Analysis

  • max time kernel
    145s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 09:40 UTC

General

  • Target

    14cef9f9cffdd5a7f63a4edbc0ea01f8.exe

  • Size

    1.5MB

  • MD5

    14cef9f9cffdd5a7f63a4edbc0ea01f8

  • SHA1

    4409699f1761d97933718ea005dcd7dbca160e3e

  • SHA256

    9a692196c93b8851d5e5c13313f8e769dddf36e4dfb7315c8b553293ceaf62b6

  • SHA512

    343cdb4ed626e7a7df4c0c98cd9e4ce9b0d63328fb9e8d91561d0ccb268232bfe9155f5709954b130a1305011f911555bf194f5184d9ff4e02abe1491712b08d

  • SSDEEP

    24576:RT4UlqnbTiFeOJYod0+tG3DCcot3umm8XK1Zv0tLBe7FkvNYjMhmSoC8qTNqqnmB:ZqPuFGzCcot3LT6HyBIeNVoCXd1sxF

Score
3/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\14cef9f9cffdd5a7f63a4edbc0ea01f8.exe
    "C:\Users\Admin\AppData\Local\Temp\14cef9f9cffdd5a7f63a4edbc0ea01f8.exe"
    1⤵
      PID:3996

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=2830D6E108E0653E3BDDC513090064BF; domain=.bing.com; expires=Sat, 18-Jan-2025 23:22:35 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 87FA9EA9DF50454D82C43F8B3CFD37E7 Ref B: LON04EDGE1006 Ref C: 2023-12-25T23:22:35Z
      date: Mon, 25 Dec 2023 23:22:34 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2830D6E108E0653E3BDDC513090064BF
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=MoExSWIVtU7ZDDJul2pGcIDEXYFOGaI8Bv5nP9BOtRU; domain=.bing.com; expires=Sat, 18-Jan-2025 23:22:35 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 40C3DDC5F4D94939AA94123CB3185D5C Ref B: LON04EDGE1006 Ref C: 2023-12-25T23:22:35Z
      date: Mon, 25 Dec 2023 23:22:34 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=2830D6E108E0653E3BDDC513090064BF; MSPTC=MoExSWIVtU7ZDDJul2pGcIDEXYFOGaI8Bv5nP9BOtRU
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 3C36467E3874499F96F4539F81958C07 Ref B: LON04EDGE1006 Ref C: 2023-12-25T23:22:35Z
      date: Mon, 25 Dec 2023 23:22:34 GMT
    • flag-us
      DNS
      21.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      21.177.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      41.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.134.221.88.in-addr.arpa
      IN PTR
      Response
      41.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      158.240.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.240.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.134.221.88.in-addr.arpa
      IN PTR
      Response
      18.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-18deploystaticakamaitechnologiescom
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301286_1KT9BFBV33M44HHCV&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301286_1KT9BFBV33M44HHCV&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 375947
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: F1F76B99A69A40339D7D9E9748E5FD43 Ref B: LON04EDGE1109 Ref C: 2023-12-25T23:23:15Z
      date: Mon, 25 Dec 2023 23:23:15 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301695_1CG9B4GZ4R1NIM1DO&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301695_1CG9B4GZ4R1NIM1DO&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 354350
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: A01B83606E564BA0BF3384D3699ECCF8 Ref B: LON04EDGE1109 Ref C: 2023-12-25T23:23:15Z
      date: Mon, 25 Dec 2023 23:23:15 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301673_1FIWLWZF3PWH5J12Y&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301673_1FIWLWZF3PWH5J12Y&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 241089
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 33530DE24D1542E686ED6FE1B2E6C539 Ref B: LON04EDGE1109 Ref C: 2023-12-25T23:23:16Z
      date: Mon, 25 Dec 2023 23:23:15 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301264_15YE8G57ZQGJD2U94&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301264_15YE8G57ZQGJD2U94&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 340120
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E0BFBC78AEE04EB88E24048B7F7B73A9 Ref B: LON04EDGE1109 Ref C: 2023-12-25T23:23:16Z
      date: Mon, 25 Dec 2023 23:23:15 GMT
    • flag-us
      DNS
      183.1.37.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.1.37.23.in-addr.arpa
      IN PTR
      Response
      183.1.37.23.in-addr.arpa
      IN PTR
      a23-37-1-183deploystaticakamaitechnologiescom
    • flag-us
      DNS
      183.1.37.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.1.37.23.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      119.110.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      119.110.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      0.204.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.204.248.87.in-addr.arpa
      IN PTR
      Response
      0.204.248.87.in-addr.arpa
      IN PTR
      https-87-248-204-0lhrllnwnet
    • flag-us
      DNS
      43.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      81.171.91.138.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      81.171.91.138.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      67.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      67.134.221.88.in-addr.arpa
      IN PTR
      Response
      67.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-67deploystaticakamaitechnologiescom
    • flag-us
      DNS
      67.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      67.134.221.88.in-addr.arpa
      IN PTR
      Response
      67.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-67deploystaticakamaitechnologiescom
    • flag-us
      DNS
      64.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      64.134.221.88.in-addr.arpa
      IN PTR
      Response
      64.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-64deploystaticakamaitechnologiescom
    • flag-us
      DNS
      64.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      64.134.221.88.in-addr.arpa
      IN PTR
      Response
      64.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-64deploystaticakamaitechnologiescom
    • flag-us
      DNS
      Remote address:
      8.8.8.8:53
      Response
    • 52.142.223.178:80
      52 B
      1
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=
      tls, http2
      2.4kB
      9.7kB
      24
      21

