agenttesla | 937f43ce0b39fca4de06bbeaa5aac7f4ff41397d24aff49ca1441534c7ad05db

Resubmissions

15/05/2023, 11:15 UTC

230515-nc1rxaad5w 10

15/05/2023, 09:17 UTC

230515-k9jm4saa21 10

15/05/2023, 09:14 UTC

230515-k7vbtsfe86 3

Analysis

max time kernel
29s
max time network
347s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2023, 09:17 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MY00046R0239528MYKUL.exe
Size

154KB
MD5

da9e335cd673f6fe0bba1fa82aa04e4c
SHA1

fdb8e13542a61d2e186e9b4b1cf1573868a80121
SHA256

b2280e958e4020f76a0096cff05b795311599a6e36bdc9f3131e66bcfd27fa5a
SHA512

e52fc95374f9b2ba1eeeac2ed82a406ada102db7fa7b388e2a18391c9a6c2fdb869dbf3f4eaa3fe3e84c0551721565da3174c85873a0be779a2acd36acdf4770
SSDEEP

3072:cYu/YbAcxltXuX4bBGCOVy04vEfS7ylxJdEOA1Uz04/GlqwTNqjnN+5:c6bAcJZxC4vvGDtA6Yfg4NqjnNQ

Score

10^/10

agenttesla guloader downloader keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
masonadventures.com
Port:
587
Username:
arbat@masonadventures.com
Password:
PUh/f9ES(7,av{ZL;F
Email To:
arthurleonard443@gmail.com

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader

Checks QEMU agent file 2 TTPs 1 IoCs

Checks presence of QEMU agent, possibly to detect virtualization.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	C:\Program Files\Qemu-ga\qemu-ga.exe	MY00046R0239528MYKUL.exe

Loads dropped DLL 1 IoCs

pid	Process
2748	MY00046R0239528MYKUL.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
48	api.ipify.org
49	api.ipify.org
124	api.ipify.org
125	api.ipify.org
132	api.ipify.org

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Candock\Paludiferous\Deashes\Hushandelers.ini	MY00046R0239528MYKUL.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2748	MY00046R0239528MYKUL.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2748 set thread context of 3040	2748	MY00046R0239528MYKUL.exe	91

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 3 IoCs

pid	pid_target	Process	procid_target
852	3040	WerFault.exe	91
1700	4656	WerFault.exe	113
4420	2540	WerFault.exe	126

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2748	MY00046R0239528MYKUL.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 3040	2748	MY00046R0239528MYKUL.exe	91
PID 2748 wrote to memory of 3040	2748	MY00046R0239528MYKUL.exe	91
PID 2748 wrote to memory of 3040	2748	MY00046R0239528MYKUL.exe	91
PID 2748 wrote to memory of 3040	2748	MY00046R0239528MYKUL.exe	91

C:\Users\Admin\AppData\Local\Temp\MY00046R0239528MYKUL.exe
"C:\Users\Admin\AppData\Local\Temp\MY00046R0239528MYKUL.exe"
1⤵
- Checks QEMU agent file
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
  "C:\Users\Admin\AppData\Local\Temp\MY00046R0239528MYKUL.exe"
  2⤵
  PID:3040
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 2476
    3⤵
    - Program crash
    PID:852

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:220

C:\Users\Admin\AppData\Local\Temp\MY00046R0239528MYKUL.exe
"C:\Users\Admin\AppData\Local\Temp\MY00046R0239528MYKUL.exe"
1⤵
PID:2108
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
  "C:\Users\Admin\AppData\Local\Temp\MY00046R0239528MYKUL.exe"
  2⤵
  PID:4656
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 2504
    3⤵
    - Program crash
    PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3040 -ip 3040
1⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\MY00046R0239528MYKUL.exe
"C:\Users\Admin\AppData\Local\Temp\MY00046R0239528MYKUL.exe"
1⤵
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4bca9758,0x7ffa4bca9768,0x7ffa4bca9778
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1924,i,10840290373876856159,11638597059127438676,131072 /prefetch:2
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1924,i,10840290373876856159,11638597059127438676,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1924,i,10840290373876856159,11638597059127438676,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1924,i,10840290373876856159,11638597059127438676,131072 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3296 --field-trial-handle=1924,i,10840290373876856159,11638597059127438676,131072 /prefetch:1
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=1924,i,10840290373876856159,11638597059127438676,131072 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3816 --field-trial-handle=1924,i,10840290373876856159,11638597059127438676,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1924,i,10840290373876856159,11638597059127438676,131072 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4808 --field-trial-handle=1924,i,10840290373876856159,11638597059127438676,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5284 --field-trial-handle=1924,i,10840290373876856159,11638597059127438676,131072 /prefetch:8
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 --field-trial-handle=1924,i,10840290373876856159,11638597059127438676,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5852 --field-trial-handle=1924,i,10840290373876856159,11638597059127438676,131072 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3812 --field-trial-handle=1924,i,10840290373876856159,11638597059127438676,131072 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4448
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7ba7e7688,0x7ff7ba7e7698,0x7ff7ba7e76a8
    3⤵
    PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 --field-trial-handle=1924,i,10840290373876856159,11638597059127438676,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=932 --field-trial-handle=1924,i,10840290373876856159,11638597059127438676,131072 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2796 --field-trial-handle=1924,i,10840290373876856159,11638597059127438676,131072 /prefetch:2
  2⤵
  PID:1052

