Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

21666191b9...de.exe

windows7-x64

3

21666191b9...de.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 00:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21666191b9487673714d692a37ad35de.exe

  • Size

    41KB

  • MD5

    21666191b9487673714d692a37ad35de

  • SHA1

    aa583c6809d83baaed15dd1a14a102abc8a486d9

  • SHA256

    77f352731f0f54e5829732596dd976afaa5a48d97339b4f548049fd101ab3ccd

  • SHA512

    b51e573d9783c4171e98f2d4d9bdca1f64a8d35ce5cd16736ac662e9dd55ad5f299f7e3b8127d0e4912c59998e7ee037a9773e5535201f464f61a71616e7fd79

  • SSDEEP

    768:Dh2toqSvpTXnztLNMNdyekLGHEfT+qXyf:Dh9DZtLeeyqXa

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21666191b9487673714d692a37ad35de.exe
    "C:\Users\Admin\AppData\Local\Temp\21666191b9487673714d692a37ad35de.exe"
    1⤵
      PID:1840
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 280
        2⤵
        • Program crash
        PID:3136
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1840 -ip 1840
      1⤵
        PID:2024

      Network

      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.a-0001.a-msedge.net
        g-bing-com.a-0001.a-msedge.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        DNS
        2.181.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.181.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        2.136.104.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.136.104.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        173.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        173.178.17.96.in-addr.arpa
        IN PTR
        Response
        173.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-173deploystaticakamaitechnologiescom
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba7dce712f20434c8212fcc2543a7172&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba7dce712f20434c8212fcc2543a7172&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=00D0C8DEBD1D68622851DB22BCA669ED; domain=.bing.com; expires=Tue, 28-Jan-2025 23:05:30 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 46FEB08E303E42F5A9F98AF811274464 Ref B: LON04EDGE0813 Ref C: 2024-01-04T23:05:30Z
        date: Thu, 04 Jan 2024 23:05:30 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ba7dce712f20434c8212fcc2543a7172&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ba7dce712f20434c8212fcc2543a7172&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=00D0C8DEBD1D68622851DB22BCA669ED
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=WP0NO8F2HZvpYDCjFLbF9aQwNcm_YD2C2LQ7hIOm8l8; domain=.bing.com; expires=Tue, 28-Jan-2025 23:05:30 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 9001BC82A02E4FC6A351B2EC11CA65CD Ref B: LON04EDGE0813 Ref C: 2024-01-04T23:05:30Z
        date: Thu, 04 Jan 2024 23:05:30 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba7dce712f20434c8212fcc2543a7172&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba7dce712f20434c8212fcc2543a7172&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=00D0C8DEBD1D68622851DB22BCA669ED; MSPTC=WP0NO8F2HZvpYDCjFLbF9aQwNcm_YD2C2LQ7hIOm8l8
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 133E222AC9F44CD99E8CFCBC78EBD3F8 Ref B: LON04EDGE0813 Ref C: 2024-01-04T23:05:31Z
        date: Thu, 04 Jan 2024 23:05:30 GMT
      • flag-us
        DNS
        9.228.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        9.228.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        79.121.231.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        79.121.231.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        208.194.73.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        208.194.73.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        76.246.100.95.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        76.246.100.95.in-addr.arpa
        IN PTR
        Response
        76.246.100.95.in-addr.arpa
        IN PTR
        a95-100-246-76deploystaticakamaitechnologiescom
      • flag-us
        DNS
        26.165.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.165.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        206.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        206.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        182.245.100.95.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        182.245.100.95.in-addr.arpa
        IN PTR
        Response
        182.245.100.95.in-addr.arpa
        IN PTR
        a95-100-245-182deploystaticakamaitechnologiescom
      • flag-us
        DNS
        134.71.91.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        134.71.91.104.in-addr.arpa
        IN PTR
        Response
        134.71.91.104.in-addr.arpa
        IN PTR
        a104-91-71-134deploystaticakamaitechnologiescom
      • flag-us
        DNS
        148.177.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        148.177.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        100.5.17.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        100.5.17.2.in-addr.arpa
        IN PTR
        Response
        100.5.17.2.in-addr.arpa
