Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

6

Incredible...OT.bat

windows7-x64

1

Incredible...OT.bat

windows10-2004-x64

1

Incredible...pi.dll

windows7-x64

3

Incredible...pi.dll

windows10-2004-x64

3

Incredible...pi.dll

windows7-x64

1

Incredible...pi.dll

windows10-2004-x64

3

Incredible...ck.exe

windows7-x64

1

Incredible...ck.exe

windows10-2004-x64

1

Incredible...er.apk

 

Incredible...er.apk

android-10-x64

Incredible...er.apk

android-11-x64

Incredible...db.exe

windows7-x64

1

Incredible...db.exe

windows10-2004-x64

1

Incredible...usybox

debian-9-armhf

Incredible...s/rage

debian-9-armhf

Incredible...hecage

debian-9-armhf

1

Incredible...s/root

ubuntu-18.04-amd64

Incredible...s/root

debian-9-armhf

Incredible...s/root

debian-9-mips

Incredible...s/root

debian-9-mipsel

Incredible...ols/su

debian-9-armhf

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 14:16 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Incredible S一键ROOT/tools/AdbWinUsbApi.dll

  • Size

    59KB

  • MD5

    5f23f2f936bdfac90bb0a4970ad365cf

  • SHA1

    12e14244b1a5d04a261759547c3d930547f52fa3

  • SHA256

    041c6859bb4fc78d3a903dd901298cd1ecfb75b6be0646b74954cd722280a407

  • SHA512

    49a7769d5e6cb2fda9249039d90465f7a4e612805bba48b7036456a3bbd230e4d13da72e4ade5155ddc08fe460735ec8d6df3bb11b72ff28e1149221e2fc3048

  • SSDEEP

    768:HLNk0yiFYWkgALpW+QvSugX0wUepQNXTQXdF+Q+An70edrqqOkIW:+yY8wugEwOVEXdz70e4gI

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Incredible S一键ROOT\tools\AdbWinUsbApi.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5012
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Incredible S一键ROOT\tools\AdbWinUsbApi.dll",#1
      2⤵
        PID:3844
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 616
          3⤵
          • Program crash
          PID:2212
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3844 -ip 3844
      1⤵
        PID:1948
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
        1⤵
          PID:2196
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k UnistackSvcGroup
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2192