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\MY00046R0239528MYKUL.exe
"C:\Users\Admin\AppData\Local\Temp\MY00046R0239528MYKUL.exe"
1⤵
PID:1148
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe
  "C:\Users\Admin\AppData\Local\Temp\MY00046R0239528MYKUL.exe"
  2⤵
  PID:2540
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 2512
    3⤵
    - Program crash
    PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4656 -ip 4656
1⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2540 -ip 2540
1⤵
PID:1848

Network

DNS

assets.msn.com

Remote address:

8.8.8.8:53

Request

assets.msn.com

IN A

Response

assets.msn.com

IN CNAME

assets.msn.com.edgekey.net

assets.msn.com.edgekey.net

IN CNAME

e28578.d.akamaiedge.net

e28578.d.akamaiedge.net

IN A

23.73.0.139

e28578.d.akamaiedge.net

IN A

23.73.0.161

e28578.d.akamaiedge.net

IN A

23.73.0.135

e28578.d.akamaiedge.net

IN A

23.73.0.187

e28578.d.akamaiedge.net

IN A

23.73.0.171

e28578.d.akamaiedge.net

IN A

23.73.0.152

e28578.d.akamaiedge.net

IN A

23.73.0.149

e28578.d.akamaiedge.net

IN A

23.73.0.150

e28578.d.akamaiedge.net

IN A

23.73.0.158
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
GET

https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=5b47601f-b5c6-44d1-871e-09a6b489eeef&ocid=windows-windowsShell-feeds&user=m-cf89462b11a8449c8f6b21e7993ab708&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask

Remote address:

23.73.0.161:443

Request

GET /serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=5b47601f-b5c6-44d1-871e-09a6b489eeef&ocid=windows-windowsShell-feeds&user=m-cf89462b11a8449c8f6b21e7993ab708&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask HTTP/2.0
host: assets.msn.com
x-search-account: None
accept-encoding: gzip, deflate
x-device-machineid: {C9E8DBBA-7F76-41FC-929E-89520C801A1F}
x-userageclass: Unknown
x-bm-market: US
x-bm-dateformat: M/d/yyyy
x-device-ossku: 48
x-bm-dtz: 0
x-deviceid: 0100B2E609000CC3
x-bm-windowsflights: FX:117B9872,FX:119E26AD,FX:11D898D7,FX:11DB147C,FX:11DE505A,FX:11E11E97,FX:11E3E2BA,FX:11E50151,FX:11E9EE98,FX:11F1992A,FX:11F4161E,FX:11F41B68,FX:11FB0F2F,FX:1201B330,FX:1202B7FC,FX:120BB68E,FX:121A20E1,FX:121BF15F,FX:121E5EC8,FX:122D8E86,FX:123031A3,FX:1231B88B,FX:123371B1,FX:1233C945,FX:123D7C31,FX:1240013C,FX:1246E4A3,FX:1248306D,FX:124B38D0,FX:1250080B,FX:125A7FDA,FX:1264FA75,FX:126DBC22,FX:127159BE,FX:12769734,FX:127C935B,FX:127DC03A,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:129135BB
sitename: www.msn.com
x-bm-theme: 000000;0078d7
muid: CF89462B11A8449C8F6B21E7993AB708
x-agent-deviceid: 0100B2E609000CC3
x-bm-onlinesearchdisabled: true
x-bm-cbt: 1677184530
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
x-device-isoptin: false
accept-language: en-US, en
x-device-touch: false
x-device-clientsession: 5ECFE70AAFF547BBA673DC6D10A54082
cookie: MUID=CF89462B11A8449C8F6B21E7993AB708

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-origin: *.msn.com
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
content-encoding: gzip
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-tmpl: winbadge:1;partialResponse:1;lowT:0;daucoldcap:1;lowC:0;coldStartUpsell:1;coldStart:1;SportsMatch_all:1;IsRecoNewUser:1;tbn:0
x-wpo-activityid: FE17F6A3-8AB7-40D2-B6B7-F24A045909E5|2023-05-15T09:18:29.0859979Z|fabric:/wpo|WEU|WPO_30
ddd-feednewsitemcount: 1
ddd-activityid: fe17f6a3-8ab7-40d2-b6b7-f24a045909e5
ddd-strategyexecutionlatency: 00:00:00.2385894
ddd-debugid: fe17f6a3-8ab7-40d2-b6b7-f24a045909e5|2023-05-15T09:18:29.0898749Z|fabric:/winfeed|WEU|WinFeed_403
onewebservicelatency: 239
x-msedge-responseinfo: 239
x-ceto-ref: 6461f8e4d25640659c7d25f5229d00ac|2023-05-15T09:18:28.852Z
expires: Mon, 15 May 2023 09:18:29 GMT
date: Mon, 15 May 2023 09:18:29 GMT
content-length: 2017
akamai-request-bc: [a=23.72.255.33,b=813019672,c=g,n=NL__HAARLEM,o=20940],[a=20.23.114.34,c=o]
server-timing: clientrtt; dur=18, clienttt; dur=, origin; dur=245 , cdntime; dur=-245
akamai-cache-status: Miss from child
akamai-server-ip: 23.72.255.33
akamai-request-id: 3075b218
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
vary: Origin
DNS

