Overview

overview

8

Static

static

8

e099f166ca...ab.xls

windows7-x64

1

e099f166ca...ab.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 09:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e099f166caa5b30f78290373cc824cb93eee0c733fbbf770afa499b42a4718ab.xls

  • Size

    1.9MB

  • MD5

    cb653f95fb9a0de9bcd7fcf4586f4def

  • SHA1

    2b2a1a12e970590c226e03127694f31fef560ec9

  • SHA256

    e099f166caa5b30f78290373cc824cb93eee0c733fbbf770afa499b42a4718ab

  • SHA512

    96e07e78b9cb0a2ff68ccd514010fcd9ce76e2902cbca3ecc8c3b739fb173d0902eb251f94dc085c8066951b396648c08de15b5497879699606355f6bbff187d

  • SSDEEP

    12288:I7TTvIOvssFOhk09jdJo4PViU1LxZYjUckV3wt+sKLX/+c9nJSPoly:sTwOkssdxLoqrYrcgE3TtJSAly

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\e099f166caa5b30f78290373cc824cb93eee0c733fbbf770afa499b42a4718ab.xls"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2616

Network

  • flag-us
    DNS
    71.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.89.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.89.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    205.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.178.17.96.in-addr.arpa
    IN PTR
    Response
    205.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-205deploystaticakamaitechnologiescom
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba3516ec08204842a635d104d00b7dfc&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba3516ec08204842a635d104d00b7dfc&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=0F235A7D67E9627313D84E3C6609630F; domain=.bing.com; expires=Mon, 07-Apr-2025 09:27:21 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: FB6991D30CC94EE7A9D351FB13CE95D9 Ref B: LON04EDGE1211 Ref C: 2024-03-13T09:27:21Z
    date: Wed, 13 Mar 2024 09:27:21 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ba3516ec08204842a635d104d00b7dfc&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ba3516ec08204842a635d104d00b7dfc&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0F235A7D67E9627313D84E3C6609630F
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=hzHExCBWGMgCEFuezpDzOXpBFJdpnkCJ8_7tGNsyhRM; domain=.bing.com; expires=Mon, 07-Apr-2025 09:27:21 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 91AF3FB2D6CF41AA9F415C1D2E48A877 Ref B: LON04EDGE1211 Ref C: 2024-03-13T09:27:21Z
    date: Wed, 13 Mar 2024 09:27:21 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba3516ec08204842a635d104d00b7dfc&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba3516ec08204842a635d104d00b7dfc&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0F235A7D67E9627313D84E3C6609630F; MSPTC=hzHExCBWGMgCEFuezpDzOXpBFJdpnkCJ8_7tGNsyhRM
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0584391055134AE6BCCEC03FC8392A4C Ref B: LON04EDGE1211 Ref C: 2024-03-13T09:27:21Z
    date: Wed, 13 Mar 2024 09:27:21 GMT
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    90.16.208.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    90.16.208.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    234.66.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    234.66.18.2.in-addr.arpa
    IN PTR
    Response
    234.66.18.2.in-addr.arpa
    IN PTR
    a2-18-66-234deploystaticakamaitechnologiescom
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    14.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    14.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.227.111.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301701_11UGRWY4Y5ZEF3873&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301701_11UGRWY4Y5ZEF3873&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 220516
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F6C33345DB474C848BEAA6089035B1E8 Ref B: LON04EDGE0914 Ref C: 2024-03-13T09:29:04Z
    date: Wed, 13 Mar 2024 09:29:03 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301292_1GDVMD25ARDBL3246&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301292_1GDVMD25ARDBL3246&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 340273
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 1CAA626C9C1A46EF83874810D548118F Ref B: LON04EDGE0914 Ref C: 2024-03-13T09:29:04Z
    date: Wed, 13 Mar 2024 09:29:03 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418559_1LXGGCLQWFST3067K&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340418559_1LXGGCLQWFST3067K&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 242979
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: EBEDCD27D11D4515A752A92D95751271 Ref B: LON04EDGE0914 Ref C: 2024-03-13T09:29:04Z
    date: Wed, 13 Mar 2024 09:29:03 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418560_12H05GS2AXF1O4KMU&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340418560_12H05GS2AXF1O4KMU&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 322167
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0894C149860A4AB184729AA1DB2AE7A6 Ref B: LON04EDGE0914 Ref C: 2024-03-13T09:29:04Z
    date: Wed, 13 Mar 2024 09:29:03 GMT
  • flag-us
    DNS
    67.112.168.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    67.112.168.52.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.200:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba3516ec08204842a635d104d00b7dfc&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=
    tls, http2
    2.1kB
     9.4kB
     23
    20

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba3516ec08204842a635d104d00b7dfc&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ba3516ec08204842a635d104d00b7dfc&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba3516ec08204842a635d104d00b7dfc&localId=w:B4A3D36C-D183-1852-EB44-E34BD7DE44E3&deviceId=6755461009612214&anid=

    HTTP Response

    204
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
     8.5kB
     20
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
     8.1kB
     18
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239340418560_12H05GS2AXF1O4KMU&pid=21.2&w=1920&h=1080&c=4
    tls, http2
    41.0kB
     1.2MB
     859
    853

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301701_11UGRWY4Y5ZEF3873&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301292_1GDVMD25ARDBL3246&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418559_1LXGGCLQWFST3067K&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418560_12H05GS2AXF1O4KMU&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
     9.0kB
     21
    15
  • 8.8.8.8:53
    71.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    71.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    18.89.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    18.89.109.52.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    205.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    205.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    146 B
     147 B
     2
    1

    DNS Request

    104.219.191.52.in-addr.arpa

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     158 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    90.16.208.104.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    90.16.208.104.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    146 B
     147 B
     2
    1

    DNS Request

    103.169.127.40.in-addr.arpa

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    234.66.18.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    234.66.18.2.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    11.227.111.52.in-addr.arpa

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    14.227.111.52.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    14.227.111.52.in-addr.arpa

    DNS Request

    14.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
     173 B
     2
    1

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    213 B
     157 B
     3
    1

    DNS Request

    55.36.223.20.in-addr.arpa

    DNS Request

    55.36.223.20.in-addr.arpa

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    67.112.168.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    67.112.168.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2616-0-0x00007FFA319B0000-0x00007FFA319C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2616-1-0x00007FFA319B0000-0x00007FFA319C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2616-2-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2616-4-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2616-3-0x00007FFA319B0000-0x00007FFA319C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2616-5-0x00007FFA319B0000-0x00007FFA319C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2616-6-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2616-7-0x00007FFA319B0000-0x00007FFA319C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2616-8-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2616-9-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2616-11-0x00007FFA2F150000-0x00007FFA2F160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2616-10-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2616-12-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2616-13-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2616-14-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2616-15-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2616-17-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2616-16-0x00007FFA2F150000-0x00007FFA2F160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2616-18-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2616-19-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2616-20-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2616-33-0x00007FFA71930000-0x00007FFA71B25000-memory.dmp

    Filesize

    2.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.