3450807c130b6458cf4ff90fe647faf5c8a8ed4a97c41015abab34a6b87c2f58

Analysis

max time kernel
232s
max time network
219s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2023, 14:18 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bindevt.dll
Size

52KB
MD5

c210a94a31767544ac5e89d59b797254
SHA1

2b718bd5a022e899a9acdd51b86c131ea9bad83c
SHA256

b905a18d36a88fc44a49bcc7b2d91391c1162aeda0981d91286aa89654977e1c
SHA512

f8ff6a839763f49bb56b71bc516357c1a72d2bc4e7e5f9fabbdcddf08c8ab6562f7685a580e55f42bfe1ee861324802a3d4cec7ba19ccc176afc9f76329c763f
SSDEEP

384:jKk9TQsp/0zj3OAPV78tt7l3d0TTwMsKm6jRQnX6MojQWSRkLc0RaPV+8r277eu:jKeTQsio0Zmj3WSRewPVpui/dVtDe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 2224	2500	rundll32.exe	88
PID 2500 wrote to memory of 2224	2500	rundll32.exe	88
PID 2500 wrote to memory of 2224	2500	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bindevt.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bindevt.dll,#1
  2⤵
  PID:2224

Network

DNS

75.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

198.52.96.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.52.96.20.in-addr.arpa

IN PTR

Response
DNS

22.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.236.111.52.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

26.178.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.178.89.13.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f85c5dd1bbd94fbdbb28757202296acb&localId=w:5FCB9D78-6295-811E-E338-42F8BB6F37FC&deviceId=6825820311688634&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f85c5dd1bbd94fbdbb28757202296acb&localId=w:5FCB9D78-6295-811E-E338-42F8BB6F37FC&deviceId=6825820311688634&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0C697FA4542067380EFB6C6755E066EF; domain=.bing.com; expires=Mon, 02-Dec-2024 05:41:51 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7D8667AC6C224883B1E40A850679F3FA Ref B: DUS30EDGE0321 Ref C: 2023-11-08T05:41:51Z
date: Wed, 08 Nov 2023 05:41:51 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f85c5dd1bbd94fbdbb28757202296acb&localId=w:5FCB9D78-6295-811E-E338-42F8BB6F37FC&deviceId=6825820311688634&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f85c5dd1bbd94fbdbb28757202296acb&localId=w:5FCB9D78-6295-811E-E338-42F8BB6F37FC&deviceId=6825820311688634&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0C697FA4542067380EFB6C6755E066EF

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 39D894B9572848128D5B98B8E49310D5 Ref B: DUS30EDGE0321 Ref C: 2023-11-08T05:42:01Z
date: Wed, 08 Nov 2023 05:42:01 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f85c5dd1bbd94fbdbb28757202296acb&localId=w:5FCB9D78-6295-811E-E338-42F8BB6F37FC&deviceId=6825820311688634&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f85c5dd1bbd94fbdbb28757202296acb&localId=w:5FCB9D78-6295-811E-E338-42F8BB6F37FC&deviceId=6825820311688634&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0C697FA4542067380EFB6C6755E066EF

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E3EB2ACD0D6B4B4D8B8EF1A83A917DBC Ref B: DUS30EDGE0321 Ref C: 2023-11-08T05:42:01Z
date: Wed, 08 Nov 2023 05:42:01 GMT
DNS

71.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.159.190.20.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

39.142.81.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

39.142.81.104.in-addr.arpa

IN PTR

Response

39.142.81.104.in-addr.arpa

IN PTR

a104-81-142-39deploystaticakamaitechnologiescom
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301033_1LC8H97PHI36W759M&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301033_1LC8H97PHI36W759M&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 387562
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3C6481146FED4905A82AA8D89AD7166B Ref B: AMS04EDGE1620 Ref C: 2023-11-08T05:42:03Z
date: Wed, 08 Nov 2023 05:42:02 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301616_17QS57ERGFECS8NQT&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301616_17QS57ERGFECS8NQT&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 358283
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DCADEFD034B143D588BAEA9DF6787944 Ref B: AMS04EDGE1620 Ref C: 2023-11-08T05:42:03Z
date: Wed, 08 Nov 2023 05:42:02 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301207_16DUG7VZXGGBE6Y2E&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301207_16DUG7VZXGGBE6Y2E&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 442753
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2EAA8A55F4C74BF5AAC561797826ACBD Ref B: AMS04EDGE1620 Ref C: 2023-11-08T05:42:03Z
date: Wed, 08 Nov 2023 05:42:02 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301552_1IFO1SSFDEAP7NXRO&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301552_1IFO1SSFDEAP7NXRO&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 273239
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FE82981E0AD4494FBF7CE70D6974D55F Ref B: AMS04EDGE1620 Ref C: 2023-11-08T05:42:22Z
date: Wed, 08 Nov 2023 05:42:22 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301143_11K66B0WIWZ9F4H58&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301143_11K66B0WIWZ9F4H58&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 297105
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6EDE63CD8DCA44AEBF19F5017BF7375D Ref B: AMS04EDGE1620 Ref C: 2023-11-08T05:42:22Z
date: Wed, 08 Nov 2023 05:42:22 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301466_1PCHXC6THHPTM3TTR&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301466_1PCHXC6THHPTM3TTR&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 299167
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8903789DF1334D10A25E7270CFE22BBC Ref B: AMS04EDGE1620 Ref C: 2023-11-08T05:42:24Z
date: Wed, 08 Nov 2023 05:42:23 GMT

204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f85c5dd1bbd94fbdbb28757202296acb&localId=w:5FCB9D78-6295-811E-E338-42F8BB6F37FC&deviceId=6825820311688634&anid=

tls, http2

1.9kB
9.3kB
21
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f85c5dd1bbd94fbdbb28757202296acb&localId=w:5FCB9D78-6295-811E-E338-42F8BB6F37FC&deviceId=6825820311688634&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f85c5dd1bbd94fbdbb28757202296acb&localId=w:5FCB9D78-6295-811E-E338-42F8BB6F37FC&deviceId=6825820311688634&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f85c5dd1bbd94fbdbb28757202296acb&localId=w:5FCB9D78-6295-811E-E338-42F8BB6F37FC&deviceId=6825820311688634&anid=

HTTP Response

204
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301466_1PCHXC6THHPTM3TTR&pid=21.2&w=1080&h=1920&c=4

tls, http2

80.7kB
2.1MB
1565
1561

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301033_1LC8H97PHI36W759M&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301616_17QS57ERGFECS8NQT&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301207_16DUG7VZXGGBE6Y2E&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301552_1IFO1SSFDEAP7NXRO&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301143_11K66B0WIWZ9F4H58&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301466_1PCHXC6THHPTM3TTR&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14

8.8.8.8:53

75.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

75.159.190.20.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

198.52.96.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.52.96.20.in-addr.arpa
8.8.8.8:53

22.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.236.111.52.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

26.178.89.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

26.178.89.13.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

71.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

71.159.190.20.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

39.142.81.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

39.142.81.104.in-addr.arpa
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

Windows 7 deprecation

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.