        IN PTR
        a2-17-5-100deploystaticakamaitechnologiescom
      • flag-us
        DNS
        100.5.17.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        100.5.17.2.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        180.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        180.178.17.96.in-addr.arpa
        IN PTR
        Response
        180.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-180deploystaticakamaitechnologiescom
      • flag-us
        DNS
        119.110.54.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        119.110.54.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        205.47.74.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        205.47.74.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        205.47.74.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        205.47.74.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        194.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        194.178.17.96.in-addr.arpa
        IN PTR
        Response
        194.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-194deploystaticakamaitechnologiescom
      • flag-us
        DNS
        194.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        194.178.17.96.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        176.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        176.178.17.96.in-addr.arpa
        IN PTR
        Response
        176.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-176deploystaticakamaitechnologiescom
      • flag-us
        DNS
        176.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        176.178.17.96.in-addr.arpa
        IN PTR
        Response
        176.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-176deploystaticakamaitechnologiescom
      • flag-us
        DNS
        140.71.91.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        140.71.91.104.in-addr.arpa
        IN PTR
        Response
        140.71.91.104.in-addr.arpa
        IN PTR
        a104-91-71-140deploystaticakamaitechnologiescom
      • flag-us
        DNS
        140.71.91.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        140.71.91.104.in-addr.arpa
        IN PTR
        Response
        140.71.91.104.in-addr.arpa
        IN PTR
        a104-91-71-140deploystaticakamaitechnologiescom
      • flag-us
        DNS
        211.135.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        211.135.221.88.in-addr.arpa
        IN PTR
        Response
        211.135.221.88.in-addr.arpa
        IN PTR
        a88-221-135-211deploystaticakamaitechnologiescom
      • flag-us
        DNS
        211.135.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        211.135.221.88.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        14.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        14.227.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        14.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        14.227.111.52.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        14.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        14.227.111.52.in-addr.arpa
        IN PTR
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301232_1SUK3KC676MXT5G7N&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301232_1SUK3KC676MXT5G7N&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301659_1X4L46L6ILPPQI95F&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301659_1X4L46L6ILPPQI95F&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301366_1F7IE3E9ETFG8ONMF&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301366_1F7IE3E9ETFG8ONMF&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301250_1MLG2SHGO160JKUMX&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301250_1MLG2SHGO160JKUMX&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        174.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        174.178.17.96.in-addr.arpa
        IN PTR
        Response
        174.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-174deploystaticakamaitechnologiescom
      • flag-us
        DNS
        174.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        174.178.17.96.in-addr.arpa
        IN PTR
        Response
        174.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-174deploystaticakamaitechnologiescom
      • flag-us
        DNS
        42.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        42.134.221.88.in-addr.arpa
        IN PTR
        Response
        42.134.221.88.in-addr.arpa
        IN PTR
        a88-221-134-42deploystaticakamaitechnologiescom
      • flag-us
        DNS
        42.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        42.134.221.88.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        42.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        42.134.221.88.in-addr.arpa
        IN PTR
      • 204.79.197.200:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba7dce712f20434c8212fcc2543a7172&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=
        tls, http2
        2.9kB
         9.3kB
         25
        16

