Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 14:11 UTC

General

  • Target

    74ab39c16e1900bea027b2801e123f52.exe

  • Size

    323KB

  • MD5

    74ab39c16e1900bea027b2801e123f52

  • SHA1

    5a99b0313c6481c7867695ace6c534cc8fd0caf7

  • SHA256

    23133cd2350b731d420872e5b4639fa97b81e3474213f6beb3a740daba170f56

  • SHA512

    35e2e693d6d4047c43d238a239372fee91a587bfee80b00e2157418b6457b43206ca316d169e5a06ef9ddbc34d3d2d80b0fccdde1baf85b3fd1b3325f3445426

  • SSDEEP

    6144:IrV99uEo2S1YnQmCX492DkwNP3qpYFXTqttBv2tHlzLkFyhFOY4vHSMrQ:IrVDu6/eIo4YOtEyc55Mk

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74ab39c16e1900bea027b2801e123f52.exe
    "C:\Users\Admin\AppData\Local\Temp\74ab39c16e1900bea027b2801e123f52.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1864

Network

  • flag-us
    DNS
    1.181.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.181.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    209.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.178.17.96.in-addr.arpa
    IN PTR
    Response
    209.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-209deploystaticakamaitechnologiescom
  • flag-us
    DNS
    209.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    c1.getapplicationmy.info
    74ab39c16e1900bea027b2801e123f52.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
    Response
    c1.getapplicationmy.info
    IN A
    94.229.72.124
  • flag-us
    DNS
    r1.getapplicationmy.info
    74ab39c16e1900bea027b2801e123f52.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
    Response
    r1.getapplicationmy.info
    IN A
    108.59.12.101
  • flag-gb
    GET
    http://c1.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg
    74ab39c16e1900bea027b2801e123f52.exe
    Remote address:
    94.229.72.124:80
    Request
    GET /?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c1.getapplicationmy.info
    Cache-Control: no-cache
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Thu, 28 Dec 2023 01:11:47 GMT
    server: nginx
    set-cookie: sid=131d40e7-a51e-11ee-a24a-f8809827724b; path=/; domain=.getapplicationmy.info; expires=Tue, 15 Jan 2092 04:25:55 GMT; max-age=2147483647; HttpOnly
  • flag-us
    POST
    http://r1.getapplicationmy.info/?report_version=5&
    74ab39c16e1900bea027b2801e123f52.exe
    Remote address:
    108.59.12.101:80
    Request
    POST /?report_version=5& HTTP/1.1
    Accept: */*
    Content-Type: application/x-www-form-urlencoded
    User-Agent: TixDll
    Host: r1.getapplicationmy.info
    Content-Length: 1902
    Cache-Control: no-cache
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Thu, 28 Dec 2023 01:11:48 GMT
    server: nginx
    set-cookie: sid=13368432-a51e-11ee-a11a-9c3254153611; path=/; domain=.getapplicationmy.info; expires=Tue, 15 Jan 2092 04:25:55 GMT; max-age=2147483647; HttpOnly
  • flag-us
    DNS
    c2.getapplicationmy.info
    74ab39c16e1900bea027b2801e123f52.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.getapplicationmy.info
    IN A
    Response
    c2.getapplicationmy.info
    IN A
    94.229.72.124
  • flag-gb
    GET
    http://c2.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg
    74ab39c16e1900bea027b2801e123f52.exe
    Remote address:
    94.229.72.124:80
    Request
    GET /?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c2.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=131d40e7-a51e-11ee-a24a-f8809827724b
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Thu, 28 Dec 2023 01:11:50 GMT
    server: nginx
  • flag-us
    DNS
    r2.getapplicationmy.info
    74ab39c16e1900bea027b2801e123f52.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
    Response
    r2.getapplicationmy.info
    IN A
    94.229.72.124
  • flag-gb
    POST
    http://r2.getapplicationmy.info/?report_version=5&
    74ab39c16e1900bea027b2801e123f52.exe
    Remote address:
    94.229.72.124:80
    Request
    POST /?report_version=5& HTTP/1.1
    Accept: */*
    Content-Type: application/x-www-form-urlencoded
    User-Agent: TixDll
    Host: r2.getapplicationmy.info
    Content-Length: 1902
    Cache-Control: no-cache
    Cookie: sid=13368432-a51e-11ee-a11a-9c3254153611
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Thu, 28 Dec 2023 01:11:48 GMT
    server: nginx
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    124.72.229.94.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    124.72.229.94.in-addr.arpa
    IN PTR
    Response
    124.72.229.94.in-addr.arpa
    IN PTR
    nordns ukserverscom
  • flag-us
    DNS
    101.12.59.108.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    101.12.59.108.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-gb
    GET
    http://c1.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg
    74ab39c16e1900bea027b2801e123f52.exe
    Remote address:
    94.229.72.124:80
    Request
    GET /?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c1.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=13368432-a51e-11ee-a11a-9c3254153611
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Thu, 28 Dec 2023 01:11:55 GMT
    server: nginx
  • flag-gb
    GET
    http://c2.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg
    74ab39c16e1900bea027b2801e123f52.exe
    Remote address:
    94.229.72.124:80
    Request
    GET /?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c2.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=13368432-a51e-11ee-a11a-9c3254153611
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Thu, 28 Dec 2023 01:12:11 GMT
    server: nginx
  • flag-us
    DNS
    140.71.91.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    140.71.91.104.in-addr.arpa