161.0.73.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.0.73.23.in-addr.arpa

IN PTR

Response

161.0.73.23.in-addr.arpa

IN PTR

a23-73-0-161deploystaticakamaitechnologiescom
DNS

72.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
DNS

drive.google.com

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

172.217.168.238
DNS

238.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.168.217.172.in-addr.arpa

IN PTR

Response

238.168.217.172.in-addr.arpa

IN PTR

ams15s40-in-f141e100net
DNS

35.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.36.251.142.in-addr.arpa

IN PTR

Response

35.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f31e100net
DNS

doc-0c-4o-docs.googleusercontent.com

Remote address:

8.8.8.8:53

Request

doc-0c-4o-docs.googleusercontent.com

IN A

Response

doc-0c-4o-docs.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.251.36.1
DNS

1.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.36.251.142.in-addr.arpa

IN PTR

Response

1.36.251.142.in-addr.arpa

IN PTR

ams15s44-in-f11e100net
DNS

api.ipify.org

Remote address:

8.8.8.8:53

Request

api.ipify.org

IN A

Response

api.ipify.org

IN CNAME

api4.ipify.org

api4.ipify.org

IN A

64.185.227.155

api4.ipify.org

IN A

173.231.16.77

api4.ipify.org

IN A

104.237.62.211
DNS

155.227.185.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.227.185.64.in-addr.arpa

IN PTR

Response

155.227.185.64.in-addr.arpa

IN PTR

64-185-227-155staticwebnxcom
DNS

63.13.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

63.13.109.52.in-addr.arpa

IN PTR

Response
DNS

63.13.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

63.13.109.52.in-addr.arpa

IN PTR

Response
DNS

250.255.255.239.in-addr.arpa

Remote address:

8.8.8.8:53

Request

250.255.255.239.in-addr.arpa

IN PTR

Response
DNS

195.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.179.250.142.in-addr.arpa

IN PTR

Response

195.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f31e100net
DNS

138.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.179.250.142.in-addr.arpa

IN PTR

Response

138.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f101e100net
DNS

196.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.168.217.172.in-addr.arpa

IN PTR

Response

196.168.217.172.in-addr.arpa

IN PTR

ams16s32-in-f41e100net
DNS

apis.google.com

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

172.217.23.206
DNS

ogs.google.com

Remote address:

8.8.8.8:53

Request

ogs.google.com

IN A

Response

ogs.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.179.206
DNS

ssl.gstatic.com

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

172.217.23.195
DNS

206.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.179.250.142.in-addr.arpa

IN PTR

Response

206.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f141e100net
DNS

195.23.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.23.217.172.in-addr.arpa

IN PTR

Response

195.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f1951e100net

195.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f3�J

195.23.217.172.in-addr.arpa

IN PTR

ams16s37-in-f3�J
DNS

195.23.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.23.217.172.in-addr.arpa

IN PTR

Response

195.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f31e100net

195.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f195�H

195.23.217.172.in-addr.arpa

IN PTR

ams16s37-in-f3�H
DNS

206.23.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.217.172.in-addr.arpa

IN PTR

Response

206.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f141e100net

206.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f206�I

206.23.217.172.in-addr.arpa

IN PTR

ams16s37-in-f14�I
DNS

play.google.com

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.251.36.14
DNS

clients2.google.com

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.251.36.46
DNS

clients2.googleusercontent.com

Remote address:

8.8.8.8:53

Request

clients2.googleusercontent.com

IN A

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.251.36.1
DNS

14.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.36.251.142.in-addr.arpa

IN PTR

Response

14.36.251.142.in-addr.arpa

IN PTR

ams15s44-in-f141e100net
DNS

46.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.36.251.142.in-addr.arpa

IN PTR

Response

46.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f141e100net
DNS

131.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.179.250.142.in-addr.arpa

IN PTR

Response

131.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f31e100net
DNS

virustotal.com

Remote address:

8.8.8.8:53

Request

virustotal.com

IN A

Response

virustotal.com

IN A

216.239.34.21

virustotal.com

IN A

216.239.32.21

virustotal.com

IN A

216.239.38.21

virustotal.com

IN A

216.239.36.21
DNS

www.virustotal.com

Remote address:

8.8.8.8:53

Request

www.virustotal.com

IN A

Response

www.virustotal.com

IN CNAME

ghs-svc-https-c46.ghs-ssl.googlehosted.com

ghs-svc-https-c46.ghs-ssl.googlehosted.com

IN A

74.125.34.46
DNS

www.recaptcha.net

Remote address:

