discordrat | hxxps://github[.]com/moom825/Discord-RAT-2[.]0/releases/download/2[.]0/release[.]zip

Analysis

max time kernel
149s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22/04/2024, 17:46 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 2 IoCs

pid	Process
736	Client-built.exe
5944	Client-built.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
1056	msedge.exe
1056	msedge.exe
4924	identity_helper.exe
4924	identity_helper.exe
2280	msedge.exe
2280	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	736	Client-built.exe
Token: SeDebugPrivilege	5944	Client-built.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 4720	1056	msedge.exe	86
PID 1056 wrote to memory of 4720	1056	msedge.exe	86
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3204	1056	msedge.exe	87
PID 1056 wrote to memory of 3048	1056	msedge.exe	88
PID 1056 wrote to memory of 3048	1056	msedge.exe	88
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89
PID 1056 wrote to memory of 3932	1056	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd718c46f8,0x7ffd718c4708,0x7ffd718c4718
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4296

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5612

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
PID:1804

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:736

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5944

Network

DNS

136.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

136.32.126.40.in-addr.arpa

IN PTR

Response
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
GET

https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /moom825/Discord-RAT-2.0/releases/download/2.0/release.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

server: GitHub.com
date: Mon, 22 Apr 2024 17:46:45 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240422%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240422T174645Z&X-Amz-Expires=300&X-Amz-Signature=e2f042af7dc8e2a7d497c35033bfc3332d3bfb14dc2ca85721422b0431e3d3ee&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=514392783&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: F002:1C6DD9:2724975:29DFBF3:6626A284
DNS

objects.githubusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN A

Response

objects.githubusercontent.com

IN A

185.199.108.133

objects.githubusercontent.com

IN A

185.199.109.133

objects.githubusercontent.com

IN A

185.199.110.133

objects.githubusercontent.com

IN A

185.199.111.133
GET

https://objects.githubusercontent.com/github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240422%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240422T174645Z&X-Amz-Expires=300&X-Amz-Signature=e2f042af7dc8e2a7d497c35033bfc3332d3bfb14dc2ca85721422b0431e3d3ee&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=514392783&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream

msedge.exe

Remote address:

185.199.108.133:443

Request

GET /github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240422%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240422T174645Z&X-Amz-Expires=300&X-Amz-Signature=e2f042af7dc8e2a7d497c35033bfc3332d3bfb14dc2ca85721422b0431e3d3ee&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=514392783&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream HTTP/2.0
host: objects.githubusercontent.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/octet-stream
content-md5: BqT81es6Odf1CgcJ3pkA2w==
last-modified: Wed, 03 Aug 2022 20:36:01 GMT
etag: "0x8DA758FC7B7F85D"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b232cdc1-f01e-0063-5043-657cae000000
x-ms-version: 2020-10-02
x-ms-creation-time: Wed, 03 Aug 2022 20:36:01 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=release.zip
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 391
date: Mon, 22 Apr 2024 17:46:45 GMT
x-served-by: cache-iad-kcgs7200142-IAD, cache-lcy-eglc8600029-LCY
x-cache: HIT, HIT
x-cache-hits: 398, 0
x-timer: S1713808005.409172,VS0,VE320
content-length: 455770
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

215.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.156.26.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

133.108.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.108.199.185.in-addr.arpa

IN PTR

Response

133.108.199.185.in-addr.arpa

IN PTR

cdn-185-199-108-133githubcom
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1B4BF511FFD1647920E4E178FE31651B; domain=.bing.com; expires=Sat, 17-May-2025 17:46:47 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FD5523BBE1434C61BE47204AF872683E Ref B: LON04EDGE1010 Ref C: 2024-04-22T17:46:47Z
date: Mon, 22 Apr 2024 17:46:46 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1B4BF511FFD1647920E4E178FE31651B

