Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

604b563913...d6.dll

windows7-x64

7

604b563913...d6.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 08:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    604b563913e25eb096996c476baf2ed6.dll

  • Size

    6KB

  • MD5

    604b563913e25eb096996c476baf2ed6

  • SHA1

    79ad3abad29107cf1cc83bfba97f41831cb32e0c

  • SHA256

    e89a8b52d0d4888e89319ce915609be45ca265ea06a397eaa5dc6b1804af0597

  • SHA512

    22a014a87036732942c770cc53917c937666d6092a17502562f4ca10e76ca7917dcbca76cd0f03d3d77c73593ca3d5a4f976005bb5cb34a27558e3054d8e59d7

  • SSDEEP

    96:/cSNFobSQqyPVqF5ZBOwWD9h0sQOlE196MTR48mu:/cKiLVqDOweFQO+9

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\604b563913e25eb096996c476baf2ed6.dll,#1
    1⤵
      PID:4776
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 804
        2⤵
        • Program crash
        PID:444
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\604b563913e25eb096996c476baf2ed6.dll,#1
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1460
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4776 -ip 4776
      1⤵
        PID:1340

      Network

      • flag-us
        DNS
        45.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        45.179.17.96.in-addr.arpa
        IN PTR
        Response
        45.179.17.96.in-addr.arpa
        IN PTR
        a96-17-179-45deploystaticakamaitechnologiescom
      • flag-us
        DNS
        147.177.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        147.177.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        158.240.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        158.240.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.a-0001.a-msedge.net
        g-bing-com.a-0001.a-msedge.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d91fc235826e4dcb8c2231d721422ae9&localId=w:5CCFAF18-3F96-093A-F0B7-3C3E79A9C582&deviceId=6966554353444491&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d91fc235826e4dcb8c2231d721422ae9&localId=w:5CCFAF18-3F96-093A-F0B7-3C3E79A9C582&deviceId=6966554353444491&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=1CCAAC466CC56B713C00BFB26D7E6AE2; domain=.bing.com; expires=Mon, 20-Jan-2025 14:13:25 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 34EFF243ECE846ACB492F1A11CC1870F Ref B: LON04EDGE0907 Ref C: 2023-12-27T14:13:25Z
        date: Wed, 27 Dec 2023 14:13:25 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d91fc235826e4dcb8c2231d721422ae9&localId=w:5CCFAF18-3F96-093A-F0B7-3C3E79A9C582&deviceId=6966554353444491&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d91fc235826e4dcb8c2231d721422ae9&localId=w:5CCFAF18-3F96-093A-F0B7-3C3E79A9C582&deviceId=6966554353444491&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=1CCAAC466CC56B713C00BFB26D7E6AE2
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=FRjzx7SUPyuFN5U7EJv2tEV8WDOl_UpKiLE4TOhdVhs; domain=.bing.com; expires=Mon, 20-Jan-2025 14:13:25 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: D6FB531AE2E347B9B9840AA23FA7048C Ref B: LON04EDGE0907 Ref C: 2023-12-27T14:13:25Z
        date: Wed, 27 Dec 2023 14:13:25 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d91fc235826e4dcb8c2231d721422ae9&localId=w:5CCFAF18-3F96-093A-F0B7-3C3E79A9C582&deviceId=6966554353444491&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d91fc235826e4dcb8c2231d721422ae9&localId=w:5CCFAF18-3F96-093A-F0B7-3C3E79A9C582&deviceId=6966554353444491&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=1CCAAC466CC56B713C00BFB26D7E6AE2; MSPTC=FRjzx7SUPyuFN5U7EJv2tEV8WDOl_UpKiLE4TOhdVhs
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 54E8E7C600214A62A2C02F8ACBD2B1A1 Ref B: LON04EDGE0907 Ref C: 2023-12-27T14:13:25Z
        date: Wed, 27 Dec 2023 14:13:25 GMT
      • flag-us
        DNS
        22.177.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        22.177.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        55.36.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        55.36.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        9.228.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        9.228.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        4.181.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        4.181.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        50.23.12.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        50.23.12.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        50.23.12.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        50.23.12.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        206.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        206.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        41.110.16.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        41.110.16.96.in-addr.arpa
        IN PTR
        Response
        41.110.16.96.in-addr.arpa
        IN PTR
        a96-16-110-41deploystaticakamaitechnologiescom
