Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

0068388548...96.exe

windows10-2004-x64

10

13243e4dd5...33.exe

windows10-2004-x64

10

202040bebe...98.exe

windows10-2004-x64

10

3a1c464610...ff.exe

windows10-2004-x64

10

556fc723a7...10.exe

windows10-2004-x64

7

5eb8ed45ba...01.exe

windows10-2004-x64

10

663bf6b48c...37.exe

windows10-2004-x64

7

67dbedea2e...69.exe

windows10-2004-x64

10

7e4d47aad3...11.exe

windows10-2004-x64

10

820ec15efb...db.exe

windows10-2004-x64

10

88a5b8b09a...44.exe

windows10-2004-x64

10

9c0f7f6495...f7.exe

windows10-2004-x64

10

bd0a957eae...c0.exe

windows7-x64

10

bd0a957eae...c0.exe

windows10-2004-x64

10

c8e229c276...39.exe

windows10-2004-x64

10

ca2534058c...e4.exe

windows10-2004-x64

10

d0c5f92763...68.exe

windows10-2004-x64

10

d3f2262a94...31.exe

windows10-2004-x64

10

d40527d1f8...ed.exe

windows10-2004-x64

10

de4076a039...c9.exe

windows10-2004-x64

10

f80bd79907...93.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/05/2024, 07:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0c5f927631e1bb113c5cb5f1178cddd83c9fa595df60b9ffc903fe23c0bcb68.exe

  • Size

    605KB

  • MD5

    0fb1a131811a12a0d0ad0d4541a5aba9

  • SHA1

    4c07fea4019f52ce63d16bb4c377e4225c38a00a

  • SHA256

    d0c5f927631e1bb113c5cb5f1178cddd83c9fa595df60b9ffc903fe23c0bcb68

  • SHA512

    aca05ebce3ef3442caa6246f4d2477406240f773d1aea34f2f290b98896bc7acb1053aa930f32197be52d94693d514c74fc36ecf41625ec0d97466b92fb5808f

  • SSDEEP

    12288:KMrby90W2qciukb5sgQoP8kvuQhyz9bw6YSG6N9IV3KpfPdcR0Z:By0Zk97QlQK9bw6Bj/IVo3dcR0Z

Score
10/10
mysticsmokeloaderbackdoorpersistencestealertrojan

Malware Config

Signatures

  • Detect Mystic stealer payload 3 IoCs
  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • .NET Reactor proctector 2 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0c5f927631e1bb113c5cb5f1178cddd83c9fa595df60b9ffc903fe23c0bcb68.exe
    "C:\Users\Admin\AppData\Local\Temp\d0c5f927631e1bb113c5cb5f1178cddd83c9fa595df60b9ffc903fe23c0bcb68.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ph5Aw73.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ph5Aw73.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1040
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1nU46VV6.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1nU46VV6.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:5052
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ig7188.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ig7188.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:4608
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
          4⤵
            PID:2268
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 224
            4⤵
            • Program crash
            PID:412
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3WY74Ov.exe
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3WY74Ov.exe
        2⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:3296
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
          3⤵
          • Checks SCSI registry key(s)
          PID:4864
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 148
          3⤵
          • Program crash
          PID:936
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4608 -ip 4608
      1⤵
        PID:1920
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3296 -ip 3296
        1⤵
          PID:4740

