com
      IN A
      193.122.6.168
    • flag-us
      GET
      http://checkip.dyndns.org/
      InstallUtil.exe
      Remote address:
      158.101.44.242:80
      Request
      GET / HTTP/1.1
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
      Host: checkip.dyndns.org
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:37:34 GMT
      Content-Type: text/html
      Content-Length: 105
      Connection: keep-alive
      Cache-Control: no-cache
      Pragma: no-cache
      X-Request-ID: f0d8c2463c61a643a56780b0328f1aea
    • flag-us
      GET
      http://checkip.dyndns.org/
      InstallUtil.exe
      Remote address:
      158.101.44.242:80
      Request
      GET / HTTP/1.1
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
      Host: checkip.dyndns.org
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:37:37 GMT
      Content-Type: text/html
      Content-Length: 105
      Connection: keep-alive
      Cache-Control: no-cache
      Pragma: no-cache
      X-Request-ID: 6e1a1439b1f4440c8c76bcb092cc803a
    • flag-us
      GET
      http://checkip.dyndns.org/
      InstallUtil.exe
      Remote address:
      158.101.44.242:80
      Request
      GET / HTTP/1.1
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
      Host: checkip.dyndns.org
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:37:43 GMT
      Content-Type: text/html
      Content-Length: 105
      Connection: keep-alive
      Cache-Control: no-cache
      Pragma: no-cache
      X-Request-ID: 6349a159ce81b00e4a63f39dad8ecf84
    • flag-us
      GET
      http://checkip.dyndns.org/
      InstallUtil.exe
      Remote address:
      158.101.44.242:80
      Request
      GET / HTTP/1.1
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
      Host: checkip.dyndns.org
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:37:45 GMT
      Content-Type: text/html
      Content-Length: 105
      Connection: keep-alive
      Cache-Control: no-cache
      Pragma: no-cache
      X-Request-ID: 365003e91d6c789036fcc96566861636
    • flag-us
      GET
      http://checkip.dyndns.org/
      InstallUtil.exe
      Remote address:
      158.101.44.242:80
      Request
      GET / HTTP/1.1
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
      Host: checkip.dyndns.org
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:37:48 GMT
      Content-Type: text/html
      Content-Length: 105
      Connection: keep-alive
      Cache-Control: no-cache
      Pragma: no-cache
      X-Request-ID: 91436e27c5b9972b55c50e4bd6170718
    • flag-us
      GET
      http://checkip.dyndns.org/
      InstallUtil.exe
      Remote address:
      158.101.44.242:80
      Request
      GET / HTTP/1.1
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
      Host: checkip.dyndns.org
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:37:51 GMT
      Content-Type: text/html
      Content-Length: 105
      Connection: keep-alive
      Cache-Control: no-cache
      Pragma: no-cache
      X-Request-ID: 6438e7688c66cb766f39db3aa1f18215
    • flag-us
      GET
      http://checkip.dyndns.org/
      InstallUtil.exe
      Remote address:
      158.101.44.242:80
      Request
      GET / HTTP/1.1
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
      Host: checkip.dyndns.org
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:37:54 GMT
      Content-Type: text/html
      Content-Length: 105
      Connection: keep-alive
      Cache-Control: no-cache
      Pragma: no-cache
      X-Request-ID: bd67b1cbbb2ee8a6c5090a15e5995065
    • flag-us
      GET
      http://checkip.dyndns.org/
      InstallUtil.exe
      Remote address:
      158.101.44.242:80
      Request
      GET / HTTP/1.1
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
      Host: checkip.dyndns.org
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:37:57 GMT
      Content-Type: text/html
      Content-Length: 105
      Connection: keep-alive
      Cache-Control: no-cache
      Pragma: no-cache
      X-Request-ID: 2c87175daf1ffe78b30bd366de2e8b87