8.8.8.8:53

Request

www.recaptcha.net

IN A

Response

www.recaptcha.net

IN A

172.217.168.227
DNS

21.34.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.34.239.216.in-addr.arpa

IN PTR

Response

21.34.239.216.in-addr.arpa

IN PTR

any-in-22151e100net
DNS

46.34.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.34.125.74.in-addr.arpa

IN PTR

Response

46.34.125.74.in-addr.arpa

IN PTR

ghs-vip-any-c46ghs-sslgooglehostedcom
DNS

227.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.168.217.172.in-addr.arpa

IN PTR

Response

227.168.217.172.in-addr.arpa

IN PTR

ams15s40-in-f31e100net
DNS

recaptcha.net

Remote address:

8.8.8.8:53

Request

recaptcha.net

IN A

Response

recaptcha.net

IN A

142.251.39.99
DNS

content-autofill.googleapis.com

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

172.217.168.234

content-autofill.googleapis.com

IN A

142.250.179.170

content-autofill.googleapis.com

IN A

142.250.179.202

content-autofill.googleapis.com

IN A

142.251.36.10

content-autofill.googleapis.com

IN A

142.251.39.106

content-autofill.googleapis.com

IN A

172.217.23.202

content-autofill.googleapis.com

IN A

216.58.214.10

content-autofill.googleapis.com

IN A

142.250.179.138

content-autofill.googleapis.com

IN A

142.251.36.42
DNS

99.39.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.39.251.142.in-addr.arpa

IN PTR

Response

99.39.251.142.in-addr.arpa

IN PTR

ams15s48-in-f31e100net
DNS

234.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.168.217.172.in-addr.arpa

IN PTR

Response

234.168.217.172.in-addr.arpa

IN PTR

ams15s40-in-f101e100net
DNS

api.ipify.org

Remote address:

8.8.8.8:53

Request

api.ipify.org

IN A

Response

api.ipify.org

IN CNAME

api4.ipify.org

api4.ipify.org

IN A

173.231.16.77

api4.ipify.org

IN A

64.185.227.155

api4.ipify.org

IN A

104.237.62.211
DNS

77.16.231.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.16.231.173.in-addr.arpa

IN PTR

Response

77.16.231.173.in-addr.arpa

IN PTR

173-231-16-77staticwebnxcom
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

2.36.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.36.159.162.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

88.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.65.42.20.in-addr.arpa

IN PTR

Response

23.73.0.139:443

assets.msn.com

156 B
3
23.73.0.161:443

https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=5b47601f-b5c6-44d1-871e-09a6b489eeef&ocid=windows-windowsShell-feeds&user=m-cf89462b11a8449c8f6b21e7993ab708&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask

tls, http2

2.7kB
11.2kB
22
20

HTTP Request

GET https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=5b47601f-b5c6-44d1-871e-09a6b489eeef&ocid=windows-windowsShell-feeds&user=m-cf89462b11a8449c8f6b21e7993ab708&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask

