Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Libs/Extreme.Net.dll

windows7-x64

1

Libs/Extreme.Net.dll

windows10-2004-x64

1

Libs/Injecting.dll

windows7-x64

1

Libs/Injecting.dll

windows10-2004-x64

1

Libs/libEGL.dll

windows7-x64

1

Libs/libEGL.dll

windows10-2004-x64

3

Libs/libgc...-1.dll

windows7-x64

3

Libs/libgc...-1.dll

windows10-2004-x64

3

concrt140.dll

windows7-x64

3

concrt140.dll

windows10-2004-x64

3

cpfe.dll

windows7-x64

3

cpfe.dll

windows10-2004-x64

3

kopje.rtf

windows7-x64

1

kopje.rtf

windows10-2004-x64

1

lnstall.exe

windows7-x64

5

lnstall.exe

windows10-2004-x64

10

msvcp140.dll

windows7-x64

3

msvcp140.dll

windows10-2004-x64

3

vcruntime140.dll

windows7-x64

3

vcruntime140.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/01/2024, 01:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vcruntime140.dll

  • Size

    88KB

  • MD5

    1d4ff3cf64ab08c66ae9a4013c89a3ac

  • SHA1

    f9ee15d0e9b0b7e04ff4c8a5de5afcffe8b2527b

  • SHA256

    65f620bc588d95fe2ed236d1602e49f89077b434c83102549eed137c7fdc7220

  • SHA512

    65fbd68843280e933620c470e524fba993ab4c48ede4bc0917b4ebe25da0408d02daec3f5afcd44a3ff8aba676d2eff2dda3f354029d27932ef39c9fdea51c26

  • SSDEEP

    1536:Lb8h/b8bgkjohTX6pz0y9v+xSUKF1IuCmgnKecbWJdazlTjznFKwcjzBG:LbWUgkOTX6ey9v+xSjFyuBecbWnaNjjb

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\vcruntime140.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\vcruntime140.dll,#1
      2⤵
        PID:2092
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 600
          3⤵
          • Program crash
          PID:452
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2092 -ip 2092
      1⤵
        PID:2216

      Network

      • flag-us
        DNS
        2.136.104.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.136.104.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        2.136.104.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        2.136.104.51.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        240.221.184.93.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.221.184.93.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        240.221.184.93.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.221.184.93.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        6.181.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        6.181.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        59.128.231.4.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        59.128.231.4.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        88.156.103.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        88.156.103.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        9.228.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        9.228.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        4.181.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        4.181.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        86.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        86.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        41.110.16.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        41.110.16.96.in-addr.arpa
        IN PTR
        Response
        41.110.16.96.in-addr.arpa
        IN PTR
        a96-16-110-41deploystaticakamaitechnologiescom
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        0.205.248.87.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        0.205.248.87.in-addr.arpa
        IN PTR
        Response
        0.205.248.87.in-addr.arpa
        IN PTR
        https-87-248-205-0lgwllnwnet
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301280_1QUX2N4CPASZCCZYY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301280_1QUX2N4CPASZCCZYY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 669861
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 6C0DEB92C8654F04930713E570D1D694 Ref B: LON04EDGE0909 Ref C: 2024-01-14T01:17:07Z
        date: Sun, 14 Jan 2024 01:17:07 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 638248
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 82AE4190779D4833A7160D34FEF52B04 Ref B: LON04EDGE0909 Ref C: 2024-01-14T01:17:07Z
        date: Sun, 14 Jan 2024 01:17:07 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301689_1HC75QQV0N8KTKP7U&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301689_1HC75QQV0N8KTKP7U&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 646893
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: A5978F4344C74F8CA5118503E0D5DF62 Ref B: LON04EDGE0909 Ref C: 2024-01-14T01:17:07Z
        date: Sun, 14 Jan 2024 01:17:07 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301091_17CAP65GDSQMFV4JE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301091_17CAP65GDSQMFV4JE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 328427
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: C70AE13AC7CF4B1089F06FB25DE85C2D Ref B: LON04EDGE0909 Ref C: 2024-01-14T01:17:07Z
        date: Sun, 14 Jan 2024 01:17:07 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301524_1QHZ48X3FA5D7O1LG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301524_1QHZ48X3FA5D7O1LG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      • flag-us
        DNS
        200.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.197.79.204.in-addr.arpa
        IN PTR
        Response
        200.197.79.204.in-addr.arpa
        IN PTR
        a-0001a-msedgenet
      • flag-us
        DNS
        104.241.123.92.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        104.241.123.92.in-addr.arpa
        IN PTR
        Response
        104.241.123.92.in-addr.arpa
        IN PTR
        a92-123-241-104deploystaticakamaitechnologiescom
      • flag-us
        DNS
        119.110.54.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        119.110.54.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        178.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        178.178.17.96.in-addr.arpa
        IN PTR
        Response
        178.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-178deploystaticakamaitechnologiescom
      • flag-us
        DNS
        59.134.221.88.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        59.134.221.88.in-addr.arpa
        IN PTR
        Response
        59.134.221.88.in-addr.arpa
        IN PTR
        a88-221-134-59deploystaticakamaitechnologiescom
      • flag-us
        DNS
        180.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        180.178.17.96.in-addr.arpa
        IN PTR
        Response
        180.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-180deploystaticakamaitechnologiescom
      • flag-us
        DNS
        173.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        173.178.17.96.in-addr.arpa
        IN PTR
        Response
        173.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-173deploystaticakamaitechnologiescom
      • flag-us
        DNS
        173.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        173.178.17.96.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        23.236.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        23.236.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        174.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        174.178.17.96.in-addr.arpa
        IN PTR
        Response
        174.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-174deploystaticakamaitechnologiescom
      • flag-us
        DNS
        174.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        174.178.17.96.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        174.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        174.178.17.96.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        16.173.189.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        16.173.189.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.143.101.95.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.143.101.95.in-addr.arpa
        IN PTR
        Response
        26.143.101.95.in-addr.arpa
        IN PTR
        a95-101-143-26deploystaticakamaitechnologiescom
      • 20.231.121.79:80
        104 B
         2
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.3kB
         16
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.3kB
         16
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.3kB
         16
        14
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239317301524_1QHZ48X3FA5D7O1LG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        tls, http2
        69.1kB
         2.0MB
         1448
        1443