    IN PTR
    Response
    140.71.91.104.in-addr.arpa
    IN PTR
    a104-91-71-140deploystaticakamaitechnologiescom
  • flag-gb
    GET
    http://c1.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg
    74ab39c16e1900bea027b2801e123f52.exe
    Remote address:
    94.229.72.124:80
    Request
    GET /?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c1.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=13368432-a51e-11ee-a11a-9c3254153611
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Thu, 28 Dec 2023 01:12:23 GMT
    server: nginx
  • flag-us
    DNS
    100.5.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    100.5.17.2.in-addr.arpa
    IN PTR
    Response
    100.5.17.2.in-addr.arpa
    IN PTR
    a2-17-5-100deploystaticakamaitechnologiescom
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-gb
    GET
    http://c2.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg
    74ab39c16e1900bea027b2801e123f52.exe
    Remote address:
    94.229.72.124:80
    Request
    GET /?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg HTTP/1.1
    Accept: */*
    User-Agent: TixDll
    Host: c2.getapplicationmy.info
    Cache-Control: no-cache
    Cookie: sid=13368432-a51e-11ee-a11a-9c3254153611
    Response
    HTTP/1.1 429 Too Many Requests
    cache-control: max-age=0, private, must-revalidate
    connection: close
    content-length: 17
    date: Thu, 28 Dec 2023 01:12:38 GMT
    server: nginx
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301573_1WQYDGP9TP8BZ8BAM&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301573_1WQYDGP9TP8BZ8BAM&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 220048
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5E7754CB854A4ABBA0BE821DA696EF07 Ref B: LON04EDGE1006 Ref C: 2023-12-28T01:12:58Z
    date: Thu, 28 Dec 2023 01:12:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300993_1XJBTU2LFRRLT6P36&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317300993_1XJBTU2LFRRLT6P36&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 162772
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 075368835DD84D6EAF719FD2BA4C7E55 Ref B: LON04EDGE1006 Ref C: 2023-12-28T01:12:58Z
    date: Thu, 28 Dec 2023 01:12:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301426_1IEC2H6Y0UOWUNEEE&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301426_1IEC2H6Y0UOWUNEEE&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 171408
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 00E8D3468BD94ACF8D7D84522EAEEFB2 Ref B: LON04EDGE1006 Ref C: 2023-12-28T01:12:58Z
    date: Thu, 28 Dec 2023 01:12:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300913_16JYUQS6WV9VSSWLA&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317300913_16JYUQS6WV9VSSWLA&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 187063
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: AA72D5797D3E47D98386E8BF9A74EE2E Ref B: LON04EDGE1006 Ref C: 2023-12-28T01:12:58Z
    date: Thu, 28 Dec 2023 01:12:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301164_1VHOPS3LMJZA5MZXO&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301164_1VHOPS3LMJZA5MZXO&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 263193
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8871E38D43B3470BB5B9AC8BB3F558F2 Ref B: LON04EDGE1006 Ref C: 2023-12-28T01:12:58Z
    date: Thu, 28 Dec 2023 01:12:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301346_1HKPKYW01FIAQGRUY&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301346_1HKPKYW01FIAQGRUY&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 185856
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 1956D4C648444AAB863113CE800548ED Ref B: LON04EDGE1006 Ref C: 2023-12-28T01:13:00Z
    date: Thu, 28 Dec 2023 01:12:59 GMT
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    174.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    174.178.17.96.in-addr.arpa
    IN PTR
    Response
    174.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-174deploystaticakamaitechnologiescom
  • flag-us
    DNS
    174.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    174.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    17.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    17.134.221.88.in-addr.arpa
    IN PTR
    Response
    17.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-17deploystaticakamaitechnologiescom
  • flag-us
    DNS
    17.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    17.134.221.88.in-addr.arpa
    IN PTR
    Response
    17.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-17deploystaticakamaitechnologiescom
  • flag-us
    DNS
    88.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.135.221.88.in-addr.arpa
    IN PTR
    Response
    88.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-88deploystaticakamaitechnologiescom
  • flag-us
    DNS
    88.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.135.221.88.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    211.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    211.178.17.96.in-addr.arpa
    IN PTR
    Response
    211.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-211deploystaticakamaitechnologiescom
  • flag-us
    DNS
    84.65.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    84.65.42.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    84.65.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    84.65.42.20.in-addr.arpa
    IN PTR
    Response
  • 20.231.121.79:80
    46 B
    1
  • 94.229.72.124:80
    http://c1.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg
    http
    74ab39c16e1900bea027b2801e123f52.exe
    909 B
    560 B
    6
    5