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e5b69b5d6f1649ae9a8b6aadc4439b5f&localId=w:21650369-2C99-C360-7421-09FEFD995537&deviceId=6755462138656706&anid=

      HTTP Response

      204
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.3kB
      8.7kB
      18
      14
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239317301264_15YE8G57ZQGJD2U94&pid=21.2&w=1920&h=1080&c=4
      tls, http2
      50.6kB
      1.4MB
      1006
      999

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301286_1KT9BFBV33M44HHCV&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301695_1CG9B4GZ4R1NIM1DO&pid=21.2&w=1080&h=1920&c=4

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301673_1FIWLWZF3PWH5J12Y&pid=21.2&w=1080&h=1920&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301264_15YE8G57ZQGJD2U94&pid=21.2&w=1920&h=1080&c=4

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      158 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      21.177.190.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      21.177.190.20.in-addr.arpa

    • 8.8.8.8:53
      41.134.221.88.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      41.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      146 B
      106 B
      2
      1

      DNS Request

      200.197.79.204.in-addr.arpa

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      146 B
      144 B
      2
      1

      DNS Request

      95.221.229.192.in-addr.arpa

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      158.240.127.40.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      158.240.127.40.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      140 B
      156 B
      2
      1

      DNS Request

      9.228.82.20.in-addr.arpa

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
      145 B
      1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      18.134.221.88.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      18.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
      173 B
      1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      183.1.37.23.in-addr.arpa
      dns
      140 B
      133 B
      2
      1

      DNS Request

      183.1.37.23.in-addr.arpa

      DNS Request

      183.1.37.23.in-addr.arpa

    • 8.8.8.8:53
      119.110.54.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      119.110.54.20.in-addr.arpa

    • 8.8.8.8:53
      0.204.248.87.in-addr.arpa
      dns
      71 B
      116 B
      1
      1

      DNS Request

      0.204.248.87.in-addr.arpa

    • 8.8.8.8:53
      43.229.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      43.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      81.171.91.138.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      81.171.91.138.in-addr.arpa

    • 8.8.8.8:53
      67.134.221.88.in-addr.arpa
      dns
      144 B
      274 B
      2
      2

      DNS Request

      67.134.221.88.in-addr.arpa

      DNS Request

      67.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      64.134.221.88.in-addr.arpa
      dns
      144 B
      274 B
      2
      2

      DNS Request

      64.134.221.88.in-addr.arpa

      DNS Request

      64.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      dns
      147 B
      1

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.