Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Netflix To...er.exe

windows10-2004-x64

10

Netflix To...et.dll

windows10-2004-x64

1

Netflix To....0.dll

windows10-2004-x64

1

Netflix To...ip.dll

windows10-2004-x64

1

Netflix To...er.exe

windows10-2004-x64

8

Netflix To...et.dll

windows10-2004-x64

1

Netflix To....0.dll

windows10-2004-x64

1

Netflix To...ys.exe

windows10-2004-x64

10

Netflix To...le.dll

windows10-2004-x64

1

Netflix To...ER.exe

windows10-2004-x64

8

Netflix To...on.dll

windows10-2004-x64

1

Netflix To...cs.dll

windows10-2004-x64

1

Netflix To...le.dll

windows10-2004-x64

1

Netflix To...ip.dll

windows10-2004-x64

1

Netflix To...er.exe

windows10-2004-x64

8

Netflix To...et.dll

windows10-2004-x64

1

Netflix To...on.dll

windows10-2004-x64

1

Netflix To...rv.exe

windows10-2004-x64

1

Netflix To....0.dll

windows10-2004-x64

1

Netflix To...v2.exe

windows10-2004-x64

8

Netflix To...bo.dll

windows10-2004-x64

1

Netflix To...ip.dll

windows10-2004-x64

1

Netflix To...er.exe

windows10-2004-x64

8

Netflix To....0.dll

windows10-2004-x64

1

Netflix To...ck.exe

windows10-2004-x64

3

Netflix To...bo.dll

windows10-2004-x64

1

Netflix To...er.exe

windows10-2004-x64

1

Netflix To...er.dll

windows10-2004-x64

1

Netflix To...et.dll

windows10-2004-x64

1

Netflix To...UI.dll

windows10-2004-x64

1

Netflix To...et.dll

windows10-2004-x64

1

Netflix To...ar.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/10/2024, 22:11 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Netflix Tools PACK/HITFLIX CHECKER/sys/Launcher.exe

  • Size

    53KB

  • MD5

    c6d4c881112022eb30725978ecd7c6ec

  • SHA1

    ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

  • SHA256

    0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

  • SHA512

    3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

  • SSDEEP

    768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5

Score
8/10
discoveryexecutionpersistence

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Netflix Tools PACK\HITFLIX CHECKER\sys\Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Netflix Tools PACK\HITFLIX CHECKER\sys\Launcher.exe"
    1⤵
    • Checks computer location settings
    • Drops startup file
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:536
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath C:\Windows\IMF\
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4880
    • C:\Windows\IMF\Windows Services.exe
      "C:\Windows\IMF\Windows Services.exe" {Arguments If Needed}
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4820
      • C:\Windows\IMF\Secure System Shell.exe
        "C:\Windows\IMF\Secure System Shell.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4052
      • C:\Windows\IMF\Runtime Explorer.exe
        "C:\Windows\IMF\Runtime Explorer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:1820

