Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/11/2024, 20:26 UTC

General

  • Target

    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe

  • Size

    93KB

  • MD5

    9da5a2d7e5dc56547b740fdcc9c135ce

  • SHA1

    e203e130ff8e38e2108d9a362d3ac82b39102ba3

  • SHA256

    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277

  • SHA512

    8ce0f84c24c2bc54ce5d2b4e70f88dc68b1be67b83c0670044f25e3881f2e3333737fd5cc51f120236f96ec7c98330f334028174549305981ce1d307d1b25efb

  • SSDEEP

    768:OY3elnD9O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3isGW:AlxOx6baIa9RZj00ljEwzGi1dD+DIgS

Malware Config

Signatures

  • Modifies Windows Firewall 2 TTPs 3 IoCs
  • Drops startup file 2 IoCs
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 9 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 37 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
    "C:\Users\Admin\AppData\Local\Temp\924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe"
    1⤵
    • Drops startup file
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3884
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe" "924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe" ENABLE
      2⤵
      • Modifies Windows Firewall
      • Event Triggered Execution: Netsh Helper DLL
      • System Location Discovery: System Language Discovery
      PID:1820
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall delete allowedprogram "C:\Users\Admin\AppData\Local\Temp\924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe"
      2⤵
      • Modifies Windows Firewall
      • Event Triggered Execution: Netsh Helper DLL
      • System Location Discovery: System Language Discovery
      PID:1348
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe" "924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe" ENABLE
      2⤵
      • Modifies Windows Firewall
      • Event Triggered Execution: Netsh Helper DLL
      • System Location Discovery: System Language Discovery
      PID:436

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=2CB6C104F47D6E8D083DD42EF57B6F84; domain=.bing.com; expires=Wed, 26-Nov-2025 20:26:15 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 907DBA0C403E42B490DCDB328B2DD69B Ref B: LON601060108025 Ref C: 2024-11-01T20:26:15Z
    date: Fri, 01 Nov 2024 20:26:14 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2CB6C104F47D6E8D083DD42EF57B6F84
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=SD70JZGxA0d9tBrM76bTgL_FedCEaADE8bhUarr501I; domain=.bing.com; expires=Wed, 26-Nov-2025 20:26:15 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4FA74CD888DB4AEF937AF30EB97463A6 Ref B: LON601060108025 Ref C: 2024-11-01T20:26:15Z
    date: Fri, 01 Nov 2024 20:26:14 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=
    Remote address:
    150.171.28.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2CB6C104F47D6E8D083DD42EF57B6F84; MSPTC=SD70JZGxA0d9tBrM76bTgL_FedCEaADE8bhUarr501I
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 89A0EC320F924A83A623F2CF7F8B584B Ref B: LON601060108025 Ref C: 2024-11-01T20:26:15Z
    date: Fri, 01 Nov 2024 20:26:14 GMT
  • flag-us
    DNS
    101.209.201.84.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    101.209.201.84.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    10.28.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.28.171.150.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    73.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    53.210.109.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    53.210.109.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360453660_1FJYLRXUGJ1KYC379&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239360453660_1FJYLRXUGJ1KYC379&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 632525
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 2AE5B675549E48C88E8C6186A92F8853 Ref B: LON601060103054 Ref C: 2024-11-01T20:27:58Z
    date: Fri, 01 Nov 2024 20:27:58 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418600_11EQ8QDR6IPB0F4AN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418600_11EQ8QDR6IPB0F4AN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 633835
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C0E4CF4F92AC48BE8A6424E7C4811D54 Ref B: LON601060103054 Ref C: 2024-11-01T20:27:58Z
    date: Fri, 01 Nov 2024 20:27:58 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418599_1G42Z13GRT0FB3ANC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418599_1G42Z13GRT0FB3ANC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 405350
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E1C2B487E9F24AD6983A5BA45E79B7CE Ref B: LON601060103054 Ref C: 2024-11-01T20:27:58Z
    date: Fri, 01 Nov 2024 20:27:58 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360453482_1OGQPWVCF77KWCMMI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239360453482_1OGQPWVCF77KWCMMI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 561868
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 78A3BD4398D6482FA56C89A6673501CD Ref B: LON601060103054 Ref C: 2024-11-01T20:27:58Z
    date: Fri, 01 Nov 2024 20:27:58 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 771656
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 44F9EC4C7CA44AB893B460927C0AB139 Ref B: LON601060103054 Ref C: 2024-11-01T20:27:58Z
    date: Fri, 01 Nov 2024 20:27:58 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 675336
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 14E56C3658824E529339C22B8A5BB710 Ref B: LON601060103054 Ref C: 2024-11-01T20:27:59Z
    date: Fri, 01 Nov 2024 20:27:58 GMT
  • 150.171.28.10:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=
    tls, http2
    2.0kB
    9.4kB
    22
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=c6f4ecd437a14ddea16110252660505e&localId=w:02C7DD5D-B832-2571-1EDF-9D74CD57B9AA&deviceId=6896208602436814&anid=

    HTTP Response

    204
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    149.8kB
    3.8MB
    2756
    2748

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360453660_1FJYLRXUGJ1KYC379&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418600_11EQ8QDR6IPB0F4AN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418599_1G42Z13GRT0FB3ANC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360453482_1OGQPWVCF77KWCMMI&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    16
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    16
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    16
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 127.0.0.1:5552
    924b6c916dd2667555c4d3076750c06f38a4b295972684aed2d82d93d53b0277.exe
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    148 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    101.209.201.84.in-addr.arpa
    dns
    73 B
    133 B
    1
    1

    DNS Request

    101.209.201.84.in-addr.arpa

  • 8.8.8.8:53
    10.28.171.150.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    10.28.171.150.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    146 B
    144 B
    2
    1

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    73.159.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    73.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    144 B
    158 B
    2
    1

    DNS Request

    241.150.49.20.in-addr.arpa

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    53.210.109.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    53.210.109.20.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    170 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3884-0-0x0000000074712000-0x0000000074713000-memory.dmp

    Filesize

    4KB

  • memory/3884-1-0x0000000074710000-0x0000000074CC1000-memory.dmp

    Filesize

    5.7MB

  • memory/3884-2-0x0000000074710000-0x0000000074CC1000-memory.dmp

    Filesize

    5.7MB

  • memory/3884-5-0x0000000074712000-0x0000000074713000-memory.dmp

    Filesize

    4KB

  • memory/3884-6-0x0000000074710000-0x0000000074CC1000-memory.dmp

    Filesize

    5.7MB

  • memory/3884-7-0x0000000074710000-0x0000000074CC1000-memory.dmp

    Filesize

    5.7MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.