Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

a ton of y... -.exe

windows10-1703-x64

10

a ton of y... -.exe

windows10-1703-x64

10

a ton of y... -.exe

windows10-1703-x64

10

a ton of y... -.exe

windows10-1703-x64

10

a ton of y... -.exe

windows10-1703-x64

10

a ton of y... -.exe

windows10-1703-x64

10

a ton of y... -.exe

windows10-1703-x64

10

a ton of y... -.exe

windows10-1703-x64

10

a ton of y... -.exe

windows10-1703-x64

10

a ton of y... -.exe

windows10-1703-x64

10

a ton of y... -.exe

windows10-1703-x64

10

a ton of y... -.exe

windows10-1703-x64

10

a ton of y... -.exe

windows10-1703-x64

10

a ton of y... -.exe

windows10-1703-x64

10

a ton of y... -.exe

windows10-1703-x64

10

a ton of y... -.exe

windows10-1703-x64

10

a ton of y...py.exe

windows10-1703-x64

10

a ton of y...py.exe

windows10-1703-x64

10

a ton of y...py.exe

windows10-1703-x64

10

a ton of y...py.exe

windows10-1703-x64

10

a ton of y...py.exe

windows10-1703-x64

10

a ton of y...py.exe

windows10-1703-x64

10

a ton of y...py.exe

windows10-1703-x64

10

a ton of y...py.exe

windows10-1703-x64

10

a ton of y...py.exe

windows10-1703-x64

10

a ton of y...py.exe

windows10-1703-x64

10

a ton of y...py.exe

windows10-1703-x64

10

a ton of y...py.exe

windows10-1703-x64

10

a ton of y...py.exe

windows10-1703-x64

10

a ton of y...py.exe

windows10-1703-x64

10

a ton of y...py.exe

windows10-1703-x64

10

a ton of ya/ya.exe

windows10-1703-x64

10

Analysis

  • max time kernel
    1774s
  • max time network
    1787s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02/05/2024, 02:16 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a ton of ya/ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe

  • Size

    63KB

  • MD5

    222c2d239f4c8a1d73c736c9cc712807

  • SHA1

    c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

  • SHA256

    ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

  • SHA512

    1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

  • SSDEEP

    1536:tJc/5q1qoR5PDdAZcIED4VuCkbFybjQ9f0jQRmONww+W:7c/iqoJekbFEQ9W+mONP+W

Score
10/10
xwormpersistencerattrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:23638

209.25.140.1:5525:23638

bring-recorder.gl.at.ply.gg:23638

action-yesterday.gl.at.ply.gg:23638

147.185.221.19:23638

then-wheel.gl.at.ply.gg::23638

then-wheel.gl.at.ply.gg:23638

teen-modes.gl.at.ply.gg:23638
Attributes
  • Install_directory

    %LocalAppData%

  • install_file

    uwumonster.exe

Signatures

  • Detect Xworm Payload 2 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Drops startup file 2 IoCs
  • Executes dropped EXE 30 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of AdjustPrivilegeToken 32 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\a ton of ya\ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    "C:\Users\Admin\AppData\Local\Temp\a ton of ya\ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3652
    • C:\Windows\System32\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "uwumonster" /tr "C:\Users\Admin\AppData\Local\uwumonster.exe"
      2⤵
      • Creates scheduled task(s)
      PID:4184
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:2392
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:4792
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:60
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:3216
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:1032
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:1144
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:2232
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:1468
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:4196
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:1312
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:4660
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:4808
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:3844
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:2732
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:2428
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:3504
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:4060
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:1720
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:508
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:4720
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:4640
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:2000
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:3988
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:200
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:2968
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:664
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:4408
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:3428
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:352
  • C:\Users\Admin\AppData\Local\uwumonster.exe
    C:\Users\Admin\AppData\Local\uwumonster.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:2992

