Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/05/2024, 13:05 UTC

General

  • Target

    28e73a10869c3ce55af51de963cb8f48eac48b8f171602308b167d940e58899a.exe

  • Size

    2.5MB

  • MD5

    29c903a2fd59a9ff991b74327763b884

  • SHA1

    6bd0461a714710b555e47769941789f2a7b18c39

  • SHA256

    28e73a10869c3ce55af51de963cb8f48eac48b8f171602308b167d940e58899a

  • SHA512

    4bb94ba18754cbdcd449b6e69b3d3b326756070f0a367e6bcae214d2f245ddf92c25215a1eae901d824f4de3ef3d1e72a10ce7128cae6db723075a29c128be63

  • SSDEEP

    49152:Jk9cDJgdz+ukkDbCyJjGTESO8AT6ZlyUR96NEJZeVJtFagAGgVBvzu:26FIz5vnjGTEN8AmZcM9vZWtFEGgVBq

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

Processes

  • C:\Users\Admin\AppData\Local\Temp\28e73a10869c3ce55af51de963cb8f48eac48b8f171602308b167d940e58899a.exe
    "C:\Users\Admin\AppData\Local\Temp\28e73a10869c3ce55af51de963cb8f48eac48b8f171602308b167d940e58899a.exe"
    1⤵
      PID:2180

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TiuR3cIOOgZKngqvDJZQpjVUCUx-WwpWQoer3yOaVv4JfxoGUaqIw-S1L5LDdrWYg834-1-0ukM2uHIPpdxZJO6l94sc4TMDADvVAqcuMqnGaO76uU9pSXaAdKhe6tQx3D4tH5ftevkLBRywZ1C6Bscc39kepuePVB4eK0oTwyvpzywc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D26adb2251c4810c3a723d41e7ce9fdbc&TIME=20240508T112338Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TiuR3cIOOgZKngqvDJZQpjVUCUx-WwpWQoer3yOaVv4JfxoGUaqIw-S1L5LDdrWYg834-1-0ukM2uHIPpdxZJO6l94sc4TMDADvVAqcuMqnGaO76uU9pSXaAdKhe6tQx3D4tH5ftevkLBRywZ1C6Bscc39kepuePVB4eK0oTwyvpzywc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D26adb2251c4810c3a723d41e7ce9fdbc&TIME=20240508T112338Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=2DC3CF7255E56E980939DB09545E6F43; domain=.bing.com; expires=Wed, 04-Jun-2025 13:05:48 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 6599DA44C26B430BA2E67F547332BE40 Ref B: LON04EDGE0820 Ref C: 2024-05-10T13:05:48Z
      date: Fri, 10 May 2024 13:05:47 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TiuR3cIOOgZKngqvDJZQpjVUCUx-WwpWQoer3yOaVv4JfxoGUaqIw-S1L5LDdrWYg834-1-0ukM2uHIPpdxZJO6l94sc4TMDADvVAqcuMqnGaO76uU9pSXaAdKhe6tQx3D4tH5ftevkLBRywZ1C6Bscc39kepuePVB4eK0oTwyvpzywc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D26adb2251c4810c3a723d41e7ce9fdbc&TIME=20240508T112338Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TiuR3cIOOgZKngqvDJZQpjVUCUx-WwpWQoer3yOaVv4JfxoGUaqIw-S1L5LDdrWYg834-1-0ukM2uHIPpdxZJO6l94sc4TMDADvVAqcuMqnGaO76uU9pSXaAdKhe6tQx3D4tH5ftevkLBRywZ1C6Bscc39kepuePVB4eK0oTwyvpzywc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D26adb2251c4810c3a723d41e7ce9fdbc&TIME=20240508T112338Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2DC3CF7255E56E980939DB09545E6F43; _EDGE_S=SID=09FE452A703B6A6B2AD5515171576B2A
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=6TTGZELQZhxE7tzri0OCP0Qe3rwjGRTXbZrrCdwXuoc; domain=.bing.com; expires=Wed, 04-Jun-2025 13:05:48 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: AD1411E5CD06416EAE031A9914FC66D4 Ref B: LON04EDGE0820 Ref C: 2024-05-10T13:05:48Z
      date: Fri, 10 May 2024 13:05:48 GMT
    • flag-nl
      GET
      https://www.bing.com/aes/c.gif?RG=cf04c1f8e9e24b9480119a59df68891e&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T112338Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981
      Remote address:
      23.62.61.99:443
      Request
      GET /aes/c.gif?RG=cf04c1f8e9e24b9480119a59df68891e&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T112338Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2DC3CF7255E56E980939DB09545E6F43
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 6BEA2445F3C7483AACDA4B80FE4F9940 Ref B: BRU30EDGE0621 Ref C: 2024-05-10T13:05:48Z
      content-length: 0
      date: Fri, 10 May 2024 13:05:48 GMT
      set-cookie: _EDGE_S=SID=09FE452A703B6A6B2AD5515171576B2A; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=2DC3CF7255E56E980939DB09545E6F43; path=/; httponly; expires=Wed, 04-Jun-2025 13:05:48 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.5f3d3e17.1715346348.1341341
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      79.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      79.190.18.2.in-addr.arpa
      IN PTR
      Response
      79.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-79deploystaticakamaitechnologiescom
    • flag-us
      DNS
      76.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      76.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      99.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      99.61.62.23.in-addr.arpa
      IN PTR
      Response
      99.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-99deploystaticakamaitechnologiescom
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-nl
      GET
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      Remote address:
      23.62.61.75:443
      Request
      GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
      host: www.bing.com
      accept: */*
      cookie: MUID=2DC3CF7255E56E980939DB09545E6F43; _EDGE_S=SID=09FE452A703B6A6B2AD5515171576B2A; MSPTC=6TTGZELQZhxE7tzri0OCP0Qe3rwjGRTXbZrrCdwXuoc; MUIDB=2DC3CF7255E56E980939DB09545E6F43
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-type: image/png
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      content-length: 1107
      date: Fri, 10 May 2024 13:05:50 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.473d3e17.1715346350.1a40268
    • flag-us
      DNS
      75.61.62.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      75.61.62.23.in-addr.arpa
      IN PTR
      Response
      75.61.62.23.in-addr.arpa
      IN PTR
      a23-62-61-75deploystaticakamaitechnologiescom
    • flag-us
      DNS
      183.59.114.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.59.114.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      24.121.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      24.121.18.2.in-addr.arpa
      IN PTR
      Response
      24.121.18.2.in-addr.arpa
      IN PTR
      a2-18-121-24deploystaticakamaitechnologiescom
    • flag-us
      DNS
      77.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      77.190.18.2.in-addr.arpa
      IN PTR
      Response
      77.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-77deploystaticakamaitechnologiescom
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      13.73.50.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.73.50.20.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TiuR3cIOOgZKngqvDJZQpjVUCUx-WwpWQoer3yOaVv4JfxoGUaqIw-S1L5LDdrWYg834-1-0ukM2uHIPpdxZJO6l94sc4TMDADvVAqcuMqnGaO76uU9pSXaAdKhe6tQx3D4tH5ftevkLBRywZ1C6Bscc39kepuePVB4eK0oTwyvpzywc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D26adb2251c4810c3a723d41e7ce9fdbc&TIME=20240508T112338Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB
      tls, http2
      2.5kB
      9.0kB
      20
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TiuR3cIOOgZKngqvDJZQpjVUCUx-WwpWQoer3yOaVv4JfxoGUaqIw-S1L5LDdrWYg834-1-0ukM2uHIPpdxZJO6l94sc4TMDADvVAqcuMqnGaO76uU9pSXaAdKhe6tQx3D4tH5ftevkLBRywZ1C6Bscc39kepuePVB4eK0oTwyvpzywc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D26adb2251c4810c3a723d41e7ce9fdbc&TIME=20240508T112338Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TiuR3cIOOgZKngqvDJZQpjVUCUx-WwpWQoer3yOaVv4JfxoGUaqIw-S1L5LDdrWYg834-1-0ukM2uHIPpdxZJO6l94sc4TMDADvVAqcuMqnGaO76uU9pSXaAdKhe6tQx3D4tH5ftevkLBRywZ1C6Bscc39kepuePVB4eK0oTwyvpzywc%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D26adb2251c4810c3a723d41e7ce9fdbc&TIME=20240508T112338Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB

