Overview

overview

10

Static

static

10

2025-03-26...ab.exe

windows7-x64

10

2025-03-26...ab.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    104s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2025, 08:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-03-26_d90919fa768daa3848b94fb2c92d30b0_gandcrab.exe

  • Size

    69KB

  • MD5

    d90919fa768daa3848b94fb2c92d30b0

  • SHA1

    ff22f7d1e7a573bc853904e991497b5517448e11

  • SHA256

    7909bdf74318c35cbd28d1eef682fd26ab6b39143c2da09c630e8d79d84cfd5b

  • SHA512

    5f74062ced0b47d591a68823e7eabd508aa67d79ae35b861943f4af81d340b2d91598ba679c5f24ffaee4ba0cf54a191512835debf10c3e30067ab1f9e0f77f8

  • SSDEEP

    1536:/ZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAmMqqU+2bbbAV2/S2Lccu:XBounVyFHjMqqDL2/Lcc

Score
10/10
gandcrabbackdoordiscoveryransomware

Malware Config

Signatures

  • GandCrab payload 1 IoCs
  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab
  • Gandcrab family
    gandcrab
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-03-26_d90919fa768daa3848b94fb2c92d30b0_gandcrab.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-03-26_d90919fa768daa3848b94fb2c92d30b0_gandcrab.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:5116
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 344
      2⤵
      • Program crash
      PID:4564
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5116 -ip 5116
    1⤵
      PID:5588

