Analysis
-
max time kernel
144s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 11:16 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
16ef2a6384edbf6bd2594888bf782410.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
16ef2a6384edbf6bd2594888bf782410.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
16ef2a6384edbf6bd2594888bf782410.exe
-
Size
380KB
-
MD5
16ef2a6384edbf6bd2594888bf782410
-
SHA1
3ebfd2711ba66e4040796db181684463377ada45
-
SHA256
5fd2ef9baa827c08446ada2ea6ed30ba6b9f4f9c8b8785d6e22dafc32ea323ae
-
SHA512
4dcf2b4ea7bded88630fae86b23a7859b53b9e6e7363641bc1b8f9738badd11aa8449407915e5102a5f649c90982945a07f69aa0b503155576724c65382eb556
-
SSDEEP
6144:ULOUjxnrPr0zfUS6A9utCTCWqWvNk9weEEYwa1zPcTN6zCxHKyvdfU4tT:UpkIA9UrKNk9n4wamTNWWqkdb
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1476 5072 WerFault.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\16ef2a6384edbf6bd2594888bf782410.exe"C:\Users\Admin\AppData\Local\Temp\16ef2a6384edbf6bd2594888bf782410.exe"1⤵PID:5072
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 5202⤵
- Program crash
PID:1476
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5072 -ip 50721⤵PID:4412
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.a-0001.a-msedge.netg-bing-com.a-0001.a-msedge.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=28f892d7c21a43e9947002f9e4b6ca53&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=28f892d7c21a43e9947002f9e4b6ca53&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=25B6F5630BA76B1215A6E6980A806ACB; domain=.bing.com; expires=Mon, 27-Jan-2025 07:23:45 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7B3717F4FBBC459FA1DD8E179183C927 Ref B: LON04EDGE0619 Ref C: 2024-01-03T07:23:45Z
date: Wed, 03 Jan 2024 07:23:45 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=28f892d7c21a43e9947002f9e4b6ca53&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=28f892d7c21a43e9947002f9e4b6ca53&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=25B6F5630BA76B1215A6E6980A806ACB
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=jj2NchE--J6FJJHhWd6oFnazgGe95hCn_HTlNLUzOME; domain=.bing.com; expires=Mon, 27-Jan-2025 07:23:45 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 20686D13F8BE4A749F7D5D89C2789DEE Ref B: LON04EDGE0619 Ref C: 2024-01-03T07:23:45Z
date: Wed, 03 Jan 2024 07:23:45 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=28f892d7c21a43e9947002f9e4b6ca53&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=28f892d7c21a43e9947002f9e4b6ca53&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=25B6F5630BA76B1215A6E6980A806ACB; MSPTC=jj2NchE--J6FJJHhWd6oFnazgGe95hCn_HTlNLUzOME
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8E2072C799CC4F719568AB5FFFC3B8DD Ref B: LON04EDGE0619 Ref C: 2024-01-03T07:23:46Z
date: Wed, 03 Jan 2024 07:23:46 GMT
-
Remote address:8.8.8.8:53Request146.78.124.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request180.178.17.96.in-addr.arpaIN PTRResponse180.178.17.96.in-addr.arpaIN PTRa96-17-178-180deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request1.181.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request2.136.104.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request59.128.231.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request157.123.68.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request217.135.221.88.in-addr.arpaIN PTRResponse217.135.221.88.in-addr.arpaIN PTRa88-221-135-217deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request209.178.17.96.in-addr.arpaIN PTRResponse209.178.17.96.in-addr.arpaIN PTRa96-17-178-209deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301421_1O9QSVM80YG18KICT&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301421_1O9QSVM80YG18KICT&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 494047
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 577E2EF456EE445EBD46D7BD9DC317D0 Ref B: LON04EDGE0809 Ref C: 2024-01-03T07:25:29Z
date: Wed, 03 Jan 2024 07:25:29 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301366_1F7IE3E9ETFG8ONMF&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301366_1F7IE3E9ETFG8ONMF&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 351064
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1DECB54DE8A643F7825BC9312ECF8C4E Ref B: LON04EDGE0809 Ref C: 2024-01-03T07:25:29Z
date: Wed, 03 Jan 2024 07:25:29 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301543_1CIZ3PLQIVW17ASZG&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301543_1CIZ3PLQIVW17ASZG&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 481295
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1FF93D1C5C764010AEDDCDB67434170B Ref B: LON04EDGE0809 Ref C: 2024-01-03T07:25:30Z
date: Wed, 03 Jan 2024 07:25:30 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317300988_17HJ37E2JP0ASFIUD&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317300988_17HJ37E2JP0ASFIUD&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 477179
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5E2D18AC234144DFB602D0166BDB39D3 Ref B: LON04EDGE0809 Ref C: 2024-01-03T07:25:35Z
date: Wed, 03 Jan 2024 07:25:35 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301110_1IQWPWO97O09A6G81&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301110_1IQWPWO97O09A6G81&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 494171
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C8A7A2F22D7B436FB5033FDCA5684F44 Ref B: LON04EDGE0809 Ref C: 2024-01-03T07:25:35Z
date: Wed, 03 Jan 2024 07:25:35 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317300933_1BHZAO1SQN99WZXJ8&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317300933_1BHZAO1SQN99WZXJ8&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 354022
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 399991386EA94E0A95E693824227923E Ref B: LON04EDGE0809 Ref C: 2024-01-03T07:25:35Z
date: Wed, 03 Jan 2024 07:25:35 GMT
-
204.79.197.200:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=28f892d7c21a43e9947002f9e4b6ca53&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=tls, http22.4kB 9.3kB 23 17
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=28f892d7c21a43e9947002f9e4b6ca53&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=28f892d7c21a43e9947002f9e4b6ca53&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=28f892d7c21a43e9947002f9e4b6ca53&localId=w:E944F1F3-CBEC-A3DA-080B-887FDBFE3333&deviceId=6896190258816330&anid=HTTP Response
204 -
2.0kB 8.3kB 20 14
-
1.6kB 9.8kB 20 17
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239317300933_1BHZAO1SQN99WZXJ8&pid=21.2&w=1920&h=1080&c=4tls, http2103.5kB 2.8MB 2017 2011
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301421_1O9QSVM80YG18KICT&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301366_1F7IE3E9ETFG8ONMF&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301543_1CIZ3PLQIVW17ASZG&pid=21.2&w=1080&h=1920&c=4HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317300988_17HJ37E2JP0ASFIUD&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301110_1IQWPWO97O09A6G81&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317300933_1BHZAO1SQN99WZXJ8&pid=21.2&w=1920&h=1080&c=4HTTP Response
200 -
1.8kB 7.7kB 17 10
-
1.5kB 8.3kB 18 15
-
56 B 158 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.20013.107.21.200
-
72 B 158 B 1 1
DNS Request
146.78.124.51.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
180.178.17.96.in-addr.arpa
-
73 B 106 B 1 1
DNS Request
200.197.79.204.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
1.181.190.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
2.136.104.51.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
43.58.199.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
59.128.231.4.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
157.123.68.40.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
217.135.221.88.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
209.178.17.96.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200