Analysis

  • max time kernel
    156s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 14:11

General

  • Target

    74a1e4f8c48502f4cf6bdf1ff5c842a8.exe

  • Size

    691KB

  • MD5

    74a1e4f8c48502f4cf6bdf1ff5c842a8

  • SHA1

    ac709a266cb8afaf136986e5e5f93a37ba22c410

  • SHA256

    c4dc5ce27a5d56ed4c621fc17dc8febb54acd0db97788d6c539b9ae026d0d8a4

  • SHA512

    b26bf7cd4c00548d2e0e8d6fd601f3bfac9491a69a37046932bf144a2ccc29117413b3f4169498b357e94d596ce1dfbeae4a42d91da713dfc4df77e45bb936f7

  • SSDEEP

    12288:44I1R/pP6USobBbcY4JiOBRXjIjO8Zsq4nss:44EREUSobBbeJ7RCZN4ss

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\74a1e4f8c48502f4cf6bdf1ff5c842a8.exe
    "C:\Users\Admin\AppData\Local\Temp\74a1e4f8c48502f4cf6bdf1ff5c842a8.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    PID:2844

Network

  • flag-us
    DNS
    17.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    17.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    199.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    199.178.17.96.in-addr.arpa
    IN PTR
    Response
    199.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-199deploystaticakamaitechnologiescom
  • flag-us
    DNS
    199.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    199.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    199.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    199.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    199.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    199.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    downloads.seekmo.com
    74a1e4f8c48502f4cf6bdf1ff5c842a8.exe
    Remote address:
    8.8.8.8:53
    Request
    downloads.seekmo.com
    IN A
    Response
    downloads.seekmo.com
    IN A
    3.64.163.50
  • flag-de
    GET
    http://downloads.seekmo.com/downloads/aa/aa/bb.htm
    74a1e4f8c48502f4cf6bdf1ff5c842a8.exe
    Remote address:
    3.64.163.50:80
    Request
    GET /downloads/aa/aa/bb.htm HTTP/1.1
    Host: downloads.seekmo.com
    User-Agent: Microsoft-ATL-Native/10.00
    Response
    HTTP/1.1 410 Gone
    Server: openresty
    Date: Sat, 06 Jan 2024 16:39:40 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-us
    DNS
    50.163.64.3.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.163.64.3.in-addr.arpa
    IN PTR
    Response
    50.163.64.3.in-addr.arpa
    IN PTR
    ec2-3-64-163-50 eu-central-1compute amazonawscom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tei.fivemillionfriends.com
    74a1e4f8c48502f4cf6bdf1ff5c842a8.exe
    Remote address:
    8.8.8.8:53
    Request
    tei.fivemillionfriends.com
    IN A
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tei.fivemillionfriends.com
    74a1e4f8c48502f4cf6bdf1ff5c842a8.exe
    Remote address:
    8.8.8.8:53
    Request
    tei.fivemillionfriends.com
    IN A
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
  • flag-us
    DNS
    178.223.142.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    178.223.142.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    29.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    182.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    182.178.17.96.in-addr.arpa
    IN PTR
    Response
    182.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-182deploystaticakamaitechnologiescom
  • flag-us
    DNS
    182.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    182.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    182.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    182.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    182.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    182.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    178.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    178.178.17.96.in-addr.arpa
    IN PTR
    Response
    178.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-178deploystaticakamaitechnologiescom
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    11.179.89.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.179.89.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    11.179.89.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.179.89.13.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    11.179.89.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.179.89.13.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301490_1LPSK7N2TS8HCTMAM&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301490_1LPSK7N2TS8HCTMAM&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 376372
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 85B2CD02019B4CD58937EC58F2DCD7CF Ref B: LON04EDGE0611 Ref C: 2024-01-06T16:41:48Z
    date: Sat, 06 Jan 2024 16:41:48 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301057_1JHF9NK2IDFKNUSZM&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301057_1JHF9NK2IDFKNUSZM&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 401290
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 25A5AA05061D4D2180DC55D7F92AFB91 Ref B: LON04EDGE0611 Ref C: 2024-01-06T16:41:48Z
    date: Sat, 06 Jan 2024 16:41:48 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300964_1C92FDN74123R86HE&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317300964_1C92FDN74123R86HE&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 581984
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7B0E926073914275AB591F6250AD1CE2 Ref B: LON04EDGE0611 Ref C: 2024-01-06T16:41:49Z
    date: Sat, 06 Jan 2024 16:41:48 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301397_1RRG7O37Z0P13Z6K4&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301397_1RRG7O37Z0P13Z6K4&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 534250
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 92BDEBAD55C74F7C878D85EC20CF8560 Ref B: LON04EDGE0611 Ref C: 2024-01-06T16:41:49Z
    date: Sat, 06 Jan 2024 16:41:48 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301111_1DKW3SIPELFG6R5I0&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301111_1DKW3SIPELFG6R5I0&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 147718
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3ECCC7AAC9D341668BBD42A44C6114A8 Ref B: LON04EDGE0611 Ref C: 2024-01-06T16:41:49Z
    date: Sat, 06 Jan 2024 16:41:48 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301544_150BJDG31FJ0ZNF34&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301544_150BJDG31FJ0ZNF34&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 134030
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 771B5EC3EEFD40218717F6F06C4DB287 Ref B: LON04EDGE0611 Ref C: 2024-01-06T16:41:51Z
    date: Sat, 06 Jan 2024 16:41:51 GMT
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
  • 20.231.121.79:80
    104 B
    2
  • 3.64.163.50:80
    http://downloads.seekmo.com/downloads/aa/aa/bb.htm
    http
    74a1e4f8c48502f4cf6bdf1ff5c842a8.exe
    338 B
    471 B
    5
    4