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.ax-0001.ax-msedge.net
      g-bing-com.ax-0001.ax-msedge.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=000d2bca83c74ee8957efbe9e25154ef&localId=w:ACC80AAA-1844-E958-013E-C7D282AA1E44&deviceId=6896216935759584&anid=
      Remote address:
      150.171.27.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=000d2bca83c74ee8957efbe9e25154ef&localId=w:ACC80AAA-1844-E958-013E-C7D282AA1E44&deviceId=6896216935759584&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=3C2399ED54376AFC30A18C5655D76BEA; domain=.bing.com; expires=Mon, 20-Apr-2026 08:57:09 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 6C0C82F59BB848DDB3F68005E6490D42 Ref B: LON04EDGE1016 Ref C: 2025-03-26T08:57:09Z
      date: Wed, 26 Mar 2025 08:57:08 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=000d2bca83c74ee8957efbe9e25154ef&localId=w:ACC80AAA-1844-E958-013E-C7D282AA1E44&deviceId=6896216935759584&anid=
      Remote address:
      150.171.27.10:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=000d2bca83c74ee8957efbe9e25154ef&localId=w:ACC80AAA-1844-E958-013E-C7D282AA1E44&deviceId=6896216935759584&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3C2399ED54376AFC30A18C5655D76BEA
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=WNIA_pTjOK0da0QPzncsuRGmyEpF-vwsavnv1-mmD0Q; domain=.bing.com; expires=Mon, 20-Apr-2026 08:57:09 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: B7EFC16FE1D5422E8CF42E6CF480EDCA Ref B: LON04EDGE1016 Ref C: 2025-03-26T08:57:09Z
      date: Wed, 26 Mar 2025 08:57:08 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=000d2bca83c74ee8957efbe9e25154ef&localId=w:ACC80AAA-1844-E958-013E-C7D282AA1E44&deviceId=6896216935759584&anid=
      Remote address:
      150.171.27.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=000d2bca83c74ee8957efbe9e25154ef&localId=w:ACC80AAA-1844-E958-013E-C7D282AA1E44&deviceId=6896216935759584&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3C2399ED54376AFC30A18C5655D76BEA; MSPTC=WNIA_pTjOK0da0QPzncsuRGmyEpF-vwsavnv1-mmD0Q
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 8A75915F8BFB4FDB94EDCB1909E18107 Ref B: LON04EDGE1016 Ref C: 2025-03-26T08:57:09Z
      date: Wed, 26 Mar 2025 08:57:08 GMT
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388172_11H31EUO703JYE8HS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239339388172_11H31EUO703JYE8HS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 520592
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 57301C186EAB4751865AAE8A588DE74D Ref B: LON04EDGE0908 Ref C: 2025-03-26T08:57:47Z
      date: Wed, 26 Mar 2025 08:57:46 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 579336
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 1DED126D6F5845C2AF95B4CC18F0C197 Ref B: LON04EDGE0908 Ref C: 2025-03-26T08:57:47Z
      date: Wed, 26 Mar 2025 08:57:46 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239353388073_1SY37RLMEXBSAP5P1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239353388073_1SY37RLMEXBSAP5P1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 673255
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: F694A53D0B3549E98CB609350B936500 Ref B: LON04EDGE0908 Ref C: 2025-03-26T08:57:47Z
      date: Wed, 26 Mar 2025 08:57:46 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239353388079_1I03GNWN380ZGL8MJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239353388079_1I03GNWN380ZGL8MJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 641224
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 91CCAF0A788643E689E04DCA761C5559 Ref B: LON04EDGE0908 Ref C: 2025-03-26T08:57:47Z
      date: Wed, 26 Mar 2025 08:57:46 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418609_1GWNOVIVAOEBFVIZK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239340418609_1GWNOVIVAOEBFVIZK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 745212
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: A6F1958710CC4761A2DCB909055DD875 Ref B: LON04EDGE0908 Ref C: 2025-03-26T08:57:47Z
      date: Wed, 26 Mar 2025 08:57:46 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239339388173_143HGT0XS5NV1OXIB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.28.10:443
      Request
      GET /th?id=OADD2.10239339388173_143HGT0XS5NV1OXIB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 495695
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 37B7DDF8F3A646CBAC5E2CAA21A3C469 Ref B: LON04EDGE0908 Ref C: 2025-03-26T08:57:47Z
      date: Wed, 26 Mar 2025 08:57:47 GMT
    • flag-us
      DNS
      c.pki.goog
      Remote address:
      8.8.8.8:53
      Request
      c.pki.goog
      IN A
      Response
      c.pki.goog
      IN CNAME
      pki-goog.l.google.com
      pki-goog.l.google.com
      IN A
      142.250.180.3
    • flag-gb
      GET
      http://c.pki.goog/r/r1.crl
      Remote address:
      142.250.180.3:80
      Request
      GET /r/r1.crl HTTP/1.1
      Cache-Control: max-age = 3000
      Connection: Keep-Alive
      Accept: */*
      If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
      User-Agent: Microsoft-CryptoAPI/10.0
      Host: c.pki.goog
      Response
      HTTP/1.1 304 Not Modified
      Date: Wed, 26 Mar 2025 08:43:40 GMT
      Expires: Wed, 26 Mar 2025 09:33:40 GMT
      Age: 869
      Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
      Cache-Control: public, max-age=3000
      Vary: Accept-Encoding
    • 150.171.27.10:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=000d2bca83c74ee8957efbe9e25154ef&localId=w:ACC80AAA-1844-E958-013E-C7D282AA1E44&deviceId=6896216935759584&anid=
      tls, http2
      2.0kB
       9.4kB
       22
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=000d2bca83c74ee8957efbe9e25154ef&localId=w:ACC80AAA-1844-E958-013E-C7D282AA1E44&deviceId=6896216935759584&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=000d2bca83c74ee8957efbe9e25154ef&localId=w:ACC80AAA-1844-E958-013E-C7D282AA1E44&deviceId=6896216935759584&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=000d2bca83c74ee8957efbe9e25154ef&localId=w:ACC80AAA-1844-E958-013E-C7D282AA1E44&deviceId=6896216935759584&anid=

      HTTP Response

      204
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 150.171.28.10:443
      https://tse1.mm.bing.net/th?id=OADD2.10239339388173_143HGT0XS5NV1OXIB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      tls, http2
      151.8kB
       3.8MB
       2745
      2739

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388172_11H31EUO703JYE8HS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239353388073_1SY37RLMEXBSAP5P1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239353388079_1I03GNWN380ZGL8MJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418609_1GWNOVIVAOEBFVIZK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239339388173_143HGT0XS5NV1OXIB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200
    • 142.250.180.3:80
      http://c.pki.goog/r/r1.crl
      http
      476 B
       394 B
       6
      4

      HTTP Request

      GET http://c.pki.goog/r/r1.crl

      HTTP Response

      304
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       148 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      150.171.27.10
      150.171.28.10

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       170 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      150.171.28.10
      150.171.27.10

    • 8.8.8.8:53
      c.pki.goog
      dns
      56 B
       107 B
       1
      1

      DNS Request

      c.pki.goog

      DNS Response

      142.250.180.3

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/5116-0-0x000000000FE20000-0x000000000FE36000-memory.dmp

      Filesize

      88KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.