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=qrgWjtDiUspdVhZ6MweM9Rr1hJ85yrIpBxlSTYYnQNY; domain=.bing.com; expires=Sat, 17-May-2025 17:46:47 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 25F37CBEF79A486EB0A6C27C7E8A549E Ref B: LON04EDGE1010 Ref C: 2024-04-22T17:46:47Z
date: Mon, 22 Apr 2024 17:46:46 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1B4BF511FFD1647920E4E178FE31651B; MSPTC=qrgWjtDiUspdVhZ6MweM9Rr1hJ85yrIpBxlSTYYnQNY

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AED5B6C4F4D74A0191A91AD43BD11003 Ref B: LON04EDGE1010 Ref C: 2024-04-22T17:46:47Z
date: Mon, 22 Apr 2024 17:46:46 GMT
DNS

67.32.209.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.32.209.4.in-addr.arpa

IN PTR

Response
DNS

21.114.53.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.114.53.23.in-addr.arpa

IN PTR

Response

21.114.53.23.in-addr.arpa

IN PTR

a23-53-114-21deploystaticakamaitechnologiescom
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

82.90.14.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.90.14.23.in-addr.arpa

IN PTR

Response

82.90.14.23.in-addr.arpa

IN PTR

a23-14-90-82deploystaticakamaitechnologiescom
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

200.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.121.18.2.in-addr.arpa

IN PTR

Response

200.121.18.2.in-addr.arpa

IN PTR

a2-18-121-200deploystaticakamaitechnologiescom
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 555746
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F64C8F01FCAF484BBCDB657650C667B1 Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
date: Mon, 22 Apr 2024 17:48:29 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 415458
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8A17C7CE3F4643DAB4EF304AEEC28BF9 Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
date: Mon, 22 Apr 2024 17:48:29 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 659775
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FA29E8CB6AF74859BE44812A56CC7DE0 Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
date: Mon, 22 Apr 2024 17:48:29 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 621794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 85265D5990EC4AD6B9C61C98C20E1D65 Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
date: Mon, 22 Apr 2024 17:48:29 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 638730
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C7034AEF8F424F7DAFF518E41B01ADF8 Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
date: Mon, 22 Apr 2024 17:48:29 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 430689
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D3DFC93B79B04BC99DDD29856AD58D1F Ref B: LON04EDGE0806 Ref C: 2024-04-22T17:48:30Z
date: Mon, 22 Apr 2024 17:48:30 GMT
DNS

gateway.discord.gg

Client-built.exe

Remote address:

8.8.8.8:53

Request

gateway.discord.gg

IN A

Response

gateway.discord.gg

IN A

162.159.136.234

gateway.discord.gg

IN A

162.159.135.234

gateway.discord.gg

IN A

162.159.134.234

gateway.discord.gg

IN A

162.159.133.234

gateway.discord.gg

IN A

162.159.130.234
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.136.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: n/+Eup5Uguti5jE0eRszig==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Mon, 22 Apr 2024 17:48:44 GMT
Connection: upgrade
sec-websocket-accept: bbC1tqODA32sv4BxW5ajJ73qbMA=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r%2FIFlGYU8lo%2FTzrT6rs3f4GMkxZQkdxbQaiRrqTn0L9EsHLD5ylWPyVHA2E89x5fi93ofDNk34aPwyNb4qZIJJXbIYfujQLuvs45Vc%2B%2FUpEZtBK%2FWqBKe%2F7dGOHSXN8XoeGqbg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 87877246b8097695-LHR
DNS

234.136.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.136.159.162.in-addr.arpa

IN PTR

Response
GET

https://gateway.discord.gg/?v=9&encording=json

Client-built.exe

Remote address:

162.159.136.234:443

Request

GET /?v=9&encording=json HTTP/1.1
Connection: Upgrade,Keep-Alive
Upgrade: websocket
Sec-WebSocket-Key: 1gQGP/1zgzt5O7AQB7VZeg==
Sec-WebSocket-Version: 13
Host: gateway.discord.gg

