Analysis

  • max time kernel
    148s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 11:37 UTC

General

  • Target

    6b531de6f2cf065a71df26dd1a83b395.exe

  • Size

    905KB

  • MD5

    6b531de6f2cf065a71df26dd1a83b395

  • SHA1

    d4084c7df91751e4693b8daee1115573b2a1ea81

  • SHA256

    13d7cc6a5df210830f6470d4412ea16159f25d4285cd9e76b92bc04d722d2d64

  • SHA512

    c95f0c46a2d7fac057d0559c57ec1367274b299f0feb15e2d125b861ee49a0b66c36de8b56cde4cb4f5e10df543d03694d99f58a823bdef96ab10b21f998d3f9

  • SSDEEP

    12288:sB0uRsxZAxhMarNu1n5gs0xJ26qF1ca36c9U:s6UsxihMr15gsQf2Xqc

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b531de6f2cf065a71df26dd1a83b395.exe
    "C:\Users\Admin\AppData\Local\Temp\6b531de6f2cf065a71df26dd1a83b395.exe"
    1⤵
      PID:2108
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 280
        2⤵
        • Program crash
        PID:3472
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2108 -ip 2108
      1⤵
        PID:2188

      Network

      • flag-us
        DNS
        5.181.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        5.181.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.a-0001.a-msedge.net
        g-bing-com.a-0001.a-msedge.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        DNS
        158.240.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        158.240.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        179.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        179.178.17.96.in-addr.arpa
        IN PTR
        Response
        179.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-179deploystaticakamaitechnologiescom
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=10B2B40C4DD8644F1920A7F24C3865A7; domain=.bing.com; expires=Thu, 30-Jan-2025 12:15:07 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: A10BC305E67D43A8AF2818E80C64E958 Ref B: LON04EDGE1111 Ref C: 2024-01-06T12:15:07Z
        date: Sat, 06 Jan 2024 12:15:06 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=10B2B40C4DD8644F1920A7F24C3865A7
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=7og_3xcAQBiSJVMN8kn98G5K4SWy4dLNXMYvah-EPy0; domain=.bing.com; expires=Thu, 30-Jan-2025 12:15:07 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 7573385D7E1C4CBDBC7875F10636EFA8 Ref B: LON04EDGE1111 Ref C: 2024-01-06T12:15:07Z
        date: Sat, 06 Jan 2024 12:15:07 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=10B2B40C4DD8644F1920A7F24C3865A7; MSPTC=7og_3xcAQBiSJVMN8kn98G5K4SWy4dLNXMYvah-EPy0
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: DBBEB63277E0438F906169B9120256E7 Ref B: LON04EDGE1111 Ref C: 2024-01-06T12:15:07Z
        date: Sat, 06 Jan 2024 12:15:07 GMT
      • flag-us
        DNS
        200.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.197.79.204.in-addr.arpa
        IN PTR
        Response
        200.197.79.204.in-addr.arpa
        IN PTR
        a-0001a-msedgenet
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        9.228.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        9.228.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        9.228.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        9.228.82.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        103.169.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        103.169.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        2.136.104.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.136.104.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        41.110.16.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        41.110.16.96.in-addr.arpa
        IN PTR
        Response
        41.110.16.96.in-addr.arpa
        IN PTR
        a96-16-110-41deploystaticakamaitechnologiescom
      • flag-us
        DNS
        15.164.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        15.164.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        104.241.123.92.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        104.241.123.92.in-addr.arpa
        IN PTR
        Response
        104.241.123.92.in-addr.arpa
        IN PTR
        a92-123-241-104deploystaticakamaitechnologiescom
      • flag-us
        DNS
        119.110.54.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        119.110.54.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        119.110.54.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        119.110.54.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        217.135.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        217.135.221.88.in-addr.arpa
        IN PTR
        Response
        217.135.221.88.in-addr.arpa
        IN PTR
        a88-221-135-217deploystaticakamaitechnologiescom
      • flag-us
        DNS
        217.135.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        217.135.221.88.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        174.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        174.178.17.96.in-addr.arpa
        IN PTR
        Response
        174.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-174deploystaticakamaitechnologiescom
      • flag-us
        DNS
        18.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.134.221.88.in-addr.arpa
        IN PTR
        Response
        18.134.221.88.in-addr.arpa
        IN PTR
        a88-221-134-18deploystaticakamaitechnologiescom
      • flag-us
        DNS
        32.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        32.134.221.88.in-addr.arpa
        IN PTR
        Response
        32.134.221.88.in-addr.arpa
        IN PTR
        a88-221-134-32deploystaticakamaitechnologiescom
      • flag-us
        DNS
        81.171.91.138.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        81.171.91.138.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        81.171.91.138.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        81.171.91.138.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        176.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        176.178.17.96.in-addr.arpa
        IN PTR
        Response
        176.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-176deploystaticakamaitechnologiescom
      • flag-us
        DNS
        176.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        176.178.17.96.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        Remote address:
        8.8.8.8:53
        Response
        nexusrules.officeapps.live.com
        IN CNAME
        prod.nexusrules.live.com.akadns.net
        prod.nexusrules.live.com.akadns.net
        IN A
        52.111.227.14
      • flag-us
        DNS
        Remote address:
        8.8.8.8:53
        Response
        nexusrules.officeapps.live.com
        IN CNAME
        prod.nexusrules.live.com.akadns.net
        prod.nexusrules.live.com.akadns.net
        IN A
        52.111.243.31
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301244_17N91ZKZSGROIQHSO&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301244_17N91ZKZSGROIQHSO&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 91993
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 474E5D1E50814117B8F892E133468788 Ref B: LON04EDGE0617 Ref C: 2024-01-06T12:16:48Z
        date: Sat, 06 Jan 2024 12:16:48 GMT
      • flag-us
        DNS
        58.99.105.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        58.99.105.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        58.99.105.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        58.99.105.20.in-addr.arpa
        IN PTR
      • 138.91.171.81:80
        156 B
        3
      • 204.79.197.200:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
        tls, http2
        2.6kB
        9.3kB
        21
        15

