Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    141s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 12:10 UTC

General

  • Target

    35b66345f1c3290ca69590beaa4ce3e8.exe

  • Size

    843KB

  • MD5

    35b66345f1c3290ca69590beaa4ce3e8

  • SHA1

    880396d988c3eb62442a6018abb133929fa8bf41

  • SHA256

    9b64f57a1d8bb73e88ac85d60dd976baf6eef38f41cc54a1bb1fd320b92d1fd2

  • SHA512

    e50030bcc7be5e2aaed59d58ac22bb6ab30438e65d0e212a15738653dbc9b723540ebe607fe35530723502d9057e016689f5d659818ba65db4632ec7ca88b390

  • SSDEEP

    12288:vKPJkaflSaldGlCTa87+ttV6sQG3r/p0iEiRYhdtWAAxfr6IwCYeaZIPxSX9Evox:iPJka9trH+tdQabptpbJPq

Malware Config

Signatures

  • 44Caliber

    An open source infostealer written in C#.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\35b66345f1c3290ca69590beaa4ce3e8.exe
    "C:\Users\Admin\AppData\Local\Temp\35b66345f1c3290ca69590beaa4ce3e8.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3480

Network

  • flag-us
    DNS
    freegeoip.app
    35b66345f1c3290ca69590beaa4ce3e8.exe
    Remote address:
    8.8.8.8:53
    Request
    freegeoip.app
    IN A
    Response
    freegeoip.app
    IN A
    172.67.160.84
    freegeoip.app
    IN A
    104.21.73.97
  • flag-us
    GET
    https://freegeoip.app/xml/
    35b66345f1c3290ca69590beaa4ce3e8.exe
    Remote address:
    172.67.160.84:443
    Request
    GET /xml/ HTTP/1.1
    Host: freegeoip.app
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Wed, 10 Jan 2024 13:32:28 GMT
    Transfer-Encoding: chunked
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Wed, 10 Jan 2024 14:32:28 GMT
    Location: https://ipbase.com/xml/
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nkk7U0CeqDETyeQOgu1NiqMkeBb0D0aSv%2B6mBkyRWYe9dw88J67Bkjh96M%2FHNbyIzTgMdcfOubBE65US5gV5iJzEcFzLmEY99QgcybI%2B8qbyobxEMRRPGeUAH1x4%2BftE"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8435494918248926-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
  • flag-us
    DNS
    ipbase.com
    35b66345f1c3290ca69590beaa4ce3e8.exe
    Remote address:
    8.8.8.8:53
    Request
    ipbase.com
    IN A
    Response
    ipbase.com
    IN A
    172.67.209.71
    ipbase.com
    IN A
    104.21.85.189
  • flag-us
    GET
    https://ipbase.com/xml/
    35b66345f1c3290ca69590beaa4ce3e8.exe
    Remote address:
    172.67.209.71:443
    Request
    GET /xml/ HTTP/1.1
    Host: ipbase.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Wed, 10 Jan 2024 13:32:30 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Age: 49128
    Cache-Control: public,max-age=0,must-revalidate
    Cache-Status: "Netlify Edge"; hit
    Vary: Accept-Encoding
    X-Nf-Request-Id: 01HKSS63MH7X14Q21Y6GG7SH5N
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q6cZD0hHbImMNlvqbe7iydBLBsK1J%2FuJhomYIcbmUbp4GPz%2B1yFqSU%2BhWKb3MP9PdA%2BXyv2NdlJ7jIbnDE5thnt%2Bv3XBdooRWjH7EZBSyqW2laiLq4CbwnsI9r7d"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 84354950bddadd71-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    84.160.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    84.160.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    84.160.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    84.160.67.172.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    3.181.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    3.181.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    71.209.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.209.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f6f23bd574454288b51bcdde39fc001d&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f6f23bd574454288b51bcdde39fc001d&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=2BA6D674E1766BD51DFDC276E0516A57; domain=.bing.com; expires=Mon, 03-Feb-2025 13:32:31 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8FD14E71D87943B2854EA0F69D4E73CD Ref B: LON04EDGE0708 Ref C: 2024-01-10T13:32:31Z
    date: Wed, 10 Jan 2024 13:32:30 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f6f23bd574454288b51bcdde39fc001d&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f6f23bd574454288b51bcdde39fc001d&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2BA6D674E1766BD51DFDC276E0516A57
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=D95NIiLUqeLlLmWsKCom4GEK2gsZIYk1bnXNs2q3FPY; domain=.bing.com; expires=Mon, 03-Feb-2025 13:32:31 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: EA0148C19ECB4C12876771BAED4CF20A Ref B: LON04EDGE0708 Ref C: 2024-01-10T13:32:31Z
    date: Wed, 10 Jan 2024 13:32:30 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f6f23bd574454288b51bcdde39fc001d&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f6f23bd574454288b51bcdde39fc001d&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2BA6D674E1766BD51DFDC276E0516A57; MSPTC=D95NIiLUqeLlLmWsKCom4GEK2gsZIYk1bnXNs2q3FPY
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8898D2D1D5644E72AE3BE15EC334D865 Ref B: LON04EDGE0708 Ref C: 2024-01-10T13:32:31Z
    date: Wed, 10 Jan 2024 13:32:30 GMT
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    100.5.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    100.5.17.2.in-addr.arpa
    IN PTR
    Response
    100.5.17.2.in-addr.arpa
    IN PTR
    a2-17-5-100deploystaticakamaitechnologiescom
  • flag-us
    DNS
    100.5.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    100.5.17.2.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    43.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    211.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    211.178.17.96.in-addr.arpa
    IN PTR
    Response
    211.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-211deploystaticakamaitechnologiescom
  • flag-us
    DNS
    211.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    211.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    211.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    211.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    128.212.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    128.212.248.87.in-addr.arpa
    IN PTR
    Response
    128.212.248.87.in-addr.arpa
    IN PTR
    https-87-248-212-128manllnwnet
  • flag-us
    DNS
    128.212.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    128.212.248.87.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301393_1DLI2GHT6T3VY9S09&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301393_1DLI2GHT6T3VY9S09&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239359955653_16Q8BS61PKT108CUW&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239359955653_16Q8BS61PKT108CUW&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
  • 172.67.160.84:443
    https://freegeoip.app/xml/
    tls, http
    35b66345f1c3290ca69590beaa4ce3e8.exe
    981 B
    5.9kB
    10
    8