Response

HTTP/1.1 101 Switching Protocols

Date: Mon, 22 Apr 2024 17:49:04 GMT
Connection: upgrade
sec-websocket-accept: CstGx/LN+zOvYGNYWjnN7jPRk1I=
upgrade: websocket
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mt%2BIdDFdgHdGASi0aOOSHXeVhKud%2BzR6lv1M1o2RIMgp6lwpIU4vMnYeesMKIVbYY13kz5qhx87Cs9hgP2zNxJ2VDxNejbOyRXHokDg8yiiUz9CdQqeqOYD6SbIxOJzzEyYJrg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 878772c71f849559-LHR

20.26.156.215:443

https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip

tls, http2

msedge.exe

2.0kB
8.2kB
17
14

HTTP Request

GET https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip

HTTP Response

302
185.199.108.133:443

https://objects.githubusercontent.com/github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240422%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240422T174645Z&X-Amz-Expires=300&X-Amz-Signature=e2f042af7dc8e2a7d497c35033bfc3332d3bfb14dc2ca85721422b0431e3d3ee&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=514392783&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream

tls, http2

msedge.exe

9.8kB
475.8kB
181
351

HTTP Request

GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/514392783/870646fb-c4a4-4baa-8bf8-f817efb7d140?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240422%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240422T174645Z&X-Amz-Expires=300&X-Amz-Signature=e2f042af7dc8e2a7d497c35033bfc3332d3bfb14dc2ca85721422b0431e3d3ee&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=514392783&response-content-disposition=attachment%3B%20filename%3Drelease.zip&response-content-type=application%2Foctet-stream

HTTP Response

200
204.79.197.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=

tls, http2

2.0kB
9.2kB
21
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7cade95618d74c2ea440f81b9429a8ad&localId=w:E538575A-8E65-34AB-A726-A4D160CA8F07&deviceId=6966564024204374&anid=

HTTP Response

204
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.0kB
16
10
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

123.4kB
3.4MB
2507
2503

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.0kB
16
12
162.159.136.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.1kB
4.2kB
10
12

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101
162.159.136.234:443

https://gateway.discord.gg/?v=9&encording=json

tls, http

Client-built.exe

1.4kB
4.5kB
12
13

HTTP Request

GET https://gateway.discord.gg/?v=9&encording=json

HTTP Response

101

8.8.8.8:53

136.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

136.32.126.40.in-addr.arpa
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

github.com

dns

msedge.exe

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

objects.githubusercontent.com

dns

msedge.exe

75 B
139 B
1
1

DNS Request

objects.githubusercontent.com

DNS Response

185.199.108.133

185.199.109.133

185.199.110.133

185.199.111.133
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

215.156.26.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

215.156.26.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
224.0.0.251:5353

502 B
8
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

133.108.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.108.199.185.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

67.32.209.4.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

67.32.209.4.in-addr.arpa
8.8.8.8:53

21.114.53.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

21.114.53.23.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

205.47.74.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

205.47.74.20.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

82.90.14.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

82.90.14.23.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

200.121.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

200.121.18.2.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

gateway.discord.gg

dns

Client-built.exe

64 B
144 B
1
1

DNS Request

gateway.discord.gg

DNS Response

162.159.136.234

162.159.135.234

162.159.134.234

162.159.133.234

162.159.130.234
8.8.8.8:53

234.136.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

234.136.159.162.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
265B

MD5
f5cd008cf465804d0e6f39a8d81f9a2d

SHA1
6b2907356472ed4a719e5675cc08969f30adc855

SHA256
fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

SHA512
dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
79e8cd4869d2c6b46b03a927e1c30717

SHA1
64fcf282c708d8790727e3d4fdd0001869dab515

SHA256
400d576e26384ea9119568a1e37946a99fbe15b663606b03e9fc908f197d505d

SHA512
517fd52836491055daa7474523cb9a777fd6bc6cb725fc738f36d26c9cb8b51cf4bd8ca182fe969332a7a9f6d9504e355f6ab624ba03f0e8ef56704c0356042f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
81be4dbbabff94ff9d787870467c40ff

