f01136c186b2c2b753b65e35b94333cd8bd3495e4a33b8852f9060bc9cd0925d

Analysis

max time kernel
140s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 08:25 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/InstallOptions.dll
Size

14KB
MD5

325b008aec81e5aaa57096f05d4212b5
SHA1

27a2d89747a20305b6518438eff5b9f57f7df5c3
SHA256

c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
SHA512

18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
SSDEEP

192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4880	4436	WerFault.exe	84

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 4436	2728	rundll32.exe	84
PID 2728 wrote to memory of 4436	2728	rundll32.exe	84
PID 2728 wrote to memory of 4436	2728	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
  2⤵
  PID:4436
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 636
    3⤵
    - Program crash
    PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4436 -ip 4436
1⤵
PID:4708

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8HkGVlNyvo6rF9mEG6Z95_DVUCUyodztz87mrze4TZ9FWj3VgH27DvGpe8_c1ubrqylL18wVwkWXaMmkolCsHTFuw875FskwqvzrSoRRUnV3FmG-yx2gS8-G3LmeBq2eSxP67Ap06un1n5WJRZo9WXZLBhTqQ_sBjriD-8Rslb1dc4JTL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmJ1eSUyZmNvbXBhcmUtYWxsLW1pY3Jvc29mdC0zNjUtcHJvZHVjdHMlM2ZvY2lkJTNkY21tYmV1bWVkNTU%26rlid%3D97db72633c9b15ae26f1140b909e631f&TIME=20240611T195757Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8HkGVlNyvo6rF9mEG6Z95_DVUCUyodztz87mrze4TZ9FWj3VgH27DvGpe8_c1ubrqylL18wVwkWXaMmkolCsHTFuw875FskwqvzrSoRRUnV3FmG-yx2gS8-G3LmeBq2eSxP67Ap06un1n5WJRZo9WXZLBhTqQ_sBjriD-8Rslb1dc4JTL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmJ1eSUyZmNvbXBhcmUtYWxsLW1pY3Jvc29mdC0zNjUtcHJvZHVjdHMlM2ZvY2lkJTNkY21tYmV1bWVkNTU%26rlid%3D97db72633c9b15ae26f1140b909e631f&TIME=20240611T195757Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1535F1F4CE3F60980928E550CFDF619F; domain=.bing.com; expires=Tue, 15-Jul-2025 08:25:52 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 794D6F2A468349C9A8242104E342A67C Ref B: LON04EDGE1216 Ref C: 2024-06-20T08:25:52Z
date: Thu, 20 Jun 2024 08:25:51 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8HkGVlNyvo6rF9mEG6Z95_DVUCUyodztz87mrze4TZ9FWj3VgH27DvGpe8_c1ubrqylL18wVwkWXaMmkolCsHTFuw875FskwqvzrSoRRUnV3FmG-yx2gS8-G3LmeBq2eSxP67Ap06un1n5WJRZo9WXZLBhTqQ_sBjriD-8Rslb1dc4JTL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmJ1eSUyZmNvbXBhcmUtYWxsLW1pY3Jvc29mdC0zNjUtcHJvZHVjdHMlM2ZvY2lkJTNkY21tYmV1bWVkNTU%26rlid%3D97db72633c9b15ae26f1140b909e631f&TIME=20240611T195757Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8HkGVlNyvo6rF9mEG6Z95_DVUCUyodztz87mrze4TZ9FWj3VgH27DvGpe8_c1ubrqylL18wVwkWXaMmkolCsHTFuw875FskwqvzrSoRRUnV3FmG-yx2gS8-G3LmeBq2eSxP67Ap06un1n5WJRZo9WXZLBhTqQ_sBjriD-8Rslb1dc4JTL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmJ1eSUyZmNvbXBhcmUtYWxsLW1pY3Jvc29mdC0zNjUtcHJvZHVjdHMlM2ZvY2lkJTNkY21tYmV1bWVkNTU%26rlid%3D97db72633c9b15ae26f1140b909e631f&TIME=20240611T195757Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1535F1F4CE3F60980928E550CFDF619F; _EDGE_S=SID=1B823D3E93F6621032E7299A92F06371

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=hxN5DEbIhaz-DA_ZfA-7mezxPME-yqA0t4LHRH9nTlI; domain=.bing.com; expires=Tue, 15-Jul-2025 08:25:52 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 25AE0F68DD8D49F29ADF7DA2CC42CD1F Ref B: LON04EDGE1216 Ref C: 2024-06-20T08:25:52Z
date: Thu, 20 Jun 2024 08:25:52 GMT
DNS

183.142.211.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.142.211.20.in-addr.arpa

IN PTR

Response
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

20.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.160.190.20.in-addr.arpa

IN PTR

Response
GET

https://www.bing.com/aes/c.gif?RG=9240c2464ca24a98bbf8d6038f3851e6&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T195757Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407