    HTTP Request

    GET https://freegeoip.app/xml/

    HTTP Response

    301
  • 172.67.209.71:443
    https://ipbase.com/xml/
    tls, http
    35b66345f1c3290ca69590beaa4ce3e8.exe
    1.3kB
    9.6kB
    16
    14

    HTTP Request

    GET https://ipbase.com/xml/

    HTTP Response

    404
  • 204.79.197.200:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f6f23bd574454288b51bcdde39fc001d&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=
    tls, http2
    2.3kB
    10.0kB
    23
    20

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f6f23bd574454288b51bcdde39fc001d&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f6f23bd574454288b51bcdde39fc001d&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f6f23bd574454288b51bcdde39fc001d&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=

    HTTP Response

    204
  • 52.142.223.178:80
    52 B
    1
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.1kB
    8.2kB
    14
    12
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239359955653_16Q8BS61PKT108CUW&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    62.6kB
    1.7MB
    1219
    1230

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301393_1DLI2GHT6T3VY9S09&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239359955653_16Q8BS61PKT108CUW&pid=21.2&w=1080&h=1920&c=4
  • 204.79.197.200:443
    g.bing.com
    332 B
    5
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.8kB
    699 B
    15
    7
  • 204.79.197.200:443
    g.bing.com
    332 B
    5
  • 8.8.8.8:53
    freegeoip.app
    dns
    35b66345f1c3290ca69590beaa4ce3e8.exe
    59 B
    91 B
    1
    1

    DNS Request

    freegeoip.app

    DNS Response

    172.67.160.84
    104.21.73.97

  • 8.8.8.8:53
    g.bing.com
    dns
    168 B
    158 B
    3
    1

    DNS Request

    g.bing.com

    DNS Request

    g.bing.com

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    ipbase.com
    dns
    35b66345f1c3290ca69590beaa4ce3e8.exe
    56 B
    88 B
    1
    1

    DNS Request

    ipbase.com

    DNS Response

    172.67.209.71
    104.21.85.189

  • 8.8.8.8:53
    84.160.67.172.in-addr.arpa
    dns
    144 B
    134 B
    2
    1

    DNS Request

    84.160.67.172.in-addr.arpa

    DNS Request

    84.160.67.172.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    3.181.190.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    3.181.190.20.in-addr.arpa

  • 8.8.8.8:53
    71.209.67.172.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    71.209.67.172.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    142 B
    157 B
    2
    1

    DNS Request

    26.35.223.20.in-addr.arpa

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    208.194.73.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    208.194.73.20.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    142 B
    145 B
    2
    1

    DNS Request

    206.23.85.13.in-addr.arpa

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    100.5.17.2.in-addr.arpa
    dns
    138 B
    131 B
    2
    1

    DNS Request

    100.5.17.2.in-addr.arpa

    DNS Request

    100.5.17.2.in-addr.arpa

  • 8.8.8.8:53
    43.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    43.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
    211.178.17.96.in-addr.arpa
    dns
    216 B
    137 B
    3
    1

    DNS Request

    211.178.17.96.in-addr.arpa

    DNS Request

    211.178.17.96.in-addr.arpa

    DNS Request

    211.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    128.212.248.87.in-addr.arpa
    dns
    146 B
    120 B
    2
    1

    DNS Request

    128.212.248.87.in-addr.arpa

    DNS Request

    128.212.248.87.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
    2

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\44\Process.txt

    Filesize

    1KB

    MD5

    84dd13510b67e674ec205a539215ef9d

    SHA1

    fd7b23af1e9882475ac9ccbcb57d0442768e93d9

    SHA256

    029694053d19f17bccfe5a7916c9ebefafe654e4ddc726880c85e4bec4fef4b5

    SHA512

    e2a182a2a4326482125c3116e9e8341514fbb64085fb3df2b278342213330281a24a76234f24f879887857502b41159e34bacbf682ea6dc7704bb42fceef8fd3

  • memory/3480-0-0x0000000000280000-0x000000000035A000-memory.dmp

    Filesize

    872KB

  • memory/3480-1-0x00007FFEA6D30000-0x00007FFEA77F1000-memory.dmp

    Filesize

    10.8MB

  • memory/3480-2-0x0000000000B00000-0x0000000000B06000-memory.dmp

    Filesize

    24KB

  • memory/3480-3-0x0000000002480000-0x0000000002490000-memory.dmp

    Filesize

    64KB

  • memory/3480-128-0x00007FFEA6D30000-0x00007FFEA77F1000-memory.dmp

    Filesize

    10.8MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.