    • flag-us
      GET
      http://checkip.dyndns.org/
      InstallUtil.exe
      Remote address:
      158.101.44.242:80
      Request
      GET / HTTP/1.1
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
      Host: checkip.dyndns.org
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:38:00 GMT
      Content-Type: text/html
      Content-Length: 105
      Connection: keep-alive
      Cache-Control: no-cache
      Pragma: no-cache
      X-Request-ID: 90296f2cb45cacce78b2c3343c934688
    • flag-us
      DNS
      reallyfreegeoip.org
      InstallUtil.exe
      Remote address:
      8.8.8.8:53
      Request
      reallyfreegeoip.org
      IN A
      Response
      reallyfreegeoip.org
      IN A
      104.21.67.152
      reallyfreegeoip.org
      IN A
      172.67.177.134
    • flag-us
      GET
      https://reallyfreegeoip.org/xml/138.199.29.44
      InstallUtil.exe
      Remote address:
      104.21.67.152:443
      Request
      GET /xml/138.199.29.44 HTTP/1.1
      Host: reallyfreegeoip.org
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:37:40 GMT
      Content-Type: application/xml
      Transfer-Encoding: chunked
      Connection: keep-alive
      access-control-allow-origin: *
      vary: Accept-Encoding
      Cache-Control: max-age=86400
      CF-Cache-Status: HIT
      Age: 2170
      Last-Modified: Sat, 12 Oct 2024 01:01:30 GMT
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kPUP2f0u8EgOwKrUI8qSD0jg8zj8D84ajMeEWWSVr9VvyZ66D9BS7BQkuOyhId%2FSK3ailfStWyvKFKTMJl%2BGMqLQxH%2BwVBLgZcstCv1M3aPZ8x4lZxilBPTryv7j0ZIzP2AQ7STJ"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8d135db34a62947f-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      GET
      https://reallyfreegeoip.org/xml/138.199.29.44
      InstallUtil.exe
      Remote address:
      104.21.67.152:443
      Request
      GET /xml/138.199.29.44 HTTP/1.1
      Host: reallyfreegeoip.org
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:37:43 GMT
      Content-Type: application/xml
      Transfer-Encoding: chunked
      Connection: keep-alive
      access-control-allow-origin: *
      vary: Accept-Encoding
      Cache-Control: max-age=86400
      CF-Cache-Status: HIT
      Age: 2173
      Last-Modified: Sat, 12 Oct 2024 01:01:30 GMT
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0QNJcVs9JwlvNKCxPLD%2F3Lqv2%2BHUutmCY870LxDAf9RAbRavyGI7z483i0YKk0EQa83w6ScYYm9DQc7SnOSJGKgEe9Jf9upn3ut1BH7P7rh6aXSIGMQ6l%2FSBHprxmEA0pYjK1Ua3"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8d135dc51d8e947f-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      GET
      https://reallyfreegeoip.org/xml/138.199.29.44
      InstallUtil.exe
      Remote address:
      104.21.67.152:443
      Request
      GET /xml/138.199.29.44 HTTP/1.1
      Host: reallyfreegeoip.org
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:37:46 GMT
      Content-Type: application/xml
      Transfer-Encoding: chunked
      Connection: keep-alive
      access-control-allow-origin: *
      vary: Accept-Encoding
      Cache-Control: max-age=86400
      CF-Cache-Status: HIT
      Age: 2176
      Last-Modified: Sat, 12 Oct 2024 01:01:30 GMT
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ce5ROcVp%2F2vPKhzwgYeT3u7DAN5MFXwbNrwLYnvsG41DbCeDTfr%2BeVfJTXHJ2N6lqk0Q4sowah2JqvJS80CM6PZwfwX6JkL9htfTd4sytAigscRQv0OJFi7ukDSJgZTSaFAUJdig"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8d135dd6c900947f-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      GET
      https://reallyfreegeoip.org/xml/138.199.29.44
      InstallUtil.exe
      Remote address:
      104.21.67.152:443
      Request
      GET /xml/138.199.29.44 HTTP/1.1
      Host: reallyfreegeoip.org
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:37:48 GMT
      Content-Type: application/xml
      Transfer-Encoding: chunked
      Connection: keep-alive
      access-control-allow-origin: *
      vary: Accept-Encoding
      Cache-Control: max-age=86400
      CF-Cache-Status: HIT
      Age: 2178
      Last-Modified: Sat, 12 Oct 2024 01:01:30 GMT
