Overview

overview

3

Static

static

3

Ford A,L &...es.exe

windows7-x64

1

Ford A,L &...es.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 09:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ford A,L & C Series.exe

  • Size

    419KB

  • MD5

    04842dec2923faff352b50aa6b0678a6

  • SHA1

    feeb2ed1bb14233301158f77e682e941c398d7ea

  • SHA256

    3147ef60d4482099d672cbca38ee9bb1beba69be1d490b4a082a8c8c7893d15e

  • SHA512

    201a6bff0e760545c8dc589bfc46bf0b6f19b183d2dd68782d672d7cb1b7ba759df2a215379cb844c334a40c5cf3b761744b015d576deda26e0bfb23f86853a3

  • SSDEEP

    12288:2SZ60t5an9dWBiSqGoZnpZcFSXyzXFXvl:2LoUC/gWJzXFX

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ford A,L & C Series.exe
    "C:\Users\Admin\AppData\Local\Temp\Ford A,L & C Series.exe"
    1⤵
      PID:4036

    Network

    • flag-us
      DNS
      59.128.231.4.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      59.128.231.4.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      2.181.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.181.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      2.181.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.181.190.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      146.78.124.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      146.78.124.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.154.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.154.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      18.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.134.221.88.in-addr.arpa
      IN PTR
      Response
      18.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-18deploystaticakamaitechnologiescom
    • flag-us
      DNS
      18.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.134.221.88.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      18.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.134.221.88.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      100.5.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      100.5.17.2.in-addr.arpa
      IN PTR
      Response
      100.5.17.2.in-addr.arpa
      IN PTR
      a2-17-5-100deploystaticakamaitechnologiescom
    • flag-us
      DNS
      119.110.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      119.110.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      217.135.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.135.221.88.in-addr.arpa
      IN PTR
      Response
      217.135.221.88.in-addr.arpa
      IN PTR
      a88-221-135-217deploystaticakamaitechnologiescom
    • flag-us
      DNS
      174.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      174.178.17.96.in-addr.arpa
      IN PTR
      Response
      174.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-174deploystaticakamaitechnologiescom
    • flag-us
      DNS
      173.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      173.178.17.96.in-addr.arpa
      IN PTR
      Response
      173.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-173deploystaticakamaitechnologiescom
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      0.204.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.204.248.87.in-addr.arpa
      IN PTR
      Response
      0.204.248.87.in-addr.arpa
      IN PTR
      https-87-248-204-0lhrllnwnet
    • flag-us
      DNS
      0.204.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.204.248.87.in-addr.arpa
      IN PTR
      Response
      0.204.248.87.in-addr.arpa
      IN PTR
      https-87-248-204-0lhrllnwnet
    • flag-us
      DNS
      32.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      32.134.221.88.in-addr.arpa
      IN PTR
      Response
      32.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-32deploystaticakamaitechnologiescom
    • flag-us
      DNS
      32.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      32.134.221.88.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      79.121.231.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      79.121.231.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      79.121.231.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      79.121.231.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      23.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.236.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      23.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.236.111.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301700_18ZUY5V0A74HOX1SZ&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301700_18ZUY5V0A74HOX1SZ&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 541005
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 929457975B0D499FB9CA9ED2A35CD785 Ref B: LON04EDGE0707 Ref C: 2023-12-31T10:52:41Z
      date: Sun, 31 Dec 2023 10:52:41 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301291_1H8FN9XYY8JWTIM5Q&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301291_1H8FN9XYY8JWTIM5Q&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 201688
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 9A833320A6B64A04AE5613753B71CD7B Ref B: LON04EDGE0707 Ref C: 2023-12-31T10:52:41Z
      date: Sun, 31 Dec 2023 10:52:41 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301210_1O6WSVG17Q8FD2GN3&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301210_1O6WSVG17Q8FD2GN3&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 477094
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 56AFC87CBF90479DAEA7FC9270C8C5A1 Ref B: LON04EDGE0707 Ref C: 2023-12-31T10:52:41Z
      date: Sun, 31 Dec 2023 10:52:41 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317300945_1AVU9XQC2ZATZF0SD&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317300945_1AVU9XQC2ZATZF0SD&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 233894
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 47751E38A0CD4041B1BD05FB1A72F7F0 Ref B: LON04EDGE0707 Ref C: 2023-12-31T10:52:41Z
      date: Sun, 31 Dec 2023 10:52:41 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301619_1XBK40W4REDBFTJ48&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301619_1XBK40W4REDBFTJ48&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 400338
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: D83F40AE42894685B8EFEC72A1D0C486 Ref B: LON04EDGE0707 Ref C: 2023-12-31T10:52:41Z
      date: Sun, 31 Dec 2023 10:52:41 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301378_1LGWEGF9HZ9XZB6X8&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301378_1LGWEGF9HZ9XZB6X8&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.4kB
       8.2kB
       16
      13
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.4kB
       8.2kB
       16
      13
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.4kB
       8.2kB
       16
      13
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239317301378_1LGWEGF9HZ9XZB6X8&pid=21.2&w=1080&h=1920&c=4
      tls, http2
      56.6kB
       1.5MB
       1115
      1107