HTTP Response

200
52.242.101.226:443

260 B
5
172.217.168.238:443

drive.google.com

tls

1.2kB
9.1kB
14
11
142.251.36.1:443

doc-0c-4o-docs.googleusercontent.com

tls

7.4kB
192.2kB
146
143
20.50.80.209:443

322 B
7
209.197.3.8:80

322 B
7
64.185.227.155:443

api.ipify.org

tls

1.3kB
6.9kB
11
10
173.223.113.164:443

322 B
7
173.223.113.131:80

322 B
7
204.79.197.203:80

api.msn.com

322 B
7
52.242.101.226:443

260 B
5
142.250.179.206:443

ogs.google.com

tls

2.4kB
23.1kB
24
33
209.197.3.8:80

322 B
7
172.217.23.195:443

ssl.gstatic.com

tls

1.2kB
6.2kB
14
15
142.251.36.14:443

play.google.com

tls

3.6kB
9.2kB
21
24
142.251.36.46:443

clients2.google.com

tls

2.3kB
10.6kB
20
25
142.251.36.1:443

clients2.googleusercontent.com

tls

3.5kB
105.9kB
53
90
52.242.101.226:443

260 B
5
172.217.168.238:443

drive.google.com

tls

1.2kB
9.1kB
14
11
142.251.36.1:443

doc-0c-4o-docs.googleusercontent.com

tls

7.4kB
192.1kB
146
143
216.239.34.21:443

virustotal.com

tls

953 B
3.9kB
8
7
216.239.34.21:443

virustotal.com

tls

2.2kB
5.0kB
18
22
74.125.34.46:443

www.virustotal.com

tls

66.1kB
2.4MB
1225
2057
172.217.168.227:443

www.recaptcha.net

tls

2.2kB
14.7kB
23
27
142.251.39.99:443

recaptcha.net

tls

2.2kB
14.7kB
23
28
172.217.168.234:443

content-autofill.googleapis.com

tls

2.0kB
7.4kB
19
23
173.231.16.77:443

api.ipify.org

tls

641 B
6.4kB
10
8
52.242.101.226:443

260 B
5
52.242.101.226:443

260 B
5
52.242.101.226:443

260 B
5
172.217.168.238:443

drive.google.com

tls

1.2kB
9.1kB
14
11
142.251.36.1:443

doc-0c-4o-docs.googleusercontent.com

tls

7.4kB
192.2kB
146
143
173.231.16.77:443

api.ipify.org

tls

589 B
4.1kB
9
5
52.242.101.226:443

260 B
5
52.242.101.226:443

260 B
5
52.242.101.226:443

260 B
5

8.8.8.8:53

assets.msn.com

dns

60 B
278 B
1
1

DNS Request

assets.msn.com

DNS Response

23.73.0.139

23.73.0.161

23.73.0.135

23.73.0.187

23.73.0.171

23.73.0.152

23.73.0.149

23.73.0.150

23.73.0.158
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

161.0.73.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

161.0.73.23.in-addr.arpa
8.8.8.8:53

72.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

72.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

drive.google.com

dns

62 B
78 B
1
1

DNS Request

drive.google.com

DNS Response

172.217.168.238
8.8.8.8:53

238.168.217.172.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.168.217.172.in-addr.arpa
8.8.8.8:53

35.36.251.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

35.36.251.142.in-addr.arpa
8.8.8.8:53

doc-0c-4o-docs.googleusercontent.com

dns

82 B
127 B
1
1

DNS Request

doc-0c-4o-docs.googleusercontent.com

DNS Response

142.251.36.1
8.8.8.8:53

1.36.251.142.in-addr.arpa

dns

71 B
109 B
1
1

DNS Request

1.36.251.142.in-addr.arpa
8.8.8.8:53

api.ipify.org

dns

59 B
126 B
1
1

DNS Request

api.ipify.org

DNS Response

64.185.227.155

173.231.16.77

104.237.62.211
8.8.8.8:53

155.227.185.64.in-addr.arpa

dns

73 B
118 B
1
1

DNS Request

155.227.185.64.in-addr.arpa
8.8.8.8:53

63.13.109.52.in-addr.arpa

dns

142 B
290 B
2
2

DNS Request

63.13.109.52.in-addr.arpa

DNS Request

63.13.109.52.in-addr.arpa
8.8.8.8:53

250.255.255.239.in-addr.arpa

dns

74 B
131 B
1
1

DNS Request

250.255.255.239.in-addr.arpa
8.8.8.8:53

195.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.179.250.142.in-addr.arpa
8.8.8.8:53

138.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

138.179.250.142.in-addr.arpa
8.8.8.8:53

196.168.217.172.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

196.168.217.172.in-addr.arpa
8.8.8.8:53

apis.google.com

dns

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

172.217.23.206
8.8.8.8:53

ogs.google.com

dns

60 B
97 B
1
1

DNS Request

ogs.google.com

DNS Response

142.250.179.206
8.8.8.8:53

ssl.gstatic.com

dns

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

172.217.23.195
8.8.8.8:53

206.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

206.179.250.142.in-addr.arpa
8.8.8.8:53

195.23.217.172.in-addr.arpa

dns

146 B
342 B
2
2

DNS Request

195.23.217.172.in-addr.arpa

DNS Request

195.23.217.172.in-addr.arpa
8.8.8.8:53

206.23.217.172.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

206.23.217.172.in-addr.arpa
8.8.8.8:53

play.google.com

dns

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.251.36.14
8.8.8.8:53

clients2.google.com

dns

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

142.251.36.46
8.8.8.8:53

clients2.googleusercontent.com

dns

76 B
121 B
1
1

DNS Request

clients2.googleusercontent.com

DNS Response

142.251.36.1
8.8.8.8:53

14.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

14.36.251.142.in-addr.arpa
8.8.8.8:53

46.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

46.36.251.142.in-addr.arpa
142.251.36.14:443

play.google.com

https

3.4kB
7.1kB
8
11
142.251.36.14:443

play.google.com

https

5.7kB
8.2kB
11
14
8.8.8.8:53

131.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

131.179.250.142.in-addr.arpa
224.0.0.251:5353

204 B
3
8.8.8.8:53

virustotal.com

dns

60 B
124 B
1
1

DNS Request

virustotal.com

DNS Response

216.239.34.21

216.239.32.21

216.239.38.21

216.239.36.21
8.8.8.8:53

www.virustotal.com

dns

64 B
133 B
1
1

DNS Request

www.virustotal.com

DNS Response

74.125.34.46
8.8.8.8:53

www.recaptcha.net

dns

63 B
79 B
1
1

DNS Request

www.recaptcha.net

DNS Response

172.217.168.227
8.8.8.8:53

21.34.239.216.in-addr.arpa

dns

72 B
107 B
1
1

DNS Request

21.34.239.216.in-addr.arpa
8.8.8.8:53

46.34.125.74.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

46.34.125.74.in-addr.arpa
8.8.8.8:53

227.168.217.172.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.168.217.172.in-addr.arpa
8.8.8.8:53