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        59.128.231.4.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        59.128.231.4.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301235_1HF3YV71T1KJCXDY3&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301235_1HF3YV71T1KJCXDY3&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 483471
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 954F2232101F4068B84857F7C1825034 Ref B: LON04EDGE0706 Ref C: 2023-12-27T14:14:16Z
        date: Wed, 27 Dec 2023 14:14:15 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301644_1VM6W540D06LTCJ4J&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301644_1VM6W540D06LTCJ4J&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 358514
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 336317D9AB2B4660979488E210CEEC56 Ref B: LON04EDGE0706 Ref C: 2023-12-27T14:14:16Z
        date: Wed, 27 Dec 2023 14:14:15 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 300283
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: D016AF965C8C4EE5AF9BE14A8C3D2A5A Ref B: LON04EDGE0706 Ref C: 2023-12-27T14:14:16Z
        date: Wed, 27 Dec 2023 14:14:15 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317300982_1TKQ9ZJY0GKWNCGWQ&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317300982_1TKQ9ZJY0GKWNCGWQ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 361903
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 3F32C249F20B44F3934CE248E7A07CB3 Ref B: LON04EDGE0706 Ref C: 2023-12-27T14:14:16Z
        date: Wed, 27 Dec 2023 14:14:15 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301415_1PILMZUL1YAW6A5IW&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301415_1PILMZUL1YAW6A5IW&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 425813
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: E64BAF0090FC46E1996C5B1ABD64972C Ref B: LON04EDGE0706 Ref C: 2023-12-27T14:14:17Z
        date: Wed, 27 Dec 2023 14:14:16 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-gb
        DNS
        Remote address:
        88.221.134.18:80
        Response
        HTTP/1.1 200 OK
        Cache-Control: public, max-age=17280000
        Content-Type: application/octet-stream
        Last-Modified: Thu, 12 May 2022 16:58:44 GMT
        Accept-Ranges: bytes
        ETag: "vxK3Ekr79ns7IfzONOLa2gsPG50="
        X-AspNetMvc-Version: 5.2
        MS-CorrelationId: 95143335-05b8-4e23-81c7-c88e0cd06223
        MS-RequestId: cf16ff60-e6c5-486b-a026-a280ac3c032c
        MS-CV: ksn+naj91ky/n0Ho.0
        X-AspNet-Version: 4.0.30319
        X-Powered-By: ASP.NET
        X-Powered-By: ARR/3.0
        X-Powered-By: ASP.NET
        X-Azure-Ref-OriginShield: Ref A: B18D0E47DB934918864D58AEA5268F5D Ref B: AMS231021014019 Ref C: 2023-06-17T06:56:22Z
        X-MSEdge-Ref: Ref A: 5D6489A1780F4775A041BE75218ED33B Ref B: LTSEDGE1813 Ref C: 2023-06-20T11:29:30Z
        Content-Length: 176062
        Date: Wed, 27 Dec 2023 14:14:53 GMT
        Connection: keep-alive
        X-CCC: GB
        X-CID: 2
      • flag-us
        DNS
        11.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        11.227.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        183.1.37.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        183.1.37.23.in-addr.arpa
        IN PTR
        Response
        183.1.37.23.in-addr.arpa
        IN PTR
        a23-37-1-183deploystaticakamaitechnologiescom
      • flag-us
        DNS
        119.110.54.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        119.110.54.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        119.110.54.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        119.110.54.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        198.187.3.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.187.3.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        198.187.3.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.187.3.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        67.112.168.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        67.112.168.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        217.135.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        217.135.221.88.in-addr.arpa
        IN PTR
        Response
        217.135.221.88.in-addr.arpa
        IN PTR
        a88-221-135-217deploystaticakamaitechnologiescom
      • flag-us
        DNS
        68.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        68.179.17.96.in-addr.arpa
        IN PTR
        Response
        68.179.17.96.in-addr.arpa
        IN PTR
        a96-17-179-68deploystaticakamaitechnologiescom
      • 138.91.171.81:80
        52 B
         1
      • 204.79.197.200:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d91fc235826e4dcb8c2231d721422ae9&localId=w:5CCFAF18-3F96-093A-F0B7-3C3E79A9C582&deviceId=6966554353444491&anid=
        tls, http2
        2.1kB
         9.6kB
         23
        19

