Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
20/10/2024, 19:31 UTC
General
-
Target
63ebf64aea416da73b78c128bd0de978_JaffaCakes118.exe
-
Size
65KB
-
MD5
63ebf64aea416da73b78c128bd0de978
-
SHA1
25cfb9cbbad8a3415b800973c430f61e45f0e6c0
-
SHA256
0178e0072fa6bd34a21af2edf4182deb0e3df20b11b9a31794da6cf98d5a5de0
-
SHA512
e07b0beac0743da6e9d8b28acb860d7795a4ac2b56108d41ac5f7c40097829472f4fd6503a313ff94e95216bca3b4affa4fe2d21e2a98d61c29c65a8ab336117
-
SSDEEP
1536:elB1zq+5hRpfvE7IxEos7PcF+KPmfRuUf/cDJUw9n6ns+jdzAqjq4yvGp:ezxEVPA+qmfR5CJUxs+SQeGp
Score
10/10
Malware Config
Extracted
Family
pony
C2
http://jarkiy.info:2346/porno.php
http://sulikg.info:2346/porno.php
Signatures
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Drops file in Drivers directory 3 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Hide Artifacts: Hidden Files and Directories 1 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 8 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 48 IoCs
-
Suspicious use of WriteProcessMemory 26 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\63ebf64aea416da73b78c128bd0de978_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\63ebf64aea416da73b78c128bd0de978_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
\??\c:\users\admin\appdata\local\temp\63ebf64aea416da73b78c128bd0de978_jaffacakes118.exe"c:\users\admin\appdata\local\temp\63ebf64aea416da73b78c128bd0de978_jaffacakes118.exe"2⤵
- Drops file in Drivers directory
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy %WINDIR%\system32\drivers\etc\hosts %WINDIR%\system32\drivers\etc\hosts.sam /Y && at 19:34:00 cmd.exe /c copy %TEMP%\240626265FdOh %WINDIR%\system32\drivers\etc\hosts /Y3⤵
- Drops file in Drivers directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\at.exeat 19:34:00 cmd.exe /c copy C:\Users\Admin\AppData\Local\Temp\240626265FdOh C:\Windows\system32\drivers\etc\hosts /Y4⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windows\CurrentVersion\Run /v 240626546 /t REG_SZ /d "cmd.exe /c copy %TEMP%\240626265FdOh %WINDIR%\system32\drivers\etc\hosts /Y && attrib +H %WINDIR%\system32\drivers\etc\hosts /f3⤵
- Hide Artifacts: Hidden Files and Directories
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exereg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windows\CurrentVersion\Run /v 240626546 /t REG_SZ /d "cmd.exe /c copy C:\Users\Admin\AppData\Local\Temp\240626265FdOh C:\Windows\system32\drivers\etc\hosts /Y && attrib +H C:\Windows\system32\drivers\etc\hosts /f4⤵
- Adds Run key to start application
- Hide Artifacts: Hidden Files and Directories
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ping -n 10 127.0.0.1 > NUL && del "c:\users\admin\appdata\local\temp\63ebf64aea416da73b78c128bd0de978_jaffacakes118.exe"3⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 10 127.0.0.14⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
Network
-
DNS28.118.140.52.in-addr.arpaRemote address:8.8.8.8:53Request28.118.140.52.in-addr.arpaIN PTRResponse -
DNS67.209.201.84.in-addr.arpaRemote address:8.8.8.8:53Request67.209.201.84.in-addr.arpaIN PTRResponse
-
DNS22.160.190.20.in-addr.arpaRemote address:8.8.8.8:53Request22.160.190.20.in-addr.arpaIN PTRResponse
-
DNS95.221.229.192.in-addr.arpaRemote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
