Overview

overview

10

Static

static

10

2487b12f52...8b.exe

windows7-x64

10

2487b12f52...8b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    104s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/03/2025, 10:04 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2487b12f52b803f5d38b3bb9388b039bf4f58c4b5d192d50da5fa047e9db828b.exe

  • Size

    514KB

  • MD5

    9c73b0f2a593fb39f3c0c80bc2851fbb

  • SHA1

    f2678fbd372b1d29870efb306da0169d3a6613c2

  • SHA256

    2487b12f52b803f5d38b3bb9388b039bf4f58c4b5d192d50da5fa047e9db828b

  • SHA512

    64c3b1e9e3ea08da7bbe073f98b5d78d7a705decce1773dc9468891730e7db5fc999400ae665671a83451ef3d2489a37d0903303313a7847d4d69c85a70e266a

  • SSDEEP

    12288:r9djfuZmvMyx1rF+LYkvaQIbuSWkTLRITl3D:rXWXmRF+LFvGuMSD

Score
10/10
massloggercollectiondefense_evasiondiscoveryspywarestealer

Malware Config

Signatures

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger
  • MassLogger Main payload 1 IoCs
  • Masslogger family
    masslogger
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 42 IoCs
    collection
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2487b12f52b803f5d38b3bb9388b039bf4f58c4b5d192d50da5fa047e9db828b.exe
    "C:\Users\Admin\AppData\Local\Temp\2487b12f52b803f5d38b3bb9388b039bf4f58c4b5d192d50da5fa047e9db828b.exe"
    1⤵
    • Checks computer location settings
    • Accesses Microsoft Outlook profiles
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    • outlook_office_path
    • outlook_win_path
    PID:2012
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell" Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\2487b12f52b803f5d38b3bb9388b039bf4f58c4b5d192d50da5fa047e9db828b.exe'
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4784

