Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/03/2024, 21:24 UTC

General

  • Target

    dca564f509a3aa5a7f748f67607c6854.dll

  • Size

    48KB

  • MD5

    dca564f509a3aa5a7f748f67607c6854

  • SHA1

    2392b9b77dc5716a3b5977b558b3edbbda99f715

  • SHA256

    b8eb9d67513a1202a469b706ca34fcb509f17bbf51894e210fb5a073ba34c21c

  • SHA512

    527ed0f875be78ee0cbd545d1e3c88a78a445a2bfe87bcc5026b4455256537c046505db8f9be4bb6b71b0b20069872d4b021ba01b9ba335064d02485bdf3a06a

  • SSDEEP

    768:BR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMIEV:8aAoHoc2x7bZoYBAcQlwJdMo

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\dca564f509a3aa5a7f748f67607c6854.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3348
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\dca564f509a3aa5a7f748f67607c6854.dll,#1
      2⤵
        PID:4832
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3792 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:1136

      Network

      • flag-us
        DNS
        136.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        136.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.a-0001.a-msedge.net
        g-bing-com.a-0001.a-msedge.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
      • flag-us
        DNS
        81.171.91.138.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        81.171.91.138.in-addr.arpa
        IN PTR
        Response
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=250AD859884D6B080823CC1089AD6A35; domain=.bing.com; expires=Tue, 15-Apr-2025 21:25:12 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: A769384965654B9EA5939C69BCE17858 Ref B: LON04EDGE1022 Ref C: 2024-03-21T21:25:12Z
        date: Thu, 21 Mar 2024 21:25:11 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=250AD859884D6B080823CC1089AD6A35
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=zJWXIBAy1u3vNqws7Yq8OZkw027CFhvLcIU6iwel01k; domain=.bing.com; expires=Tue, 15-Apr-2025 21:25:12 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 3EE4EAB2B39541698A8E9A3CE493E281 Ref B: LON04EDGE1022 Ref C: 2024-03-21T21:25:12Z
        date: Thu, 21 Mar 2024 21:25:12 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=250AD859884D6B080823CC1089AD6A35; MSPTC=zJWXIBAy1u3vNqws7Yq8OZkw027CFhvLcIU6iwel01k
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 4A45A18C9CFE433FAC2FC3B98917F8D5 Ref B: LON04EDGE1022 Ref C: 2024-03-21T21:25:13Z
        date: Thu, 21 Mar 2024 21:25:13 GMT
      • flag-us
        DNS
        210.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        210.178.17.96.in-addr.arpa
        IN PTR
        Response
        210.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-210deploystaticakamaitechnologiescom
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        200.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.197.79.204.in-addr.arpa
        IN PTR
        Response
        200.197.79.204.in-addr.arpa
        IN PTR
        a-0001a-msedgenet
      • flag-us
        DNS
        28.118.140.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        28.118.140.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        41.110.16.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        41.110.16.96.in-addr.arpa
        IN PTR
        Response
        41.110.16.96.in-addr.arpa
        IN PTR
        a96-16-110-41deploystaticakamaitechnologiescom
      • flag-us
        DNS
        68.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        68.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        68.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        68.159.190.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        68.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        68.159.190.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        157.123.68.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        157.123.68.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        13.86.106.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        13.86.106.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        140.71.91.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        140.71.91.104.in-addr.arpa
        IN PTR
        Response
        140.71.91.104.in-addr.arpa
        IN PTR
        a104-91-71-140deploystaticakamaitechnologiescom
      • flag-us
        DNS
        185.13.222.173.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        185.13.222.173.in-addr.arpa
        IN PTR
        Response
        185.13.222.173.in-addr.arpa
        IN PTR
        a173-222-13-185deploystaticakamaitechnologiescom
      • flag-us
        DNS
        185.13.222.173.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        185.13.222.173.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        185.13.222.173.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        185.13.222.173.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        185.13.222.173.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        185.13.222.173.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        119.110.54.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        119.110.54.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        134.71.91.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        134.71.91.104.in-addr.arpa