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301280_1QUX2N4CPASZCCZYY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301689_1HC75QQV0N8KTKP7U&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301091_17CAP65GDSQMFV4JE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Response

        200

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301524_1QHZ48X3FA5D7O1LG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Response

        200
      • 96.16.110.114:80
      • 8.8.8.8:53
        2.136.104.51.in-addr.arpa
        dns
        142 B
         157 B
         2
        1

        DNS Request

        2.136.104.51.in-addr.arpa

        DNS Request

        2.136.104.51.in-addr.arpa

      • 8.8.8.8:53
        240.221.184.93.in-addr.arpa
        dns
        146 B
         144 B
         2
        1

        DNS Request

        240.221.184.93.in-addr.arpa

        DNS Request

        240.221.184.93.in-addr.arpa

      • 8.8.8.8:53
        6.181.190.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        6.181.190.20.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        59.128.231.4.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        59.128.231.4.in-addr.arpa

      • 8.8.8.8:53
        88.156.103.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        88.156.103.20.in-addr.arpa

      • 8.8.8.8:53
        9.228.82.20.in-addr.arpa
        dns
        70 B
         156 B
         1
        1

        DNS Request

        9.228.82.20.in-addr.arpa

      • 8.8.8.8:53
        4.181.190.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        4.181.190.20.in-addr.arpa

      • 8.8.8.8:53
        86.23.85.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        86.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        41.110.16.96.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        41.110.16.96.in-addr.arpa

      • 8.8.8.8:53
        56.126.166.20.in-addr.arpa
        dns
        144 B
         158 B
         2
        1

        DNS Request

        56.126.166.20.in-addr.arpa

        DNS Request

        56.126.166.20.in-addr.arpa

      • 8.8.8.8:53
        0.205.248.87.in-addr.arpa
        dns
        71 B
         116 B
         1
        1

        DNS Request

        0.205.248.87.in-addr.arpa

      • 8.8.8.8:53
        26.35.223.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        26.35.223.20.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
         173 B
         1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        200.197.79.204.in-addr.arpa
        dns
        73 B
         106 B
         1
        1

        DNS Request

        200.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        104.241.123.92.in-addr.arpa
        dns
        73 B
         139 B
         1
        1

        DNS Request

        104.241.123.92.in-addr.arpa

      • 8.8.8.8:53
        119.110.54.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        119.110.54.20.in-addr.arpa

      • 8.8.8.8:53
        178.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        178.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        59.134.221.88.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        59.134.221.88.in-addr.arpa

      • 8.8.8.8:53
        180.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        180.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        173.178.17.96.in-addr.arpa
        dns
        144 B
         137 B
         2
        1

        DNS Request

        173.178.17.96.in-addr.arpa

        DNS Request

        173.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        23.236.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        23.236.111.52.in-addr.arpa

      • 8.8.8.8:53
        174.178.17.96.in-addr.arpa
        dns
        216 B
         137 B
         3
        1

        DNS Request

        174.178.17.96.in-addr.arpa

        DNS Request

        174.178.17.96.in-addr.arpa

        DNS Request

        174.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        16.173.189.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        16.173.189.20.in-addr.arpa

      • 8.8.8.8:53
        26.143.101.95.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        26.143.101.95.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.