recaptcha.net

dns

59 B
75 B
1
1

DNS Request

recaptcha.net

DNS Response

142.251.39.99
142.251.39.99:443

recaptcha.net

https

3.1kB
37.9kB
19
35
8.8.8.8:53

content-autofill.googleapis.com

dns

77 B
221 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

172.217.168.234

142.250.179.170

142.250.179.202

142.251.36.10

142.251.39.106

172.217.23.202

216.58.214.10

142.250.179.138

142.251.36.42
8.8.8.8:53

99.39.251.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

99.39.251.142.in-addr.arpa
8.8.8.8:53

234.168.217.172.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.168.217.172.in-addr.arpa
8.8.8.8:53

api.ipify.org

dns

59 B
126 B
1
1

DNS Request

api.ipify.org

DNS Response

173.231.16.77

64.185.227.155

104.237.62.211
8.8.8.8:53

77.16.231.173.in-addr.arpa

dns

72 B
116 B
1
1

DNS Request

77.16.231.173.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

2.36.159.162.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

2.36.159.162.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

88.65.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

88.65.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
9fa56f51cfbd3b76bc71ee70c4bbcf7e

SHA1
ae707a094db043c028523927be61c7a4ce10decd

SHA256
9bbd98af7d7072a847dc771c3a507c1b87703e2d5c540adffbe2c7535b0cf1f1

SHA512
d454030e93dfe16cd9464fd71e38fd4d075bfc2b5f3afd126f700d2eeb9d581d695f1e3f887c41a9ce9bad3faf5c69c57c24832899fa0bd58914c56a6432ca1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_B9D42EB7519BCEC9711628B283BA5BF1

Filesize
472B

MD5
aab52350e8c9d130af40b59c6b6c8850

SHA1
c6c688b0afeb01245a7d0022f7e282b8c4a9719d

SHA256
b544a9527b2fd857887a6b269beaca2a3224c857bcc2bc1f6fad1b8247d27c3f

SHA512
1f11182d07e56f3034c4855d69b3ef67aeac21c0481b39abda796d17b9e6fee4fd7dd2ef52775e45d57858704d9644e1be0c6869a634f1e7c10b21d75c294c4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_8040D204022B02A46D7779A3347947E3

Filesize
471B

MD5
bf6732940d6e2f5ae2341098b840edde

SHA1
534624525689aee38328dbf425f11404b434397e

SHA256
93f38010996252b502983331af9e04ef9afc478deab8bfec32df1fcb43893749

SHA512
7106da0636206727c2da3ea04a408aa86d1884762ce77d786e0e7e7c3d210306ad3254722f6be202c9023377bf11fa6026fc54c04e084a5dc1d5cbd54c5a283e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
b62ff6c2272101219eff21ab7878f10b

SHA1
c2222bfcfcce217f816e35bdcef40cc168d72838

SHA256
e68548399b818df75cf5b4441cf76fa715c98aab2914b0cd2af6a0b6fedcc6d4

SHA512
893a0181970f1dba63de33444e5f927283dfd80af722a1a14d7499177904cac052119ee19d2d3540f2668dff1662e7076663901b491922a38f4decff171df205

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
feb9f8f9cb1da51085a982e1a4f5b712

SHA1
aabe517dee30cafe3c3bb40bf920a5acf23ed10d

SHA256
f41b0142fc202485d2593206fa410798a79648e705f6fef7d4c600b3412f9f93

SHA512
a802be2ce07462882971ce6eb2a7378637048f4b273a492b683fd11d84403b54a5eb8f78d921e1b3be4908f093d15a4f4bb7398e99820ddc349c72957ec0ca88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_B9D42EB7519BCEC9711628B283BA5BF1

Filesize
406B

MD5
21a9c75a5c83e6405accc928efaa4087

SHA1
3f213462af2cd466b094e05f160288422350cb27

SHA256
4e3d3572ea57aebd1df94a95aec1920b938ff1d06281cec1d468a66a60971ad4

SHA512
361477a3cdd61364c9329ac346ee4597d67cbecdfe1dfe9d61aa225eb1508df6d8a12bb469bf96690dfc4ebe635f5b8945a636ebdde258bd0ea1e093d5d85dc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_8040D204022B02A46D7779A3347947E3

Filesize
410B

MD5
baf40a3748ee2f8af9988d9cae46dbd6

SHA1
c7be97220978e2a98d2cb5589842c6ae0da84f87

SHA256
666b52cc7f066fd1b45d4fb24c9e913078eecb5c8581ab5c15f4bfddb7b5d8a3

SHA512
29fecba249277888fe5ba9fe02b6b516579c43a7485ba6a97c1c32ac5f4f86aee84e35cf4a2c80cd3bcc6697348d0aed5ea5a689a5ddf20988c2c4df64109bd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c381fae5fd0638705805123ccfd51a36