        Network

        • flag-us
          DNS
          16.53.126.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          16.53.126.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          16.53.126.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          16.53.126.40.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          g.bing.com
          Remote address:
          8.8.8.8:53
          Request
          g.bing.com
          IN A
          Response
          g.bing.com
          IN CNAME
          g-bing-com.a-0001.a-msedge.net
          g-bing-com.a-0001.a-msedge.net
          IN CNAME
          dual-a-0001.a-msedge.net
          dual-a-0001.a-msedge.net
          IN A
          204.79.197.200
          dual-a-0001.a-msedge.net
          IN A
          13.107.21.200
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=11038f201d24429799ba4abc240dcd80&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
          Remote address:
          204.79.197.200:443
          Request
          GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=11038f201d24429799ba4abc240dcd80&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          set-cookie: MUID=16260AEDD1196DF221AC191DD03E6C9B; domain=.bing.com; expires=Thu, 16-Jan-2025 22:42:18 GMT; path=/; SameSite=None; Secure; Priority=High;
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 93CEE1AEC7244AB09BCA56114B356E7A Ref B: LON04EDGE0612 Ref C: 2023-12-23T22:42:18Z
          date: Sat, 23 Dec 2023 22:42:18 GMT
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=11038f201d24429799ba4abc240dcd80&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
          Remote address:
          204.79.197.200:443
          Request
          GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=11038f201d24429799ba4abc240dcd80&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          cookie: MUID=16260AEDD1196DF221AC191DD03E6C9B
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          set-cookie: MSPTC=agvNwm99k9qUOtaB9TrcTeX0UW94svb0AbA2GYHzEq8; domain=.bing.com; expires=Thu, 16-Jan-2025 22:42:19 GMT; path=/; Partitioned; secure; SameSite=None
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: A642DD90A69F4DC68A2DC3905D58BF78 Ref B: LON04EDGE0612 Ref C: 2023-12-23T22:42:19Z
          date: Sat, 23 Dec 2023 22:42:19 GMT
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=11038f201d24429799ba4abc240dcd80&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
          Remote address:
          204.79.197.200:443
          Request
          GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=11038f201d24429799ba4abc240dcd80&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          cookie: MUID=16260AEDD1196DF221AC191DD03E6C9B; MSPTC=agvNwm99k9qUOtaB9TrcTeX0UW94svb0AbA2GYHzEq8
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 8D980FA1E2BF4F0BB515069E7623332B Ref B: LON04EDGE0612 Ref C: 2023-12-23T22:42:19Z
          date: Sat, 23 Dec 2023 22:42:19 GMT
        • flag-us
          DNS
          95.221.229.192.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          95.221.229.192.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          200.197.79.204.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          200.197.79.204.in-addr.arpa
          IN PTR
          Response
          200.197.79.204.in-addr.arpa
          IN PTR
          a-0001a-msedgenet
        • flag-us
          DNS
          240.221.184.93.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          240.221.184.93.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          240.221.184.93.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          240.221.184.93.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          2.136.104.51.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          2.136.104.51.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          241.154.82.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          241.154.82.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          41.110.16.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          41.110.16.96.in-addr.arpa
          IN PTR
          Response
          41.110.16.96.in-addr.arpa
          IN PTR
          a96-16-110-41deploystaticakamaitechnologiescom
        • flag-us
          DNS
          208.194.73.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          208.194.73.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          183.59.114.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          183.59.114.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          198.187.3.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          198.187.3.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          59.128.231.4.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          59.128.231.4.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          100.5.17.2.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          100.5.17.2.in-addr.arpa
          IN PTR
          Response
          100.5.17.2.in-addr.arpa
          IN PTR
          a2-17-5-100deploystaticakamaitechnologiescom
        • flag-us
          DNS
          100.5.17.2.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          100.5.17.2.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          119.110.54.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          119.110.54.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          18.134.221.88.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          18.134.221.88.in-addr.arpa
          IN PTR
          Response
          18.134.221.88.in-addr.arpa
          IN PTR
          a88-221-134-18deploystaticakamaitechnologiescom
        • flag-us
          DNS
          176.178.17.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          176.178.17.96.in-addr.arpa
          IN PTR
          Response
          176.178.17.96.in-addr.arpa
          IN PTR
          a96-17-178-176deploystaticakamaitechnologiescom
        • flag-us
          DNS
          176.178.17.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          176.178.17.96.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          176.178.17.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          176.178.17.96.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          32.134.221.88.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          32.134.221.88.in-addr.arpa
          IN PTR
          Response
          32.134.221.88.in-addr.arpa
          IN PTR
          a88-221-134-32deploystaticakamaitechnologiescom
        • flag-us
          DNS
          32.134.221.88.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          32.134.221.88.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          81.171.91.138.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          81.171.91.138.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          81.171.91.138.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          81.171.91.138.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          Remote address:
          8.8.8.8:53
          Response
          dl.delivery.mp.microsoft.com
          IN CNAME
          dcat-nlu-fg-shim.trafficmanager.net
          dcat-nlu-fg-shim.trafficmanager.net
          IN CNAME
          dl.delivery.mp.microsoft.com-c.edgesuite.net
          dl.delivery.mp.microsoft.com-c.edgesuite.net
          IN CNAME
          a1683.dscd.akamai.net
          a1683.dscd.akamai.net
          IN A
          88.221.135.217
          a1683.dscd.akamai.net
          IN A
          88.221.134.18
        • flag-us
          DNS
          Remote address:
          8.8.8.8:53
          Response
          dl.delivery.mp.microsoft.com
          IN CNAME
          dcat-nlu-fg-shim.trafficmanager.net
          dcat-nlu-fg-shim.trafficmanager.net
          IN CNAME
          msftstore.s.llnwi.net
          msftstore.s.llnwi.net
          IN A
          87.248.205.0
        • flag-us
          DNS
          217.135.221.88.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          217.135.221.88.in-addr.arpa
          IN PTR
          Response
          217.135.221.88.in-addr.arpa
          IN PTR
          a88-221-135-217deploystaticakamaitechnologiescom
        • flag-us
          DNS
          217.135.221.88.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          217.135.221.88.in-addr.arpa
          IN PTR
          Response
          217.135.221.88.in-addr.arpa
          IN PTR
          a88-221-135-217deploystaticakamaitechnologiescom
        • flag-us
          DNS
          0.205.248.87.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          0.205.248.87.in-addr.arpa
          IN PTR
          Response
          0.205.248.87.in-addr.arpa
          IN PTR
          https-87-248-205-0lgwllnwnet
        • flag-us
          DNS
          0.205.248.87.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          0.205.248.87.in-addr.arpa
          IN PTR
          Response
          0.205.248.87.in-addr.arpa
          IN PTR
          https-87-248-205-0lgwllnwnet
        • flag-us
          DNS
          0.204.248.87.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          0.204.248.87.in-addr.arpa
          IN PTR
          Response
          0.204.248.87.in-addr.arpa
          IN PTR
          https-87-248-204-0lhrllnwnet
        • flag-us
          DNS
          0.204.248.87.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          0.204.248.87.in-addr.arpa
          IN PTR
          Response
          0.204.248.87.in-addr.arpa
          IN PTR
          https-87-248-204-0lhrllnwnet
        • flag-us
          DNS
          88.156.103.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          88.156.103.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          88.156.103.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          88.156.103.20.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          48.229.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          48.229.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          48.229.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          48.229.111.52.in-addr.arpa
          IN PTR
        • 204.79.197.200:443
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=11038f201d24429799ba4abc240dcd80&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
          tls, http2
          2.2kB
           11.1kB
           23
          18

