Overview

overview

10

Static

static

3

4cba7ca7ea...ea.exe

windows7-x64

10

4cba7ca7ea...ea.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2024, 10:44 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4cba7ca7ea7812ea7715d1307891c57b554d7a7152478af307ec295e253c57ea.exe

  • Size

    330KB

  • MD5

    9ef1fa025984f1809c6e2b50323203b0

  • SHA1

    8dc7817731dd61874c7c559ebcd141d507066ff5

  • SHA256

    4cba7ca7ea7812ea7715d1307891c57b554d7a7152478af307ec295e253c57ea

  • SHA512

    3ea3c64ce303f8410bc05ec58f3bc2b5c99281d20d3899098c1d1266ded626152de51e586dea272e6df0f3b3c7d180675b46124672d90671aa42d2d1acc9edb4

  • SSDEEP

    6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYq:vHW138/iXWlK885rKlGSekcj66civ

Score
10/10
urelasdiscoverytrojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Signatures

  • Urelas

    Urelas is a trojan targeting card games.

    trojanurelas
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4cba7ca7ea7812ea7715d1307891c57b554d7a7152478af307ec295e253c57ea.exe
    "C:\Users\Admin\AppData\Local\Temp\4cba7ca7ea7812ea7715d1307891c57b554d7a7152478af307ec295e253c57ea.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1220
    • C:\Users\Admin\AppData\Local\Temp\ucxyg.exe
      "C:\Users\Admin\AppData\Local\Temp\ucxyg.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5036
      • C:\Users\Admin\AppData\Local\Temp\begah.exe
        "C:\Users\Admin\AppData\Local\Temp\begah.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:3484
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_uinsey.bat" "
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1448

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e9cd51a0ccbc4a3cbc370aaa71f2c060&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e9cd51a0ccbc4a3cbc370aaa71f2c060&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=1E94ABCF8EE069E01E15BED28FD16829; domain=.bing.com; expires=Thu, 13-Nov-2025 10:44:27 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4DEB8BFD4C0844C588C16C0D4B10CB72 Ref B: LON601060102025 Ref C: 2024-10-19T10:44:27Z
    date: Sat, 19 Oct 2024 10:44:26 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e9cd51a0ccbc4a3cbc370aaa71f2c060&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e9cd51a0ccbc4a3cbc370aaa71f2c060&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=1E94ABCF8EE069E01E15BED28FD16829
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=aDggYreOJgcbp_cP3UqtR1VAB2RuvUW9q0TsPAZ8CPU; domain=.bing.com; expires=Thu, 13-Nov-2025 10:44:27 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A044C4AE5BEA457C8FAABF385D261ABE Ref B: LON601060102025 Ref C: 2024-10-19T10:44:27Z
    date: Sat, 19 Oct 2024 10:44:26 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e9cd51a0ccbc4a3cbc370aaa71f2c060&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e9cd51a0ccbc4a3cbc370aaa71f2c060&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=1E94ABCF8EE069E01E15BED28FD16829; MSPTC=aDggYreOJgcbp_cP3UqtR1VAB2RuvUW9q0TsPAZ8CPU
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: DD48D89A59424EE9BAF331D94DE99F28 Ref B: LON601060102025 Ref C: 2024-10-19T10:44:27Z
    date: Sat, 19 Oct 2024 10:44:26 GMT
  • flag-us
    DNS
    64.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    64.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.163.245.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.163.245.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 468734
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: EDA9C0D1323A4C5C97A99F6728FFC1E5 Ref B: LON601060107011 Ref C: 2024-10-19T10:46:05Z
    date: Sat, 19 Oct 2024 10:46:05 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388224_1CNCLDFOO6A6DWYFX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239339388224_1CNCLDFOO6A6DWYFX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 674070
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4C839B99B7DA4273815C2B42F3D35AA7 Ref B: LON601060107011 Ref C: 2024-10-19T10:46:05Z
    date: Sat, 19 Oct 2024 10:46:05 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300926_1VTZCQ3RYKOOL9YNI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317300926_1VTZCQ3RYKOOL9YNI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 466066
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 54E600376B1047A6ADEF2CE0BBE9C0C3 Ref B: LON601060107011 Ref C: 2024-10-19T10:46:05Z
    date: Sat, 19 Oct 2024 10:46:05 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388225_1B60QSS9I6SIVS5TS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239339388225_1B60QSS9I6SIVS5TS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 543571
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7B833B30AC044551A2236ED84CFFF34F Ref B: LON601060107011 Ref C: 2024-10-19T10:46:05Z
    date: Sat, 19 Oct 2024 10:46:05 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418576_1P0LP58U9FRUO4PCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418576_1P0LP58U9FRUO4PCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 468841
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 6C794BA6600C4A238B9D1BF601F0124B Ref B: LON601060107011 Ref C: 2024-10-19T10:46:05Z
    date: Sat, 19 Oct 2024 10:46:05 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301359_1MPAZ60VREACMMWNW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301359_1MPAZ60VREACMMWNW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 733458
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 88062BAC40B3466293028DF644A6F785 Ref B: LON601060107011 Ref C: 2024-10-19T10:46:06Z
    date: Sat, 19 Oct 2024 10:46:05 GMT
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    10.28.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.28.171.150.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    85.65.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    85.65.42.20.in-addr.arpa
    IN PTR
    Response
  • 150.171.27.10:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e9cd51a0ccbc4a3cbc370aaa71f2c060&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=
    tls, http2
    2.0kB
     9.4kB
     22
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e9cd51a0ccbc4a3cbc370aaa71f2c060&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e9cd51a0ccbc4a3cbc370aaa71f2c060&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e9cd51a0ccbc4a3cbc370aaa71f2c060&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=