SHA1
0589ae4bb6a725112d148a939f425ed0a9118f8e

SHA256
ec298d79fa8e735f78f42d71799ac1be3c3e32156b93cea2f4aedf05d6aa1f94

SHA512
be525c4126918544f1698cd2cee62d7b4eb2788647991eba6b64c60ce01846964ad2542128c23a45724fbdc470ae638ca478836046d3dd10f6112e1dca88526c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a9dc7b126ed23c36c974335d5eb68ac

SHA1
3772797544d84dea9e367e3fa72dab0a533d6483

SHA256
32e798752b2e3b0639a7f6754cace57d1f37ec1c06aafd7a55ef8e95523b726a

SHA512
5aea3405ac9d25604c9c6096a7c21028ebec451b47aed020830c46f879cd5e9006e270a33b94740d82ba2ba24bf500319d8777a4bd8e2a5aac13ee948cb28623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f60a199d07c5e65ccefb842589d6eda5

SHA1
a4ee1febf5aa2cedbd3fd4b60d397bc7905bcc55

SHA256
1bb0aa1695a4caa2cb1d347e46c66183af27c951eb693d9a3f97add7b2b18b3c

SHA512
97038cd0f5249d0aaa5c64fe77e6f820b761cd64ae97a31738f63f333216d11ca62dbc6ae31834a626193108ac12d6a24d4f36986b59668f19dc4d6bc5f56a50

Download Submit
C:\Users\Admin\Downloads\release.zip

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release\Client-built.exe

Filesize
78KB

MD5
5fa78b19ae158350ead3ef50feb6a7a2

SHA1
57d57ca525968fd9d5a9ee38e783e288896caa01

SHA256
1d4914ee768fbaf1b82a860ace972a01338c12a05ff7dbdde42bfab43b21a4d5

SHA512
c0d0803b5ceaa4c3013132ead8d8a95faae4a01933c41cb4c998572c2a31c971faab5bb2c488aee8d73a16a0037a78e09130e1ecd2804c40f0665399c404c00e

Download Submit
memory/736-127-0x0000029751BC0000-0x0000029751D82000-memory.dmp

Filesize
1.8MB

Download
memory/736-130-0x00000297523E0000-0x0000029752908000-memory.dmp

Filesize
5.2MB

Download
memory/736-139-0x0000029751A70000-0x0000029751A80000-memory.dmp

Filesize
64KB

Download
memory/736-135-0x00007FFD5C0A0000-0x00007FFD5CB61000-memory.dmp

Filesize
10.8MB

Download
memory/736-129-0x0000029751A70000-0x0000029751A80000-memory.dmp

Filesize
64KB

Download
memory/736-128-0x00007FFD5C0A0000-0x00007FFD5CB61000-memory.dmp

Filesize
10.8MB

Download
memory/736-126-0x0000029737680000-0x0000029737698000-memory.dmp

Filesize
96KB

Download
memory/1804-123-0x0000000004D00000-0x0000000004D10000-memory.dmp

Filesize
64KB

Download
memory/1804-92-0x0000000074FE0000-0x0000000075790000-memory.dmp

Filesize
7.7MB

Download
memory/1804-121-0x0000000007D60000-0x0000000007E82000-memory.dmp

Filesize
1.1MB

Download
memory/1804-91-0x00000000000A0000-0x00000000000A8000-memory.dmp

Filesize
32KB

Download
memory/1804-120-0x0000000074FE0000-0x0000000075790000-memory.dmp

Filesize
7.7MB

Download
memory/1804-93-0x0000000005050000-0x00000000055F4000-memory.dmp

Filesize
5.6MB

Download
memory/1804-94-0x0000000004AA0000-0x0000000004B32000-memory.dmp

Filesize
584KB

Download
memory/1804-96-0x0000000004C40000-0x0000000004C4A000-memory.dmp

Filesize
40KB

Download
memory/1804-95-0x0000000004D00000-0x0000000004D10000-memory.dmp

Filesize
64KB

Download
memory/5944-137-0x00007FFD5C0A0000-0x00007FFD5CB61000-memory.dmp

Filesize
10.8MB

Download
memory/5944-138-0x00000226D8C40000-0x00000226D8C50000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.