SHA1
986c5d6126c60510f028dc52b02e328da5f0c812

SHA256
c24848b33e98e1fafeae55e3f0be1d1b66a3d986448aff304da13d2209340ca7

SHA512
3e74013e2dde89ad28585fd852a82a1048b769ed3ddddfb9919ba0d493e272df08348e979eae8c46db36ce57af9ab42b873eecd03f920f167f79844bf94b2049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
67fe504a63243a1b720e18d5f6ee68e1

SHA1
03d69af6de8424e0e0d3b6db92ff43e83797d3ca

SHA256
739fbc59e3a2622004bd9156f918f11d7f16a731192b366e7951279959274b58

SHA512
22c2dc154b5d8b2f9cd3903248d204da3e5ed8c766223617a837abb156b2790f2e6586b5dc0de7990989d1c89ac82c5523ad8bd6f92ba3ac3e645e5449e6884b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
91823f00e052b7bbe34cabb7d2c7b79e

SHA1
0c0b4931b848c47d4bca884242fd8600a1235f05

SHA256
51c238552364c5a2fbc792c63de4562c8b41fd004316a4ff815e8d38360ba710

SHA512
9629bab603f43b429e3b488daf4fbb3555569e66068a285f86464e25ea4f6ac58bfdb7e87210f954359e06ee4365c02d987501c2225bb2f2b1e44fd6dd47bdbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ea21b28f5c7fd0bc6a2ea1c220f2d8bf

SHA1
3416c355a63a71f3eff2ca305d7f3a52659d193a

SHA256
6f571079e299112411d85749c2e667c2b78e10e70b1c102d2cc8f8f2eb568892

SHA512
c38a099338a25be79d512812ace961114a7529c0cf6e975fc96900417be18ed9c317e1f528bc2298006c8dd9866e41faa3c0a03f040d368932fec4b49ff1be3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1c5c8c75aeccad5d281995b2ecffdff4

SHA1
2a1cc4e92dfdaf7b752ba7a0a925f51bbb0a8e29

SHA256
f20d1fdee23e39395c6e24f64eb4cdbedc17a147971a6cda94abb324e8fde5f9

SHA512
e76742a0d247646ddf8df505ab938124497a24908227dffcc39cf762aa544d3bd5365764c46a4d5a4f876ad1c66431afc329d8cefa2d7cca2111dcbcb75e18d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e8aaad04166ecc50f072b20fe05e5dd6

SHA1
dff6ae327d5c0b9afcf30c94dbb230a79aea6adc

SHA256
8f60fb1d48a137870b30ca57dbcaa31ff21f1c03e3999a415de4df7c1df5929b

SHA512
5ee3bbe22e8473206420373a5ad37399e87d125acbce53b29af2977c18634ff3584054c72f13bbf4fb8f7bcb9784d10962624cd3b6fb0dd8f047e0a1b897155c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b8a8ec18e56e294dbee642d6960e8a0d

SHA1
11af75359e5d0449f7799ed214da3814c993ca7f

SHA256
5c48d85bce579a08c250845dc9d5b1b11cd6a468a5274f2f35c20d80d96d2011

SHA512
1779cb3ff432102281498ab376481c18cb5cb1dc99fe3ff0274a0abf92f760de77bbea98d8d0df088c2a5c7bcb5a7903e6075d9a8a90009721cdbd8d1d5c88fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f9b3b2f90cd57f4bd8f90cd93e6f7e71

SHA1
1e64482bd35416b4d6820155b1e1c5532140d9db

SHA256
111d5e6f4e6d126bf56df8c3dc882f280cbe3892474d5c79b9c832a8ae2f2ca5

SHA512
1cb5de6db10bf3e541581880f070176c4fe2d85aaa10ad97778929a81c0eb6a41e95dbfaff404e88de24397b262cdf74ed1c1bd6bf260bd3f63218e94719847a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c3a8ab403e805257d28cdff0b7f103d0

SHA1
9ab24b8dc963c612bd0696542fc41fb2ec2f989d

SHA256
66be16c959b604849d6d52b90d8461ff62ad7374ec161bd408019301d7bec0ca

SHA512
6e4ae5899c204415137973c53043ec11be5a819ef57a5a01c376a879d70335f3310eba6512c407739ee8cb7f85cb6959aa38f81c31cbfcbf410e4f61e55dd0b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
d3639e8a0b80d04f66217073a3131aa9

SHA1
1c52a297e0aaf535747fae7b54c88e18d5a03f23

SHA256
aa665968fd434855a7bbbf8010fb6256d4d675a03d5797e235f2ef8a44225dfc

SHA512
943be1a662c92875918a2bd3a0c6535ca4efa92f914735333561208449965c0e09f75a0f76bf1c7497328ea46135883806d712fdb7baff370aa3245988097610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
51eabda536548fe92847a725569e6dcc

SHA1
8aad131a8b73b80cf52a29bd55a4b9b5a250a2bd

SHA256
5913d8f32a77adf18a12ceb38c35eaebf92d65203beadafb5d09fded3fa8a75f

SHA512
0f13c19e9c344d2ef26ca3b0e16cc248c1cff44f9946a321a4c6a3de35c4f378a5fa03a03179ab1af6845b642d64ef7cd1286f1cd99fb076089692e95dcf3177