        IN PTR
        Response
        134.71.91.104.in-addr.arpa
        IN PTR
        a104-91-71-134deploystaticakamaitechnologiescom
      • flag-us
        DNS
        186.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        186.178.17.96.in-addr.arpa
        IN PTR
        Response
        186.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-186deploystaticakamaitechnologiescom
      • flag-us
        DNS
        114.110.16.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        114.110.16.96.in-addr.arpa
        IN PTR
        Response
        114.110.16.96.in-addr.arpa
        IN PTR
        a96-16-110-114deploystaticakamaitechnologiescom
      • flag-us
        DNS
        80.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        80.179.17.96.in-addr.arpa
        IN PTR
        Response
        80.179.17.96.in-addr.arpa
        IN PTR
        a96-17-179-80deploystaticakamaitechnologiescom
      • flag-us
        DNS
        128.225.79.178.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        128.225.79.178.in-addr.arpa
        IN PTR
        Response
        128.225.79.178.in-addr.arpa
        IN PTR
        https-178-79-225-128mxpllnwnet
      • flag-us
        DNS
        197.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        197.178.17.96.in-addr.arpa
        IN PTR
        Response
        197.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-197deploystaticakamaitechnologiescom
      • flag-us
        DNS
        194.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        194.178.17.96.in-addr.arpa
        IN PTR
        Response
        194.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-194deploystaticakamaitechnologiescom
      • flag-us
        DNS
        43.58.199.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        43.58.199.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301578_16RTS3GAZ3AT29YOT&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301578_16RTS3GAZ3AT29YOT&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 299573
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 62F0D1F2E81F4280AC05FCB1669B9318 Ref B: LON04EDGE0620 Ref C: 2024-03-21T21:27:00Z
        date: Thu, 21 Mar 2024 21:27:00 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340418602_13EDNGC3ZL2WGZFXN&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239340418602_13EDNGC3ZL2WGZFXN&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 219688
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 84A3ED7D930B4F019E7E30DECA9B0C20 Ref B: LON04EDGE0620 Ref C: 2024-03-21T21:27:00Z
        date: Thu, 21 Mar 2024 21:27:00 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301169_1B5BA0C4QNKYTONE8&pid=21.2&w=1920&h=1080&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239317301169_1B5BA0C4QNKYTONE8&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 315308
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 3F967A27A97947EA8D396859E9B1B5C8 Ref B: LON04EDGE0620 Ref C: 2024-03-21T21:27:00Z
        date: Thu, 21 Mar 2024 21:27:00 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340418601_1XRLHD1YRS9ZZSDWX&pid=21.2&w=1080&h=1920&c=4
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239340418601_1XRLHD1YRS9ZZSDWX&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 271675
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 6EF2626A94524888AFDFEE2FD18911AE Ref B: LON04EDGE0620 Ref C: 2024-03-21T21:27:00Z
        date: Thu, 21 Mar 2024 21:27:00 GMT
      • flag-us
        DNS
        35.197.79.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        35.197.79.40.in-addr.arpa
        IN PTR
        Response
      • 142.250.178.10:443
        46 B
        40 B
        1
        1
      • 204.79.197.200:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
        tls, http2
        2.8kB
        10.4kB
        27
        21

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

        HTTP Response

        204
      • 13.107.253.64:443
        46 B
        40 B
        1
        1
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        8.1kB
        16
        13
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        8.1kB
        16
        13
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239340418601_1XRLHD1YRS9ZZSDWX&pid=21.2&w=1080&h=1920&c=4
        tls, http2
        42.9kB
        1.2MB
        852
        847

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301578_16RTS3GAZ3AT29YOT&pid=21.2&w=1080&h=1920&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340418602_13EDNGC3ZL2WGZFXN&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301169_1B5BA0C4QNKYTONE8&pid=21.2&w=1920&h=1080&c=4

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340418601_1XRLHD1YRS9ZZSDWX&pid=21.2&w=1080&h=1920&c=4