      HTTP Response

      204
    • 23.62.61.99:443
      https://www.bing.com/aes/c.gif?RG=cf04c1f8e9e24b9480119a59df68891e&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T112338Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981
      tls, http2
      1.4kB
      5.3kB
      16
      10

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=cf04c1f8e9e24b9480119a59df68891e&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T112338Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981

      HTTP Response

      200
    • 23.62.61.75:443
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      tls, http2
      1.6kB
      6.3kB
      17
      11

      HTTP Request

      GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

      HTTP Response

      200
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      132 B
      90 B
      2
      1

      DNS Request

      8.8.8.8.in-addr.arpa

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      151 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      79.190.18.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      79.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
      143 B
      1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      99.61.62.23.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      99.61.62.23.in-addr.arpa

    • 8.8.8.8:53
      76.32.126.40.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      76.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      75.61.62.23.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      75.61.62.23.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      183.59.114.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      183.59.114.20.in-addr.arpa

    • 8.8.8.8:53
      24.121.18.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      24.121.18.2.in-addr.arpa

    • 8.8.8.8:53
      77.190.18.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      77.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      14.227.111.52.in-addr.arpa
      dns
      144 B
      158 B
      2
      1

      DNS Request

      14.227.111.52.in-addr.arpa

      DNS Request

      14.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
      128 B
      1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      13.73.50.20.in-addr.arpa
      dns
      70 B
      156 B
      1
      1

      DNS Request

      13.73.50.20.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2180-0-0x00007FF764F20000-0x00007FF76A3AF000-memory.dmp

      Filesize

      84.6MB

    • memory/2180-1-0x00007FF764F20000-0x00007FF76A3AF000-memory.dmp

      Filesize

      84.6MB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.