    HTTP Request

    GET http://c1.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg

    HTTP Response

    429
  • 108.59.12.101:80
    http://r1.getapplicationmy.info/?report_version=5&
    http
    74ab39c16e1900bea027b2801e123f52.exe
    2.5kB
    600 B
    8
    6

    HTTP Request

    POST http://r1.getapplicationmy.info/?report_version=5&

    HTTP Response

    429
  • 94.229.72.124:80
    http://c2.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg
    http
    74ab39c16e1900bea027b2801e123f52.exe
    1.1kB
    398 B
    8
    5

    HTTP Request

    GET http://c2.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg

    HTTP Response

    429
  • 94.229.72.124:80
    http://r2.getapplicationmy.info/?report_version=5&
    http
    74ab39c16e1900bea027b2801e123f52.exe
    5.3kB
    438 B
    10
    6

    HTTP Request

    POST http://r2.getapplicationmy.info/?report_version=5&

    HTTP Response

    429
  • 94.229.72.124:80
    http://c1.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg
    http
    74ab39c16e1900bea027b2801e123f52.exe
    1.0kB
    358 B
    7
    4

    HTTP Request

    GET http://c1.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg

    HTTP Response

    429
  • 94.229.72.124:80
    http://c2.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg
    http
    74ab39c16e1900bea027b2801e123f52.exe
    1.2kB
    398 B
    10
    5

    HTTP Request

    GET http://c2.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg

    HTTP Response

    429
  • 94.229.72.124:80
    http://c1.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg
    http
    74ab39c16e1900bea027b2801e123f52.exe
    1.1kB
    398 B
    9
    5

    HTTP Request

    GET http://c1.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg

    HTTP Response

    429
  • 94.229.72.124:80
    http://c2.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg
    http
    74ab39c16e1900bea027b2801e123f52.exe
    1.2kB
    358 B
    10
    4

    HTTP Request

    GET http://c2.getapplicationmy.info/?step_id=1&installer_id=5002493902950264319&publisher_id=708&source_id=0&page_id=0&affiliate_id=version10&country_code=US&locale=EN&browser_id=0&download_id=2640071394831530048&external_id=0&session_id=2799105623234002918&hardware_id=10456166424796306165&installer_file_name=TheEconomicsofEuropeanIntegrationpdf&product_name=TheEconomicsofEuropeanIntegrationpdf&q=TheEconomicso&q=TheEconomicsofEuropeanIntegrationpdf&id=index.html&affiliate_id=version10&filesize=&product_image_url=%3CServerUrl%3E%2Fimages%2Fgeneral_logo.jpg

    HTTP Response

    429
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
    9.7kB
    17
    15
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
    9.7kB
    17
    15
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301346_1HKPKYW01FIAQGRUY&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    45.8kB
    1.2MB
    916
    911

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301573_1WQYDGP9TP8BZ8BAM&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300993_1XJBTU2LFRRLT6P36&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301426_1IEC2H6Y0UOWUNEEE&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300913_16JYUQS6WV9VSSWLA&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301164_1VHOPS3LMJZA5MZXO&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301346_1HKPKYW01FIAQGRUY&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
    9.7kB
    17
    15
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
    9.7kB
    17
    15
  • 8.8.8.8:53
    1.181.190.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    1.181.190.20.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    140 B
    156 B
    2
    1

