Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/10/2024, 09:20 UTC

General

  • Target

    b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe

  • Size

    80KB

  • MD5

    5e9b98c2f36af17ffe7c294a11097080

  • SHA1

    8baf5b7edc1fb3575bba6906c1fa539a6a04ad93

  • SHA256

    b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67

  • SHA512

    5889fcced094979f57ebc1893c9fe2d477176f10e439bf1a20a43d9ff8fa60027deb9d472e9b1eb3cd4b1431ee84f1e7961b04c57eb866e5a18eba509d2ad40c

  • SSDEEP

    1536:QPvK/3zvzVJJicVLhilofsh2jzJxuOmb54vHTL+lf:Qi5ikFSofrzVmb5uHv+lf

Score
10/10

Malware Config

Signatures

  • BlackNET

    BlackNET is an open source remote access tool written in VB.NET.

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
    "C:\Users\Admin\AppData\Local\Temp\b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" Get-MpPreference -verbose
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4964

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=35BDF6E4EFAC68AD0510E3F8EEAA693F; domain=.bing.com; expires=Wed, 12-Nov-2025 09:20:30 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 05A339464A0043F989C7694C90202D45 Ref B: LON601060107034 Ref C: 2024-10-18T09:20:30Z
    date: Fri, 18 Oct 2024 09:20:29 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=35BDF6E4EFAC68AD0510E3F8EEAA693F
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=Rkh40RchkxbOytL9E6_jES_QhzDTuXVJSPzRlqYe63Q; domain=.bing.com; expires=Wed, 12-Nov-2025 09:20:30 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 86A26C09AE704211AFC79CEDC623721E Ref B: LON601060107034 Ref C: 2024-10-18T09:20:30Z
    date: Fri, 18 Oct 2024 09:20:29 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=35BDF6E4EFAC68AD0510E3F8EEAA693F; MSPTC=Rkh40RchkxbOytL9E6_jES_QhzDTuXVJSPzRlqYe63Q
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 16DBF04790204A7B9F374FB24CB143BA Ref B: LON601060107034 Ref C: 2024-10-18T09:20:30Z
    date: Fri, 18 Oct 2024 09:20:29 GMT
  • flag-us
    DNS
    www.gunnylaumienphi2017.com
    b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
    Remote address:
    8.8.8.8:53
    Request
    www.gunnylaumienphi2017.com
    IN A
    Response
    www.gunnylaumienphi2017.com
    IN A
    103.92.25.194
  • flag-us
    DNS
    23.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    10.28.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.28.171.150.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    194.25.92.103.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.25.92.103.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    53.210.109.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    53.210.109.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    98.117.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    98.117.19.2.in-addr.arpa
    IN PTR
    Response
    98.117.19.2.in-addr.arpa
    IN PTR
    a2-19-117-98deploystaticakamaitechnologiescom
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301700_18ZUY5V0A74HOX1SZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301700_18ZUY5V0A74HOX1SZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 975817
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: ACF5AF12BF3040F7BB1A396A4A2CE0C2 Ref B: LON601060104034 Ref C: 2024-10-18T09:22:09Z
    date: Fri, 18 Oct 2024 09:22:09 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301291_1H8FN9XYY8JWTIM5Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301291_1H8FN9XYY8JWTIM5Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 768566
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3786328A9CDA41C8A50A88DFEA84F12D Ref B: LON601060104034 Ref C: 2024-10-18T09:22:09Z
    date: Fri, 18 Oct 2024 09:22:09 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418609_1GWNOVIVAOEBFVIZK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418609_1GWNOVIVAOEBFVIZK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 579336
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7F065496170F4113B74D8198A7653BC5 Ref B: LON601060104034 Ref C: 2024-10-18T09:22:09Z
    date: Fri, 18 Oct 2024 09:22:09 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 673255
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C0F4C4D89D81493C9BF5B6B3EFF42ADB Ref B: LON601060104034 Ref C: 2024-10-18T09:22:09Z
    date: Fri, 18 Oct 2024 09:22:09 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239398629743_1TH437YUI5ZNDOHAL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239398629743_1TH437YUI5ZNDOHAL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 470956
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: AC2AF133D793496EA675BFCE29721671 Ref B: LON601060104034 Ref C: 2024-10-18T09:22:09Z
    date: Fri, 18 Oct 2024 09:22:09 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 435129
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3A5C28874E144B6ABD41FEC5FD167BBB Ref B: LON601060104034 Ref C: 2024-10-18T09:22:10Z
    date: Fri, 18 Oct 2024 09:22:10 GMT
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • 150.171.28.10:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=
    tls, http2
    2.0kB
    9.4kB
    21
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=

