Overview

overview

5

Static

static

1

test.txt

windows7-x64

5

test.txt

windows10-1703-x64

1

test.txt

windows10-2004-x64

1

test.txt

windows11-21h2-x64

4

test.txt

android-10-x64

test.txt

android-11-x64

test.txt

android-13-x64

test.txt

android-9-x86

test.txt

macos-10.15-amd64

5

test.txt

debian-9-armhf

test.txt

debian-9-mips

test.txt

debian-9-mipsel

test.txt

ubuntu-18.04-amd64

Resubmissions

27/12/2023, 08:26 UTC

231227-kcc43afbcn 3

25/12/2023, 05:26 UTC

231225-f47qjagae7 8

25/12/2023, 05:23 UTC

231225-f3jmbaffh9 1

25/12/2023, 02:44 UTC

231225-c79shsdhb4 1

25/12/2023, 02:43 UTC

231225-c7yp9acegj 1

24/12/2023, 13:06 UTC

231224-qcfsvacaar 1

24/12/2023, 13:05 UTC

231224-qbs2sacaaq 1

24/12/2023, 09:20 UTC

231224-lap7aabehm 3

24/12/2023, 08:46 UTC

231224-kprg8adhc4 5

Analysis

  • max time kernel
    1799s
  • max time network
    1768s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    24/12/2023, 08:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test.txt

  • Size

    4B

  • MD5

    098f6bcd4621d373cade4e832627b4f6

  • SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

  • SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

  • SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\test.txt
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:2140
  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\test.txt
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3672
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /0
    1⤵
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2856
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
    1⤵
      PID:1672
    • C:\Windows\System32\oobe\UserOOBEBroker.exe
      C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
      1⤵
      • Drops file in Windows directory
      PID:3812
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
      1⤵
        PID:1800
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:908