Remote address:

23.62.61.106:443

Request

GET /aes/c.gif?RG=9240c2464ca24a98bbf8d6038f3851e6&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T195757Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1535F1F4CE3F60980928E550CFDF619F

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CE2A77BDE99648ADA2175AC0CBE60DC8 Ref B: LON212050703029 Ref C: 2024-06-20T08:25:52Z
content-length: 0
date: Thu, 20 Jun 2024 08:25:52 GMT
set-cookie: _EDGE_S=SID=1B823D3E93F6621032E7299A92F06371; path=/; httponly; domain=bing.com
set-cookie: MUIDB=1535F1F4CE3F60980928E550CFDF619F; path=/; httponly; expires=Tue, 15-Jul-2025 08:25:52 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.663d3e17.1718871952.702e08e
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

106.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.61.62.23.in-addr.arpa

IN PTR

Response

106.61.62.23.in-addr.arpa

IN PTR

a23-62-61-106deploystaticakamaitechnologiescom
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 664170
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DAE2F252CB8B41628036BF2706A02982 Ref B: LON04EDGE1222 Ref C: 2024-06-20T08:27:31Z
date: Thu, 20 Jun 2024 08:27:31 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 612524
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7BEFAF3966F6441BBF41309C2E4122A6 Ref B: LON04EDGE1222 Ref C: 2024-06-20T08:27:31Z
date: Thu, 20 Jun 2024 08:27:31 GMT
DNS

10.27.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.27.171.150.in-addr.arpa

IN PTR

Response

204.79.197.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8HkGVlNyvo6rF9mEG6Z95_DVUCUyodztz87mrze4TZ9FWj3VgH27DvGpe8_c1ubrqylL18wVwkWXaMmkolCsHTFuw875FskwqvzrSoRRUnV3FmG-yx2gS8-G3LmeBq2eSxP67Ap06un1n5WJRZo9WXZLBhTqQ_sBjriD-8Rslb1dc4JTL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmJ1eSUyZmNvbXBhcmUtYWxsLW1pY3Jvc29mdC0zNjUtcHJvZHVjdHMlM2ZvY2lkJTNkY21tYmV1bWVkNTU%26rlid%3D97db72633c9b15ae26f1140b909e631f&TIME=20240611T195757Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

tls, http2

2.6kB
9.1kB
20
17

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8HkGVlNyvo6rF9mEG6Z95_DVUCUyodztz87mrze4TZ9FWj3VgH27DvGpe8_c1ubrqylL18wVwkWXaMmkolCsHTFuw875FskwqvzrSoRRUnV3FmG-yx2gS8-G3LmeBq2eSxP67Ap06un1n5WJRZo9WXZLBhTqQ_sBjriD-8Rslb1dc4JTL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmJ1eSUyZmNvbXBhcmUtYWxsLW1pY3Jvc29mdC0zNjUtcHJvZHVjdHMlM2ZvY2lkJTNkY21tYmV1bWVkNTU%26rlid%3D97db72633c9b15ae26f1140b909e631f&TIME=20240611T195757Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8HkGVlNyvo6rF9mEG6Z95_DVUCUyodztz87mrze4TZ9FWj3VgH27DvGpe8_c1ubrqylL18wVwkWXaMmkolCsHTFuw875FskwqvzrSoRRUnV3FmG-yx2gS8-G3LmeBq2eSxP67Ap06un1n5WJRZo9WXZLBhTqQ_sBjriD-8Rslb1dc4JTL%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmJ1eSUyZmNvbXBhcmUtYWxsLW1pY3Jvc29mdC0zNjUtcHJvZHVjdHMlM2ZvY2lkJTNkY21tYmV1bWVkNTU%26rlid%3D97db72633c9b15ae26f1140b909e631f&TIME=20240611T195757Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407&muid=82EA48EC8031841EBBBB3EE75126D09B

HTTP Response

204
23.62.61.106:443

https://www.bing.com/aes/c.gif?RG=9240c2464ca24a98bbf8d6038f3851e6&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T195757Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407

tls, http2

1.5kB
5.5kB
17
15

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=9240c2464ca24a98bbf8d6038f3851e6&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T195757Z&adUnitId=11730597&localId=w:82EA48EC-8031-841E-BBBB-3EE75126D09B&deviceId=6896198597119407

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
16
14
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

45.4kB
1.3MB
968
965

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

183.142.211.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

183.142.211.20.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

20.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

20.160.190.20.in-addr.arpa
8.8.8.8:53

205.47.74.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

205.47.74.20.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

106.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

106.61.62.23.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

10.27.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.27.171.150.in-addr.arpa

Windows 7 deprecation

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.