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=11038f201d24429799ba4abc240dcd80&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

          HTTP Response

          204

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=11038f201d24429799ba4abc240dcd80&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

          HTTP Response

          204

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=11038f201d24429799ba4abc240dcd80&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

          HTTP Response

          204
        • 88.221.134.32:80
        • 96.17.178.174:80
        • 96.17.178.174:80
        • 96.17.178.174:80
        • 96.17.178.174:80
        • 96.17.178.174:80
        • 96.17.178.174:80
        • 96.17.178.174:80
        • 96.17.178.174:80
        • 96.17.178.174:80
        • 96.17.178.174:80
        • 96.17.178.174:80
        • 96.17.178.174:80
        • 204.79.197.200:443
          g.bing.com
          46 B
           1
        • 204.79.197.200:443
          g.bing.com
          3.1kB
           89.6kB
           67
          65
        • 204.79.197.200:443
          g.bing.com
          46 B
           1
        • 204.79.197.200:443
          g.bing.com
          46 B
           1
        • 204.79.197.200:443
          g.bing.com
          46 B
           1
        • 8.8.8.8:53
          16.53.126.40.in-addr.arpa
          dns
          142 B
           157 B
           2
          1

          DNS Request

          16.53.126.40.in-addr.arpa

          DNS Request

          16.53.126.40.in-addr.arpa

        • 8.8.8.8:53
          g.bing.com
          dns
          56 B
           158 B
           1
          1

          DNS Request

          g.bing.com

          DNS Response

          204.79.197.200
          13.107.21.200

        • 8.8.8.8:53
          95.221.229.192.in-addr.arpa
          dns
          73 B
           144 B
           1
          1

          DNS Request

          95.221.229.192.in-addr.arpa

        • 8.8.8.8:53
          200.197.79.204.in-addr.arpa
          dns
          73 B
           106 B
           1
          1

          DNS Request

          200.197.79.204.in-addr.arpa

        • 8.8.8.8:53
          240.221.184.93.in-addr.arpa
          dns
          146 B
           144 B
           2
          1

          DNS Request

          240.221.184.93.in-addr.arpa

          DNS Request

          240.221.184.93.in-addr.arpa

        • 8.8.8.8:53
          2.136.104.51.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          2.136.104.51.in-addr.arpa