    DNS Request

    9.228.82.20.in-addr.arpa

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    209.178.17.96.in-addr.arpa
    dns
    144 B
    137 B
    2
    1

    DNS Request

    209.178.17.96.in-addr.arpa

    DNS Request

    209.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    c1.getapplicationmy.info
    dns
    74ab39c16e1900bea027b2801e123f52.exe
    70 B
    86 B
    1
    1

    DNS Request

    c1.getapplicationmy.info

    DNS Response

    94.229.72.124

  • 8.8.8.8:53
    r1.getapplicationmy.info
    dns
    74ab39c16e1900bea027b2801e123f52.exe
    70 B
    86 B
    1
    1

    DNS Request

    r1.getapplicationmy.info

    DNS Response

    108.59.12.101

  • 8.8.8.8:53
    c2.getapplicationmy.info
    dns
    74ab39c16e1900bea027b2801e123f52.exe
    70 B
    86 B
    1
    1

    DNS Request

    c2.getapplicationmy.info

    DNS Response

    94.229.72.124

  • 8.8.8.8:53
    r2.getapplicationmy.info
    dns
    74ab39c16e1900bea027b2801e123f52.exe
    70 B
    86 B
    1
    1

    DNS Request

    r2.getapplicationmy.info

    DNS Response

    94.229.72.124

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    124.72.229.94.in-addr.arpa
    dns
    72 B
    107 B
    1
    1

    DNS Request

    124.72.229.94.in-addr.arpa

  • 8.8.8.8:53
    101.12.59.108.in-addr.arpa
    dns
    72 B
    135 B
    1
    1

    DNS Request

    101.12.59.108.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    146 B
    147 B
    2
    1

    DNS Request

    158.240.127.40.in-addr.arpa

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    140.71.91.104.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    140.71.91.104.in-addr.arpa

  • 8.8.8.8:53
    100.5.17.2.in-addr.arpa
    dns
    69 B
    131 B
    1
    1

    DNS Request

    100.5.17.2.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    144 B
    158 B
    2
    1

    DNS Request

    48.229.111.52.in-addr.arpa

    DNS Request

    48.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    173 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
    106 B
    1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    174.178.17.96.in-addr.arpa
    dns
    144 B
    137 B
    2
    1

    DNS Request

    174.178.17.96.in-addr.arpa

    DNS Request

    174.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    17.134.221.88.in-addr.arpa
    dns
    144 B
    274 B
    2
    2

    DNS Request

    17.134.221.88.in-addr.arpa

    DNS Request

    17.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    88.135.221.88.in-addr.arpa
    dns
    144 B
    137 B
    2
    1

    DNS Request

    88.135.221.88.in-addr.arpa

    DNS Request

    88.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    211.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    211.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    84.65.42.20.in-addr.arpa
    dns
    140 B
    312 B
    2
    2

    DNS Request

    84.65.42.20.in-addr.arpa

    DNS Request

    84.65.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Tsu30A35B09.dll

    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

  • C:\Users\Admin\AppData\Local\Temp\{DFAD64AF-9DB1-4520-A7CB-D593044E4659}\Custom.dll

    Filesize

    91KB

    MD5

    c9d3d86ee95ae4d20c80de9ddaa8fa40

    SHA1

    5f0546ec86f3e27f0eec4d5d5451edc630907654

    SHA256

    b34ca5ec63459956e72289b6b1d85891377c4ef451b48f42d92ab7d1aad117a9

    SHA512

    ea895f339e31432497401782a17275cecda18286a158ad191dc1a5c2c3c541205c679689a74ff46c4e4861c7e6d87bf862e54049b419675cadaeea76c400b186

  • C:\Users\Admin\AppData\Local\Temp\{DFAD64AF-9DB1-4520-A7CB-D593044E4659}\_Setup.dll

    Filesize

    175KB

    MD5

    b50ef7592becdbd232a98bc443c7594c

    SHA1

    dd54aac32e72acd02d3745336906ce17c37bf04e

    SHA256

    c7a3f4d7920add808451d9d043a168ffe86f2e6f829ef9fba26a22ec85b53da2

    SHA512

    6311d6c26e15d03e0f9f2fbdf009fda326855a8330a8758bb693f525391ea794fc13b923b77cbb42ecf9accd5532db399752f1c81b3193819586f67588930a0b

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.