Overview

overview

3

Static

static

3

504045a770...b0.exe

windows7-x64

3

504045a770...b0.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 03:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    504045a770564488c62c38cbd28152b0.exe

  • Size

    426KB

  • MD5

    504045a770564488c62c38cbd28152b0

  • SHA1

    67b8e95e2373cb22b19d9d7ec8d184fecfbd9cf8

  • SHA256

    e94fb4734360a71fc2bd1d2b124f42b1ea1314f92748396e0be0bae7daeeb3b8

  • SHA512

    c459a9bc834d38faf3c3cd59ea2002dfb167171a53196e6baccebf80d0740b0884067f63db034d20e86e4f21b845b5341ad7492a1a9d2720dfc1a550cd1b083e

  • SSDEEP

    6144:er9rTIaL1C9Bavn6eMSPiB9ZD+gNDmxg4wUpD32whivVqya:wIaG8fPMSqBzKgcxgnQDmwhPya

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\504045a770564488c62c38cbd28152b0.exe
    "C:\Users\Admin\AppData\Local\Temp\504045a770564488c62c38cbd28152b0.exe"
    1⤵
      PID:2596
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 544
        2⤵
        • Program crash
        PID:4540
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2596 -ip 2596
      1⤵
        PID:4584

      Network

      • flag-us
        DNS
        82.177.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        82.177.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.a-0001.a-msedge.net
        g-bing-com.a-0001.a-msedge.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0c5493a643f449bfbe17953cf0cf3015&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0c5493a643f449bfbe17953cf0cf3015&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=211D2A0D99B761C3220339F798906083; domain=.bing.com; expires=Sun, 26-Jan-2025 18:40:12 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 0AAD9989321E41448FFFFEE486818646 Ref B: LON04EDGE0618 Ref C: 2024-01-02T18:40:12Z
        date: Tue, 02 Jan 2024 18:40:11 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0c5493a643f449bfbe17953cf0cf3015&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0c5493a643f449bfbe17953cf0cf3015&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=211D2A0D99B761C3220339F798906083
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=gkDATqO306O3Ye5XyQux6QpTXbMLDZA-k8J7uujjQ5k; domain=.bing.com; expires=Sun, 26-Jan-2025 18:40:12 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 15ED6CE4750B40699F83BBB4C66C99AB Ref B: LON04EDGE0618 Ref C: 2024-01-02T18:40:12Z
        date: Tue, 02 Jan 2024 18:40:11 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0c5493a643f449bfbe17953cf0cf3015&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0c5493a643f449bfbe17953cf0cf3015&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=211D2A0D99B761C3220339F798906083; MSPTC=gkDATqO306O3Ye5XyQux6QpTXbMLDZA-k8J7uujjQ5k
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 66A878489EDA4231ADF6B42A25373D5F Ref B: LON04EDGE0618 Ref C: 2024-01-02T18:40:12Z
        date: Tue, 02 Jan 2024 18:40:11 GMT
      • flag-us
        DNS
        146.78.124.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        146.78.124.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        204.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        204.178.17.96.in-addr.arpa
        IN PTR
        Response
        204.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-204deploystaticakamaitechnologiescom
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        195.233.44.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        195.233.44.23.in-addr.arpa
        IN PTR
        Response
        195.233.44.23.in-addr.arpa
        IN PTR
        a23-44-233-195deploystaticakamaitechnologiescom
      • flag-us
        DNS
        2.136.104.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.136.104.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        2.136.104.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.136.104.51.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        26.165.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.165.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        16.234.44.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        16.234.44.23.in-addr.arpa
        IN PTR
        Response
        16.234.44.23.in-addr.arpa
        IN PTR
        a23-44-234-16deploystaticakamaitechnologiescom
      • flag-us
        DNS
        15.164.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        15.164.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        104.241.123.92.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        104.241.123.92.in-addr.arpa
        IN PTR
        Response
        104.241.123.92.in-addr.arpa
        IN PTR
        a92-123-241-104deploystaticakamaitechnologiescom
      • flag-us
        DNS
        104.241.123.92.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        104.241.123.92.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        119.110.54.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        119.110.54.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        119.110.54.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        119.110.54.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        18.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.134.221.88.in-addr.arpa
