Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

b614380d6d...55.exe

windows7-x64

10

b614380d6d...55.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/11/2024, 15:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b614380d6dd6a288c11a54f8140c755398588431d9feccf82ec356a79a30f555.exe

  • Size

    297KB

  • MD5

    acbdbf79be5774e0b3ed166e8ce61ab6

  • SHA1

    28e6f3d9e7f91c9dcebc12ce200ec4f93b24d262

  • SHA256

    b614380d6dd6a288c11a54f8140c755398588431d9feccf82ec356a79a30f555

  • SHA512

    691be439cc92d9ce9544b40f59040865d257ce3c604cf6f70886770a725156a7216f1662eb2052f8bef61042085ebc409e0d2ba21ccb65841cffcf353ad65c17

  • SSDEEP

    6144:rvHwCMbovQJ2lzmGk2l3u7ZOuc50Cb/7rRSUbHMfG4:rPwCMbovQJ6N3u7ZeR/7Ce

Score
10/10
redline1discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

45.9.20.59:46287

Attributes
  • auth_value

    ec6ada170bcec2e72f0e1f3954547f73

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 35 IoCs
  • Redline family
    redline
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b614380d6dd6a288c11a54f8140c755398588431d9feccf82ec356a79a30f555.exe
    "C:\Users\Admin\AppData\Local\Temp\b614380d6dd6a288c11a54f8140c755398588431d9feccf82ec356a79a30f555.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:3644

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    68.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    68.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.32.126.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    68.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.32.126.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9c35eaeea420465f8496530bc06c2d0a&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9c35eaeea420465f8496530bc06c2d0a&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=3DDD21EFF5036BBB1AFF34C2F4056A60; domain=.bing.com; expires=Sat, 29-Nov-2025 15:53:25 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A34D0BBACA6C4A52993D2EF6FEFEB093 Ref B: LON601060108034 Ref C: 2024-11-04T15:53:25Z
    date: Mon, 04 Nov 2024 15:53:25 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9c35eaeea420465f8496530bc06c2d0a&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9c35eaeea420465f8496530bc06c2d0a&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=3DDD21EFF5036BBB1AFF34C2F4056A60
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=xz5sutJMADkA4_zum7y13SEO8oXUp7d1ff0v_wIe9yQ; domain=.bing.com; expires=Sat, 29-Nov-2025 15:53:26 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D090B66D1ED6489D8112AFCD586B0BB6 Ref B: LON601060108034 Ref C: 2024-11-04T15:53:26Z
    date: Mon, 04 Nov 2024 15:53:25 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9c35eaeea420465f8496530bc06c2d0a&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9c35eaeea420465f8496530bc06c2d0a&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=3DDD21EFF5036BBB1AFF34C2F4056A60; MSPTC=xz5sutJMADkA4_zum7y13SEO8oXUp7d1ff0v_wIe9yQ
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F39DF48381C14E0FB5196BB7B98A1972 Ref B: LON601060108034 Ref C: 2024-11-04T15:53:26Z
    date: Mon, 04 Nov 2024 15:53:25 GMT
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    197.87.175.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    197.87.175.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    92.12.20.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    92.12.20.2.in-addr.arpa
    IN PTR
    Response
    92.12.20.2.in-addr.arpa
    IN PTR
    a2-20-12-92deploystaticakamaitechnologiescom
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    14.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 315631
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 28B3279797F248D3A56CC514D08E38B5 Ref B: LON601060105029 Ref C: 2024-11-04T15:55:03Z
    date: Mon, 04 Nov 2024 15:55:02 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 241999
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B0C989DA12A44B2E813B4D357419919D Ref B: LON601060105029 Ref C: 2024-11-04T15:55:03Z
    date: Mon, 04 Nov 2024 15:55:02 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360125544_1U4JKLLGDS2L5LDU8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239360125544_1U4JKLLGDS2L5LDU8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 619595
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 78CE77AF06AC4313B47DA13458D999BF Ref B: LON601060105029 Ref C: 2024-11-04T15:55:03Z
    date: Mon, 04 Nov 2024 15:55:02 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360432890_1TOC5U5IB565A9QI0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239360432890_1TOC5U5IB565A9QI0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 747785
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5296D6D1826A4D21884329CEFCFFA6C8 Ref B: LON601060105029 Ref C: 2024-11-04T15:55:03Z
    date: Mon, 04 Nov 2024 15:55:02 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360432892_19VCX0OIIPQAUNJ24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239360432892_19VCX0OIIPQAUNJ24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 695371
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: BF67F5126F85474D9C59638EE43D83F4 Ref B: LON601060105029 Ref C: 2024-11-04T15:55:03Z
    date: Mon, 04 Nov 2024 15:55:03 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360125545_1ABMDCTEZ7ZJRMZDX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239360125545_1ABMDCTEZ7ZJRMZDX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 493712
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 293F63A09F5A4E60B039EDEE122D8901 Ref B: LON601060105029 Ref C: 2024-11-04T15:55:04Z
    date: Mon, 04 Nov 2024 15:55:03 GMT
  • flag-us
    DNS
    10.28.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.28.171.150.in-addr.arpa
    IN PTR
    Response
  • 45.9.20.59:46287
    b614380d6dd6a288c11a54f8140c755398588431d9feccf82ec356a79a30f555.exe
    260 B
     5
  • 150.171.27.10:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9c35eaeea420465f8496530bc06c2d0a&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=
    tls, http2
    2.0kB
     9.4kB
     22
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9c35eaeea420465f8496530bc06c2d0a&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9c35eaeea420465f8496530bc06c2d0a&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9c35eaeea420465f8496530bc06c2d0a&localId=w:B1F9B991-31A2-6777-EDEA-FA7B5FB14F41&deviceId=6825841072347551&anid=