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a6da2ff4cd8a4ad496a97431c5acd78e&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

        HTTP Response

        204
      • 88.221.134.32:80
      • 96.17.178.176:80
      • 96.17.178.176:80
      • 96.16.110.114:80
      • 96.17.178.176:80
      • 20.105.99.58:443
      • 20.105.99.58:443
      • 20.105.99.58:443
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.8kB
        8.2kB
        17
        13
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.1kB
        589 B
        10
        8
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.8kB
        8.2kB
        17
        13
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.8kB
        8.2kB
        17
        13
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239317301244_17N91ZKZSGROIQHSO&pid=21.2&w=1920&h=1080&c=4
        tls, http2
        35.9kB
        991.9kB
        736
        729

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301244_17N91ZKZSGROIQHSO&pid=21.2&w=1920&h=1080&c=4

        HTTP Response

        200
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 96.17.178.174:80
      • 8.8.8.8:53
        5.181.190.20.in-addr.arpa
        dns
        71 B
        157 B
        1
        1

        DNS Request

        5.181.190.20.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        112 B
        158 B
        2
        1

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        158.240.127.40.in-addr.arpa
        dns
        73 B
        147 B
        1
        1

        DNS Request

        158.240.127.40.in-addr.arpa

      • 8.8.8.8:53
        179.178.17.96.in-addr.arpa
        dns
        72 B
        137 B
        1
        1

        DNS Request

        179.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        200.197.79.204.in-addr.arpa
        dns
        73 B
        106 B
        1
        1

        DNS Request

        200.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
        144 B
        1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        26.35.223.20.in-addr.arpa
        dns
        213 B
        157 B
        3
        1

        DNS Request

        26.35.223.20.in-addr.arpa

        DNS Request

        26.35.223.20.in-addr.arpa

        DNS Request

        26.35.223.20.in-addr.arpa

      • 8.8.8.8:53
        9.228.82.20.in-addr.arpa
        dns
        140 B
        156 B
        2
        1

        DNS Request

        9.228.82.20.in-addr.arpa

        DNS Request

        9.228.82.20.in-addr.arpa

      • 8.8.8.8:53
        103.169.127.40.in-addr.arpa
        dns
        73 B
        147 B
        1
        1

        DNS Request

        103.169.127.40.in-addr.arpa

      • 8.8.8.8:53
        2.136.104.51.in-addr.arpa
        dns
        71 B
        157 B
        1
        1

        DNS Request

        2.136.104.51.in-addr.arpa

      • 8.8.8.8:53
        41.110.16.96.in-addr.arpa
        dns
        71 B
        135 B
        1
        1

        DNS Request

        41.110.16.96.in-addr.arpa

      • 8.8.8.8:53
        15.164.165.52.in-addr.arpa
        dns
        72 B
        146 B
        1
        1

        DNS Request

        15.164.165.52.in-addr.arpa

      • 8.8.8.8:53
        104.241.123.92.in-addr.arpa
        dns
        73 B
        139 B
        1
        1

        DNS Request

        104.241.123.92.in-addr.arpa

      • 8.8.8.8:53
        119.110.54.20.in-addr.arpa
        dns
        144 B
        158 B
        2
        1

        DNS Request

        119.110.54.20.in-addr.arpa

        DNS Request

        119.110.54.20.in-addr.arpa

      • 8.8.8.8:53
        217.135.221.88.in-addr.arpa
        dns
        146 B
        139 B
        2
        1

        DNS Request

        217.135.221.88.in-addr.arpa

        DNS Request

        217.135.221.88.in-addr.arpa

      • 8.8.8.8:53
        174.178.17.96.in-addr.arpa
        dns
        72 B
        137 B
        1
        1

        DNS Request

        174.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        18.134.221.88.in-addr.arpa
        dns
        72 B
        137 B
        1
        1

        DNS Request

        18.134.221.88.in-addr.arpa

      • 8.8.8.8:53
        32.134.221.88.in-addr.arpa
        dns
        72 B
        137 B
        1
        1

        DNS Request

        32.134.221.88.in-addr.arpa

      • 8.8.8.8:53
        81.171.91.138.in-addr.arpa
        dns
        144 B
        292 B
        2
        2

        DNS Request

        81.171.91.138.in-addr.arpa

        DNS Request

        81.171.91.138.in-addr.arpa

      • 8.8.8.8:53
      • 8.8.8.8:53
        176.178.17.96.in-addr.arpa
        dns
        144 B
        137 B
        2
        1

        DNS Request

        176.178.17.96.in-addr.arpa

        DNS Request

        176.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        dns
        282 B
        2

        DNS Response

        52.111.227.14

        DNS Response

        52.111.243.31

      • 8.8.8.8:53
      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        124 B
        346 B
        2
        2

        DNS Request

        tse1.mm.bing.net

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        58.99.105.20.in-addr.arpa
        dns
        142 B
        157 B
        2
        1

        DNS Request

        58.99.105.20.in-addr.arpa

        DNS Request

        58.99.105.20.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2108-0-0x0000000000400000-0x00000000005E5000-memory.dmp

        Filesize

        1.9MB

      • memory/2108-1-0x0000000000400000-0x00000000005E5000-memory.dmp

        Filesize

        1.9MB

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.