        Network

        • flag-us
          DNS
          8.8.8.8.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          8.8.8.8.in-addr.arpa
          IN PTR
          Response
          8.8.8.8.in-addr.arpa
          IN PTR
          dnsgoogle
        • flag-us
          DNS
          21.236.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          21.236.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          21.236.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          21.236.111.52.in-addr.arpa
          IN PTR
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239351692194_136002WU93FKUBGFQ&pid=21.2&w=1920&h=1080&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239351692194_136002WU93FKUBGFQ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 399443
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 43D22A6FA761405CBA7E4BF74E3ACA20 Ref B: LON04EDGE0814 Ref C: 2023-12-24T09:13:29Z
          date: Sun, 24 Dec 2023 09:13:28 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239351692256_1WQM6RJXKTQXXQ775&pid=21.2&w=1080&h=1920&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239351692256_1WQM6RJXKTQXXQ775&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 207140
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: A98B7DB995FE422F863201D72717C627 Ref B: LON04EDGE0814 Ref C: 2023-12-24T09:13:29Z
          date: Sun, 24 Dec 2023 09:13:28 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239351692218_1C2G5NA0D2U7KB730&pid=21.2&w=1920&h=1080&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239351692218_1C2G5NA0D2U7KB730&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 414644
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 4FC31893CE7743D78392360E71B891BE Ref B: LON04EDGE0814 Ref C: 2023-12-24T09:13:29Z
          date: Sun, 24 Dec 2023 09:13:28 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239351692195_1JV8M5U9CCF462N7K&pid=21.2&w=1080&h=1920&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239351692195_1JV8M5U9CCF462N7K&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 331750
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: C12107609D0A45CE9CF07CE4069BC7BF Ref B: LON04EDGE0814 Ref C: 2023-12-24T09:13:29Z
          date: Sun, 24 Dec 2023 09:13:28 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239351692219_16RSQD6Q5T7P1QOIL&pid=21.2&w=1080&h=1920&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239351692219_16RSQD6Q5T7P1QOIL&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 225069
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 7B8B0C4E51BA4B80B60337ECD29B63D7 Ref B: LON04EDGE0814 Ref C: 2023-12-24T09:13:29Z
          date: Sun, 24 Dec 2023 09:13:28 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239351692257_1HIZ251INBOILWVAX&pid=21.2&w=1920&h=1080&c=4
          Remote address:
          204.79.197.200:443
          Request
          GET /th?id=OADD2.10239351692257_1HIZ251INBOILWVAX&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 412540
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: B0137864ECF740A79141803F66270FBB Ref B: LON04EDGE0814 Ref C: 2023-12-24T09:13:29Z
          date: Sun, 24 Dec 2023 09:13:29 GMT
        • flag-us
          DNS
          54.120.234.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          54.120.234.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          arc.msn.com
          Remote address:
          8.8.8.8:53
          Request
          arc.msn.com
          IN A
          Response
          arc.msn.com
          IN CNAME
          arc.trafficmanager.net
          arc.trafficmanager.net
          IN CNAME
          iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com
          iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com
          IN A
          20.199.58.43
        • flag-us
          DNS
          43.58.199.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          43.58.199.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          r.bing.com
          Remote address:
          8.8.8.8:53
          Request
          r.bing.com
          IN A
          Response
          r.bing.com
          IN CNAME
          p-static.bing.trafficmanager.net
          p-static.bing.trafficmanager.net
          IN CNAME
          r.bing.com.edgekey.net
          r.bing.com.edgekey.net
          IN CNAME
          e86303.dscx.akamaiedge.net
          e86303.dscx.akamaiedge.net
          IN A
          92.123.128.133
          e86303.dscx.akamaiedge.net
          IN A
          92.123.128.161
          e86303.dscx.akamaiedge.net
          IN A
          92.123.128.164
          e86303.dscx.akamaiedge.net
          IN A
          92.123.128.194
          e86303.dscx.akamaiedge.net
          IN A
          92.123.128.146
          e86303.dscx.akamaiedge.net
          IN A
          92.123.128.181
        • flag-us
          DNS
          133.128.123.92.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          133.128.123.92.in-addr.arpa
          IN PTR
          Response
          133.128.123.92.in-addr.arpa
          IN PTR
          a92-123-128-133deploystaticakamaitechnologiescom
        • flag-us
          DNS
          222.197.79.204.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          222.197.79.204.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          arc.msn.com
          Remote address:
          8.8.8.8:53
          Request
          arc.msn.com
          IN A
          Response
          arc.msn.com
          IN CNAME
          arc.trafficmanager.net
          arc.trafficmanager.net
          IN CNAME
          iris-de-prod-azsc-v2-weu-b.westeurope.cloudapp.azure.com
          iris-de-prod-azsc-v2-weu-b.westeurope.cloudapp.azure.com
          IN A
          20.31.169.57
        • flag-us
          DNS
          57.169.31.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          57.169.31.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          cxcs.microsoft.net
          Remote address:
          8.8.8.8:53
          Request
          cxcs.microsoft.net
          IN A
          Response
          cxcs.microsoft.net
          IN CNAME
          cxcs.microsoft.net.edgekey.net
          cxcs.microsoft.net.edgekey.net
          IN CNAME
          e3230.b.akamaiedge.net
          e3230.b.akamaiedge.net
          IN A
          2.20.38.10
        • flag-us
          DNS
          10.38.20.2.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          10.38.20.2.in-addr.arpa
          IN PTR
          Response
          10.38.20.2.in-addr.arpa
          IN PTR
          a2-20-38-10deploystaticakamaitechnologiescom
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.3kB
           8.3kB
           16
          14
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.3kB
           8.3kB
           16
          14
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.3kB
           8.3kB
           16
          14
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls, http2
          1.3kB
           8.3kB
           16
          14
        • 204.79.197.200:443
          https://tse1.mm.bing.net/th?id=OADD2.10239351692257_1HIZ251INBOILWVAX&pid=21.2&w=1920&h=1080&c=4
          tls, http2
          74.7kB
           2.1MB
           1522
          1519

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239351692194_136002WU93FKUBGFQ&pid=21.2&w=1920&h=1080&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239351692256_1WQM6RJXKTQXXQ775&pid=21.2&w=1080&h=1920&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239351692218_1C2G5NA0D2U7KB730&pid=21.2&w=1920&h=1080&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239351692195_1JV8M5U9CCF462N7K&pid=21.2&w=1080&h=1920&c=4

