Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

285392875d...92.exe

windows7-x64

7

285392875d...92.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 04:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    285392875d65770426ae4855940d4292.exe

  • Size

    784KB

  • MD5

    285392875d65770426ae4855940d4292

  • SHA1

    ae1c051ca9e78d84abf90d36873796b152eddb46

  • SHA256

    d6b25771183dbf9f2597d4261db4cd1fb7831785cb720dbc14c832489de245ce

  • SHA512

    3f71c80d91116eda23cc7d6980aba93bbd8e56a1ced4c0c1d5cafd1ffc04e1ae8d7b9e67334d2a0258c698a8b58dfb3153f6e78f8f08f99dd7004f1e3482a027

  • SSDEEP

    12288:wZPy043VnNjUaCyDCqK1tSe1Iyc0MhfLH+pBYFBgw6CabgMNoh8Ht2hSPfFyhtNW:pXjOyD3K1tSgQ+vguCcNohWIwNyhzv

Score
10/10
xmrigminerupx

Malware Config

Signatures

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 6 IoCs
    miner
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\285392875d65770426ae4855940d4292.exe
    "C:\Users\Admin\AppData\Local\Temp\285392875d65770426ae4855940d4292.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Users\Admin\AppData\Local\Temp\285392875d65770426ae4855940d4292.exe
      C:\Users\Admin\AppData\Local\Temp\285392875d65770426ae4855940d4292.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1248

Network

  • flag-us
    DNS
    146.177.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.177.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9c823dd2c6284b1bb7a3751b1431e003&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9c823dd2c6284b1bb7a3751b1431e003&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=05CC0C801E9663932B651F7A1F76625E; domain=.bing.com; expires=Sun, 26-Jan-2025 05:35:26 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 34C4A7D5CCB146B792CCE6D67339FA16 Ref B: LON04EDGE1005 Ref C: 2024-01-02T05:35:26Z
    date: Tue, 02 Jan 2024 05:35:25 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9c823dd2c6284b1bb7a3751b1431e003&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9c823dd2c6284b1bb7a3751b1431e003&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=05CC0C801E9663932B651F7A1F76625E
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=aKvKyO_CZSj6Ctf4ctEK_dOWktODtk9z9guztkW3mUw; domain=.bing.com; expires=Sun, 26-Jan-2025 05:35:26 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 271B487DABBD485E976A320857F26E68 Ref B: LON04EDGE1005 Ref C: 2024-01-02T05:35:26Z
    date: Tue, 02 Jan 2024 05:35:25 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9c823dd2c6284b1bb7a3751b1431e003&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9c823dd2c6284b1bb7a3751b1431e003&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=05CC0C801E9663932B651F7A1F76625E; MSPTC=aKvKyO_CZSj6Ctf4ctEK_dOWktODtk9z9guztkW3mUw
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 32165F9794ED4516B1D4B3D6986CC2B3 Ref B: LON04EDGE1005 Ref C: 2024-01-02T05:35:27Z
    date: Tue, 02 Jan 2024 05:35:26 GMT
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.241.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.241.123.92.in-addr.arpa
    IN PTR
    Response
    104.241.123.92.in-addr.arpa
    IN PTR
    a92-123-241-104deploystaticakamaitechnologiescom
  • flag-us
    DNS
    104.241.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.241.123.92.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300950_1CI16BMH94QQ9WZ43&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317300950_1CI16BMH94QQ9WZ43&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 289523
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 49DB8C525DE84D53A7ABB4ED2BE26244 Ref B: LON04EDGE0618 Ref C: 2024-01-02T05:37:01Z
    date: Tue, 02 Jan 2024 05:37:00 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301060_1R4MHRP0LUJX09GMU&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301060_1R4MHRP0LUJX09GMU&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 400533
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 41222A10841C4CEF9F5EB59FD276E5D0 Ref B: LON04EDGE0618 Ref C: 2024-01-02T05:37:01Z
    date: Tue, 02 Jan 2024 05:37:00 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301001_13IM8GUOR3WVGE77H&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301001_13IM8GUOR3WVGE77H&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 508519
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 27DBA43E90DE40A89AB8D348A012DE12 Ref B: LON04EDGE0618 Ref C: 2024-01-02T05:37:01Z
    date: Tue, 02 Jan 2024 05:37:00 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301493_1LBG6KMWNFIA52WWP&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301493_1LBG6KMWNFIA52WWP&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    178.223.142.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    178.223.142.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    178.223.142.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    178.223.142.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    178.223.142.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    178.223.142.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    178.223.142.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    178.223.142.52.in-addr.arpa
    IN PTR
  • 204.79.197.200:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9c823dd2c6284b1bb7a3751b1431e003&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
    tls, http2
    2.0kB
     10.3kB
     22
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9c823dd2c6284b1bb7a3751b1431e003&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9c823dd2c6284b1bb7a3751b1431e003&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9c823dd2c6284b1bb7a3751b1431e003&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

    HTTP Response

    204
  • 20.231.121.79:80
    104 B
     2
  • 20.199.58.43:443
    46 B
     40 B
     1
    1
  • 96.16.110.114:80
  • 138.91.171.81:80
    104 B
     2
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301493_1LBG6KMWNFIA52WWP&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    75.9kB
     2.2MB
     1581
    1577

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300950_1CI16BMH94QQ9WZ43&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301060_1R4MHRP0LUJX09GMU&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301001_13IM8GUOR3WVGE77H&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301493_1LBG6KMWNFIA52WWP&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    98 B
     2
  • 8.8.8.8:53
    146.177.190.20.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    146.177.190.20.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     158 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    146 B
     147 B
     2
    1

    DNS Request

    158.240.127.40.in-addr.arpa

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    104.241.123.92.in-addr.arpa
    dns
    146 B
     139 B
     2
    1

    DNS Request

    104.241.123.92.in-addr.arpa

    DNS Request

    104.241.123.92.in-addr.arpa

  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    144 B
     137 B
     2
    1

    DNS Request

    18.134.221.88.in-addr.arpa

    DNS Request

    18.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
  • 8.8.8.8:53
    23.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    23.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    142 B
     314 B
     2
    2

    DNS Request

    57.169.31.20.in-addr.arpa

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    178.223.142.52.in-addr.arpa
    dns
    292 B
     147 B
     4
    1

    DNS Request

    178.223.142.52.in-addr.arpa

    DNS Request

    178.223.142.52.in-addr.arpa

    DNS Request

    178.223.142.52.in-addr.arpa

    DNS Request

    178.223.142.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1248-13-0x0000000000400000-0x0000000000712000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1248-14-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1248-16-0x00000000019F0000-0x0000000001AB4000-memory.dmp

    Filesize

    784KB

    Download

  • memory/1248-21-0x00000000053E0000-0x0000000005573000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1248-20-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1248-30-0x0000000000400000-0x0000000000587000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1912-0-0x0000000000400000-0x0000000000712000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1912-2-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1912-1-0x0000000001AC0000-0x0000000001B84000-memory.dmp

    Filesize

    784KB

    Download

  • memory/1912-12-0x0000000000400000-0x0000000000593000-memory.dmp

    Filesize

    1.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.