Network

  • flag-us
    DNS
    2.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    197.87.175.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    197.87.175.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    110.11.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    110.11.19.2.in-addr.arpa
    IN PTR
    Response
    110.11.19.2.in-addr.arpa
    IN PTR
    a2-19-11-110deploystaticakamaitechnologiescom
  • flag-us
    DNS
    210.108.222.173.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    210.108.222.173.in-addr.arpa
    IN PTR
    Response
    210.108.222.173.in-addr.arpa
    IN PTR
    a173-222-108-210deploystaticakamaitechnologiescom
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418606_136U7G6Z7CWHAJN4L&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418606_136U7G6Z7CWHAJN4L&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 617294
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D27C239826794DD6A80E74FB0D4A1F1B Ref B: LON601060105034 Ref C: 2024-10-30T22:14:15Z
    date: Wed, 30 Oct 2024 22:14:15 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388170_1IEK0BZGEDADTOA05&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388170_1IEK0BZGEDADTOA05&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 612292
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 22C3D0B8975D41BF9F942B499A22412B Ref B: LON601060105034 Ref C: 2024-10-30T22:14:15Z
    date: Wed, 30 Oct 2024 22:14:15 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418605_1YZ6O1QX1RJB3B5MZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418605_1YZ6O1QX1RJB3B5MZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 538654
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7F11A90B424B45C2ADE2F70B01E8DC53 Ref B: LON601060105034 Ref C: 2024-10-30T22:14:15Z
    date: Wed, 30 Oct 2024 22:14:15 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360432892_19VCX0OIIPQAUNJ24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239360432892_19VCX0OIIPQAUNJ24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 695371
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 548D7A520D4E486BAC3025E2BC409C1E Ref B: LON601060105034 Ref C: 2024-10-30T22:14:15Z
    date: Wed, 30 Oct 2024 22:14:15 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360432890_1TOC5U5IB565A9QI0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239360432890_1TOC5U5IB565A9QI0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 747785
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 532B5C11FFEA4B238277D1CA6DBDA91C Ref B: LON601060105034 Ref C: 2024-10-30T22:14:15Z
    date: Wed, 30 Oct 2024 22:14:15 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388171_1IPS9F3VG23PT8N6M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388171_1IPS9F3VG23PT8N6M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 804058
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 630A0D6DD76E4C91A630253A0B3A9D96 Ref B: LON601060105034 Ref C: 2024-10-30T22:14:16Z
    date: Wed, 30 Oct 2024 22:14:15 GMT
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    10.27.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.27.171.150.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.193.132.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.193.132.51.in-addr.arpa
    IN PTR
    Response
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     16
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239339388171_1IPS9F3VG23PT8N6M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    143.6kB
     4.2MB
     3027
    3022

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418606_136U7G6Z7CWHAJN4L&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388170_1IEK0BZGEDADTOA05&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418605_1YZ6O1QX1RJB3B5MZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360432892_19VCX0OIIPQAUNJ24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360432890_1TOC5U5IB565A9QI0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388171_1IPS9F3VG23PT8N6M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    12
  • 8.8.8.8:53
    2.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    133.211.185.52.in-addr.arpa
    dns
    219 B
     147 B
     3
    1

    DNS Request

    133.211.185.52.in-addr.arpa

    DNS Request

    133.211.185.52.in-addr.arpa

    DNS Request

    133.211.185.52.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    292 B
     147 B
     4
    1

    DNS Request

    217.106.137.52.in-addr.arpa

    DNS Request

    217.106.137.52.in-addr.arpa

    DNS Request

    217.106.137.52.in-addr.arpa

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    197.87.175.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    197.87.175.4.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    110.11.19.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    110.11.19.2.in-addr.arpa

  • 8.8.8.8:53
    210.108.222.173.in-addr.arpa
    dns
    74 B
     141 B
     1
    1

    DNS Request

    210.108.222.173.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    10.27.171.150.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    10.27.171.150.in-addr.arpa

  • 8.8.8.8:53
    104.193.132.51.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    104.193.132.51.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lh3fkmde.5qx.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • C:\Windows\IMF\Runtime Explorer.exe
    Filesize

    144KB

    MD5

    5ea4ee24f01613f1bd403312c46b9ec9

    SHA1

    3d76201186437c8e0daba0ee37472fe3c4ef546d

    SHA256

    c81755fe990f1b023bf9b88eed4856c088755af050ea4627ed081a8203f03472

    SHA512

    73b0cc6d49db601b50a5c89b4b0f083a69efd6ff063edc03c93cac16c104173b8a1d172279e88f8a1b17b3b56f27a9fe6f207fde51729292cbacb272c75c8f53

