Analysis

  • max time kernel
    148s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-01-2024 20:04

General

  • Target

    0eb8849564cce6ae74801f923bc97e52.exe

  • Size

    538KB

  • MD5

    0eb8849564cce6ae74801f923bc97e52

  • SHA1

    77e70d251573396481e0305908a83aa12082699a

  • SHA256

    434782669aae645047f93e2c0594167286f83633f25b6ddfefbe4bd3edfeb914

  • SHA512

    1bbd2627897dfe55574522408b15d86466bd8706dfdba9af9abacca22e11f9c11547dc7120545bba86e459bc18ec5f9cd3402ca9feb971891a7947c1311d082e

  • SSDEEP

    12288:+NuaIsd+lbShO2PLOHKwsYyHBsU6lxSnyYxYKSCh3BeQs8D:+oaIzDWLO/sYyHBp6in1xcCh3BeQs8D

Score
7/10

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0eb8849564cce6ae74801f923bc97e52.exe
    "C:\Users\Admin\AppData\Local\Temp\0eb8849564cce6ae74801f923bc97e52.exe"
    1⤵
    • Identifies Wine through registry keys
    PID:4700

Network

  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    29.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.179.17.96.in-addr.arpa
    IN PTR
    Response
    29.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-29deploystaticakamaitechnologiescom
  • flag-us
    DNS
    18.53.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.53.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    81.171.91.138.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.171.91.138.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    28.160.77.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.160.77.104.in-addr.arpa
    IN PTR
    Response
    28.160.77.104.in-addr.arpa
    IN PTR
    a104-77-160-28deploystaticakamaitechnologiescom
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300950_1CI16BMH94QQ9WZ43&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317300950_1CI16BMH94QQ9WZ43&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 391016
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 94A118CFE3854445A1469677801A46FD Ref B: LON04EDGE1014 Ref C: 2024-01-04T20:06:19Z
    date: Thu, 04 Jan 2024 20:06:19 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301383_1L76EFRJ4S38LB1VW&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301383_1L76EFRJ4S38LB1VW&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 391501
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 194E85C6076C4BC7B85639D11FA2EE6F Ref B: LON04EDGE1014 Ref C: 2024-01-04T20:06:19Z
    date: Thu, 04 Jan 2024 20:06:19 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301511_14RJSOYL5IFIBQQUL&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301511_14RJSOYL5IFIBQQUL&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 508519
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: ADA9477E0F694094946BF46A14A4E78A Ref B: LON04EDGE1014 Ref C: 2024-01-04T20:06:19Z
    date: Thu, 04 Jan 2024 20:06:19 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 387682
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 53212C9A9F4A470B999A34FB087E4F13 Ref B: LON04EDGE1014 Ref C: 2024-01-04T20:06:19Z
    date: Thu, 04 Jan 2024 20:06:19 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301078_1O81E4QM35DM2EN4A&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301078_1O81E4QM35DM2EN4A&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 390067
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3AA37D5D92CD45F6839AAE09223D141B Ref B: LON04EDGE1014 Ref C: 2024-01-04T20:06:19Z
    date: Thu, 04 Jan 2024 20:06:19 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 339880
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4F5971FBF7E3402E98E52966C2636FA9 Ref B: LON04EDGE1014 Ref C: 2024-01-04T20:06:35Z
    date: Thu, 04 Jan 2024 20:06:34 GMT
  • flag-us
    DNS
    79.121.231.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.121.231.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.1.37.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.1.37.23.in-addr.arpa
    IN PTR
    Response
    183.1.37.23.in-addr.arpa
    IN PTR
    a23-37-1-183deploystaticakamaitechnologiescom
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    23.160.77.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.160.77.104.in-addr.arpa
    IN PTR
    Response
    23.160.77.104.in-addr.arpa
    IN PTR
    a104-77-160-23deploystaticakamaitechnologiescom
  • flag-us
    DNS
    23.160.77.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.160.77.104.in-addr.arpa
    IN PTR
    Response
    23.160.77.104.in-addr.arpa
    IN PTR
    a104-77-160-23deploystaticakamaitechnologiescom
  • flag-us
    DNS
    4.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.179.17.96.in-addr.arpa
    IN PTR
    Response
    4.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-4deploystaticakamaitechnologiescom
  • flag-us
    DNS
    11.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.179.17.96.in-addr.arpa
    IN PTR
    Response
    11.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-11deploystaticakamaitechnologiescom
  • flag-us
    DNS
    134.71.91.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    134.71.91.104.in-addr.arpa
    IN PTR
    Response
    134.71.91.104.in-addr.arpa
    IN PTR
    a104-91-71-134deploystaticakamaitechnologiescom
  • flag-us
    DNS
    134.71.91.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    134.71.91.104.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    134.71.91.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    134.71.91.104.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    42.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    42.179.17.96.in-addr.arpa
    IN PTR
    Response
    42.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-42deploystaticakamaitechnologiescom
  • flag-us
    DNS
    140.179.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    140.179.17.96.in-addr.arpa
    IN PTR
    Response
    140.179.17.96.in-addr.arpa
    IN PTR
    a96-17-179-140deploystaticakamaitechnologiescom
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.3kB
    16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    108.3kB
    2.5MB
    1820
    1814

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300950_1CI16BMH94QQ9WZ43&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301383_1L76EFRJ4S38LB1VW&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301511_14RJSOYL5IFIBQQUL&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301078_1O81E4QM35DM2EN4A&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.3kB
    16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.3kB
    16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.3kB
    16
    14
  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    29.179.17.96.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    29.179.17.96.in-addr.arpa

  • 8.8.8.8:53
    18.53.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    18.53.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    146 B
    144 B
    2
    1

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    146.78.124.51.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    146.78.124.51.in-addr.arpa

  • 8.8.8.8:53
    81.171.91.138.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    81.171.91.138.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    140 B
    144 B
    2
    1

    DNS Request

    18.31.95.13.in-addr.arpa

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    28.160.77.104.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    28.160.77.104.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
    173 B
    2
    1

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    79.121.231.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    79.121.231.20.in-addr.arpa

  • 8.8.8.8:53
    183.1.37.23.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    183.1.37.23.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    144 B
    158 B
    2
    1

    DNS Request

    119.110.54.20.in-addr.arpa

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
    23.160.77.104.in-addr.arpa
    dns
    144 B
    274 B
    2
    2

    DNS Request

    23.160.77.104.in-addr.arpa

    DNS Request

    23.160.77.104.in-addr.arpa

  • 8.8.8.8:53
    4.179.17.96.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    4.179.17.96.in-addr.arpa

  • 8.8.8.8:53
    11.179.17.96.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    11.179.17.96.in-addr.arpa

  • 8.8.8.8:53
    134.71.91.104.in-addr.arpa
    dns
    216 B
    137 B
    3
    1

    DNS Request

    134.71.91.104.in-addr.arpa

    DNS Request

    134.71.91.104.in-addr.arpa

    DNS Request

    134.71.91.104.in-addr.arpa

  • 8.8.8.8:53
    42.179.17.96.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    42.179.17.96.in-addr.arpa

  • 8.8.8.8:53
    140.179.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    140.179.17.96.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4700-0-0x0000000000400000-0x0000000000662000-memory.dmp

    Filesize

    2.4MB

  • memory/4700-1-0x0000000000400000-0x0000000000662000-memory.dmp

    Filesize

    2.4MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.