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba7dce712f20434c8212fcc2543a7172&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ba7dce712f20434c8212fcc2543a7172&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba7dce712f20434c8212fcc2543a7172&localId=w:883EF0F5-E343-58F0-299D-1D886ECF4A6A&deviceId=6825827065270825&anid=

        HTTP Response

        204
      • 52.142.223.178:80
        52 B
         1
      • 96.17.178.176:80
      • 96.17.178.176:80
      • 96.17.178.176:80
      • 96.17.178.176:80
      • 96.17.178.176:80
      • 96.17.178.176:80
      • 52.111.227.14:443
        tls
        1.9kB
         6.6kB
         10
        8
      • 96.17.178.176:80
      • 96.17.178.176:80
      • 96.17.178.176:80
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.1kB
         8.3kB
         14
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.1kB
         8.2kB
         14
        12
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.1kB
         8.3kB
         14
        14
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239317301250_1MLG2SHGO160JKUMX&pid=21.2&w=1920&h=1080&c=4
        tls, http2
        11.6kB
         278.0kB
         201
        213

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301232_1SUK3KC676MXT5G7N&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301659_1X4L46L6ILPPQI95F&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301366_1F7IE3E9ETFG8ONMF&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301250_1MLG2SHGO160JKUMX&pid=21.2&w=1920&h=1080&c=4
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.1kB
         589 B
         9
        8
      • 8.8.8.8:53
        g.bing.com
        dns
        168 B
         158 B
         3
        1

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        2.181.190.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        2.181.190.20.in-addr.arpa

      • 8.8.8.8:53
        2.136.104.51.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        2.136.104.51.in-addr.arpa

      • 8.8.8.8:53
        173.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        173.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        9.228.82.20.in-addr.arpa
        dns
        70 B
         156 B
         1
        1

        DNS Request

        9.228.82.20.in-addr.arpa

      • 8.8.8.8:53
        26.35.223.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        26.35.223.20.in-addr.arpa

      • 8.8.8.8:53
        79.121.231.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        79.121.231.20.in-addr.arpa

      • 8.8.8.8:53
        208.194.73.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        208.194.73.20.in-addr.arpa

      • 8.8.8.8:53
        76.246.100.95.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        76.246.100.95.in-addr.arpa

      • 8.8.8.8:53
        26.165.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        26.165.165.52.in-addr.arpa

      • 8.8.8.8:53
        206.23.85.13.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        206.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        182.245.100.95.in-addr.arpa
        dns
        73 B
         139 B
         1
        1

        DNS Request

        182.245.100.95.in-addr.arpa

      • 8.8.8.8:53
        134.71.91.104.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        134.71.91.104.in-addr.arpa

      • 8.8.8.8:53
        148.177.190.20.in-addr.arpa
        dns
        73 B
         159 B
         1
        1

        DNS Request

        148.177.190.20.in-addr.arpa

      • 8.8.8.8:53
        100.5.17.2.in-addr.arpa
        dns
        138 B
         131 B
         2
        1

        DNS Request

        100.5.17.2.in-addr.arpa

        DNS Request

        100.5.17.2.in-addr.arpa

      • 8.8.8.8:53
        180.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        180.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        119.110.54.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        119.110.54.20.in-addr.arpa

      • 8.8.8.8:53
        205.47.74.20.in-addr.arpa
        dns
        142 B
         314 B
         2
        2

        DNS Request

        205.47.74.20.in-addr.arpa

        DNS Request

        205.47.74.20.in-addr.arpa

      • 8.8.8.8:53
        194.178.17.96.in-addr.arpa
        dns
        144 B
         137 B
         2
        1

        DNS Request

        194.178.17.96.in-addr.arpa

        DNS Request

        194.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        176.178.17.96.in-addr.arpa
        dns
        144 B
         274 B
         2
        2

        DNS Request

        176.178.17.96.in-addr.arpa

        DNS Request

        176.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        140.71.91.104.in-addr.arpa
        dns
        144 B
         274 B
         2
        2

        DNS Request

        140.71.91.104.in-addr.arpa

        DNS Request

        140.71.91.104.in-addr.arpa

      • 8.8.8.8:53
        211.135.221.88.in-addr.arpa
        dns
        146 B
         139 B
         2
        1

        DNS Request

        211.135.221.88.in-addr.arpa

        DNS Request

        211.135.221.88.in-addr.arpa

      • 8.8.8.8:53
      • 8.8.8.8:53
        14.227.111.52.in-addr.arpa
        dns
        216 B
         158 B
         3
        1

        DNS Request

        14.227.111.52.in-addr.arpa

        DNS Request

        14.227.111.52.in-addr.arpa

        DNS Request

        14.227.111.52.in-addr.arpa

      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
        56.126.166.20.in-addr.arpa
        dns
        144 B
         316 B
         2
        2

        DNS Request

        56.126.166.20.in-addr.arpa

        DNS Request

        56.126.166.20.in-addr.arpa

      • 8.8.8.8:53
        174.178.17.96.in-addr.arpa
        dns
        144 B
         274 B
         2
        2

        DNS Request

        174.178.17.96.in-addr.arpa

        DNS Request

        174.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        42.134.221.88.in-addr.arpa
        dns
        216 B
         137 B
         3
        1

        DNS Request

        42.134.221.88.in-addr.arpa

        DNS Request

        42.134.221.88.in-addr.arpa

        DNS Request

        42.134.221.88.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.