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.4kB
        8.5kB
        18
        14
      • 8.8.8.8:53
        136.32.126.40.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        136.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
        144 B
        1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        241.154.82.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        241.154.82.20.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        112 B
        158 B
        2
        1

        DNS Request

        g.bing.com

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        81.171.91.138.in-addr.arpa
        dns
        72 B
        146 B
        1
        1

        DNS Request

        81.171.91.138.in-addr.arpa

      • 8.8.8.8:53
        210.178.17.96.in-addr.arpa
        dns
        72 B
        137 B
        1
        1

        DNS Request

        210.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        26.35.223.20.in-addr.arpa
        dns
        71 B
        157 B
        1
        1

        DNS Request

        26.35.223.20.in-addr.arpa

      • 8.8.8.8:53
        200.197.79.204.in-addr.arpa
        dns
        73 B
        106 B
        1
        1

        DNS Request

        200.197.79.204.in-addr.arpa

      • 8.8.8.8:53
        28.118.140.52.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        28.118.140.52.in-addr.arpa

      • 8.8.8.8:53
        41.110.16.96.in-addr.arpa
        dns
        71 B
        135 B
        1
        1

        DNS Request

        41.110.16.96.in-addr.arpa

      • 8.8.8.8:53
        68.159.190.20.in-addr.arpa
        dns
        216 B
        158 B
        3
        1

        DNS Request

        68.159.190.20.in-addr.arpa

        DNS Request

        68.159.190.20.in-addr.arpa

        DNS Request

        68.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        157.123.68.40.in-addr.arpa
        dns
        72 B
        146 B
        1
        1

        DNS Request

        157.123.68.40.in-addr.arpa

      • 8.8.8.8:53
        56.126.166.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        56.126.166.20.in-addr.arpa

      • 8.8.8.8:53
        13.86.106.20.in-addr.arpa
        dns
        71 B
        157 B
        1
        1

        DNS Request

        13.86.106.20.in-addr.arpa

      • 8.8.8.8:53
        140.71.91.104.in-addr.arpa
        dns
        72 B
        137 B
        1
        1

        DNS Request

        140.71.91.104.in-addr.arpa

      • 8.8.8.8:53
        185.13.222.173.in-addr.arpa
        dns
        292 B
        139 B
        4
        1

        DNS Request

        185.13.222.173.in-addr.arpa

        DNS Request

        185.13.222.173.in-addr.arpa

        DNS Request

        185.13.222.173.in-addr.arpa

        DNS Request

        185.13.222.173.in-addr.arpa

      • 8.8.8.8:53
        119.110.54.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        119.110.54.20.in-addr.arpa

      • 8.8.8.8:53
        134.71.91.104.in-addr.arpa
        dns
        72 B
        137 B
        1
        1

        DNS Request

        134.71.91.104.in-addr.arpa

      • 8.8.8.8:53
        186.178.17.96.in-addr.arpa
        dns
        72 B
        137 B
        1
        1

        DNS Request

        186.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        114.110.16.96.in-addr.arpa
        dns
        72 B
        137 B
        1
        1

        DNS Request

        114.110.16.96.in-addr.arpa

      • 8.8.8.8:53
        80.179.17.96.in-addr.arpa
        dns
        71 B
        135 B
        1
        1

        DNS Request

        80.179.17.96.in-addr.arpa

      • 8.8.8.8:53
        128.225.79.178.in-addr.arpa
        dns
        73 B
        120 B
        1
        1

        DNS Request

        128.225.79.178.in-addr.arpa

      • 8.8.8.8:53
        197.178.17.96.in-addr.arpa
        dns
        72 B
        137 B
        1
        1

        DNS Request

        197.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        194.178.17.96.in-addr.arpa
        dns
        72 B
        137 B
        1
        1

        DNS Request

        194.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        43.58.199.20.in-addr.arpa
        dns
        71 B
        157 B
        1
        1

        DNS Request

        43.58.199.20.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
        173 B
        1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        35.197.79.40.in-addr.arpa
        dns
        71 B
        145 B
        1
        1

        DNS Request

        35.197.79.40.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.