Network

  • flag-us
    DNS
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    then-wheel.gl.at.ply.gg
    IN A
    Response
    then-wheel.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    teen-modes.gl.at.ply.gg
    IN A
    Response
    teen-modes.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    208.143.182.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.143.182.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    action-yesterday.gl.at.ply.gg
    IN A
    Response
    action-yesterday.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    159.113.53.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    159.113.53.23.in-addr.arpa
    IN PTR
    Response
    159.113.53.23.in-addr.arpa
    IN PTR
    a23-53-113-159deploystaticakamaitechnologiescom
  • flag-us
    DNS
    79.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.190.18.2.in-addr.arpa
    IN PTR
    Response
    79.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-79deploystaticakamaitechnologiescom
  • flag-us
    DNS
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    teen-modes.gl.at.ply.gg
    IN A
    Response
    teen-modes.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    then-wheel.gl.at.ply.gg
    IN A
    Response
    then-wheel.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    then-wheel.gl.at.ply.gg
    IN A
    Response
    then-wheel.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    then-wheel.gl.at.ply.gg
    IN A
    Response
    then-wheel.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    bring-recorder.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    bring-recorder.gl.at.ply.gg
    IN A
    Response
    bring-recorder.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    action-yesterday.gl.at.ply.gg
    IN A
    Response
    action-yesterday.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    teen-modes.gl.at.ply.gg
    IN A
    Response
    teen-modes.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    bring-recorder.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    bring-recorder.gl.at.ply.gg
    IN A
    Response
    bring-recorder.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    action-yesterday.gl.at.ply.gg
    IN A
    Response
    action-yesterday.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    action-yesterday.gl.at.ply.gg
    IN A
    Response
    action-yesterday.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    then-wheel.gl.at.ply.gg
    IN A
    Response
    then-wheel.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    teen-modes.gl.at.ply.gg
    IN A
    Response
    teen-modes.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    bring-recorder.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    bring-recorder.gl.at.ply.gg
    IN A
    Response
    bring-recorder.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    bring-recorder.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    bring-recorder.gl.at.ply.gg
    IN A
  • flag-us
    DNS
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    action-yesterday.gl.at.ply.gg
    IN A
    Response
    action-yesterday.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    then-wheel.gl.at.ply.gg
    IN A
    Response
    then-wheel.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    then-wheel.gl.at.ply.gg
    IN A
    Response
    then-wheel.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    teen-modes.gl.at.ply.gg
    IN A
    Response
    teen-modes.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    bring-recorder.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    bring-recorder.gl.at.ply.gg
    IN A
    Response
    bring-recorder.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    teen-modes.gl.at.ply.gg
    IN A
    Response
    teen-modes.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    then-wheel.gl.at.ply.gg
    IN A
    Response
    then-wheel.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    action-yesterday.gl.at.ply.gg
    IN A
    Response
    action-yesterday.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    action-yesterday.gl.at.ply.gg
    IN A
    Response
    action-yesterday.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    bring-recorder.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    bring-recorder.gl.at.ply.gg
    IN A
    Response
    bring-recorder.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    then-wheel.gl.at.ply.gg
    IN A
    Response
    then-wheel.gl.at.ply.gg
    IN A
    147.185.221.19
  • flag-us
    DNS
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    Remote address:
    8.8.8.8:53
    Request
    teen-modes.gl.at.ply.gg
    IN A
    Response
    teen-modes.gl.at.ply.gg
    IN A
    147.185.221.19
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 127.0.0.1:23638
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 127.0.0.1:23638
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
  • 147.185.221.19:23638
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 138.91.171.81:80
    46 B
     1
  • 127.0.0.1:23638
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
  • 127.0.0.1:23638
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 127.0.0.1:23638
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    bring-recorder.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 127.0.0.1:23638
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    bring-recorder.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    bring-recorder.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    bring-recorder.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    bring-recorder.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    bring-recorder.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 127.0.0.1:23638
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    action-yesterday.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    bring-recorder.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 127.0.0.1:23638
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 127.0.0.1:23638
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
  • 127.0.0.1:23638
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    then-wheel.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 147.185.221.19:23638
    teen-modes.gl.at.ply.gg
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    156 B
     3
  • 8.8.8.8:53
    then-wheel.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    69 B
     85 B
     1
    1

    DNS Request

    then-wheel.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    teen-modes.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    69 B
     85 B
     1
    1

    DNS Request

    teen-modes.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    208.143.182.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    208.143.182.52.in-addr.arpa

  • 8.8.8.8:53
    action-yesterday.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    75 B
     91 B
     1
    1

    DNS Request

    action-yesterday.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    159.113.53.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    159.113.53.23.in-addr.arpa

  • 8.8.8.8:53
    79.190.18.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    79.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    teen-modes.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    69 B
     85 B
     1
    1

    DNS Request

    teen-modes.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    then-wheel.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    69 B
     85 B
     1
    1