    Download Submit

  • C:\Windows\IMF\Secure System Shell.exe
    Filesize

    45KB

    MD5

    7d0c7359e5b2daa5665d01afdc98cc00

    SHA1

    c3cc830c8ffd0f53f28d89dcd9f3426be87085cb

    SHA256

    f1abd5ab03189e82971513e6ca04bd372fcf234d670079888f01cf4addd49809

    SHA512

    a8f82b11b045d8dd744506f4f56f3382b33a03684a6aebc91a02ea901c101b91cb43b7d0213f72f39cbb22f616ecd5de8b9e6c99fb5669f26a3ea6bcb63c8407

    Download Submit

  • C:\Windows\IMF\Windows Services.exe
    Filesize

    46KB

    MD5

    ad0ce1302147fbdfecaec58480eb9cf9

    SHA1

    874efbc76e5f91bc1425a43ea19400340f98d42b

    SHA256

    2c339b52b82e73b4698a0110cdfe310c00c5c69078e9e1bd6fa1308652bf82a3

    SHA512

    adccd5520e01b673c2fc5c451305fe31b1a3e74891aece558f75fefc50218adf1fb81bb8c7f19969929d3fecb0fdb2cb5b564400d51e0a5a1ad8d5bc2d4eed53

    Download Submit

  • memory/536-49-0x00000000067E0000-0x00000000067FE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/536-5-0x00000000746B0000-0x0000000074E60000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/536-6-0x0000000006BA0000-0x0000000006C1E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/536-7-0x00000000746B0000-0x0000000074E60000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/536-65-0x00000000746B0000-0x0000000074E60000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/536-0-0x00000000746BE000-0x00000000746BF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/536-4-0x0000000005490000-0x000000000549A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/536-48-0x0000000006800000-0x0000000006876000-memory.dmp

    Filesize

    472KB

    Download

  • memory/536-3-0x0000000005500000-0x0000000005592000-memory.dmp

    Filesize

    584KB

    Download

  • memory/536-2-0x0000000005C80000-0x0000000006224000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/536-1-0x0000000000A70000-0x0000000000A84000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4052-85-0x00000000000D0000-0x00000000000E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4820-64-0x0000000000C00000-0x0000000000C12000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4880-9-0x00000000746B0000-0x0000000074E60000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4880-67-0x000000006F850000-0x000000006F89C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/4880-25-0x0000000005D00000-0x0000000005D1E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4880-24-0x0000000005830000-0x0000000005B84000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4880-14-0x00000000056C0000-0x0000000005726000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4880-13-0x0000000004EE0000-0x0000000004F46000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4880-12-0x0000000004E40000-0x0000000004E62000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4880-11-0x00000000746B0000-0x0000000074E60000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4880-10-0x0000000005050000-0x0000000005678000-memory.dmp

    Filesize

    6.2MB

    Download

  • memory/4880-66-0x00000000062E0000-0x0000000006312000-memory.dmp

    Filesize

    200KB

    Download

  • memory/4880-77-0x0000000006ED0000-0x0000000006EEE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4880-26-0x0000000005DA0000-0x0000000005DEC000-memory.dmp

    Filesize

    304KB

    Download

  • memory/4880-78-0x0000000006F00000-0x0000000006FA3000-memory.dmp

    Filesize

    652KB

    Download

  • memory/4880-80-0x0000000007670000-0x0000000007CEA000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4880-81-0x0000000007030000-0x000000000704A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4880-8-0x00000000023F0000-0x0000000002426000-memory.dmp

    Filesize

    216KB

    Download

  • memory/4880-86-0x00000000070A0000-0x00000000070AA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4880-89-0x00000000072B0000-0x0000000007346000-memory.dmp

    Filesize

    600KB

    Download

  • memory/4880-90-0x0000000007230000-0x0000000007241000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4880-91-0x0000000007260000-0x000000000726E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4880-92-0x0000000007270000-0x0000000007284000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4880-93-0x0000000007370000-0x000000000738A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4880-94-0x0000000007350000-0x0000000007358000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4880-97-0x00000000746B0000-0x0000000074E60000-memory.dmp

    Filesize

    7.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.