Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/02/2024, 05:43 UTC

General

  • Target

    989e845511599a05762c239c350f2781.exe

  • Size

    50KB

  • MD5

    989e845511599a05762c239c350f2781

  • SHA1

    d7accf372f8700017d98a65794aa36281c473162

  • SHA256

    064b545ab43b11732a115f22202f89cebc40451a2144d1a5ba0df045d52b8b84

  • SHA512

    48dee154c5fc11dce5a5c22ba5c4a30373cae9a6527c985703fd28d709ff9f1cf6413034a368d6b27a00dd4b13bdd2752d35a255545eac9373ae78682d91b1dc

  • SSDEEP

    768:PcGu+aZmwmhgLfoatZ0X1lfx51gSW12t7EyKznRfTIA13tOB0CH:P9Omw7g2GffxbvMznRfTIedOys

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\989e845511599a05762c239c350f2781.exe
    "C:\Users\Admin\AppData\Local\Temp\989e845511599a05762c239c350f2781.exe"
    1⤵
    • Checks computer location settings
    PID:2868

Network

  • flag-us
    DNS
    adobe.com
    989e845511599a05762c239c350f2781.exe
    Remote address:
    8.8.8.8:53
    Request
    adobe.com
    IN A
    Response
    adobe.com
    IN A
    88.221.135.202
    adobe.com
    IN A
    88.221.135.203
  • flag-gb
    POST
    http://adobe.com/geo/productid.php
    989e845511599a05762c239c350f2781.exe
    Remote address:
    88.221.135.202:80
    Request
    POST /geo/productid.php HTTP/1.1
    Host: adobe.com
    User-Agent: Opera/10.80 Pesto/2.2.30
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 21
    Response
    HTTP/1.1 403 Forbidden
    Server: AkamaiGHost
    Mime-Version: 1.0
    Content-Type: text/html
    Content-Length: 280
    Expires: Tue, 13 Feb 2024 05:43:27 GMT
    Date: Tue, 13 Feb 2024 05:43:27 GMT
    Connection: close
  • flag-us
    DNS
    202.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    202.135.221.88.in-addr.arpa
    IN PTR
    Response
    202.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-202deploystaticakamaitechnologiescom
  • flag-us
    DNS
    hnzshqhw.co.cc
    989e845511599a05762c239c350f2781.exe
    Remote address:
    8.8.8.8:53
    Request
    hnzshqhw.co.cc
    IN A
    Response
    hnzshqhw.co.cc
    IN A
    175.126.123.219
  • flag-kr
    GET
    http://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:80
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    User-Agent: User-Agent: Opera/10.60 Presto/2.2.30
    Host: hnzshqhw.co.cc
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 13 Feb 2024 05:43:28 GMT
    Server: Apache
    Location: https://hnzshqhw.co.cc/showthread.php?t=212872
    Content-Length: 254
    Content-Type: text/html; charset=iso-8859-1
  • flag-kr
    GET
    http://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:80
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    User-Agent: User-Agent: Opera/10.60 Presto/2.2.30
    Host: hnzshqhw.co.cc
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 13 Feb 2024 05:43:31 GMT
    Server: Apache
    Location: https://hnzshqhw.co.cc/showthread.php?t=212872
    Content-Length: 254
    Content-Type: text/html; charset=iso-8859-1
  • flag-kr
    GET
    http://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:80
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: hnzshqhw.co.cc
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 13 Feb 2024 05:43:31 GMT
    Server: Apache
    Location: https://hnzshqhw.co.cc/showthread.php?t=212872
    Content-Length: 254
    Keep-Alive: timeout=5, max=98
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
  • flag-kr
    GET
    http://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:80
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    User-Agent: User-Agent: Opera/10.60 Presto/2.2.30
    Host: hnzshqhw.co.cc
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 13 Feb 2024 05:43:32 GMT
    Server: Apache
    Location: https://hnzshqhw.co.cc/showthread.php?t=212872
    Content-Length: 254
    Content-Type: text/html; charset=iso-8859-1
  • flag-kr
    GET
    http://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:80
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    User-Agent: User-Agent: Opera/10.60 Presto/2.2.30
    Host: hnzshqhw.co.cc
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 13 Feb 2024 05:43:32 GMT
    Server: Apache
    Location: https://hnzshqhw.co.cc/showthread.php?t=212872
    Content-Length: 254
    Content-Type: text/html; charset=iso-8859-1
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    194.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.178.17.96.in-addr.arpa
    IN PTR
    Response
    194.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-194deploystaticakamaitechnologiescom
  • flag-kr
    GET
    https://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:443
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    User-Agent: User-Agent: Opera/10.60 Presto/2.2.30
    Cache-Control: no-cache
    Host: hnzshqhw.co.cc
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 13 Feb 2024 05:43:30 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Content-Length: 47
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html
  • flag-kr
    GET
    https://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:443
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    User-Agent: User-Agent: Opera/10.60 Presto/2.2.30
    Cache-Control: no-cache
    Host: hnzshqhw.co.cc
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 13 Feb 2024 05:43:31 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Content-Length: 47
    Keep-Alive: timeout=5, max=99
    Connection: Keep-Alive
    Content-Type: text/html
  • flag-kr
    GET
    https://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:443
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Connection: Keep-Alive
    Host: hnzshqhw.co.cc
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 13 Feb 2024 05:43:31 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Content-Length: 47
    Keep-Alive: timeout=5, max=98
    Connection: Keep-Alive
    Content-Type: text/html
  • flag-kr
    GET