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d91fc235826e4dcb8c2231d721422ae9&localId=w:5CCFAF18-3F96-093A-F0B7-3C3E79A9C582&deviceId=6966554353444491&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d91fc235826e4dcb8c2231d721422ae9&localId=w:5CCFAF18-3F96-093A-F0B7-3C3E79A9C582&deviceId=6966554353444491&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d91fc235826e4dcb8c2231d721422ae9&localId=w:5CCFAF18-3F96-093A-F0B7-3C3E79A9C582&deviceId=6966554353444491&anid=

        HTTP Response

        204
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.3kB
         16
        14
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&w=1080&h=1920&c=4
        tls, http2
        55.9kB
         1.6MB
         1166
        1160

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301235_1HF3YV71T1KJCXDY3&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301644_1VM6W540D06LTCJ4J&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317300982_1TKQ9ZJY0GKWNCGWQ&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301415_1PILMZUL1YAW6A5IW&pid=21.2&w=1080&h=1920&c=4

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&w=1080&h=1920&c=4

        HTTP Response

        200

        HTTP Response

        200
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.3kB
         16
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.5kB
         8.2kB
         17
        13
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.1kB
         8.2kB
         14
        12
      • 93.184.221.240:80
        230 B
         80 B
         5
        2
      • 96.16.110.114:80
      • 93.184.221.240:80
        282 B
         80 B
         6
        2
      • 20.242.39.171:443
      • 52.111.227.11:443
      • 88.221.134.18:80
        http
        3.3kB
         182.3kB
         72
        135

        HTTP Response

        200
      • 96.16.110.114:80
      • 88.221.134.18:80
      • 96.17.179.68:80
      • 96.17.179.68:80
      • 8.8.8.8:53
        45.179.17.96.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        45.179.17.96.in-addr.arpa

      • 8.8.8.8:53
        147.177.190.20.in-addr.arpa
        dns
        73 B
         159 B
         1
        1

        DNS Request

        147.177.190.20.in-addr.arpa

      • 8.8.8.8:53
        158.240.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        158.240.127.40.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         158 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        22.177.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        22.177.190.20.in-addr.arpa

      • 8.8.8.8:53
        55.36.223.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        55.36.223.20.in-addr.arpa

      • 8.8.8.8:53
        9.228.82.20.in-addr.arpa
        dns
        70 B
         156 B
         1
        1

        DNS Request

        9.228.82.20.in-addr.arpa

      • 8.8.8.8:53
        4.181.190.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        4.181.190.20.in-addr.arpa

      • 8.8.8.8:53
        50.23.12.20.in-addr.arpa
        dns
        140 B
         156 B
         2
        1

        DNS Request

        50.23.12.20.in-addr.arpa

        DNS Request

        50.23.12.20.in-addr.arpa

      • 8.8.8.8:53
        206.23.85.13.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        206.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        41.110.16.96.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        41.110.16.96.in-addr.arpa

      • 8.8.8.8:53
        241.154.82.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        241.154.82.20.in-addr.arpa

      • 8.8.8.8:53
        59.128.231.4.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        59.128.231.4.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
         173 B
         1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 162.159.36.2:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
      • 8.8.8.8:53
        11.227.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        11.227.111.52.in-addr.arpa

      • 8.8.8.8:53
      • 8.8.8.8:53
        183.1.37.23.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        183.1.37.23.in-addr.arpa

      • 8.8.8.8:53
        119.110.54.20.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        119.110.54.20.in-addr.arpa

        DNS Request

        119.110.54.20.in-addr.arpa

      • 8.8.8.8:53
        198.187.3.20.in-addr.arpa
        dns
        142 B
         157 B
         2
        1

        DNS Request

        198.187.3.20.in-addr.arpa

        DNS Request

        198.187.3.20.in-addr.arpa

      • 8.8.8.8:53
        67.112.168.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        67.112.168.52.in-addr.arpa

      • 8.8.8.8:53
        217.135.221.88.in-addr.arpa
        dns
        73 B
         139 B
         1
        1

        DNS Request

        217.135.221.88.in-addr.arpa

      • 8.8.8.8:53
        68.179.17.96.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        68.179.17.96.in-addr.arpa

      • 8.8.8.8:53

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4776-0-0x0000000010000000-0x000000001000A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4776-1-0x0000000010000000-0x000000001000A000-memory.dmp

        Filesize

        40KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.