    DNS Request

    then-wheel.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    then-wheel.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    69 B
     85 B
     1
    1

    DNS Request

    then-wheel.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    then-wheel.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    69 B
     85 B
     1
    1

    DNS Request

    then-wheel.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    bring-recorder.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    73 B
     89 B
     1
    1

    DNS Request

    bring-recorder.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    action-yesterday.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    75 B
     91 B
     1
    1

    DNS Request

    action-yesterday.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    teen-modes.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    69 B
     85 B
     1
    1

    DNS Request

    teen-modes.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    bring-recorder.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    73 B
     89 B
     1
    1

    DNS Request

    bring-recorder.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    action-yesterday.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    75 B
     91 B
     1
    1

    DNS Request

    action-yesterday.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    action-yesterday.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    75 B
     91 B
     1
    1

    DNS Request

    action-yesterday.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    then-wheel.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    69 B
     85 B
     1
    1

    DNS Request

    then-wheel.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    teen-modes.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    69 B
     85 B
     1
    1

    DNS Request

    teen-modes.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    bring-recorder.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    146 B
     89 B
     2
    1

    DNS Request

    bring-recorder.gl.at.ply.gg

    DNS Request

    bring-recorder.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    action-yesterday.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    75 B
     91 B
     1
    1

    DNS Request

    action-yesterday.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    then-wheel.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    69 B
     85 B
     1
    1

    DNS Request

    then-wheel.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    then-wheel.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    69 B
     85 B
     1
    1

    DNS Request

    then-wheel.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    teen-modes.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    69 B
     85 B
     1
    1

    DNS Request

    teen-modes.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    bring-recorder.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    73 B
     89 B
     1
    1

    DNS Request

    bring-recorder.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    teen-modes.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    69 B
     85 B
     1
    1

    DNS Request

    teen-modes.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    then-wheel.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    69 B
     85 B
     1
    1

    DNS Request

    then-wheel.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    action-yesterday.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    75 B
     91 B
     1
    1

    DNS Request

    action-yesterday.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    action-yesterday.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    75 B
     91 B
     1
    1

    DNS Request

    action-yesterday.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    bring-recorder.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    73 B
     89 B
     1
    1

    DNS Request

    bring-recorder.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    then-wheel.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    69 B
     85 B
     1
    1

    DNS Request

    then-wheel.gl.at.ply.gg

    DNS Response

    147.185.221.19

  • 8.8.8.8:53
    teen-modes.gl.at.ply.gg
    dns
    ya - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy -.exe
    69 B
     85 B
     1
    1

    DNS Request

    teen-modes.gl.at.ply.gg

    DNS Response

    147.185.221.19

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\uwumonster.exe.log
    Filesize

    654B

    MD5

    16c5fce5f7230eea11598ec11ed42862

    SHA1

    75392d4824706090f5e8907eee1059349c927600

    SHA256

    87ba77c13905298acbac72be90949c4fe0755b6eff9777615aa37f252515f151

    SHA512

    153edd6da59beea6cc411ed7383c32916425d6ebb65f04c65aab7c1d6b25443d143aa8449aa92149de0ad8a975f6ecaa60f9f7574536eec6b38fe5fd3a6c6adc

    Download Submit

  • C:\Users\Admin\AppData\Local\uwumonster.exe
    Filesize

    63KB

    MD5

    222c2d239f4c8a1d73c736c9cc712807

    SHA1

    c3aa61bd6f8cc640bcfa74c40d9283c9c08c7b3c

    SHA256

    ff43049677c57277f12a1d97f02af3029d7b75b5ad40303a28f1b0452997969d

    SHA512

    1f2fea85e45e93916306c234b916d6b4b200dac9656e44f4555f825dd8677cb5e927bd5e7a74bf2fb2f6972a3e6e2d294a6104add162ba3d53a0e6cfedef6a02

    Download Submit

  • memory/2392-9-0x00007FFFA44F0000-0x00007FFFA4EDC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2392-11-0x00007FFFA44F0000-0x00007FFFA4EDC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3652-0-0x0000000000300000-0x0000000000316000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3652-1-0x00007FFFA44F3000-0x00007FFFA44F4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3652-6-0x00007FFFA44F0000-0x00007FFFA4EDC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3652-12-0x00007FFFA44F3000-0x00007FFFA44F4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3652-13-0x00007FFFA44F0000-0x00007FFFA4EDC000-memory.dmp

    Filesize

    9.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.