        IN PTR
        Response
        18.134.221.88.in-addr.arpa
        IN PTR
        a88-221-134-18deploystaticakamaitechnologiescom
      • flag-us
        DNS
        240.221.184.93.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.221.184.93.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        42.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        42.134.221.88.in-addr.arpa
        IN PTR
        Response
        42.134.221.88.in-addr.arpa
        IN PTR
        a88-221-134-42deploystaticakamaitechnologiescom
      • flag-us
        DNS
        0.205.248.87.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        0.205.248.87.in-addr.arpa
        IN PTR
        Response
        0.205.248.87.in-addr.arpa
        IN PTR
        https-87-248-205-0lgwllnwnet
      • flag-us
        DNS
        0.205.248.87.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        0.205.248.87.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        189.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        189.178.17.96.in-addr.arpa
        IN PTR
        Response
        189.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-189deploystaticakamaitechnologiescom
      • flag-us
        DNS
        210.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        210.178.17.96.in-addr.arpa
        IN PTR
        Response
        210.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-210deploystaticakamaitechnologiescom
      • flag-us
        DNS
        210.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        210.178.17.96.in-addr.arpa
        IN PTR
        Response
        210.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-210deploystaticakamaitechnologiescom
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317300922_18J3RGPMQTI7TR30C&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317300922_18J3RGPMQTI7TR30C&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 510426
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 351430F74C9B4804ADD914A69DD7738E Ref B: LON04EDGE1022 Ref C: 2024-01-02T18:42:03Z
        date: Tue, 02 Jan 2024 18:42:03 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301455_1N9S2NVLYIW6WUPJX&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301455_1N9S2NVLYIW6WUPJX&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301528_1GXBJ11CWSVGL69Z6&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301528_1GXBJ11CWSVGL69Z6&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301095_1DVS21CWR8N49JQ44&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301095_1DVS21CWR8N49JQ44&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301022_10AJDZH059R4K9Z5T&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301022_10AJDZH059R4K9Z5T&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        DNS
        90.135.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        90.135.221.88.in-addr.arpa
        IN PTR
        Response
        90.135.221.88.in-addr.arpa
        IN PTR
        a88-221-135-90deploystaticakamaitechnologiescom
      • flag-us
        DNS
        90.135.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        90.135.221.88.in-addr.arpa
        IN PTR
        Response
        90.135.221.88.in-addr.arpa
        IN PTR
        a88-221-135-90deploystaticakamaitechnologiescom
      • flag-us
        DNS
        211.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        211.178.17.96.in-addr.arpa
        IN PTR
        Response
        211.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-211deploystaticakamaitechnologiescom
      • flag-us
        DNS
        211.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        211.178.17.96.in-addr.arpa
        IN PTR
        Response
        211.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-211deploystaticakamaitechnologiescom
      • flag-us
        DNS
        217.135.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        217.135.221.88.in-addr.arpa
        IN PTR
        Response
        217.135.221.88.in-addr.arpa
        IN PTR
        a88-221-135-217deploystaticakamaitechnologiescom
      • flag-us
        DNS
        217.135.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        217.135.221.88.in-addr.arpa
        IN PTR
      • 204.79.197.200:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0c5493a643f449bfbe17953cf0cf3015&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=
        tls, http2
        2.2kB
         9.8kB
         25
        20

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0c5493a643f449bfbe17953cf0cf3015&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0c5493a643f449bfbe17953cf0cf3015&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0c5493a643f449bfbe17953cf0cf3015&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=