    HTTP Request

    GET http://downloads.seekmo.com/downloads/aa/aa/bb.htm

    HTTP Response

    410
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
    8.3kB
    19
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
    8.4kB
    19
    15
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301544_150BJDG31FJ0ZNF34&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    83.5kB
    2.3MB
    1649
    1639

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301490_1LPSK7N2TS8HCTMAM&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301057_1JHF9NK2IDFKNUSZM&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300964_1C92FDN74123R86HE&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301397_1RRG7O37Z0P13Z6K4&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301111_1DKW3SIPELFG6R5I0&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301544_150BJDG31FJ0ZNF34&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
    8.3kB
    18
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
    8.3kB
    19
    14
  • 8.8.8.8:53
    17.160.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    17.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    199.178.17.96.in-addr.arpa
    dns
    288 B
    137 B
    4
    1

    DNS Request

    199.178.17.96.in-addr.arpa

    DNS Request

    199.178.17.96.in-addr.arpa

    DNS Request

    199.178.17.96.in-addr.arpa

    DNS Request

    199.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    downloads.seekmo.com
    dns
    74a1e4f8c48502f4cf6bdf1ff5c842a8.exe
    66 B
    82 B
    1
    1

    DNS Request

    downloads.seekmo.com

    DNS Response

    3.64.163.50

  • 8.8.8.8:53
    50.163.64.3.in-addr.arpa
    dns
    70 B
    134 B
    1
    1

    DNS Request

    50.163.64.3.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    tei.fivemillionfriends.com
    dns
    74a1e4f8c48502f4cf6bdf1ff5c842a8.exe
    72 B
    145 B
    1
    1

    DNS Request

    tei.fivemillionfriends.com

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    tei.fivemillionfriends.com
    dns
    74a1e4f8c48502f4cf6bdf1ff5c842a8.exe
    72 B
    145 B
    1
    1

    DNS Request

    tei.fivemillionfriends.com

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    142 B
    157 B
    2
    1

    DNS Request

    198.187.3.20.in-addr.arpa

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    18.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    178.223.142.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    178.223.142.52.in-addr.arpa

  • 8.8.8.8:53
    29.243.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    29.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    284 B
    157 B
    4
    1

    DNS Request

    59.128.231.4.in-addr.arpa

    DNS Request

    59.128.231.4.in-addr.arpa

    DNS Request

    59.128.231.4.in-addr.arpa

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    182.178.17.96.in-addr.arpa
    dns
    288 B
    137 B
    4
    1

    DNS Request

    182.178.17.96.in-addr.arpa

    DNS Request

    182.178.17.96.in-addr.arpa

    DNS Request

    182.178.17.96.in-addr.arpa

    DNS Request

    182.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    178.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    178.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    146 B
    147 B
    2
    1

    DNS Request

    158.240.127.40.in-addr.arpa

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    11.179.89.13.in-addr.arpa
    dns
    213 B
    145 B
    3
    1

    DNS Request

    11.179.89.13.in-addr.arpa

    DNS Request

    11.179.89.13.in-addr.arpa

    DNS Request

    11.179.89.13.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    186 B
    173 B
    3
    1

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    219 B
    106 B
    3
    1

    DNS Request

    200.197.79.204.in-addr.arpa

    DNS Request

    200.197.79.204.in-addr.arpa

    DNS Request

    200.197.79.204.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2844-0-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.