Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

035560667b...49.dll

windows7-x64

1

035560667b...49.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    114s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 20:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    035560667b53bea3cbd3f3bd4b556c49.dll

  • Size

    320KB

  • MD5

    035560667b53bea3cbd3f3bd4b556c49

  • SHA1

    dd313bac5101aaf266028edeb83ffe0a32f99927

  • SHA256

    cf2bc623334708bde5c7fd054b91446ac2b47d106207b80cd6ea281e3d55e759

  • SHA512

    1441bcf64716998a9bb5717db593dcd8b0b10413f9f3745dea65490fffb3a84c546626e5fee7b2d539be3c9928b617b24b6f498c70bad55e54711f576bcd3e2c

  • SSDEEP

    6144:SyMWrs0O3ZIVa3PR4zuO6M/xt7DLA/Gz99wvd0qB:CWrPlVs5fO6Mpt74/G9Rq

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\035560667b53bea3cbd3f3bd4b556c49.dll,#1
    1⤵
      PID:2236
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 588
        2⤵
        • Program crash
        PID:3204
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\035560667b53bea3cbd3f3bd4b556c49.dll,#1
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4560
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2236 -ip 2236
      1⤵
        PID:2700

      Network

      • flag-us
        DNS
        19.53.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        19.53.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        19.53.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        19.53.126.40.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        19.53.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        19.53.126.40.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.a-0001.a-msedge.net
        g-bing-com.a-0001.a-msedge.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=3E09C309055B6C9F2C12D0FE04E06DED; domain=.bing.com; expires=Thu, 23-Jan-2025 01:56:31 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: C58324CA72D94BF9BB690DBB93AB4D3B Ref B: LON04EDGE0918 Ref C: 2023-12-30T01:56:31Z
        date: Sat, 30 Dec 2023 01:56:31 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=3E09C309055B6C9F2C12D0FE04E06DED
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=KZDItk-SWWtdJtyWrHDHC1pMJ2SwqAmZWqZoe4MGg00; domain=.bing.com; expires=Thu, 23-Jan-2025 01:56:31 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 887E927A6DD74880BDB7F412D364B350 Ref B: LON04EDGE0918 Ref C: 2023-12-30T01:56:31Z
        date: Sat, 30 Dec 2023 01:56:31 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=3E09C309055B6C9F2C12D0FE04E06DED; MSPTC=KZDItk-SWWtdJtyWrHDHC1pMJ2SwqAmZWqZoe4MGg00
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 6836175EEADE40F79B56DD68E0D0BD6A Ref B: LON04EDGE0918 Ref C: 2023-12-30T01:56:31Z
        date: Sat, 30 Dec 2023 01:56:31 GMT
      • flag-us
        DNS
        180.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        180.178.17.96.in-addr.arpa
        IN PTR
        Response
        180.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-180deploystaticakamaitechnologiescom
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        205.47.74.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        205.47.74.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        41.110.16.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        41.110.16.96.in-addr.arpa
        IN PTR
        Response
        41.110.16.96.in-addr.arpa
        IN PTR
        a96-16-110-41deploystaticakamaitechnologiescom
      • flag-us
        DNS
        157.123.68.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        157.123.68.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        157.123.68.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        157.123.68.40.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        15.164.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        15.164.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301011_1Q64Y8U9UJ0Y7FTOQ&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301011_1Q64Y8U9UJ0Y7FTOQ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 485036
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: E8B828DE0E1A4F5989C55FD15C5F9B09 Ref B: LON04EDGE0812 Ref C: 2023-12-30T01:58:20Z
        date: Sat, 30 Dec 2023 01:58:20 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 589227
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: D7EEE7AF96D9492CB13CDD26A794FEE2 Ref B: LON04EDGE0812 Ref C: 2023-12-30T01:58:20Z
        date: Sat, 30 Dec 2023 01:58:20 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 171891
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: E85A871F34A14734ACE05148B4A48053 Ref B: LON04EDGE0812 Ref C: 2023-12-30T01:58:20Z
        date: Sat, 30 Dec 2023 01:58:20 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301608_1VIRGE9SQGF5A77JM&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301608_1VIRGE9SQGF5A77JM&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 430426
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 0F550CDAB17243A5BFE23865E703C322 Ref B: LON04EDGE0812 Ref C: 2023-12-30T01:58:20Z
        date: Sat, 30 Dec 2023 01:58:20 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301199_1N7DT3DN40PC8RCSP&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301199_1N7DT3DN40PC8RCSP&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 471518
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 72D2DFC0D05C46C59A40B88DEDF93ABC Ref B: LON04EDGE0812 Ref C: 2023-12-30T01:58:20Z
        date: Sat, 30 Dec 2023 01:58:20 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301444_1ADW5UG9KMTHYULQ8&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301444_1ADW5UG9KMTHYULQ8&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • 204.79.197.200:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
        tls, http2
        2.1kB
         9.6kB
         23
        20

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e14975f3645c407f9afb719fe46442ac&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

        HTTP Response

        204
      • 20.231.121.79:80
        46 B
         1
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.3kB
         15
        14
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239317301444_1ADW5UG9KMTHYULQ8&pid=21.2&w=1080&h=1920&c=4
        tls, http2
        49.9kB
         1.3MB
         948
        946

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301011_1Q64Y8U9UJ0Y7FTOQ&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301608_1VIRGE9SQGF5A77JM&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301199_1N7DT3DN40PC8RCSP&pid=21.2&w=1920&h=1080&c=4

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301444_1ADW5UG9KMTHYULQ8&pid=21.2&w=1080&h=1920&c=4
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.3kB
         15
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.3kB
         16
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.3kB
         15
        14
      • 8.8.8.8:53
        19.53.126.40.in-addr.arpa
        dns
        213 B
         157 B
         3
        1

        DNS Request

        19.53.126.40.in-addr.arpa

        DNS Request

        19.53.126.40.in-addr.arpa

        DNS Request

        19.53.126.40.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        112 B
         158 B
         2
        1

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        180.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        180.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        241.154.82.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        241.154.82.20.in-addr.arpa

      • 8.8.8.8:53
        205.47.74.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        205.47.74.20.in-addr.arpa

      • 8.8.8.8:53
        41.110.16.96.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        41.110.16.96.in-addr.arpa

      • 8.8.8.8:53
        157.123.68.40.in-addr.arpa
        dns
        144 B
         146 B
         2
        1

        DNS Request

        157.123.68.40.in-addr.arpa

        DNS Request

        157.123.68.40.in-addr.arpa

      • 8.8.8.8:53
        15.164.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        15.164.165.52.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
         173 B
         1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2236-0-0x00000000029E0000-0x00000000029FB000-memory.dmp

        Filesize

        108KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.