    HTTP Response

    204
  • 218.54.31.226:11300
    ucxyg.exe
    260 B
     5
  • 1.234.83.146:11170
    ucxyg.exe
    260 B
     5
  • 218.54.31.166:11300
    ucxyg.exe
    260 B
     5
  • 133.242.129.155:11300
    ucxyg.exe
    260 B
     5
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301359_1MPAZ60VREACMMWNW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    125.2kB
     3.5MB
     2530
    2527

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388224_1CNCLDFOO6A6DWYFX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300926_1VTZCQ3RYKOOL9YNI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388225_1B60QSS9I6SIVS5TS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418576_1P0LP58U9FRUO4PCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301359_1MPAZ60VREACMMWNW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     148 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    64.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    64.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    56.163.245.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    56.163.245.4.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    10.28.171.150.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    10.28.171.150.in-addr.arpa

  • 8.8.8.8:53
    85.65.42.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    85.65.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_uinsey.bat
    Filesize

    340B

    MD5

    a2abbf962ec82e46065d4c5e7cfe82de

    SHA1

    d370e873e57d2fba79b861eee1d277c0493aee86

    SHA256

    3d75b0030c33359f6484f8822725cbc0d10dc5867e28f307b70c840bd8a46fea

    SHA512

    dc16fbe345906ea0064f6d292e425533f0f69135d076da0b59c3cef3e7f3520e873ddd0cb2e7bf5abdde24465a09484faab8556340ce3601b3f78cdb7e665237

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\begah.exe
    Filesize

    172KB

    MD5

    46d6966136775965eb30f4c144c2885f

    SHA1

    8ac28e5c6c1b089af681e28c881f1ad69e779417

    SHA256

    7ef63c5946354331b39cc7cb191024396cff12f44dafb5a7c48aafc655a01dc9

    SHA512

    d8cec70c770abd9e328cb7bb9a723eb1bab72aee7788d1e8ad71350ada195338c037d8f21f7ceb2b7f66584cbb8c7b4e49401f03501c97bf8458a8cdb17b0f36

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
    Filesize

    512B

    MD5

    9735d9859602d64a5b8d0a402bcbec27

    SHA1

    295fce3be6a90837a4d9e7bf14d5b255e11e1c6c

    SHA256

    912556ea1b270b382533a8881ac6490d773e78e1832b8e7f980ccb4fd25fba10

    SHA512

    5bf9fbf7cbef99f90b2fe0109114b25350cd54f477c111ad141b5d41e7fdf86b964b8befe0a226bf38a37d2d55a307b46a73d29cf846c54d67e4accd6de83e84

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ucxyg.exe
    Filesize

    330KB

    MD5

    5a758126b876f90ba7fbdf468d8297cd

    SHA1

    3f2cd76cb9dfe78eb0c23aa21f39788042695b28

    SHA256

    4877a0c05fb2dbd3cebd417a50ea1f2a3f0fc15e5ce619418c81508c0a1db94b

    SHA512

    fcf8989bdeda2e02463c7fea467ab15c9f906247222690e3fd79040733cfd9643ad09a2c08e1560146f6ca1abec1d66e0f42807f235ee183b3442953654e0c99

    Download Submit

  • memory/1220-17-0x0000000000420000-0x00000000004A1000-memory.dmp

    Filesize

    516KB

    Download

  • memory/1220-1-0x0000000001100000-0x0000000001101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1220-0-0x0000000000420000-0x00000000004A1000-memory.dmp

    Filesize

    516KB

    Download

  • memory/3484-41-0x0000000000AE0000-0x0000000000B79000-memory.dmp

    Filesize

    612KB

    Download

  • memory/3484-42-0x00000000005F0000-0x00000000005F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3484-38-0x0000000000AE0000-0x0000000000B79000-memory.dmp

    Filesize

    612KB

    Download

  • memory/3484-45-0x0000000000AE0000-0x0000000000B79000-memory.dmp

    Filesize

    612KB

    Download

  • memory/3484-46-0x0000000000AE0000-0x0000000000B79000-memory.dmp

    Filesize

    612KB

    Download

  • memory/3484-47-0x0000000000AE0000-0x0000000000B79000-memory.dmp

    Filesize

    612KB

    Download

  • memory/3484-48-0x0000000000AE0000-0x0000000000B79000-memory.dmp

    Filesize

    612KB

    Download

  • memory/3484-49-0x0000000000AE0000-0x0000000000B79000-memory.dmp

    Filesize

    612KB

    Download

  • memory/5036-20-0x0000000000460000-0x00000000004E1000-memory.dmp

    Filesize

    516KB

    Download

  • memory/5036-21-0x0000000000450000-0x0000000000451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5036-13-0x0000000000460000-0x00000000004E1000-memory.dmp

    Filesize

    516KB

    Download

  • memory/5036-43-0x0000000000460000-0x00000000004E1000-memory.dmp

    Filesize

    516KB

    Download

  • memory/5036-14-0x0000000000450000-0x0000000000451000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.