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bd94628177ed404e8e4177cae6593029&localId=w:21C1CCEE-160B-F796-E0D9-10C0675E4A84&deviceId=6896216935942425&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bd94628177ed404e8e4177cae6593029&localId=w:21C1CCEE-160B-F796-E0D9-10C0675E4A84&deviceId=6896216935942425&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=38D3221EBB31618F2BB437A4BAD160DD; domain=.bing.com; expires=Sun, 19-Apr-2026 10:04:08 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 618EE125022740FBB4ABFB07071F2528 Ref B: LON04EDGE1019 Ref C: 2025-03-25T10:04:08Z
    date: Tue, 25 Mar 2025 10:04:08 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=bd94628177ed404e8e4177cae6593029&localId=w:21C1CCEE-160B-F796-E0D9-10C0675E4A84&deviceId=6896216935942425&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=bd94628177ed404e8e4177cae6593029&localId=w:21C1CCEE-160B-F796-E0D9-10C0675E4A84&deviceId=6896216935942425&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=38D3221EBB31618F2BB437A4BAD160DD
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=-AwdiUR4vyLweCZJX9w2_m0QmYv-eB8X2gEBW1P9hHo; domain=.bing.com; expires=Sun, 19-Apr-2026 10:04:08 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F805BA5064C24D0C81BF84672C7216D1 Ref B: LON04EDGE1019 Ref C: 2025-03-25T10:04:08Z
    date: Tue, 25 Mar 2025 10:04:08 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bd94628177ed404e8e4177cae6593029&localId=w:21C1CCEE-160B-F796-E0D9-10C0675E4A84&deviceId=6896216935942425&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bd94628177ed404e8e4177cae6593029&localId=w:21C1CCEE-160B-F796-E0D9-10C0675E4A84&deviceId=6896216935942425&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=38D3221EBB31618F2BB437A4BAD160DD; MSPTC=-AwdiUR4vyLweCZJX9w2_m0QmYv-eB8X2gEBW1P9hHo
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B1EB1660FADA4CEF9F7CA9C13304EFA5 Ref B: LON04EDGE1019 Ref C: 2025-03-25T10:04:08Z
    date: Tue, 25 Mar 2025 10:04:08 GMT
  • flag-us
    DNS
    api.ipify.org
    2487b12f52b803f5d38b3bb9388b039bf4f58c4b5d192d50da5fa047e9db828b.exe
    Remote address:
    8.8.8.8:53
    Request
    api.ipify.org
    IN A
    Response
    api.ipify.org
    IN A
    104.26.12.205
    api.ipify.org
    IN A
    104.26.13.205
    api.ipify.org
    IN A
    172.67.74.152
  • flag-us
    GET
    http://api.ipify.org/
    2487b12f52b803f5d38b3bb9388b039bf4f58c4b5d192d50da5fa047e9db828b.exe
    Remote address:
    104.26.12.205:80
    Request
    GET / HTTP/1.1
    Host: api.ipify.org
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Tue, 25 Mar 2025 10:04:09 GMT
    Content-Type: text/plain
    Content-Length: 14
    Connection: keep-alive
    Vary: Origin
    cf-cache-status: DYNAMIC
    Server: cloudflare
    CF-RAY: 925d951fdb90ef1b-LHR
    server-timing: cfL4;desc="?proto=TCP&rtt=43227&min_rtt=43227&rtt_var=21613&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=63&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388040_17NRQFHMSVZES5QDT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388040_17NRQFHMSVZES5QDT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 694302
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D4652A995AF543B4BCCB5CB2EECF5B2E Ref B: LON04EDGE0618 Ref C: 2025-03-25T10:04:42Z
    date: Tue, 25 Mar 2025 10:04:42 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388041_1G4A2C01B1PAFTOD1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388041_1G4A2C01B1PAFTOD1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 700191
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 27A8DDD9217A49F3BDB21A7BE4377A61 Ref B: LON04EDGE0618 Ref C: 2025-03-25T10:04:42Z
    date: Tue, 25 Mar 2025 10:04:42 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239355218552_1GHGVUO61DTQZRTHX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239355218552_1GHGVUO61DTQZRTHX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 576636
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3D4E7CFDC99C4322A51C8EED8E766E6F Ref B: LON04EDGE0618 Ref C: 2025-03-25T10:04:42Z
    date: Tue, 25 Mar 2025 10:04:42 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418567_1CP2YH6ACBDMHMMFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418567_1CP2YH6ACBDMHMMFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 570617
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F9D851BEE4704D74AEEEC9850FCA4298 Ref B: LON04EDGE0618 Ref C: 2025-03-25T10:04:42Z
    date: Tue, 25 Mar 2025 10:04:42 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239355218553_1LXSNCROYYRJXQ4E3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239355218553_1LXSNCROYYRJXQ4E3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 695138
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 6CF3DC64E3E244B5AC9E9ADFD3E367E3 Ref B: LON04EDGE0618 Ref C: 2025-03-25T10:04:42Z
    date: Tue, 25 Mar 2025 10:04:42 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418568_12QU0TF0Q0S6KJNUT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418568_12QU0TF0Q0S6KJNUT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 581717
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 621325108556415FAC1D1E11937C29F9 Ref B: LON04EDGE0618 Ref C: 2025-03-25T10:04:43Z
    date: Tue, 25 Mar 2025 10:04:42 GMT
  • flag-us
    DNS
    c.pki.goog
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.179.227
  • flag-gb
    GET
    http://c.pki.goog/r/r1.crl
    Remote address:
    142.250.179.227:80
    Request
    GET /r/r1.crl HTTP/1.1
    Cache-Control: max-age = 3000
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 304 Not Modified
    Date: Tue, 25 Mar 2025 10:01:47 GMT
    Expires: Tue, 25 Mar 2025 10:51:47 GMT
    Age: 202
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Cache-Control: public, max-age=3000
    Vary: Accept-Encoding
  • 150.171.27.10:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bd94628177ed404e8e4177cae6593029&localId=w:21C1CCEE-160B-F796-E0D9-10C0675E4A84&deviceId=6896216935942425&anid=
    tls, http2
    2.0kB
     9.4kB
     22
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bd94628177ed404e8e4177cae6593029&localId=w:21C1CCEE-160B-F796-E0D9-10C0675E4A84&deviceId=6896216935942425&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=bd94628177ed404e8e4177cae6593029&localId=w:21C1CCEE-160B-F796-E0D9-10C0675E4A84&deviceId=6896216935942425&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=bd94628177ed404e8e4177cae6593029&localId=w:21C1CCEE-160B-F796-E0D9-10C0675E4A84&deviceId=6896216935942425&anid=