        Network

        • flag-us
          DNS
          8.8.8.8.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          8.8.8.8.in-addr.arpa
          IN PTR
          Response
          8.8.8.8.in-addr.arpa
          IN PTR
          dnsgoogle
        • flag-us
          DNS
          149.220.183.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          149.220.183.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          22.160.190.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          22.160.190.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          172.210.232.199.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          172.210.232.199.in-addr.arpa
          IN PTR
          Response
        • flag-be
          GET
          https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
          Remote address:
          88.221.83.219:443
          Request
          GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
          host: www.bing.com
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-type: image/png
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QWthbWFp
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          content-length: 1107
          date: Fri, 24 May 2024 07:45:57 GMT
          alt-svc: h3=":443"; ma=93600
          x-cdn-traceid: 0.d753dd58.1716536757.8b6a9fa
        • flag-us
          DNS
          219.83.221.88.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          219.83.221.88.in-addr.arpa
          IN PTR
          Response
          219.83.221.88.in-addr.arpa
          IN PTR
          a88-221-83-219deploystaticakamaitechnologiescom
        • flag-us
          DNS
          57.169.31.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          57.169.31.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          183.142.211.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          183.142.211.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          209.205.72.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          209.205.72.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          103.169.127.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          103.169.127.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          206.23.85.13.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          206.23.85.13.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          88.156.103.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          88.156.103.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          23.236.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          23.236.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          tse1.mm.bing.net
          Remote address:
          8.8.8.8:53
          Request
          tse1.mm.bing.net
          IN A
          Response
          tse1.mm.bing.net
          IN CNAME
          mm-mm.bing.net.trafficmanager.net
          mm-mm.bing.net.trafficmanager.net
          IN CNAME
          dual-a-0001.a-msedge.net
          dual-a-0001.a-msedge.net
          IN A
          204.79.197.200
          dual-a-0001.a-msedge.net
          IN A
          13.107.21.200
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 621794
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 9374A26AA54F4A31B993B60DC3195672 Ref B: LON04EDGE0806 Ref C: 2024-05-24T07:47:34Z
          date: Fri, 24 May 2024 07:47:34 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 638730
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: A197BC7F15684A7AB609A9E797F46C76 Ref B: LON04EDGE0806 Ref C: 2024-05-24T07:47:35Z
          date: Fri, 24 May 2024 07:47:34 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 555746
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: E02D92D8F73D435C826D0708CC48F264 Ref B: LON04EDGE0806 Ref C: 2024-05-24T07:47:34Z
          date: Fri, 24 May 2024 07:47:34 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 659775
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 97816EEB6BA546D09C9D843306EF4E21 Ref B: LON04EDGE0806 Ref C: 2024-05-24T07:47:34Z
          date: Fri, 24 May 2024 07:47:34 GMT
        • flag-us
          DNS
          200.197.79.204.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          200.197.79.204.in-addr.arpa
          IN PTR
          Response
          200.197.79.204.in-addr.arpa
          IN PTR
          a-0001a-msedgenet
        • flag-us
          DNS
          91.65.42.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          91.65.42.20.in-addr.arpa
          IN PTR
          Response
        • 88.221.83.219:443
          https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
          tls, http2
          1.5kB
           6.3kB
           17
          11

          HTTP Request

          GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

          HTTP Response

          200
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
           8.1kB
           16
          14
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
           8.1kB
           16
          14
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
           8.1kB
           16
          14
        • 204.79.197.200:443
          https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
          tls, http2
          89.9kB
           2.6MB
           1865
          1858

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200
        • 8.8.8.8:53
          8.8.8.8.in-addr.arpa
          dns
          66 B
           90 B
           1
          1

          DNS Request

          8.8.8.8.in-addr.arpa

        • 8.8.8.8:53
          149.220.183.52.in-addr.arpa
          dns
          73 B
           147 B
           1
          1

          DNS Request

          149.220.183.52.in-addr.arpa

        • 8.8.8.8:53
          22.160.190.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          22.160.190.20.in-addr.arpa

        • 8.8.8.8:53
          172.210.232.199.in-addr.arpa
          dns
          74 B
           128 B
           1
          1

          DNS Request

          172.210.232.199.in-addr.arpa

        • 8.8.8.8:53
          219.83.221.88.in-addr.arpa
          dns
          72 B
           137 B
           1
          1

          DNS Request

          219.83.221.88.in-addr.arpa

        • 8.8.8.8:53
          57.169.31.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          57.169.31.20.in-addr.arpa

        • 8.8.8.8:53
          183.142.211.20.in-addr.arpa
          dns
          73 B
           159 B
           1
          1

          DNS Request

          183.142.211.20.in-addr.arpa

        • 8.8.8.8:53
          209.205.72.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          209.205.72.20.in-addr.arpa

        • 8.8.8.8:53
          103.169.127.40.in-addr.arpa
          dns
          73 B
           147 B
           1
          1

          DNS Request

          103.169.127.40.in-addr.arpa

        • 8.8.8.8:53
          206.23.85.13.in-addr.arpa
          dns
          71 B
           145 B
           1
          1