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t5gAVh4HMjR4r9O%2BKhm7DFq7jklhue9OeKu9ixaXTwfT5B%2BSScIQJ6kTcICCrppVR%2Fpza91OcCo%2BouY8lHGQRB3CwCgiY%2BF1zhqwSg%2FHNR65g6v4IqivdS%2FkJcPSf3HEnvYzw%2Boe"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8d135de88ad0947f-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      GET
      https://reallyfreegeoip.org/xml/138.199.29.44
      InstallUtil.exe
      Remote address:
      104.21.67.152:443
      Request
      GET /xml/138.199.29.44 HTTP/1.1
      Host: reallyfreegeoip.org
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:37:51 GMT
      Content-Type: application/xml
      Transfer-Encoding: chunked
      Connection: keep-alive
      access-control-allow-origin: *
      vary: Accept-Encoding
      Cache-Control: max-age=86400
      CF-Cache-Status: HIT
      Age: 2181
      Last-Modified: Sat, 12 Oct 2024 01:01:30 GMT
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h5PiiezwejFPmdmKeTdsXQlbMVy5U79CfXSujdeEPVLpKcosEowrCcvtqHznwHDgED3tJAgrb%2B6C2r1D%2FRhAIlWN2TD4mT2XR9n1%2FIFFIGjtWOYZUvPr2CqPV7uKetwiN8W33QWU"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8d135dfa3efd947f-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      GET
      https://reallyfreegeoip.org/xml/138.199.29.44
      InstallUtil.exe
      Remote address:
      104.21.67.152:443
      Request
      GET /xml/138.199.29.44 HTTP/1.1
      Host: reallyfreegeoip.org
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:37:54 GMT
      Content-Type: application/xml
      Transfer-Encoding: chunked
      Connection: keep-alive
      access-control-allow-origin: *
      vary: Accept-Encoding
      Cache-Control: max-age=86400
      CF-Cache-Status: HIT
      Age: 2184
      Last-Modified: Sat, 12 Oct 2024 01:01:30 GMT
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZLkS%2BGngAUB8el5Q0h8Ns8qLyaMyw78a0dH7Tf%2BW75QIaBDjge6RxELKDaRdeYy4ZOuBKOBEl24RslG2LK1kszUhDPZj85D0wgSXSIDXz2%2B%2Bo5Svz3OWAmC4%2Bsprk05ru922sK4e"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8d135e0c695d947f-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      GET
      https://reallyfreegeoip.org/xml/138.199.29.44
      InstallUtil.exe
      Remote address:
      104.21.67.152:443
      Request
      GET /xml/138.199.29.44 HTTP/1.1
      Host: reallyfreegeoip.org
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:37:57 GMT
      Content-Type: application/xml
      Transfer-Encoding: chunked
      Connection: keep-alive
      access-control-allow-origin: *
      vary: Accept-Encoding
      Cache-Control: max-age=86400
      CF-Cache-Status: HIT
      Age: 2187
      Last-Modified: Sat, 12 Oct 2024 01:01:30 GMT
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BUfemQ71O%2BqeUM92hyIy6rzAhGvvts%2FB1iMKsbqbpvkthSSgY%2BM2%2FFLW1PNmnHCRm6SsRj%2BZzLKx2JwfK0%2FsHQqJr98VmLi%2BDhiyplbzlGGRLq02hwiv5ggG5UkW6T7yo%2B4JVZOZ"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8d135e1e3d3a947f-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      GET
      https://reallyfreegeoip.org/xml/138.199.29.44
      InstallUtil.exe
      Remote address:
      104.21.67.152:443
      Request
      GET /xml/138.199.29.44 HTTP/1.1
      Host: reallyfreegeoip.org
      Response
      HTTP/1.1 200 OK
      Date: Sat, 12 Oct 2024 01:38:00 GMT
      Content-Type: application/xml
      Transfer-Encoding: chunked
      Connection: keep-alive
      access-control-allow-origin: *
      vary: Accept-Encoding
      Cache-Control: max-age=86400
      CF-Cache-Status: HIT
      Age: 2190
      Last-Modified: Sat, 12 Oct 2024 01:01:30 GMT
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vchwlbrfrCrnQ4n7dxJr4YSfkpj9C4jWkNn1jrGZwH3xPEVh0GQo%2F81CwxI258SXgcodp%2BacggTLsdOb1d8ybP6r409O%2FWLP7z1MWN%2FvYXWMgctJfBa9rwBUSm14DhIbfx08G%2B2Q"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8d135e30194c947f-LHR
      alt-svc: h3=":443"; ma=86400
    • 158.101.44.242:80
      http://checkip.dyndns.org/
      http
      InstallUtil.exe
      2.0kB
      3.4kB
      20
      13

