Analysis

  • max time kernel
    144s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 08:25 UTC

General

  • Target

    11e1cb4fbbe5336fb962a5231ca57b97.exe

  • Size

    137KB

  • MD5

    11e1cb4fbbe5336fb962a5231ca57b97

  • SHA1

    4c9e749ff5fe09bf9428789240cab2fc44c42d95

  • SHA256

    b7ece76d42b01a4ca626421f8eb1b1d2e67b24e5f48f8042b91547fce2e8e453

  • SHA512

    106562525d819a7fd37f3f07ef1cd8289f5ba0703ae5ae840f484da069d2a471cbd48b9da5993784d43b83d01de8e9d30fca48974b39b88e81006cfbd66b3113

  • SSDEEP

    3072:KbPN+Vmf91ASZ4L016HxawPQrwmy5MmtiJCMAiTBtPiSfL/U:KnJZJ1Gx9uwmy7g0biTj

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\11e1cb4fbbe5336fb962a5231ca57b97.exe
    "C:\Users\Admin\AppData\Local\Temp\11e1cb4fbbe5336fb962a5231ca57b97.exe"
    1⤵
      PID:852
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 292
        2⤵
        • Program crash
        PID:3652
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 852 -ip 852
      1⤵
        PID:2964

      Network

      • flag-us
        DNS
        248.138.73.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        248.138.73.23.in-addr.arpa
        IN PTR
        Response
        248.138.73.23.in-addr.arpa
        IN PTR
        a23-73-138-248deploystaticakamaitechnologiescom
      • flag-us
        DNS
        208.194.73.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        208.194.73.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        178.223.142.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        178.223.142.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        88.156.103.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        88.156.103.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        158.240.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        158.240.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        103.169.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        103.169.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        11.2.37.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        11.2.37.23.in-addr.arpa
        IN PTR
        Response
        11.2.37.23.in-addr.arpa
        IN PTR
        a23-37-2-11deploystaticakamaitechnologiescom
      • flag-us
        DNS
        11.2.37.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        11.2.37.23.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        2.136.104.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.136.104.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        2.136.104.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.136.104.51.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        198.187.3.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.187.3.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        198.187.3.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.187.3.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        183.1.37.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        183.1.37.23.in-addr.arpa
        IN PTR
        Response
        183.1.37.23.in-addr.arpa
        IN PTR
        a23-37-1-183deploystaticakamaitechnologiescom
      • flag-us
        DNS
        183.1.37.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        183.1.37.23.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        119.110.54.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        119.110.54.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        65.139.73.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        65.139.73.23.in-addr.arpa
        IN PTR
        Response
        65.139.73.23.in-addr.arpa
        IN PTR
        a23-73-139-65deploystaticakamaitechnologiescom
      • flag-us
        DNS
        218.138.73.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        218.138.73.23.in-addr.arpa
        IN PTR
        Response
        218.138.73.23.in-addr.arpa
        IN PTR
        a23-73-138-218deploystaticakamaitechnologiescom
      • flag-us
        DNS
        218.138.73.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        218.138.73.23.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        16.234.44.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        16.234.44.23.in-addr.arpa
        IN PTR
        Response
        16.234.44.23.in-addr.arpa
        IN PTR
        a23-44-234-16deploystaticakamaitechnologiescom
      • flag-us
        DNS
        16.234.44.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        16.234.44.23.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        48.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        48.229.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        48.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        48.229.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        232.137.73.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        232.137.73.23.in-addr.arpa
        IN PTR
        Response
        232.137.73.23.in-addr.arpa
        IN PTR
        a23-73-137-232deploystaticakamaitechnologiescom
      • flag-us
        DNS
        232.137.73.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        232.137.73.23.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        232.137.73.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        232.137.73.23.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        24.139.73.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        24.139.73.23.in-addr.arpa
        IN PTR
        Response
        24.139.73.23.in-addr.arpa
        IN PTR
        a23-73-139-24deploystaticakamaitechnologiescom
      • flag-us
        DNS
        24.139.73.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        24.139.73.23.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301325_1YMIRALDGCWA4284D&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301325_1YMIRALDGCWA4284D&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 382840
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: B31EF6E39C7C4672852ECF580C3754F3 Ref B: LON04EDGE1118 Ref C: 2023-12-25T21:35:36Z
        date: Mon, 25 Dec 2023 21:35:35 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301734_1HIK8LLAATSP6A8ZA&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301734_1HIK8LLAATSP6A8ZA&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 149126
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: F31AC37B337243E0A774826739445AC3 Ref B: LON04EDGE1118 Ref C: 2023-12-25T21:35:36Z
        date: Mon, 25 Dec 2023 21:35:35 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 170119
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 18B3AA3769C34988A6CD07075A6F7D40 Ref B: LON04EDGE1118 Ref C: 2023-12-25T21:35:36Z
        date: Mon, 25 Dec 2023 21:35:35 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301522_1ZWMJ9IP2OLOHI7JV&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301522_1ZWMJ9IP2OLOHI7JV&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 317587
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 995934C014684A4288664E87CBF02221 Ref B: LON04EDGE1118 Ref C: 2023-12-25T21:35:36Z
        date: Mon, 25 Dec 2023 21:35:35 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301089_12P1IUF340624Y74G&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301089_12P1IUF340624Y74G&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 446334
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: DABE492E06AE481698560749B556B604 Ref B: LON04EDGE1118 Ref C: 2023-12-25T21:35:36Z
        date: Mon, 25 Dec 2023 21:35:35 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 347909
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: ED4CB723CD4E426E8B6D65BEF922DB86 Ref B: LON04EDGE1118 Ref C: 2023-12-25T21:35:36Z
        date: Mon, 25 Dec 2023 21:35:36 GMT
      • flag-us
        DNS
        240.221.184.93.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.221.184.93.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        240.221.184.93.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.221.184.93.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        240.221.184.93.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.221.184.93.in-addr.arpa
        IN PTR
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4
        tls, http2
        68.2kB
        1.8MB
        1323
        1330