        HTTP Response

        204
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.3kB
         8.7kB
         17
        13
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.3kB
         16
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.3kB
         16
        14
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239317301022_10AJDZH059R4K9Z5T&pid=21.2&w=1920&h=1080&c=4
        tls, http2
        45.7kB
         1.3MB
         953
        948

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317300922_18J3RGPMQTI7TR30C&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301455_1N9S2NVLYIW6WUPJX&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301528_1GXBJ11CWSVGL69Z6&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301095_1DVS21CWR8N49JQ44&pid=21.2&w=1920&h=1080&c=4

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301022_10AJDZH059R4K9Z5T&pid=21.2&w=1920&h=1080&c=4
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.3kB
         16
        14
      • 8.8.8.8:53
        82.177.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        82.177.190.20.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         158 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        146.78.124.51.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        146.78.124.51.in-addr.arpa

      • 8.8.8.8:53
        204.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        204.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        241.154.82.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        241.154.82.20.in-addr.arpa

      • 8.8.8.8:53
        195.233.44.23.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        195.233.44.23.in-addr.arpa

      • 8.8.8.8:53
        2.136.104.51.in-addr.arpa
        dns
        142 B
         157 B
         2
        1

        DNS Request

        2.136.104.51.in-addr.arpa

        DNS Request

        2.136.104.51.in-addr.arpa

      • 8.8.8.8:53
        26.165.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        26.165.165.52.in-addr.arpa

      • 8.8.8.8:53
        16.234.44.23.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        16.234.44.23.in-addr.arpa

      • 8.8.8.8:53
        15.164.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        15.164.165.52.in-addr.arpa

      • 8.8.8.8:53
        104.241.123.92.in-addr.arpa
        dns
        146 B
         139 B
         2
        1

        DNS Request

        104.241.123.92.in-addr.arpa

        DNS Request

        104.241.123.92.in-addr.arpa

      • 8.8.8.8:53
        119.110.54.20.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        119.110.54.20.in-addr.arpa

        DNS Request

        119.110.54.20.in-addr.arpa

      • 8.8.8.8:53
        18.134.221.88.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        18.134.221.88.in-addr.arpa

      • 8.8.8.8:53
        240.221.184.93.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        240.221.184.93.in-addr.arpa

      • 8.8.8.8:53
        42.134.221.88.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        42.134.221.88.in-addr.arpa

      • 8.8.8.8:53
        0.205.248.87.in-addr.arpa
        dns
        142 B
         116 B
         2
        1

        DNS Request

        0.205.248.87.in-addr.arpa

        DNS Request

        0.205.248.87.in-addr.arpa

      • 8.8.8.8:53
        189.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        189.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        210.178.17.96.in-addr.arpa
        dns
        144 B
         274 B
         2
        2

        DNS Request

        210.178.17.96.in-addr.arpa

        DNS Request

        210.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        124 B
         173 B
         2
        1

        DNS Request

        tse1.mm.bing.net

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        90.135.221.88.in-addr.arpa
        dns
        144 B
         274 B
         2
        2

        DNS Request

        90.135.221.88.in-addr.arpa

        DNS Request

        90.135.221.88.in-addr.arpa

      • 8.8.8.8:53
        211.178.17.96.in-addr.arpa
        dns
        144 B
         274 B
         2
        2

        DNS Request

        211.178.17.96.in-addr.arpa

        DNS Request

        211.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        217.135.221.88.in-addr.arpa
        dns
        146 B
         139 B
         2
        1

        DNS Request

        217.135.221.88.in-addr.arpa

        DNS Request

        217.135.221.88.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2596-0-0x0000000000400000-0x0000000000471000-memory.dmp

        Filesize

        452KB

        Download

      • memory/2596-1-0x0000000000400000-0x0000000000471000-memory.dmp

        Filesize

        452KB

        Download

      • memory/2596-2-0x0000000000400000-0x0000000000471000-memory.dmp

        Filesize

        452KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.