DNSjarkiy.infoRemote address:8.8.8.8:53Requestjarkiy.infoIN AResponse
-
DNSjarkiy.infoRemote address:8.8.8.8:53Requestjarkiy.infoIN AResponse
-
DNS196.249.167.52.in-addr.arpaRemote address:8.8.8.8:53Request196.249.167.52.in-addr.arpaIN PTRResponse
-
DNSjarkiy.infoRemote address:8.8.8.8:53Requestjarkiy.infoIN AResponse
-
DNSjarkiy.infoRemote address:8.8.8.8:53Requestjarkiy.infoIN AResponse
-
DNSjarkiy.infoRemote address:8.8.8.8:53Requestjarkiy.infoIN AResponse
-
DNSjarkiy.infoRemote address:8.8.8.8:53Requestjarkiy.infoIN AResponse
-
DNSjarkiy.infoRemote address:8.8.8.8:53Requestjarkiy.infoIN AResponse
-
DNSsulikg.infoRemote address:8.8.8.8:53Requestsulikg.infoIN AResponse
-
DNSsulikg.infoRemote address:8.8.8.8:53Requestsulikg.infoIN AResponse
-
DNS53.210.109.20.in-addr.arpaRemote address:8.8.8.8:53Request53.210.109.20.in-addr.arpaIN PTRResponse
-
DNS18.31.95.13.in-addr.arpaRemote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
DNS18.31.95.13.in-addr.arpaRemote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTR
-
DNS18.31.95.13.in-addr.arpaRemote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTR
-
DNSsulikg.infoRemote address:8.8.8.8:53Requestsulikg.infoIN AResponse
-
DNS66.209.201.84.in-addr.arpaRemote address:8.8.8.8:53Request66.209.201.84.in-addr.arpaIN PTRResponse
-
DNSsulikg.infoRemote address:8.8.8.8:53Requestsulikg.infoIN AResponse
-
DNSsulikg.infoRemote address:8.8.8.8:53Requestsulikg.infoIN AResponse
-
DNSsulikg.infoRemote address:8.8.8.8:53Requestsulikg.infoIN AResponse
-
DNSsulikg.infoRemote address:8.8.8.8:53Requestsulikg.infoIN AResponse
-
DNSsulikg.infoRemote address:8.8.8.8:53Requestsulikg.infoIN A
-
DNSsulikg.infoRemote address:8.8.8.8:53Requestsulikg.infoIN A
-
DNS73.209.201.84.in-addr.arpaRemote address:8.8.8.8:53Request73.209.201.84.in-addr.arpaIN PTRResponse
-
DNS58.99.105.20.in-addr.arpaRemote address:8.8.8.8:53Request58.99.105.20.in-addr.arpaIN PTRResponse
-
DNS22.236.111.52.in-addr.arpaRemote address:8.8.8.8:53Request22.236.111.52.in-addr.arpaIN PTRResponse
-
DNStse1.mm.bing.netRemote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.27.10ax-0001.ax-msedge.netIN A150.171.28.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388162_1MFS3CT3ZOVTF7TJA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239339388162_1MFS3CT3ZOVTF7TJA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 731444
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2ADE2F4FE5DD40728BE5311A68D19816 Ref B: LON601060102060 Ref C: 2024-10-20T19:33:05Z
date: Sun, 20 Oct 2024 19:33:04 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 470956
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2B01CADC3E3B401C9A31C11B079408B3 Ref B: LON601060102060 Ref C: 2024-10-20T19:33:05Z
date: Sun, 20 Oct 2024 19:33:04 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239398629743_1TH437YUI5ZNDOHAL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239398629743_1TH437YUI5ZNDOHAL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 435129
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2F5FD956168C4A0D9DC4ABCF1A11DC63 Ref B: LON601060102060 Ref C: 2024-10-20T19:33:05Z
date: Sun, 20 Oct 2024 19:33:04 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 315631
