Analysis

  • max time kernel
    1800s
  • max time network
    1147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2024, 00:17 UTC

General

  • Target

    Subnautica v1.0-v20210512 Plus 15 Trainer.exe

  • Size

    1.6MB

  • MD5

    802562bbcb719682e5239724bbcb66af

  • SHA1

    26dddeaa207b363225a0bb923177096b753c681e

  • SHA256

    20c61005893f31e43e1efb523cc80a6267cbaa1d0f878d8b54fca7e2878aa81f

  • SHA512

    315969abd2052edb5dd53ed5e1e0080320dc948d8c52e13114ff3971d89a59ce4263cdb1be1d7eab85d1368a10ef437541a575727bb373bd4af83e2eeb33a696

  • SSDEEP

    24576:KHfTuC9i/EAVw5MarrOE8Q78D03McY04WzDSOcxMbJ7:Kqh/9u6aGQgD0ccYKtcxMV7

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Subnautica v1.0-v20210512 Plus 15 Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\Subnautica v1.0-v20210512 Plus 15 Trainer.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1932

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    flingtrainer.com
    Subnautica v1.0-v20210512 Plus 15 Trainer.exe
    Remote address:
    8.8.8.8:53
    Request
    flingtrainer.com
    IN A
    Response
    flingtrainer.com
    IN A
    104.26.14.72
    flingtrainer.com
    IN A
    104.26.15.72
    flingtrainer.com
    IN A
    172.67.73.26
  • flag-us
    GET
    https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update
    Subnautica v1.0-v20210512 Plus 15 Trainer.exe
    Remote address:
    104.26.14.72:443
    Request
    GET /wp-content/check-for-trainer-update/get-trainer-update HTTP/1.1
    User-Agent: FLiNGTrainer
    Host: flingtrainer.com
    Response
    HTTP/1.1 200 OK
    Date: Sat, 19 Oct 2024 00:18:01 GMT
    Content-Length: 6
    Connection: keep-alive
    vary: User-Agent
    last-modified: Tue, 09 May 2023 12:34:22 GMT
    etag: "6-5fb41f9908f80"
    accept-ranges: bytes
    Cache-Control: no-cache, no-store, must-revalidate
    pragma: no-cache
    expires: 0
    x-frame-options: SAMEORIGIN
    x-xss-protection: 1; mode=block
    x-content-type-options: nosniff
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7pEswlEMTKN0fdT5MMVP%2F9X45rBP%2BvygiGirQHuCXLwgcNDMu36bzSXMAXvgkfXuzAj63eQksmdIFxPl%2BqIThhJv9A98uVa0nRo0rTQQ2qmLk5CqDsgeRLvoLMwnJQU8DKg%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8d4c96a4d96b9482-LHR
  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
  • flag-us
    DNS
    72.14.26.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.14.26.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    79.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.190.18.2.in-addr.arpa
    IN PTR
    Response
    79.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-79deploystaticakamaitechnologiescom
  • flag-us
    GET
    https://flingtrainer.com/wp-content/check-for-trainer-update/subnautica-trainer
    Subnautica v1.0-v20210512 Plus 15 Trainer.exe
    Remote address:
    104.26.14.72:443
    Request
    GET /wp-content/check-for-trainer-update/subnautica-trainer HTTP/1.1
    User-Agent: FLiNGTrainer
    Host: flingtrainer.com
    Response
    HTTP/1.1 200 OK
    Date: Sat, 19 Oct 2024 00:18:00 GMT
    Content-Length: 11
    Connection: keep-alive
    vary: User-Agent
    last-modified: Thu, 13 May 2021 03:48:21 GMT
    etag: "b-5c22dff97ab40"
    accept-ranges: bytes
    Cache-Control: no-cache, no-store, must-revalidate
    pragma: no-cache
    expires: 0
    x-frame-options: SAMEORIGIN
    x-xss-protection: 1; mode=block
    x-content-type-options: nosniff
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9qf5icTg3wkQY6V5gJ2Bi1SUzgaG%2FKUWFeajRPLrOLKobfghShn9863OilYugOS610iKj%2FtyOeHhhDUx4q3Bog6WgQhh5%2F3yW31aYCGTVvWsxRdKojtxvgW7wi1NVJXRtiM%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8d4c96a02d5f94b5-LHR
  • flag-us
    DNS
    c.pki.goog
    Subnautica v1.0-v20210512 Plus 15 Trainer.exe
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.178.3
  • flag-gb
    GET
    http://c.pki.goog/r/gsr1.crl
    Subnautica v1.0-v20210512 Plus 15 Trainer.exe
    Remote address:
    142.250.178.3:80
    Request
    GET /r/gsr1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 1739
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Fri, 18 Oct 2024 23:53:38 GMT
    Expires: Sat, 19 Oct 2024 00:43:38 GMT
    Cache-Control: public, max-age=3000
    Age: 1461
    Last-Modified: Mon, 07 Oct 2024 07:18:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-gb