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239351692219_16RSQD6Q5T7P1QOIL&pid=21.2&w=1080&h=1920&c=4

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239351692257_1HIZ251INBOILWVAX&pid=21.2&w=1920&h=1080&c=4

          HTTP Response

          200
        • 184.28.176.96:443
          www.bing.com
          tls
          1.2kB
           5.3kB
           16
          15
        • 184.28.176.96:443
          www.bing.com
          tls
          67.9kB
           179.5kB
           257
          227
        • 51.132.193.104:443
          browser.pipe.aria.microsoft.com
          tls
          4.9kB
           7.6kB
           26
          16
        • 92.123.128.133:443
          r.bing.com
          tls
          1.2kB
           5.3kB
           16
          15
        • 92.123.128.133:443
          r.bing.com
          tls
          50.0kB
           1.2MB
           950
          912
        • 92.123.128.133:443
          r.bing.com
          tls
          1.2kB
           5.3kB
           16
          15
        • 92.123.128.133:443
          r.bing.com
          tls
          1.2kB
           5.3kB
           16
          15
        • 92.123.128.133:443
          r.bing.com
          tls
          1.2kB
           5.3kB
           16
          15
        • 92.123.128.133:443
          r.bing.com
          tls
          1.2kB
           5.3kB
           16
          15
        • 51.132.193.104:443
          browser.pipe.aria.microsoft.com
          tls
          3.4kB
           7.5kB
           20
          14
        • 2.20.38.10:443
          cxcs.microsoft.net
          tls
          1.5kB
           10.0kB
           21
          19
        • 92.123.128.146:443
          www.bing.com
          tls
          2.0kB
           6.6kB
           20
          18
        • 8.8.8.8:53
          8.8.8.8.in-addr.arpa
          dns
          210 B
           248 B
           3
          2

          DNS Request

          8.8.8.8.in-addr.arpa

          DNS Request

          21.236.111.52.in-addr.arpa

          DNS Request

          21.236.111.52.in-addr.arpa

        • 8.8.8.8:53
          54.120.234.20.in-addr.arpa
          dns
          329 B
           899 B
           5
          5

          DNS Request

          54.120.234.20.in-addr.arpa

          DNS Request

          arc.msn.com

          DNS Response

          20.199.58.43

          DNS Request

          43.58.199.20.in-addr.arpa

          DNS Request

          r.bing.com

          DNS Response

          92.123.128.133
          92.123.128.161
          92.123.128.164
          92.123.128.194
          92.123.128.146
          92.123.128.181

          DNS Request

          133.128.123.92.in-addr.arpa

        • 8.8.8.8:53
          222.197.79.204.in-addr.arpa
          dns
          334 B
           761 B
           5
          5

          DNS Request

          222.197.79.204.in-addr.arpa

          DNS Request

          arc.msn.com

          DNS Response

          20.31.169.57

          DNS Request

          57.169.31.20.in-addr.arpa

          DNS Request

          cxcs.microsoft.net

          DNS Response

          2.20.38.10

          DNS Request

          10.38.20.2.in-addr.arpa

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2856-0-0x000001E4EDEC0000-0x000001E4EDEC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2856-1-0x000001E4EDEC0000-0x000001E4EDEC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2856-2-0x000001E4EDEC0000-0x000001E4EDEC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2856-9-0x000001E4EDEC0000-0x000001E4EDEC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2856-8-0x000001E4EDEC0000-0x000001E4EDEC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2856-7-0x000001E4EDEC0000-0x000001E4EDEC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2856-6-0x000001E4EDEC0000-0x000001E4EDEC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2856-10-0x000001E4EDEC0000-0x000001E4EDEC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2856-11-0x000001E4EDEC0000-0x000001E4EDEC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2856-12-0x000001E4EDEC0000-0x000001E4EDEC1000-memory.dmp

          Filesize

          4KB

          Download

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.