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301325_1YMIRALDGCWA4284D&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301734_1HIK8LLAATSP6A8ZA&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301522_1ZWMJ9IP2OLOHI7JV&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301089_12P1IUF340624Y74G&pid=21.2&w=1920&h=1080&c=4

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&w=1080&h=1920&c=4

        HTTP Response

        200
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        8.4kB
        16
        15
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        8.4kB
        16
        15
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        8.4kB
        16
        15
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        8.4kB
        16
        15
      • 23.73.137.232:80
      • 93.184.221.240:80
      • 93.184.221.240:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.44.234.16:80
      • 23.73.137.232:80
      • 138.91.171.81:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 23.44.234.16:80
      • 20.231.121.79:80
      • 23.73.137.232:80
      • 23.73.137.232:80
      • 8.8.8.8:53
        248.138.73.23.in-addr.arpa
        dns
        72 B
        137 B
        1
        1

        DNS Request

        248.138.73.23.in-addr.arpa

      • 8.8.8.8:53
        208.194.73.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        208.194.73.20.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
        144 B
        1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        178.223.142.52.in-addr.arpa
        dns
        73 B
        147 B
        1
        1

        DNS Request

        178.223.142.52.in-addr.arpa

      • 8.8.8.8:53
        88.156.103.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        88.156.103.20.in-addr.arpa

      • 8.8.8.8:53
        241.154.82.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        241.154.82.20.in-addr.arpa

      • 8.8.8.8:53
        158.240.127.40.in-addr.arpa
        dns
        73 B
        147 B
        1
        1

        DNS Request

        158.240.127.40.in-addr.arpa

      • 8.8.8.8:53
        103.169.127.40.in-addr.arpa
        dns
        73 B
        147 B
        1
        1

        DNS Request

        103.169.127.40.in-addr.arpa

      • 8.8.8.8:53
        11.2.37.23.in-addr.arpa
        dns
        138 B
        131 B
        2
        1

        DNS Request

        11.2.37.23.in-addr.arpa

        DNS Request

        11.2.37.23.in-addr.arpa

      • 8.8.8.8:53
        2.136.104.51.in-addr.arpa
        dns
        142 B
        157 B
        2
        1

        DNS Request

        2.136.104.51.in-addr.arpa

        DNS Request

        2.136.104.51.in-addr.arpa

      • 8.8.8.8:53
        198.187.3.20.in-addr.arpa
        dns
        142 B
        157 B
        2
        1

        DNS Request

        198.187.3.20.in-addr.arpa

        DNS Request

        198.187.3.20.in-addr.arpa

      • 8.8.8.8:53
        183.1.37.23.in-addr.arpa
        dns
        140 B
        133 B
        2
        1

        DNS Request

        183.1.37.23.in-addr.arpa

        DNS Request

        183.1.37.23.in-addr.arpa

      • 8.8.8.8:53
        119.110.54.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        119.110.54.20.in-addr.arpa

      • 8.8.8.8:53
        65.139.73.23.in-addr.arpa
        dns
        71 B
        135 B
        1
        1

        DNS Request

        65.139.73.23.in-addr.arpa

      • 8.8.8.8:53
        218.138.73.23.in-addr.arpa
        dns
        144 B
        137 B
        2
        1

        DNS Request

        218.138.73.23.in-addr.arpa

        DNS Request

        218.138.73.23.in-addr.arpa

      • 8.8.8.8:53
        16.234.44.23.in-addr.arpa
        dns
        142 B
        135 B
        2
        1

        DNS Request

        16.234.44.23.in-addr.arpa

        DNS Request

        16.234.44.23.in-addr.arpa

      • 8.8.8.8:53
        48.229.111.52.in-addr.arpa
        dns
        144 B
        316 B
        2
        2

        DNS Request

        48.229.111.52.in-addr.arpa

        DNS Request

        48.229.111.52.in-addr.arpa

      • 8.8.8.8:53
        232.137.73.23.in-addr.arpa
        dns
        216 B
        137 B
        3
        1

        DNS Request

        232.137.73.23.in-addr.arpa

        DNS Request

        232.137.73.23.in-addr.arpa

        DNS Request

        232.137.73.23.in-addr.arpa

      • 8.8.8.8:53
        24.139.73.23.in-addr.arpa
        dns
        142 B
        135 B
        2
        1

        DNS Request

        24.139.73.23.in-addr.arpa

        DNS Request

        24.139.73.23.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        124 B
        346 B
        2
        2

        DNS Request

        tse1.mm.bing.net

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
        240.221.184.93.in-addr.arpa
        dns
        219 B
        144 B
        3
        1

        DNS Request

        240.221.184.93.in-addr.arpa

        DNS Request

        240.221.184.93.in-addr.arpa

        DNS Request

        240.221.184.93.in-addr.arpa

      • 8.8.8.8:53
      • 8.8.8.8:53

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/852-0-0x0000000000400000-0x0000000000425000-memory.dmp

        Filesize

        148KB

      • memory/852-1-0x00000000006D0000-0x00000000006FF000-memory.dmp

        Filesize

        188KB

      • memory/852-2-0x00000000006D0000-0x00000000006FF000-memory.dmp

        Filesize

        188KB

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.