          DNS Request

          206.23.85.13.in-addr.arpa

        • 8.8.8.8:53
          88.156.103.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          88.156.103.20.in-addr.arpa

        • 8.8.8.8:53
          23.236.111.52.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          23.236.111.52.in-addr.arpa

        • 8.8.8.8:53
          tse1.mm.bing.net
          dns
          62 B
           173 B
           1
          1

          DNS Request

          tse1.mm.bing.net

          DNS Response

          204.79.197.200
          13.107.21.200

        • 8.8.8.8:53
          200.197.79.204.in-addr.arpa
          dns
          73 B
           106 B
           1
          1

          DNS Request

          200.197.79.204.in-addr.arpa

        • 8.8.8.8:53
          91.65.42.20.in-addr.arpa
          dns
          70 B
           156 B
           1
          1

          DNS Request

          91.65.42.20.in-addr.arpa

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3WY74Ov.exe
          Filesize

          145KB

          MD5

          4baa331c8ee623ba24e1863789b1dfd4

          SHA1

          9beaa55a2f7333772f6fcd5ebbd16b1b9d07f53b

          SHA256

          a6fe19dd7f402d7efa6e5aa146b2892ccd1cf58dafefc63c163613b2a3876f04

          SHA512

          904dd0a441b7af873fa5d90beec2f670a9e083a3b98407cb7be86c9ae7b58d01ba5b6c888fcf38d9cb4bea3222b7e982d48b1130c3119219faeec2292210def2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ph5Aw73.exe
          Filesize

          421KB

          MD5

          12d2c1d384eb62acddf7555762bae107

          SHA1

          0daed334c6485bfb5ffe9f1c29d28ef542d65c66

          SHA256

          cde87968a7dac4e3668c254c54ec743d1a79004c92cdb28369556ac38d60dbed

          SHA512

          a7368fd82c9ab8352fe2b58f678da3587a1e9bfc80232332679c4f705afe01f0be123c9861e1f6141c0890eb9cd347252ba2ff2d566bfeabd656e841fa12a3cc

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1nU46VV6.exe
          Filesize

          188KB

          MD5

          425e2a994509280a8c1e2812dfaad929

          SHA1

          4d5eff2fb3835b761e2516a873b537cbaacea1fe

          SHA256

          6f40f29ad16466785dfbe836dd375400949ff894e8aa03e2805ab1c1ac2d6f5a

          SHA512

          080a41e7926122e14b38901f2e1eb8100a08c5068a9a74099f060c5e601f056a66e607b4e006820276834bb01d913a3894de98e6d9ba62ce843df14058483aa0

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Ig7188.exe
          Filesize

          295KB

          MD5

          04ba5a6800a46a8756bff97719e69da7

          SHA1

          f7078c073f986403e445e421d7a42b39ddbe9ea9

          SHA256

          6a4d65f6f0fb2ef1431bdb666536b3cfa72c7e76cc4bf5a8445ed85bd6bc2271

          SHA512

          e7fdf90a592d92021970ae95b217ffe7490a9f10a3d15eeb0d32f085af09c32d8f3f9f34a7b42954ade71eef3d2056d5e081c04d036f9c08b9935af30a775581

          Download Submit

        • memory/2268-30-0x0000000000400000-0x0000000000432000-memory.dmp

          Filesize

          200KB

          Download

        • memory/2268-28-0x0000000000400000-0x0000000000432000-memory.dmp

          Filesize

          200KB

          Download

        • memory/2268-27-0x0000000000400000-0x0000000000432000-memory.dmp

          Filesize

          200KB

          Download

        • memory/4864-34-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/5052-16-0x0000000074820000-0x0000000074FD0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/5052-21-0x0000000074820000-0x0000000074FD0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/5052-23-0x0000000074820000-0x0000000074FD0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/5052-20-0x0000000002480000-0x0000000002512000-memory.dmp

          Filesize

          584KB

          Download

        • memory/5052-19-0x0000000074820000-0x0000000074FD0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/5052-18-0x0000000002450000-0x000000000246E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/5052-17-0x0000000004AC0000-0x0000000005064000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/5052-15-0x00000000020A0000-0x00000000020C0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/5052-14-0x000000007482E000-0x000000007482F000-memory.dmp

          Filesize

          4KB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.