      HTTP Request

      GET http://checkip.dyndns.org/

      HTTP Response

      200

      HTTP Request

      GET http://checkip.dyndns.org/

      HTTP Response

      200

      HTTP Request

      GET http://checkip.dyndns.org/

      HTTP Response

      200

      HTTP Request

      GET http://checkip.dyndns.org/

      HTTP Response

      200

      HTTP Request

      GET http://checkip.dyndns.org/

      HTTP Response

      200

      HTTP Request

      GET http://checkip.dyndns.org/

      HTTP Response

      200

      HTTP Request

      GET http://checkip.dyndns.org/

      HTTP Response

      200

      HTTP Request

      GET http://checkip.dyndns.org/

      HTTP Response

      200

      HTTP Request

      GET http://checkip.dyndns.org/

      HTTP Response

      200
    • 104.21.67.152:443
      https://reallyfreegeoip.org/xml/138.199.29.44
      tls, http
      InstallUtil.exe
      2.0kB
      12.5kB
      22
      22

      HTTP Request

      GET https://reallyfreegeoip.org/xml/138.199.29.44

      HTTP Response

      200

      HTTP Request

      GET https://reallyfreegeoip.org/xml/138.199.29.44

      HTTP Response

      200

      HTTP Request

      GET https://reallyfreegeoip.org/xml/138.199.29.44

      HTTP Response

      200

      HTTP Request

      GET https://reallyfreegeoip.org/xml/138.199.29.44

      HTTP Response

      200

      HTTP Request

      GET https://reallyfreegeoip.org/xml/138.199.29.44

      HTTP Response

      200

      HTTP Request

      GET https://reallyfreegeoip.org/xml/138.199.29.44

      HTTP Response

      200

      HTTP Request

      GET https://reallyfreegeoip.org/xml/138.199.29.44

      HTTP Response

      200

      HTTP Request

      GET https://reallyfreegeoip.org/xml/138.199.29.44

      HTTP Response

      200
    • 8.8.8.8:53
      checkip.dyndns.org
      dns
      InstallUtil.exe
      64 B
      176 B
      1
      1

      DNS Request

      checkip.dyndns.org

      DNS Response

      158.101.44.242
      132.226.8.169
      193.122.130.0
      132.226.247.73
      193.122.6.168

    • 8.8.8.8:53
      reallyfreegeoip.org
      dns
      InstallUtil.exe
      65 B
      97 B
      1
      1

      DNS Request

      reallyfreegeoip.org

      DNS Response

      104.21.67.152
      172.67.177.134

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2096-0-0x000000007432E000-0x000000007432F000-memory.dmp

      Filesize

      4KB

    • memory/2096-1-0x0000000001340000-0x00000000013E6000-memory.dmp

      Filesize

      664KB

    • memory/2096-2-0x0000000000AE0000-0x0000000000B7E000-memory.dmp

      Filesize

      632KB

    • memory/2096-3-0x0000000074320000-0x0000000074A0E000-memory.dmp

      Filesize

      6.9MB

    • memory/2096-4-0x000000007432E000-0x000000007432F000-memory.dmp

      Filesize

      4KB

    • memory/2096-5-0x0000000074320000-0x0000000074A0E000-memory.dmp

      Filesize

      6.9MB

    • memory/2096-6-0x00000000006F0000-0x000000000070A000-memory.dmp

      Filesize

      104KB

    • memory/2096-7-0x0000000000580000-0x0000000000586000-memory.dmp

      Filesize

      24KB

    • memory/2096-8-0x0000000074320000-0x0000000074A0E000-memory.dmp

      Filesize

      6.9MB

    • memory/2096-30-0x0000000074320000-0x0000000074A0E000-memory.dmp

      Filesize

      6.9MB

    • memory/2096-24-0x0000000074320000-0x0000000074A0E000-memory.dmp

      Filesize

      6.9MB

    • memory/2600-10-0x0000000000090000-0x00000000000B6000-memory.dmp

      Filesize

      152KB

    • memory/2600-11-0x0000000000090000-0x00000000000B6000-memory.dmp

      Filesize

      152KB

    • memory/2600-9-0x0000000000090000-0x00000000000B6000-memory.dmp

      Filesize

      152KB

    • memory/2600-13-0x0000000000090000-0x00000000000B6000-memory.dmp

      Filesize

      152KB

    • memory/2600-15-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

    • memory/2640-27-0x0000000000400000-0x0000000000426000-memory.dmp

      Filesize

      152KB

    • memory/2640-29-0x0000000000400000-0x0000000000426000-memory.dmp

      Filesize

      152KB

    • memory/2640-25-0x0000000000400000-0x0000000000426000-memory.dmp

      Filesize

      152KB

    • memory/2640-22-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

    • memory/2640-31-0x0000000074320000-0x0000000074A0E000-memory.dmp

      Filesize

      6.9MB

    • memory/2640-32-0x0000000074320000-0x0000000074A0E000-memory.dmp

      Filesize

      6.9MB

    • memory/2640-33-0x0000000074320000-0x0000000074A0E000-memory.dmp

      Filesize

      6.9MB

    • memory/2640-34-0x0000000074320000-0x0000000074A0E000-memory.dmp

      Filesize

      6.9MB

    • memory/2640-35-0x0000000074320000-0x0000000074A0E000-memory.dmp

      Filesize

      6.9MB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.