    https://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:443
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    User-Agent: User-Agent: Opera/10.60 Presto/2.2.30
    Cache-Control: no-cache
    Host: hnzshqhw.co.cc
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 13 Feb 2024 05:43:32 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Content-Length: 47
    Keep-Alive: timeout=5, max=97
    Connection: Keep-Alive
    Content-Type: text/html
  • flag-kr
    GET
    https://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:443
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: hnzshqhw.co.cc
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 13 Feb 2024 05:43:32 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Content-Length: 47
    Keep-Alive: timeout=5, max=96
    Connection: Keep-Alive
    Content-Type: text/html
  • flag-kr
    GET
    https://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:443
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    User-Agent: User-Agent: Opera/10.60 Presto/2.2.30
    Cache-Control: no-cache
    Host: hnzshqhw.co.cc
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 13 Feb 2024 05:43:33 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Content-Length: 47
    Keep-Alive: timeout=5, max=95
    Connection: Keep-Alive
    Content-Type: text/html
  • flag-us
    DNS
    73.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    219.123.126.175.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    219.123.126.175.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    233.38.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    233.38.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.149.64.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.149.64.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    79.121.231.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.121.231.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
    Response
    180.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-180deploystaticakamaitechnologiescom
  • flag-kr
    GET
    http://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:80
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    User-Agent: User-Agent: Opera/10.60 Presto/2.2.30
    Host: hnzshqhw.co.cc
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 13 Feb 2024 05:45:33 GMT
    Server: Apache
    Location: https://hnzshqhw.co.cc/showthread.php?t=212872
    Content-Length: 254
    Content-Type: text/html; charset=iso-8859-1
  • flag-kr
    GET
    http://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:80
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    User-Agent: User-Agent: Opera/10.60 Presto/2.2.30
    Host: hnzshqhw.co.cc
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 13 Feb 2024 05:45:35 GMT
    Server: Apache
    Location: https://hnzshqhw.co.cc/showthread.php?t=212872
    Content-Length: 254
    Content-Type: text/html; charset=iso-8859-1
  • flag-kr
    GET
    http://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:80
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    User-Agent: User-Agent: Opera/10.60 Presto/2.2.30
    Host: hnzshqhw.co.cc
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 13 Feb 2024 05:45:35 GMT
    Server: Apache
    Location: https://hnzshqhw.co.cc/showthread.php?t=212872
    Content-Length: 254
    Content-Type: text/html; charset=iso-8859-1
  • flag-kr
    GET
    https://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:443
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    User-Agent: User-Agent: Opera/10.60 Presto/2.2.30
    Cache-Control: no-cache
    Host: hnzshqhw.co.cc
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 13 Feb 2024 05:45:34 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Content-Length: 47
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html
  • flag-kr
    GET
    https://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:443
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: hnzshqhw.co.cc
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 13 Feb 2024 05:45:34 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Content-Length: 47
    Keep-Alive: timeout=5, max=99
    Connection: Keep-Alive
    Content-Type: text/html
  • flag-kr
    GET
    https://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:443
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    User-Agent: User-Agent: Opera/10.60 Presto/2.2.30
    Cache-Control: no-cache
    Host: hnzshqhw.co.cc
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 13 Feb 2024 05:45:35 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Content-Length: 47
    Keep-Alive: timeout=5, max=98
    Connection: Keep-Alive
    Content-Type: text/html
  • flag-kr
    GET
    https://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:443
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
    Host: hnzshqhw.co.cc
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 13 Feb 2024 05:45:35 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Content-Length: 47
    Keep-Alive: timeout=5, max=97
    Connection: Keep-Alive
    Content-Type: text/html
  • flag-kr
    GET
    https://hnzshqhw.co.cc/showthread.php?t=212872
    989e845511599a05762c239c350f2781.exe
    Remote address:
    175.126.123.219:443
    Request
    GET /showthread.php?t=212872 HTTP/1.1
    User-Agent: User-Agent: Opera/10.60 Presto/2.2.30
    Cache-Control: no-cache
    Host: hnzshqhw.co.cc
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 13 Feb 2024 05:45:36 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.29
    Content-Length: 47
    Keep-Alive: timeout=5, max=96
    Connection: Keep-Alive
    Content-Type: text/html
  • flag-us
    DNS
    2.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.173.189.20.in-addr.arpa
    IN PTR
    Response
  • 88.221.135.202:80
    http://adobe.com/geo/productid.php
    http
    989e845511599a05762c239c350f2781.exe
    411 B
    700 B
    5
    5