    HTTP Response

    204
  • 45.9.20.59:46287
    b614380d6dd6a288c11a54f8140c755398588431d9feccf82ec356a79a30f555.exe
    260 B
     5
  • 45.9.20.59:46287
    b614380d6dd6a288c11a54f8140c755398588431d9feccf82ec356a79a30f555.exe
    260 B
     5
  • 45.9.20.59:46287
    b614380d6dd6a288c11a54f8140c755398588431d9feccf82ec356a79a30f555.exe
    260 B
     5
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.1kB
     593 B
     10
    8
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
     6.9kB
     16
    13
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239360125545_1ABMDCTEZ7ZJRMZDX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    109.2kB
     3.2MB
     2337
    2334

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360125544_1U4JKLLGDS2L5LDU8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360432890_1TOC5U5IB565A9QI0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360432892_19VCX0OIIPQAUNJ24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360125545_1ABMDCTEZ7ZJRMZDX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 45.9.20.59:46287
    b614380d6dd6a288c11a54f8140c755398588431d9feccf82ec356a79a30f555.exe
    260 B
     5
  • 45.9.20.59:46287
    b614380d6dd6a288c11a54f8140c755398588431d9feccf82ec356a79a30f555.exe
    260 B
     5
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    68.32.126.40.in-addr.arpa
    dns
    213 B
     157 B
     3
    1

    DNS Request

    68.32.126.40.in-addr.arpa

    DNS Request

    68.32.126.40.in-addr.arpa

    DNS Request

    68.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    219 B
     144 B
     3
    1

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     148 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    197.87.175.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    197.87.175.4.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    92.12.20.2.in-addr.arpa
    dns
    69 B
     131 B
     1
    1

    DNS Request

    92.12.20.2.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    14.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    14.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    10.28.171.150.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    10.28.171.150.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3644-0-0x00000000048D0000-0x00000000048FB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3644-1-0x0000000004940000-0x0000000004979000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3644-2-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3644-3-0x0000000004D50000-0x0000000004D84000-memory.dmp

    Filesize

    208KB

    Download

  • memory/3644-4-0x00000000074B0000-0x0000000007A54000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3644-5-0x0000000004F50000-0x0000000004F82000-memory.dmp

    Filesize

    200KB

    Download

  • memory/3644-6-0x0000000000400000-0x0000000002B86000-memory.dmp

    Filesize

    39.5MB

    Download

  • memory/3644-12-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-70-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-68-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-64-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-63-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-60-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-58-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-57-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-54-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-52-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-51-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-48-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-47-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-44-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-42-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-40-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-958-0x00000000073B0000-0x00000000073C2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3644-957-0x0000000007A60000-0x0000000008078000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/3644-38-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-36-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-34-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-32-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-30-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-26-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-24-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-22-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-20-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-18-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-16-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-14-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-10-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-8-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-7-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-66-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-28-0x0000000004F50000-0x0000000004F7C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3644-959-0x0000000008080000-0x000000000818A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3644-960-0x00000000073F0000-0x000000000742C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3644-961-0x0000000008190000-0x00000000081DC000-memory.dmp

    Filesize

    304KB

    Download

  • memory/3644-962-0x00000000048D0000-0x00000000048FB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3644-964-0x0000000004940000-0x0000000004979000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3644-965-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.