    HTTP Response

    204
  • 104.26.12.205:80
    http://api.ipify.org/
    http
    2487b12f52b803f5d38b3bb9388b039bf4f58c4b5d192d50da5fa047e9db828b.exe
    293 B
     567 B
     5
    3

    HTTP Request

    GET http://api.ipify.org/

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239340418568_12QU0TF0Q0S6KJNUT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    135.8kB
     4.0MB
     2876
    2871

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388040_17NRQFHMSVZES5QDT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388041_1G4A2C01B1PAFTOD1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239355218552_1GHGVUO61DTQZRTHX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418567_1CP2YH6ACBDMHMMFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239355218553_1LXSNCROYYRJXQ4E3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418568_12QU0TF0Q0S6KJNUT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 142.250.179.227:80
    http://c.pki.goog/r/r1.crl
    http
    476 B
     394 B
     6
    4

    HTTP Request

    GET http://c.pki.goog/r/r1.crl

    HTTP Response

    304
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     148 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    api.ipify.org
    dns
    2487b12f52b803f5d38b3bb9388b039bf4f58c4b5d192d50da5fa047e9db828b.exe
    59 B
     107 B
     1
    1

    DNS Request

    api.ipify.org

    DNS Response

    104.26.12.205
    104.26.13.205
    172.67.74.152

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    c.pki.goog
    dns
    56 B
     107 B
     1
    1

    DNS Request

    c.pki.goog

    DNS Response

    142.250.179.227

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3yrz5vgs.knd.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • memory/2012-6-0x0000000074D70000-0x0000000075520000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2012-2-0x0000000074D70000-0x0000000075520000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2012-3-0x00000000056E0000-0x0000000005772000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2012-4-0x0000000005D30000-0x00000000062D4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2012-5-0x00000000065D0000-0x0000000006636000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2012-13-0x0000000074D70000-0x0000000075520000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2012-7-0x0000000074D70000-0x0000000075520000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2012-8-0x0000000006CC0000-0x0000000006D10000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2012-9-0x0000000006F30000-0x0000000006FCC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2012-10-0x0000000006EB0000-0x0000000006EBA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2012-1-0x00000000009B0000-0x0000000000A36000-memory.dmp

    Filesize

    536KB

    Download

  • memory/2012-0-0x0000000074D7E000-0x0000000074D7F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4784-12-0x0000000004F70000-0x0000000004FA6000-memory.dmp

    Filesize

    216KB

    Download

  • memory/4784-29-0x0000000005F50000-0x00000000062A4000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4784-16-0x0000000074D70000-0x0000000075520000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4784-17-0x0000000005560000-0x0000000005582000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4784-18-0x0000000005D80000-0x0000000005DE6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4784-15-0x0000000074D70000-0x0000000075520000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4784-24-0x0000000074D70000-0x0000000075520000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4784-14-0x00000000055E0000-0x0000000005C08000-memory.dmp

    Filesize

    6.2MB

    Download

  • memory/4784-30-0x00000000065A0000-0x00000000065BE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4784-31-0x00000000065F0000-0x000000000663C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/4784-32-0x0000000007BE0000-0x000000000825A000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4784-33-0x0000000006AB0000-0x0000000006ACA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4784-34-0x0000000007600000-0x0000000007696000-memory.dmp

    Filesize

    600KB

    Download

  • memory/4784-35-0x0000000006B70000-0x0000000006B92000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4784-38-0x0000000074D70000-0x0000000075520000-memory.dmp

    Filesize

    7.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.