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301700_18ZUY5V0A74HOX1SZ&pid=21.2&w=1080&h=1920&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301291_1H8FN9XYY8JWTIM5Q&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301210_1O6WSVG17Q8FD2GN3&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317300945_1AVU9XQC2ZATZF0SD&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301619_1XBK40W4REDBFTJ48&pid=21.2&w=1080&h=1920&c=4

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301378_1LGWEGF9HZ9XZB6X8&pid=21.2&w=1080&h=1920&c=4
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.4kB
       8.2kB
       16
      13
    • 88.221.134.32:80
    • 88.221.134.32:80
    • 88.221.134.32:80
    • 88.221.134.32:80
    • 88.221.134.32:80
    • 88.221.134.32:80
    • 88.221.134.32:80
    • 88.221.134.32:80
    • 88.221.134.32:80
    • 88.221.134.32:80
    • 88.221.134.32:80
    • 88.221.134.32:80
    • 88.221.134.32:80
    • 88.221.134.32:80
    • 88.221.134.32:80
    • 88.221.134.32:80
    • 8.8.8.8:53
      59.128.231.4.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      59.128.231.4.in-addr.arpa

    • 8.8.8.8:53
      2.181.190.20.in-addr.arpa
      dns
      142 B
       157 B
       2
      1

      DNS Request

      2.181.190.20.in-addr.arpa

      DNS Request

      2.181.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      146 B
       144 B
       2
      1

      DNS Request

      95.221.229.192.in-addr.arpa

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      146.78.124.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      146.78.124.51.in-addr.arpa

    • 8.8.8.8:53
      241.154.82.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      241.154.82.20.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      56.126.166.20.in-addr.arpa
      dns
      288 B
       158 B
       4
      1

      DNS Request

      56.126.166.20.in-addr.arpa

      DNS Request

      56.126.166.20.in-addr.arpa

      DNS Request

      56.126.166.20.in-addr.arpa

      DNS Request

      56.126.166.20.in-addr.arpa

    • 8.8.8.8:53
      18.134.221.88.in-addr.arpa
      dns
      216 B
       137 B
       3
      1

      DNS Request

      18.134.221.88.in-addr.arpa

      DNS Request

      18.134.221.88.in-addr.arpa

      DNS Request

      18.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      100.5.17.2.in-addr.arpa
      dns
      69 B
       131 B
       1
      1

      DNS Request

      100.5.17.2.in-addr.arpa

    • 8.8.8.8:53
      119.110.54.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      119.110.54.20.in-addr.arpa

    • 8.8.8.8:53
      217.135.221.88.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      217.135.221.88.in-addr.arpa

    • 8.8.8.8:53
      173.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      173.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      174.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      174.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      57.169.31.20.in-addr.arpa
      dns
      142 B
       314 B
       2
      2

      DNS Request

      57.169.31.20.in-addr.arpa

      DNS Request

      57.169.31.20.in-addr.arpa

    • 8.8.8.8:53
      0.204.248.87.in-addr.arpa
      dns
      142 B
       232 B
       2
      2

      DNS Request

      0.204.248.87.in-addr.arpa

      DNS Request

      0.204.248.87.in-addr.arpa

    • 8.8.8.8:53
      32.134.221.88.in-addr.arpa
      dns
      144 B
       137 B
       2
      1

      DNS Request

      32.134.221.88.in-addr.arpa

      DNS Request

      32.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      79.121.231.20.in-addr.arpa
      dns
      144 B
       316 B
       2
      2

      DNS Request

      79.121.231.20.in-addr.arpa

      DNS Request

      79.121.231.20.in-addr.arpa

    • 8.8.8.8:53
      23.236.111.52.in-addr.arpa
      dns
      144 B
       158 B
       2
      1

      DNS Request

      23.236.111.52.in-addr.arpa

      DNS Request

      23.236.111.52.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      124 B
       346 B
       2
      2

      DNS Request

      tse1.mm.bing.net

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      219 B
       106 B
       3
      1

      DNS Request

      200.197.79.204.in-addr.arpa

      DNS Request

      200.197.79.204.in-addr.arpa

      DNS Request

      200.197.79.204.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4036-0-0x00000000021D0000-0x00000000021D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4036-1-0x0000000000400000-0x000000000046D000-memory.dmp

      Filesize

      436KB

      Download

    • memory/4036-3-0x00000000021D0000-0x00000000021D1000-memory.dmp

      Filesize

      4KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.