    HTTP Response

    204
  • 103.92.25.194:443
    www.gunnylaumienphi2017.com
    tls
    b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
    2.2kB
    49.7kB
    26
    39
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    138.1kB
    4.0MB
    2952
    2948

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301700_18ZUY5V0A74HOX1SZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301291_1H8FN9XYY8JWTIM5Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418609_1GWNOVIVAOEBFVIZK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239398629743_1TH437YUI5ZNDOHAL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    12
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    16
    12
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    12
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
    90 B
    1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    148 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    www.gunnylaumienphi2017.com
    dns
    b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
    73 B
    89 B
    1
    1

    DNS Request

    www.gunnylaumienphi2017.com

    DNS Response

    103.92.25.194

  • 8.8.8.8:53
    23.159.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    23.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    10.28.171.150.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    10.28.171.150.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    194.25.92.103.in-addr.arpa
    dns
    72 B
    132 B
    1
    1

    DNS Request

    194.25.92.103.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    53.210.109.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    53.210.109.20.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    98.117.19.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    98.117.19.2.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
    116 B
    1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    170 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wmvyqm21.yjo.ps1

    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

  • memory/2788-56-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-66-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-3-0x000000001BD10000-0x000000001C1DE000-memory.dmp

    Filesize

    4.8MB

  • memory/2788-4-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-5-0x000000001C2E0000-0x000000001C37C000-memory.dmp

    Filesize

    624KB

  • memory/2788-6-0x0000000001180000-0x0000000001188000-memory.dmp

    Filesize

    32KB

  • memory/2788-7-0x000000001C440000-0x000000001C48C000-memory.dmp

    Filesize

    304KB

  • memory/2788-8-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-9-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-10-0x000000001F2D0000-0x000000001F332000-memory.dmp

    Filesize

    392KB

  • memory/2788-11-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-12-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-13-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-14-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-15-0x00007FFC0FC45000-0x00007FFC0FC46000-memory.dmp

    Filesize

    4KB

  • memory/2788-16-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-17-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-18-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-102-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-101-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-21-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-100-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-1-0x000000001B790000-0x000000001B836000-memory.dmp

    Filesize

    664KB

  • memory/2788-32-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-33-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-35-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-34-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-99-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-55-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-41-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-40-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-43-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-42-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-44-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-45-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-46-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-57-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-48-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-50-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-49-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-52-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-51-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-54-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-53-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-39-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-2-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

    Filesize

    9.6MB

  • memory/2788-47-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-58-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-59-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-60-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-61-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-62-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-63-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-64-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-65-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-0-0x00007FFC0FC45000-0x00007FFC0FC46000-memory.dmp

    Filesize

    4KB

  • memory/2788-67-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-69-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-68-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-70-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-71-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-72-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-73-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-74-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-76-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-75-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-78-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-77-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-79-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-80-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-82-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-81-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-84-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-83-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-86-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-85-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-88-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-87-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-89-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-90-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-92-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-91-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-93-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-94-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-95-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-96-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/2788-97-0x0000000001190000-0x00000000011A0000-memory.dmp

    Filesize

    64KB

  • memory/2788-98-0x0000000020290000-0x0000000020390000-memory.dmp

    Filesize

    1024KB

  • memory/4964-38-0x00007FFC0BDF0000-0x00007FFC0C8B1000-memory.dmp

    Filesize

    10.8MB

  • memory/4964-31-0x0000017882D60000-0x0000017882D82000-memory.dmp

    Filesize

    136KB

  • memory/4964-20-0x00007FFC0BDF0000-0x00007FFC0C8B1000-memory.dmp

    Filesize

    10.8MB

  • memory/4964-19-0x00007FFC0BDF3000-0x00007FFC0BDF5000-memory.dmp

    Filesize

    8KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.