    HTTP Request

    POST http://adobe.com/geo/productid.php

    HTTP Response

    403
  • 175.126.123.219:80
    http://hnzshqhw.co.cc/showthread.php?t=212872
    http
    989e845511599a05762c239c350f2781.exe
    1.7kB
    2.7kB
    20
    8

    HTTP Request

    GET http://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    301

    HTTP Request

    GET http://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    301

    HTTP Request

    GET http://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    301

    HTTP Request

    GET http://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    301

    HTTP Request

    GET http://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    301
  • 175.126.123.219:443
    https://hnzshqhw.co.cc/showthread.php?t=212872
    tls, http
    989e845511599a05762c239c350f2781.exe
    2.8kB
    7.8kB
    25
    15

    HTTP Request

    GET https://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    404

    HTTP Request

    GET https://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    404

    HTTP Request

    GET https://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    404

    HTTP Request

    GET https://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    404

    HTTP Request

    GET https://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    404

    HTTP Request

    GET https://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    404
  • 175.126.123.219:80
    http://hnzshqhw.co.cc/showthread.php?t=212872
    http
    989e845511599a05762c239c350f2781.exe
    819 B
    1.6kB
    9
    6

    HTTP Request

    GET http://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    301

    HTTP Request

    GET http://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    301

    HTTP Request

    GET http://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    301
  • 175.126.123.219:443
    https://hnzshqhw.co.cc/showthread.php?t=212872
    tls, http
    989e845511599a05762c239c350f2781.exe
    2.5kB
    7.4kB
    21
    14

    HTTP Request

    GET https://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    404

    HTTP Request

    GET https://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    404

    HTTP Request

    GET https://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    404

    HTTP Request

    GET https://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    404

    HTTP Request

    GET https://hnzshqhw.co.cc/showthread.php?t=212872

    HTTP Response

    404
  • 8.8.8.8:53
    adobe.com
    dns
    989e845511599a05762c239c350f2781.exe
    55 B
    87 B
    1
    1

    DNS Request

    adobe.com

    DNS Response

    88.221.135.202
    88.221.135.203

  • 8.8.8.8:53
    202.135.221.88.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    202.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    hnzshqhw.co.cc
    dns
    989e845511599a05762c239c350f2781.exe
    60 B
    76 B
    1
    1

    DNS Request

    hnzshqhw.co.cc

    DNS Response

    175.126.123.219

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    194.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    194.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    73.159.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    73.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    219.123.126.175.in-addr.arpa
    dns
    74 B
    145 B
    1
    1

    DNS Request

    219.123.126.175.in-addr.arpa

  • 8.8.8.8:53
    233.38.18.104.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    233.38.18.104.in-addr.arpa

  • 8.8.8.8:53
    23.149.64.172.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    23.149.64.172.in-addr.arpa

  • 8.8.8.8:53
    79.121.231.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    79.121.231.20.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    18.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    180.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    180.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    2.173.189.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    2.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc199.exe

    Filesize

    47B

    MD5

    8cebbdcf906d7e7b80bc34904e9bd904

    SHA1

    9aec1585ae48f2744c74447391b450fc2c972a0f

    SHA256

    68227354e364f4637416a15ab0d7e98a83deda10e3ce98dd134f0cea55b74573

    SHA512

    aa7cf43a3c80c8df522e95a763c07be226fb5b53727bee8f4076c0d7a5f7000c08832ca226838ea43554cdf12145db4a9fb67cb3176d19d3f275bdfb20d11b22

  • C:\Users\Admin\AppData\Roaming\Adobe\plugs\mmc29.exe

    Filesize

    47B

    MD5

    2079de86c2f563b129b99bacca34ac23

    SHA1

    9cd346283354dbae0118488be07b73e6a9292a1a

    SHA256

    57e5a4c140bcc8738d1daa3f6cee05aac052218d286f69e4f4303fbc8af19ea7

    SHA512

    946e89de4a2df78bc3952bb79843c95b137e0494ffba3e0b956aa1073beaf759d14fed9ea033adc2cee1aa8cc272b5a8ea6e23ae74caaf196ff73b555466706a

  • memory/2868-0-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

  • memory/2868-1-0x0000000000680000-0x0000000000690000-memory.dmp

    Filesize

    64KB

  • memory/2868-2-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

  • memory/2868-3-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

  • memory/2868-44-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

  • memory/2868-64-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

  • memory/2868-103-0x0000000000680000-0x0000000000690000-memory.dmp

    Filesize

    64KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.