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0EB1C5337707426FAB5BB56EE4C88263 Ref B: LON601060102060 Ref C: 2024-10-20T19:33:05Z
date: Sun, 20 Oct 2024 19:33:04 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388161_17PDPNJBHCJYF0MEC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239339388161_17PDPNJBHCJYF0MEC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 871109
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8F5C85B613AA436FB3FACBFDA91DD1C6 Ref B: LON601060102060 Ref C: 2024-10-20T19:33:05Z
date: Sun, 20 Oct 2024 19:33:04 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 241999
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4F9BF397846C4C25B22D2CDAB1D4D855 Ref B: LON601060102060 Ref C: 2024-10-20T19:33:05Z
date: Sun, 20 Oct 2024 19:33:04 GMT
-
DNS10.27.171.150.in-addr.arpaRemote address:8.8.8.8:53Request10.27.171.150.in-addr.arpaIN PTRResponse
-
150.171.27.10:443tse1.mm.bing.nettls, http2
-
150.171.27.10:443https://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http2
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388162_1MFS3CT3ZOVTF7TJA&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239398629743_1TH437YUI5ZNDOHAL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388161_17PDPNJBHCJYF0MEC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200 -
150.171.27.10:443tse1.mm.bing.nettls, http2
-
150.171.27.10:443tse1.mm.bing.nettls, http2
-
150.171.27.10:443tse1.mm.bing.nettls, http2
-
8.8.8.8:5328.118.140.52.in-addr.arpadns
DNS Request
28.118.140.52.in-addr.arpa
-
8.8.8.8:5367.209.201.84.in-addr.arpadns
DNS Request
67.209.201.84.in-addr.arpa
-
8.8.8.8:5322.160.190.20.in-addr.arpadns
DNS Request
22.160.190.20.in-addr.arpa
-
8.8.8.8:5395.221.229.192.in-addr.arpadns
DNS Request
95.221.229.192.in-addr.arpa
-
8.8.8.8:53jarkiy.infodns
DNS Request
jarkiy.info
DNS Request
jarkiy.info
-
8.8.8.8:53196.249.167.52.in-addr.arpadns
DNS Request
196.249.167.52.in-addr.arpa
-
8.8.8.8:53jarkiy.infodns
DNS Request
jarkiy.info
-
8.8.8.8:53jarkiy.infodns
DNS Request
jarkiy.info
-
8.8.8.8:53jarkiy.infodns
DNS Request
jarkiy.info
-
8.8.8.8:53jarkiy.infodns
DNS Request
jarkiy.info
-
8.8.8.8:53jarkiy.infodns
DNS Request
jarkiy.info
-
8.8.8.8:53sulikg.infodns
DNS Request
sulikg.info
DNS Request
sulikg.info
-
8.8.8.8:5353.210.109.20.in-addr.arpadns
DNS Request
53.210.109.20.in-addr.arpa
-
8.8.8.8:5318.31.95.13.in-addr.arpadns
DNS Request
18.31.95.13.in-addr.arpa
DNS Request
18.31.95.13.in-addr.arpa
DNS Request
18.31.95.13.in-addr.arpa
-
8.8.8.8:53sulikg.infodns
DNS Request
sulikg.info
-
8.8.8.8:5366.209.201.84.in-addr.arpadns
DNS Request
66.209.201.84.in-addr.arpa
-
8.8.8.8:53sulikg.infodns
DNS Request
sulikg.info
-
8.8.8.8:53sulikg.infodns
DNS Request
sulikg.info
-
8.8.8.8:53sulikg.infodns
DNS Request
sulikg.info
-
8.8.8.8:53sulikg.infodns
DNS Request
sulikg.info
DNS Request
sulikg.info
DNS Request
sulikg.info
-
8.8.8.8:5373.209.201.84.in-addr.arpadns
DNS Request
73.209.201.84.in-addr.arpa
-
8.8.8.8:5358.99.105.20.in-addr.arpadns
DNS Request
58.99.105.20.in-addr.arpa
-
8.8.8.8:5322.236.111.52.in-addr.arpadns
DNS Request
22.236.111.52.in-addr.arpa
-
8.8.8.8:53tse1.mm.bing.netdns
DNS Request
tse1.mm.bing.net
DNS Response
150.171.27.10150.171.28.10
-
8.8.8.8:5310.27.171.150.in-addr.arpadns
DNS Request
10.27.171.150.in-addr.arpa
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB