Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1791s -
max time network
1163s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-es -
resource tags
arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
15/07/2023, 16:19 UTC
Behavioral task
behavioral1
Sample
hitpaw-video-enhancer.exe
Resource
win10-20230703-es
Behavioral task
behavioral2
Sample
hitpaw-video-enhancer.exe
Resource
win10v2004-20230703-es
General
-
Target
hitpaw-video-enhancer.exe
-
Size
2.2MB
-
MD5
2613687b43fb2e509fce47e8b0b2444d
-
SHA1
e852da21c8c388edd4ed569d3be0fd63d9aa3897
-
SHA256
640201ba830e9420516377b100409a490f0623a508b3085acc7e7ac721915f4f
-
SHA512
d0ef88c6c3c87517957275d8ad2f06ff4aa6e98bd7a6020aca2ae524b98f2cb4a8519f1f6afe63e1832e8bbae4415c590121823d2a24d07aa2aa2c58a5f3c3eb
-
SSDEEP
49152:5BfoNtu1abLX7EzIXXpT3yDeoOZdft+aXMEV8av5sW6aRHm1TN3zID:5BfBSHhZTCDeoOZPD8EVzRsWvRD
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2100-133-0x0000000000400000-0x00000000008AD000-memory.dmp upx behavioral2/memory/2100-137-0x0000000000400000-0x00000000008AD000-memory.dmp upx -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 23 ip-api.com -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2100 hitpaw-video-enhancer.exe 2100 hitpaw-video-enhancer.exe
Processes
Network
-
Remote address:8.8.8.8:53Request2.136.104.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestwww.tenorshare.comIN AResponsewww.tenorshare.comIN CNAMEwww.tenorshare.com.cdn.cloudflare.netwww.tenorshare.com.cdn.cloudflare.netIN A104.18.24.249www.tenorshare.com.cdn.cloudflare.netIN A104.18.25.249
-
Remote address:104.18.24.249:80RequestGET /downloads/service/softwarelog.txt HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MyIE2; .NET CLR 1.1.4322)
Host: www.tenorshare.com
Cache-Control: no-cache
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.tenorshare.com/downloads/service/softwarelog.txt
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=YyUk5rmuuxZ07YfPay6xrdkWpfxcL8SlJcSEK0CB9FE-1689437967-0-AboJ065/whPdz4xyVouNeeotQxt2IJ/b/u7Z3ULgjQI17zvL4kjNrMgm2CjjvPoriIL+Zz/i1a4LYLbA+03XLaw=; path=/; expires=Sat, 15-Jul-23 16:49:27 GMT; domain=.tenorshare.com; HttpOnly; SameSite=None
Set-Cookie: __cflb=0H28vTnsmZRERARmj9rgetyEAdpv4vfMRLpCcqkogZi; SameSite=Lax; path=/; expires=Sun, 16-Jul-23 15:19:27 GMT; HttpOnly
Server: cloudflare
CF-RAY: 7e7353bdd8eeb7ac-AMS
-
Remote address:104.18.24.249:443RequestGET /downloads/service/softwarelog.txt HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MyIE2; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.tenorshare.com
Connection: Keep-Alive
Cookie: __cf_bm=YyUk5rmuuxZ07YfPay6xrdkWpfxcL8SlJcSEK0CB9FE-1689437967-0-AboJ065/whPdz4xyVouNeeotQxt2IJ/b/u7Z3ULgjQI17zvL4kjNrMgm2CjjvPoriIL+Zz/i1a4LYLbA+03XLaw=; __cflb=0H28vTnsmZRERARmj9rgetyEAdpv4vfMRLpCcqkogZi
ResponseHTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 5
Connection: keep-alive
Last-Modified: Mon, 21 Oct 2019 04:28:53 GMT
ETag: "5dad3405-5"
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7e7353c0dbd50b5e-AMS
-
Remote address:8.8.8.8:53Request249.24.18.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestupdate.tenorshare.comIN AResponseupdate.tenorshare.comIN CNAMEupdate.tenorshare.com.cdn.cloudflare.netupdate.tenorshare.com.cdn.cloudflare.netIN A104.18.24.249update.tenorshare.com.cdn.cloudflare.netIN A104.18.25.249
-
Remote address:8.8.8.8:53Requestip-api.comIN AResponseip-api.comIN A208.95.112.1
-
Remote address:208.95.112.1:80RequestGET /csv HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MyIE2; .NET CLR 1.1.4322)
Host: ip-api.com
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 182
Access-Control-Allow-Origin: *
X-Ttl: 59
X-Rl: 43
-
Remote address:172.217.23.206:80RequestPOST /collect HTTP/1.1
Host: www.google-analytics.com
Accept: */*
Accept-Encoding: identity
Content-Length: 238
Content-Type: application/x-www-form-urlencoded
ResponseHTTP/1.1 200 OK
Date: Sat, 15 Jul 2023 16:19:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
-
Remote address:172.217.23.206:80RequestPOST /collect HTTP/1.1
Host: www.google-analytics.com
Accept: */*
Accept-Encoding: identity
Content-Length: 247
Content-Type: application/x-www-form-urlencoded
ResponseHTTP/1.1 200 OK
Date: Sat, 15 Jul 2023 16:19:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
-
Remote address:172.217.23.206:80RequestPOST /collect HTTP/1.1
Host: www.google-analytics.com
Accept: */*
Accept-Encoding: identity
Content-Length: 271
Content-Type: application/x-www-form-urlencoded
ResponseHTTP/1.1 200 OK
Date: Sat, 15 Jul 2023 16:19:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
-
Remote address:172.217.23.206:80RequestPOST /collect HTTP/1.1
Host: www.google-analytics.com
Accept: */*
Accept-Encoding: identity
Content-Length: 253
Content-Type: application/x-www-form-urlencoded
ResponseHTTP/1.1 200 OK
Date: Sat, 15 Jul 2023 16:19:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
-
Remote address:172.217.23.206:80RequestPOST /collect HTTP/1.1
Host: www.google-analytics.com
Accept: */*
Accept-Encoding: identity
Content-Length: 240
Content-Type: application/x-www-form-urlencoded
ResponseHTTP/1.1 200 OK
Date: Sat, 15 Jul 2023 16:19:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
-
Remote address:172.217.23.206:80RequestPOST /collect HTTP/1.1
Host: www.google-analytics.com
Accept: */*
Accept-Encoding: identity
Content-Length: 252
Content-Type: application/x-www-form-urlencoded
ResponseHTTP/1.1 200 OK
Date: Sat, 15 Jul 2023 16:19:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
-
Remote address:172.217.23.206:80RequestPOST /collect HTTP/1.1
Host: www.google-analytics.com
Accept: */*
Accept-Encoding: identity
Content-Length: 278
Content-Type: application/x-www-form-urlencoded
ResponseHTTP/1.1 200 OK
Date: Sat, 15 Jul 2023 16:19:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
-
Remote address:172.217.23.206:80RequestPOST /collect HTTP/1.1
Host: www.google-analytics.com
Accept: */*
Accept-Encoding: identity
Content-Length: 278
Content-Type: application/x-www-form-urlencoded
ResponseHTTP/1.1 200 OK
Date: Sat, 15 Jul 2023 16:19:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
-
Remote address:172.217.23.206:80RequestPOST /collect HTTP/1.1
Host: www.google-analytics.com
Accept: */*
Accept-Encoding: identity
Content-Length: 247
Content-Type: application/x-www-form-urlencoded
ResponseHTTP/1.1 200 OK
Date: Sat, 15 Jul 2023 16:19:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
-
Remote address:172.217.23.206:80RequestPOST /collect HTTP/1.1
Host: www.google-analytics.com
Accept: */*
Accept-Encoding: identity
Content-Length: 259
Content-Type: application/x-www-form-urlencoded
ResponseHTTP/1.1 200 OK
Date: Sat, 15 Jul 2023 16:19:28 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
-
Remote address:172.217.23.206:80RequestPOST /collect HTTP/1.1
Host: www.google-analytics.com
Accept: */*
Accept-Encoding: identity
Content-Length: 245
Content-Type: application/x-www-form-urlencoded
ResponseHTTP/1.1 200 OK
Date: Sat, 15 Jul 2023 16:19:31 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
-
Remote address:8.8.8.8:53Request205.47.74.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request1.112.95.208.in-addr.arpaIN PTRResponse1.112.95.208.in-addr.arpaIN PTRip-apicom
-
Remote address:8.8.8.8:53Request206.23.217.172.in-addr.arpaIN PTRResponse206.23.217.172.in-addr.arpaIN PTRprg03s05-in-f2061e100net206.23.217.172.in-addr.arpaIN PTRprg03s05-in-f14�J206.23.217.172.in-addr.arpaIN PTRams16s37-in-f14�J
-
Remote address:8.8.8.8:53Request59.128.231.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.81.21.72.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request226.162.46.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request69.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request9.57.101.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.99.105.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request86.8.109.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request8.3.197.209.in-addr.arpaIN PTRResponse8.3.197.209.in-addr.arpaIN PTRvip0x008map2sslhwcdnnet
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request216.74.101.95.in-addr.arpaIN PTRResponse216.74.101.95.in-addr.arpaIN PTRa95-101-74-216deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request131.72.42.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request131.72.42.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestassets.msn.comIN AResponseassets.msn.comIN CNAMEassets.msn.com.edgekey.netassets.msn.com.edgekey.netIN CNAMEe28578.d.akamaiedge.nete28578.d.akamaiedge.netIN A2.19.194.72e28578.d.akamaiedge.netIN A2.19.194.121
-
Remote address:8.8.8.8:53Requestassets.msn.comIN AResponseassets.msn.comIN CNAMEassets.msn.com.edgekey.netassets.msn.com.edgekey.netIN CNAMEe28578.d.akamaiedge.nete28578.d.akamaiedge.netIN A2.19.194.72e28578.d.akamaiedge.netIN A2.19.194.121
-
GEThttps://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=0dc0086c-7599-413f-b9f8-d261278775b3&ocid=windows-windowsShell-feeds&user=m-70c31f41647e46938fbaa0e2f28afd05&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=es-ES&caller=bgtaskRemote address:2.19.194.72:443RequestGET /serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=0dc0086c-7599-413f-b9f8-d261278775b3&ocid=windows-windowsShell-feeds&user=m-70c31f41647e46938fbaa0e2f28afd05&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=es-ES&caller=bgtask HTTP/2.0
host: assets.msn.com
x-search-account: None
accept-encoding: gzip, deflate
x-device-machineid: {4F901D09-C7B3-4142-BC6B-116CA1F2D68B}
x-userageclass: Unknown
x-bm-market: ES
x-bm-dateformat: dd/MM/yyyy
x-device-ossku: 48
x-bm-dtz: 0
x-deviceid: 0100B2E609000CC3
x-bm-windowsflights: FX:119E26AD,FX:11D898D7,FX:11DB147C,FX:11DE505A,FX:11E11E97,FX:11E3E2BA,FX:11E50151,FX:11E9EE98,FX:11F1992A,FX:11F4161E,FX:11F41B68,FX:11FB0F2F,FX:1201B330,FX:1202B7FC,FX:120BB68E,FX:121A20E1,FX:121BF15F,FX:121E5EC8,FX:122D8E86,FX:123031A3,FX:1231B88B,FX:123371B1,FX:1233C945,FX:123D7C31,FX:1240013C,FX:1246E4A3,FX:1248306D,FX:124B38D0,FX:1250080B,FX:125A7FDA,FX:1264FA75,FX:126DBC22,FX:127159BE,FX:12769734,FX:127C935B,FX:127DC03A,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5
sitename: www.msn.com
x-bm-theme: 000000;0078d7
muid: 70C31F41647E46938FBAA0E2F28AFD05
x-agent-deviceid: 0100B2E609000CC3
x-bm-onlinesearchdisabled: true
x-bm-cbt: 1689438493
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
x-device-isoptin: false
accept-language: es-ES, es, en-US, en
x-device-touch: false
x-device-clientsession: 63527EF7D253454687EF0FFBE7E9717B
cookie: MUID=70C31F41647E46938FBAA0E2F28AFD05
ResponseHTTP/2.0 200
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-origin: *.msn.com
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
content-encoding: gzip
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-tmpl: daucoldcap:1;partialResponse:1;coldStartUpsell:1;winbadge:1;coldStart:1;lowC:0;lowT:0;tbn:0
x-wpo-activityid: D19C008F-A444-4CAC-B1EB-809B431BE8CB|2023-07-15T16:28:15.2019525Z|fabric:/wpo|WEU|WPO_80
ddd-feednewsitemcount: 0
ddd-activityid: d19c008f-a444-4cac-b1eb-809b431be8cb
ddd-strategyexecutionlatency: 00:00:00.1897928
ddd-debugid: d19c008f-a444-4cac-b1eb-809b431be8cb|2023-07-15T16:28:15.2125040Z|fabric:/winfeed|WEU|WinFeed_207
onewebservicelatency: 190
x-msedge-responseinfo: 190
x-ceto-ref: 64b2c91f5b054f29a66c2460c07d445c|2023-07-15T16:28:15.017Z
expires: Sat, 15 Jul 2023 16:28:15 GMT
date: Sat, 15 Jul 2023 16:28:15 GMT
content-length: 3513
akamai-request-bc: [a=2.19.194.68,b=1013928430,c=g,n=NL__AMSTERDAM,o=20940],[a=20.23.114.34,c=o]
server-timing: clientrtt; dur=32, clienttt; dur=196, origin; dur=196 , cdntime; dur=0
akamai-cache-status: Miss from child
akamai-server-ip: 2.19.194.68
akamai-request-id: 3c6f51ee
