blacknet | b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 09:20 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
Size

80KB
MD5

5e9b98c2f36af17ffe7c294a11097080
SHA1

8baf5b7edc1fb3575bba6906c1fa539a6a04ad93
SHA256

b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67
SHA512

5889fcced094979f57ebc1893c9fe2d477176f10e439bf1a20a43d9ff8fa60027deb9d472e9b1eb3cd4b1431ee84f1e7961b04c57eb866e5a18eba509d2ad40c
SSDEEP

1536:QPvK/3zvzVJJicVLhilofsh2jzJxuOmb54vHTL+lf:Qi5ikFSofrzVmb5uHv+lf

Score

10^/10

blacknet evasion trojan

Malware Config

Signatures

BlackNET
BlackNET is an open source remote access tool written in VB.NET.
trojan blacknet

Modifies Windows Defender Real-time Protection settings 3 TTPs 4 IoCs

evasion trojan

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify Tools

T1562.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
4964	powershell.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
4964	powershell.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
Token: SeDebugPrivilege	4964	powershell.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 4964	2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe	90
PID 2788 wrote to memory of 4964	2788	b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe	90

C:\Users\Admin\AppData\Local\Temp\b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe
"C:\Users\Admin\AppData\Local\Temp\b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4964

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.ax-0001.ax-msedge.net

g-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=35BDF6E4EFAC68AD0510E3F8EEAA693F; domain=.bing.com; expires=Wed, 12-Nov-2025 09:20:30 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 05A339464A0043F989C7694C90202D45 Ref B: LON601060107034 Ref C: 2024-10-18T09:20:30Z
date: Fri, 18 Oct 2024 09:20:29 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=35BDF6E4EFAC68AD0510E3F8EEAA693F

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=Rkh40RchkxbOytL9E6_jES_QhzDTuXVJSPzRlqYe63Q; domain=.bing.com; expires=Wed, 12-Nov-2025 09:20:30 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 86A26C09AE704211AFC79CEDC623721E Ref B: LON601060107034 Ref C: 2024-10-18T09:20:30Z
date: Fri, 18 Oct 2024 09:20:29 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=35BDF6E4EFAC68AD0510E3F8EEAA693F; MSPTC=Rkh40RchkxbOytL9E6_jES_QhzDTuXVJSPzRlqYe63Q

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 16DBF04790204A7B9F374FB24CB143BA Ref B: LON601060107034 Ref C: 2024-10-18T09:20:30Z
date: Fri, 18 Oct 2024 09:20:29 GMT
DNS

www.gunnylaumienphi2017.com

b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe

Remote address:

8.8.8.8:53

Request

www.gunnylaumienphi2017.com

IN A

Response

www.gunnylaumienphi2017.com

IN A

103.92.25.194
DNS

23.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.159.190.20.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

10.28.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.28.171.150.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

194.25.92.103.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.25.92.103.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

53.210.109.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.210.109.20.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

98.117.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.117.19.2.in-addr.arpa

IN PTR

Response

98.117.19.2.in-addr.arpa

IN PTR

a2-19-117-98deploystaticakamaitechnologiescom
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301700_18ZUY5V0A74HOX1SZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301700_18ZUY5V0A74HOX1SZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 975817
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ACF5AF12BF3040F7BB1A396A4A2CE0C2 Ref B: LON601060104034 Ref C: 2024-10-18T09:22:09Z
date: Fri, 18 Oct 2024 09:22:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301291_1H8FN9XYY8JWTIM5Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301291_1H8FN9XYY8JWTIM5Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 768566
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3786328A9CDA41C8A50A88DFEA84F12D Ref B: LON601060104034 Ref C: 2024-10-18T09:22:09Z
date: Fri, 18 Oct 2024 09:22:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418609_1GWNOVIVAOEBFVIZK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239340418609_1GWNOVIVAOEBFVIZK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 579336
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7F065496170F4113B74D8198A7653BC5 Ref B: LON601060104034 Ref C: 2024-10-18T09:22:09Z
date: Fri, 18 Oct 2024 09:22:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 673255
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C0F4C4D89D81493C9BF5B6B3EFF42ADB Ref B: LON601060104034 Ref C: 2024-10-18T09:22:09Z
date: Fri, 18 Oct 2024 09:22:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239398629743_1TH437YUI5ZNDOHAL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239398629743_1TH437YUI5ZNDOHAL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 470956
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AC2AF133D793496EA675BFCE29721671 Ref B: LON601060104034 Ref C: 2024-10-18T09:22:09Z
date: Fri, 18 Oct 2024 09:22:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 435129
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3A5C28874E144B6ABD41FEC5FD167BBB Ref B: LON601060104034 Ref C: 2024-10-18T09:22:10Z
date: Fri, 18 Oct 2024 09:22:10 GMT
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response