    GET
    http://c.pki.goog/r/r4.crl
    Subnautica v1.0-v20210512 Plus 15 Trainer.exe
    Remote address:
    142.250.178.3:80
    Request
    GET /r/r4.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 436
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Fri, 18 Oct 2024 23:53:42 GMT
    Expires: Sat, 19 Oct 2024 00:43:42 GMT
    Cache-Control: public, max-age=3000
    Age: 1458
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-us
    DNS
    3.178.250.142.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    3.178.250.142.in-addr.arpa
    IN PTR
    Response
    3.178.250.142.in-addr.arpa
    IN PTR
    lhr48s27-in-f31e100net
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=0EAEC7AE8E116D4E14ECD2B38F176C6F; domain=.bing.com; expires=Thu, 13-Nov-2025 00:18:01 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E8E1B82A7D8A42BA984FFCF74E832A92 Ref B: LON601060107031 Ref C: 2024-10-19T00:18:01Z
    date: Sat, 19 Oct 2024 00:18:00 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0EAEC7AE8E116D4E14ECD2B38F176C6F
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=HH3acmUtRBvbxjO59RFb6vQdM9IDXMqU2x8GFau-gwg; domain=.bing.com; expires=Thu, 13-Nov-2025 00:18:01 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: CD4E5AA128D345819687EF088A0F8420 Ref B: LON601060107031 Ref C: 2024-10-19T00:18:01Z
    date: Sat, 19 Oct 2024 00:18:00 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=0EAEC7AE8E116D4E14ECD2B38F176C6F; MSPTC=HH3acmUtRBvbxjO59RFb6vQdM9IDXMqU2x8GFau-gwg
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B4BCBD2AD2BE42B8AE9330488A6E0543 Ref B: LON601060107031 Ref C: 2024-10-19T00:18:01Z
    date: Sat, 19 Oct 2024 00:18:01 GMT
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    56.163.245.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.163.245.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    77.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    77.190.18.2.in-addr.arpa
    IN PTR
    Response
    77.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-77deploystaticakamaitechnologiescom
  • flag-us
    DNS
    22.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 470956
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 51D91021312F489FA485A0E23BC2B566 Ref B: LON601060104042 Ref C: 2024-10-19T00:19:46Z
    date: Sat, 19 Oct 2024 00:19:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239398629743_1TH437YUI5ZNDOHAL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239398629743_1TH437YUI5ZNDOHAL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 502729
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 52CA56F2CBB5463EB2FCF81ECE2B4DE4 Ref B: LON601060104042 Ref C: 2024-10-19T00:19:46Z
    date: Sat, 19 Oct 2024 00:19:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 193575
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A3B506BBFF6D460C91A0E7A852842F86 Ref B: LON601060104042 Ref C: 2024-10-19T00:19:46Z
    date: Sat, 19 Oct 2024 00:19:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 473680
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 74A2B3CF34FC4D7DA5123A44D345EAE0 Ref B: LON601060104042 Ref C: 2024-10-19T00:19:46Z
    date: Sat, 19 Oct 2024 00:19:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 435129
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0D63AE044A514DC6BFAD15E13441967B Ref B: LON601060104042 Ref C: 2024-10-19T00:19:46Z
    date: Sat, 19 Oct 2024 00:19:46 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 195935
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B3896B27E2D14426AABAF6BF39F85A0B Ref B: LON601060104042 Ref C: 2024-10-19T00:20:07Z
    date: Sat, 19 Oct 2024 00:20:06 GMT
  • flag-us
    DNS
    226.162.46.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.162.46.104.in-addr.arpa
    IN PTR
    Response
  • 104.26.14.72:443
    https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update
    tls, http
    Subnautica v1.0-v20210512 Plus 15 Trainer.exe
    1.4kB
    7.4kB
    16
    12

    HTTP Request

    GET https://flingtrainer.com/wp-content/check-for-trainer-update/get-trainer-update

    HTTP Response

    200
  • 104.26.14.72:443
    https://flingtrainer.com/wp-content/check-for-trainer-update/subnautica-trainer
    tls, http
    Subnautica v1.0-v20210512 Plus 15 Trainer.exe
    1.2kB
    5.4kB
    14
    11