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
vary: Origin
-
Remote address:8.8.8.8:53Request72.194.19.2.in-addr.arpaIN PTRResponse72.194.19.2.in-addr.arpaIN PTRa2-19-194-72deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request72.194.19.2.in-addr.arpaIN PTRResponse72.194.19.2.in-addr.arpaIN PTRa2-19-194-72deploystaticakamaitechnologiescom
-
104.18.24.249:80http://www.tenorshare.com/downloads/service/softwarelog.txthttphitpaw-video-enhancer.exe583 B 1.2kB 7 5
HTTP Request
GET http://www.tenorshare.com/downloads/service/softwarelog.txtHTTP Response
301 -
104.18.24.249:443https://www.tenorshare.com/downloads/service/softwarelog.txttls, httphitpaw-video-enhancer.exe1.3kB 4.9kB 12 9
HTTP Request
GET https://www.tenorshare.com/downloads/service/softwarelog.txtHTTP Response
200 -
1.3kB 5.6kB 11 12
-
453 B 525 B 5 4
HTTP Request
GET http://ip-api.com/csvHTTP Response
200 -
5.3kB 5.2kB 16 14
HTTP Request
POST http://www.google-analytics.com/collectHTTP Response
200HTTP Request
POST http://www.google-analytics.com/collectHTTP Response
200HTTP Request
POST http://www.google-analytics.com/collectHTTP Response
200HTTP Request
POST http://www.google-analytics.com/collectHTTP Response
200HTTP Request
POST http://www.google-analytics.com/collectHTTP Response
200HTTP Request
POST http://www.google-analytics.com/collectHTTP Response
200HTTP Request
POST http://www.google-analytics.com/collectHTTP Response
200HTTP Request
POST http://www.google-analytics.com/collectHTTP Response
200HTTP Request
POST http://www.google-analytics.com/collectHTTP Response
200HTTP Request
POST http://www.google-analytics.com/collectHTTP Response
200HTTP Request
POST http://www.google-analytics.com/collectHTTP Response
200 -
2.19.194.72:443https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=0dc0086c-7599-413f-b9f8-d261278775b3&ocid=windows-windowsShell-feeds&user=m-70c31f41647e46938fbaa0e2f28afd05&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=es-ES&caller=bgtasktls, http22.7kB 12.6kB 22 20
HTTP Request
GET https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=0dc0086c-7599-413f-b9f8-d261278775b3&ocid=windows-windowsShell-feeds&user=m-70c31f41647e46938fbaa0e2f28afd05&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=es-ES&caller=bgtaskHTTP Response
200
-
71 B 157 B 1 1
DNS Request
2.136.104.51.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
64 B 147 B 1 1
DNS Request
www.tenorshare.com
DNS Response
104.18.24.249104.18.25.249
-
72 B 134 B 1 1
DNS Request
249.24.18.104.in-addr.arpa
-
67 B 153 B 1 1
DNS Request
update.tenorshare.com
DNS Response
104.18.24.249104.18.25.249
-
56 B 72 B 1 1
DNS Request
ip-api.com
DNS Response
208.95.112.1
-
71 B 157 B 1 1
DNS Request
205.47.74.20.in-addr.arpa
-
71 B 95 B 1 1
DNS Request
1.112.95.208.in-addr.arpa
-
73 B 173 B 1 1
DNS Request
206.23.217.172.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
59.128.231.4.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
26.165.165.52.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
71 B 142 B 1 1
DNS Request
240.81.21.72.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
226.162.46.104.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
69.31.126.40.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
9.57.101.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
58.99.105.20.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
86.8.109.52.in-addr.arpa
-
70 B 111 B 1 1
DNS Request
8.3.197.209.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
26.35.223.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
216.74.101.95.in-addr.arpa
-
142 B 314 B 2 2
DNS Request
131.72.42.20.in-addr.arpa
DNS Request
131.72.42.20.in-addr.arpa
-
120 B 332 B 2 2
DNS Request
assets.msn.com
DNS Request
assets.msn.com
DNS Response
2.19.194.722.19.194.121
DNS Response
2.19.194.722.19.194.121
-
140 B 266 B 2 2
DNS Request
72.194.19.2.in-addr.arpa
DNS Request
72.194.19.2.in-addr.arpa