150.171.28.10:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=

tls, http2

2.0kB
9.4kB
21
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0e826f14843f4678abd7fadf9c20119f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=

HTTP Response

204
103.92.25.194:443

www.gunnylaumienphi2017.com

tls

b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe

2.2kB
49.7kB
26
39
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

138.1kB
4.0MB
2952
2948

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301700_18ZUY5V0A74HOX1SZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301291_1H8FN9XYY8JWTIM5Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418609_1GWNOVIVAOEBFVIZK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239398629743_1TH437YUI5ZNDOHAL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
12
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
16
12
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
12

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
148 B
1
1

DNS Request

g.bing.com

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

www.gunnylaumienphi2017.com

dns

b7f26ed5953814dd875d5305b4f8cc5b8443ded5fa6883ac69ffa6952b6cfe67N.exe

73 B
89 B
1
1

DNS Request

www.gunnylaumienphi2017.com

DNS Response

103.92.25.194
8.8.8.8:53

23.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.159.190.20.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

10.28.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.28.171.150.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

194.25.92.103.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

194.25.92.103.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

53.210.109.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

53.210.109.20.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

98.117.19.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

98.117.19.2.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

11.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

11.227.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wmvyqm21.yjo.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/2788-56-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-66-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-3-0x000000001BD10000-0x000000001C1DE000-memory.dmp

Filesize
4.8MB

Download
memory/2788-4-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-5-0x000000001C2E0000-0x000000001C37C000-memory.dmp

Filesize
624KB

Download
memory/2788-6-0x0000000001180000-0x0000000001188000-memory.dmp

Filesize
32KB

Download
memory/2788-7-0x000000001C440000-0x000000001C48C000-memory.dmp

Filesize
304KB

Download
memory/2788-8-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-9-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-10-0x000000001F2D0000-0x000000001F332000-memory.dmp

Filesize
392KB

Download
memory/2788-11-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-12-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-13-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-14-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-15-0x00007FFC0FC45000-0x00007FFC0FC46000-memory.dmp

Filesize
4KB

Download
memory/2788-16-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-17-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-18-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-102-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-101-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-21-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-100-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-1-0x000000001B790000-0x000000001B836000-memory.dmp

Filesize
664KB

Download
memory/2788-32-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-33-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-35-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-34-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-99-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-55-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-41-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-40-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-43-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-42-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-44-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-45-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-46-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-57-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-48-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-50-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-49-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-52-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-51-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-54-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-53-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-39-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-2-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2788-47-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-58-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-59-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-60-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-61-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-62-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-63-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-64-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-65-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-0-0x00007FFC0FC45000-0x00007FFC0FC46000-memory.dmp

Filesize
4KB

Download
memory/2788-67-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-69-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-68-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-70-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-71-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-72-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-73-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-74-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-76-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-75-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-78-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-77-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-79-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-80-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-82-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-81-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-84-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-83-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-86-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-85-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-88-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-87-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-89-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-90-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-92-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-91-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-93-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-94-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-95-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-96-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/2788-97-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/2788-98-0x0000000020290000-0x0000000020390000-memory.dmp

Filesize
1024KB

Download
memory/4964-38-0x00007FFC0BDF0000-0x00007FFC0C8B1000-memory.dmp

Filesize
10.8MB

Download
memory/4964-31-0x0000017882D60000-0x0000017882D82000-memory.dmp

Filesize
136KB

Download
memory/4964-20-0x00007FFC0BDF0000-0x00007FFC0C8B1000-memory.dmp

Filesize
10.8MB

Download
memory/4964-19-0x00007FFC0BDF3000-0x00007FFC0BDF5000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.