    HTTP Request

    GET https://flingtrainer.com/wp-content/check-for-trainer-update/subnautica-trainer

    HTTP Response

    200
  • 142.250.178.3:80
    http://c.pki.goog/r/r4.crl
    http
    Subnautica v1.0-v20210512 Plus 15 Trainer.exe
    813 B
    5.0kB
    10
    7

    HTTP Request

    GET http://c.pki.goog/r/gsr1.crl

    HTTP Response

    200

    HTTP Request

    GET http://c.pki.goog/r/r4.crl

    HTTP Response

    200
  • 150.171.27.10:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid=
    tls, http2
    2.3kB
    9.8kB
    25
    20

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ea4f429128574769967c1c3a2493ed43&localId=w:0D9BF488-1CCA-294D-7D68-DBFAFE0B8D20&deviceId=6966572651500221&anid=

    HTTP Response

    204
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    86.5kB
    2.5MB
    1798
    1792

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239398629743_1TH437YUI5ZNDOHAL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239398629744_18YK2WB1TP6K8QRMK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    7.3kB
    16
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.3kB
    7.3kB
    17
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    7.3kB
    16
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    7.3kB
    16
    13
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
    90 B
    1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    flingtrainer.com
    dns
    Subnautica v1.0-v20210512 Plus 15 Trainer.exe
    62 B
    110 B
    1
    1

    DNS Request

    flingtrainer.com

    DNS Response

    104.26.14.72
    104.26.15.72
    172.67.73.26

  • 8.8.8.8:53
    133.211.185.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    133.211.185.52.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    168 B
    148 B
    3
    1

    DNS Request

    g.bing.com

    DNS Request

    g.bing.com

    DNS Request

    g.bing.com

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    72.14.26.104.in-addr.arpa
    dns
    71 B
    133 B
    1
    1

    DNS Request

    72.14.26.104.in-addr.arpa

  • 8.8.8.8:53
    79.190.18.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    79.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    c.pki.goog
    dns
    Subnautica v1.0-v20210512 Plus 15 Trainer.exe
    56 B
    107 B
    1
    1

    DNS Request

    c.pki.goog

    DNS Response

    142.250.178.3

  • 8.8.8.8:53
    3.178.250.142.in-addr.arpa
    dns
    72 B
    110 B
    1
    1

    DNS Request

    3.178.250.142.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    284 B
    157 B
    4
    1

    DNS Request

    205.47.74.20.in-addr.arpa

    DNS Request

    205.47.74.20.in-addr.arpa

    DNS Request

    205.47.74.20.in-addr.arpa

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    56.163.245.4.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    56.163.245.4.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    77.190.18.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    77.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    22.236.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    22.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    170 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    226.162.46.104.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    226.162.46.104.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1932-0-0x00007FFFD25E3000-0x00007FFFD25E5000-memory.dmp

    Filesize

    8KB

  • memory/1932-1-0x000002117ABF0000-0x000002117AC2E000-memory.dmp

    Filesize

    248KB

  • memory/1932-2-0x00007FFFD25E0000-0x00007FFFD30A1000-memory.dmp

    Filesize

    10.8MB

  • memory/1932-5-0x00007FFFD25E0000-0x00007FFFD30A1000-memory.dmp

    Filesize

    10.8MB

  • memory/1932-6-0x00007FFFD25E0000-0x00007FFFD30A1000-memory.dmp

    Filesize

    10.8MB

  • memory/1932-8-0x00007FFFD25E0000-0x00007FFFD30A1000-memory.dmp

    Filesize

    10.8MB

  • memory/1932-20-0x00007FFFD25E3000-0x00007FFFD25E5000-memory.dmp

    Filesize

    8KB

  • memory/1932-21-0x00007FFFD25E0000-0x00007FFFD30A1000-memory.dmp

    Filesize

    10.8MB

  • memory/1932-22-0x00007FFFD25E0000-0x00007FFFD30A1000-memory.dmp

    Filesize

    10.8MB

  • memory/1932-23-0x00007FFFD25E0000-0x00007FFFD30A1000-memory.dmp

    Filesize

    10.8MB

  • memory/1932-24-0x00007FFFD25E0000-0x00007FFFD30A1000-memory.dmp

    Filesize

    10.8MB

  • memory/1932-25-0x00007FFFD25E0000-0x00007FFFD30A1000-memory.dmp

    Filesize

    10.8MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.