        • 8.8.8.8:53
          241.154.82.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          241.154.82.20.in-addr.arpa

        • 8.8.8.8:53
          41.110.16.96.in-addr.arpa
          dns
          71 B
           135 B
           1
          1

          DNS Request

          41.110.16.96.in-addr.arpa

        • 8.8.8.8:53
          208.194.73.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          208.194.73.20.in-addr.arpa

        • 8.8.8.8:53
          183.59.114.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          183.59.114.20.in-addr.arpa

        • 8.8.8.8:53
          198.187.3.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          198.187.3.20.in-addr.arpa

        • 8.8.8.8:53
          59.128.231.4.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          59.128.231.4.in-addr.arpa

        • 8.8.8.8:53
          100.5.17.2.in-addr.arpa
          dns
          138 B
           131 B
           2
          1

          DNS Request

          100.5.17.2.in-addr.arpa

          DNS Request

          100.5.17.2.in-addr.arpa

        • 8.8.8.8:53
          119.110.54.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          119.110.54.20.in-addr.arpa

        • 8.8.8.8:53
          18.134.221.88.in-addr.arpa
          dns
          72 B
           137 B
           1
          1

          DNS Request

          18.134.221.88.in-addr.arpa

        • 8.8.8.8:53
          176.178.17.96.in-addr.arpa
          dns
          216 B
           137 B
           3
          1

          DNS Request

          176.178.17.96.in-addr.arpa

          DNS Request

          176.178.17.96.in-addr.arpa

          DNS Request

          176.178.17.96.in-addr.arpa

        • 8.8.8.8:53
          32.134.221.88.in-addr.arpa
          dns
          144 B
           137 B
           2
          1

          DNS Request

          32.134.221.88.in-addr.arpa

          DNS Request

          32.134.221.88.in-addr.arpa

        • 8.8.8.8:53
          81.171.91.138.in-addr.arpa
          dns
          144 B
           292 B
           2
          2

          DNS Request

          81.171.91.138.in-addr.arpa

          DNS Request

          81.171.91.138.in-addr.arpa

        • 8.8.8.8:53
          dns
          413 B
           2

          DNS Response

          88.221.135.217
          88.221.134.18

          DNS Response

          87.248.205.0

        • 8.8.8.8:53
          217.135.221.88.in-addr.arpa
          dns
          146 B
           278 B
           2
          2

          DNS Request

          217.135.221.88.in-addr.arpa

          DNS Request

          217.135.221.88.in-addr.arpa

        • 8.8.8.8:53
        • 8.8.8.8:53
          0.205.248.87.in-addr.arpa
          dns
          142 B
           232 B
           2
          2

          DNS Request

          0.205.248.87.in-addr.arpa

          DNS Request

          0.205.248.87.in-addr.arpa

        • 8.8.8.8:53
          0.204.248.87.in-addr.arpa
          dns
          142 B
           232 B
           2
          2

          DNS Request

          0.204.248.87.in-addr.arpa

          DNS Request

          0.204.248.87.in-addr.arpa

        • 8.8.8.8:53
          88.156.103.20.in-addr.arpa
          dns
          144 B
           158 B
           2
          1

          DNS Request

          88.156.103.20.in-addr.arpa

          DNS Request

          88.156.103.20.in-addr.arpa

        • 8.8.8.8:53
          48.229.111.52.in-addr.arpa
          dns
          144 B
           158 B
           2
          1

          DNS Request

          48.229.111.52.in-addr.arpa

          DNS Request

          48.229.111.52.in-addr.arpa

        • 8.8.8.8:53
        • 8.8.8.8:53

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2192-0-0x000002007D340000-0x000002007D350000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2192-16-0x000002007D440000-0x000002007D450000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2192-32-0x000002007D790000-0x000002007D791000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2192-34-0x000002007D7C0000-0x000002007D7C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2192-35-0x000002007D7C0000-0x000002007D7C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2192-36-0x000002007D8D0000-0x000002007D8D1000-memory.dmp

          Filesize

          4KB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.