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaE16D.tmp\System.dll

Filesize
11KB

MD5
9625d5b1754bc4ff29281d415d27a0fd

SHA1
80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

SHA256
c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

SHA512
dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaE16D.tmp\System.dll

Filesize
11KB

MD5
9625d5b1754bc4ff29281d415d27a0fd

SHA1
80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

SHA256
c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

SHA512
dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7E4E.tmp\System.dll

Filesize
11KB

MD5
9625d5b1754bc4ff29281d415d27a0fd

SHA1
80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

SHA256
c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

SHA512
dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr3F3C.tmp\System.dll

Filesize
11KB

MD5
9625d5b1754bc4ff29281d415d27a0fd

SHA1
80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

SHA256
c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

SHA512
dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrB17E.tmp\System.dll

Filesize
11KB

MD5
9625d5b1754bc4ff29281d415d27a0fd

SHA1
80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

SHA256
c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

SHA512
dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4496_1142489125\e2e0820c-8342-4811-b1a1-1412788392ae.tmp

Filesize
88KB

MD5
9caa8c614bab0c667ec308c2fc7268d0

SHA1
118810cb2e84e9fb58b45786809e1062c1032658

SHA256
3474c2e016e2e6558afa52729659a90e014e7437be68f8606f9f152f1ba2f8fa

SHA512
85111e6075bd5b5a260684cdcb30718f6b0ea295faeeb5e8e406848597a3e35b62a15cd0977c6a13c62537021db00d0bb2317bfe3773e40028495f4e19bf7369

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Emir\Tegnsekvensers\Programerklring\Femaarsplanernes.Unf164

Filesize
117KB

MD5
a37f77c8d3fa95e5c4dc0b93351c59fc

SHA1
5bbcbf78ba5e78cdd2aa66025caa0ff6e2830539

SHA256
f37dafe2c4f0996afe344e64c307c9d593b9be36d139b2097d299b8a7f19ba6f

SHA512
e6b5581715b8ebb7911d56f2c374e14b70704ae8fea34b8484c703e3baa021f602b78c05ef11560c1faeebad37592ffab4cfb4bbfaa6d8262e8d126c184dc33a

Download Submit
memory/1148-408-0x00000000061D0000-0x00000000077D3000-memory.dmp

Filesize
22.0MB

Download
memory/2108-237-0x00000000061D0000-0x00000000077D3000-memory.dmp

Filesize
22.0MB

Download
memory/2108-158-0x0000000002D50000-0x0000000004353000-memory.dmp

Filesize
22.0MB

Download
memory/2540-423-0x0000000000F80000-0x0000000002583000-memory.dmp

Filesize
22.0MB

Download
memory/2540-425-0x0000000000F80000-0x0000000002583000-memory.dmp

Filesize
22.0MB

Download
memory/2540-427-0x0000000035360000-0x0000000035370000-memory.dmp

Filesize
64KB

Download
memory/2540-429-0x0000000035360000-0x0000000035370000-memory.dmp

Filesize
64KB

Download
memory/2540-430-0x0000000000F80000-0x0000000002583000-memory.dmp

Filesize
22.0MB

Download
memory/2748-142-0x0000000002EA0000-0x00000000044A3000-memory.dmp

Filesize
22.0MB

Download
memory/2748-141-0x0000000002EA0000-0x00000000044A3000-memory.dmp

Filesize
22.0MB

Download
memory/3040-167-0x00000000352E0000-0x0000000035346000-memory.dmp

Filesize
408KB

Download
memory/3040-163-0x0000000001100000-0x0000000002703000-memory.dmp

Filesize
22.0MB

Download
memory/3040-143-0x0000000001100000-0x0000000002703000-memory.dmp

Filesize
22.0MB

Download
memory/3040-157-0x0000000000400000-0x000000000062B000-memory.dmp

Filesize
2.2MB

Download
memory/3040-162-0x0000000000400000-0x000000000062B000-memory.dmp

Filesize
2.2MB

Download
memory/3040-171-0x0000000001100000-0x0000000002703000-memory.dmp

Filesize
22.0MB

Download
memory/3040-168-0x0000000001080000-0x0000000001090000-memory.dmp

Filesize
64KB

Download
memory/3040-166-0x0000000035A20000-0x0000000035FC4000-memory.dmp

Filesize
5.6MB

Download
memory/3040-165-0x0000000001100000-0x0000000002703000-memory.dmp

Filesize
22.0MB

Download
memory/3040-164-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4656-319-0x0000000035850000-0x0000000035860000-memory.dmp

Filesize
64KB

Download
memory/4656-250-0x0000000001380000-0x0000000002983000-memory.dmp

Filesize
22.0MB

Download
memory/4656-263-0x0000000035850000-0x0000000035860000-memory.dmp

Filesize
64KB

Download
memory/4656-379-0x0000000001380000-0x0000000002983000-memory.dmp

Filesize
22.0MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v6