Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/08/2024, 08:21 UTC

General

  • Target

    8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe

  • Size

    47KB

  • MD5

    8ba7ad8bd2fb9d7b7da8ee89989993a0

  • SHA1

    5cc19fdd5b663b856f121cfe7292da3784b61da0

  • SHA256

    195ee953ca726eab8d25f9b834c885b5ac96331dae23b89b92192d6f82117961

  • SHA512

    e9748a3e9a044c9b07c4971a3210ddf879fd6198c9374e81fda8af682c905cc1e8b6c932415fdeb2abae9e6a22c75a8b95f938cb6cacfda606ac27d7fe88d53f

  • SSDEEP

    768:gq+s3pUtDILNCCa+Di0oso6if8YbHgeCuVtvEgK/JHZVc6KN:gq+AGtQOfsuzbA7itnkJHZVclN

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

C2

Khxotic-36214.portmap.host:7118

Khxotic-36214.portmap.host:36214

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain
1
g6zR3zKKqQUpbIEbdSuttAVis3iBzMQP

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe"
    1⤵
      PID:4560
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3264,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:8
      1⤵
        PID:3588

      Network

      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=1299436258AF668505B557BE5988671B; domain=.bing.com; expires=Tue, 09-Sep-2025 08:21:08 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: F75F60E96F464EBCBD0D3EE3F0E0706B Ref B: LON04EDGE0621 Ref C: 2024-08-15T08:21:08Z
        date: Thu, 15 Aug 2024 08:21:08 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=1299436258AF668505B557BE5988671B
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=buBJeLeg5b3JJ9c2pX5HnSZyQEFQkEbG81RhYy1EopU; domain=.bing.com; expires=Tue, 09-Sep-2025 08:21:09 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 106B819D8CC74D3487F18E315CE26258 Ref B: LON04EDGE0621 Ref C: 2024-08-15T08:21:09Z
        date: Thu, 15 Aug 2024 08:21:08 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=1299436258AF668505B557BE5988671B; MSPTC=buBJeLeg5b3JJ9c2pX5HnSZyQEFQkEbG81RhYy1EopU
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: F42777D945834A5291104D4754BF7A42 Ref B: LON04EDGE0621 Ref C: 2024-08-15T08:21:09Z
        date: Thu, 15 Aug 2024 08:21:09 GMT
      • flag-us
        DNS
        149.220.183.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        149.220.183.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        0.205.248.87.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        0.205.248.87.in-addr.arpa
        IN PTR
        Response
        0.205.248.87.in-addr.arpa
        IN PTR
        https-87-248-205-0lgwllnwnet
      • flag-us
        DNS
        4.181.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        4.181.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        237.21.107.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.21.107.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        104.219.191.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        104.219.191.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        26.165.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.165.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        18.31.95.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.31.95.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        31.243.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        31.243.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        ax-0001.ax-msedge.net
        ax-0001.ax-msedge.net
        IN A
        150.171.28.10
        ax-0001.ax-msedge.net
        IN A
        150.171.27.10
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 315631
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: E1D9FC93FFE24E55B8A4E698FF2C5CF7 Ref B: LON04EDGE1206 Ref C: 2024-08-15T08:22:51Z
        date: Thu, 15 Aug 2024 08:22:50 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 663065
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 436EC257C68F487C9307965610C3FE63 Ref B: LON04EDGE1206 Ref C: 2024-08-15T08:22:51Z
        date: Thu, 15 Aug 2024 08:22:50 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 241999
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: EA054D790E4D40748EE38C2649538A0C Ref B: LON04EDGE1206 Ref C: 2024-08-15T08:22:51Z
        date: Thu, 15 Aug 2024 08:22:50 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301063_149G85DV7JWSKM1IM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239317301063_149G85DV7JWSKM1IM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 715625
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 75F8E6287C6249E393F08D60EDA301B2 Ref B: LON04EDGE1206 Ref C: 2024-08-15T08:22:51Z
        date: Thu, 15 Aug 2024 08:22:50 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301496_1OD7PWAV06HYZ5MV4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239317301496_1OD7PWAV06HYZ5MV4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 626199
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: CA43D2B0502744079160FFDB0EF08E6F Ref B: LON04EDGE1206 Ref C: 2024-08-15T08:22:51Z
        date: Thu, 15 Aug 2024 08:22:50 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.28.10:443
        Request
        GET /th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 594481
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 2E29C085B85A4746A4BB42ACBC8F2A88 Ref B: LON04EDGE1206 Ref C: 2024-08-15T08:22:51Z
        date: Thu, 15 Aug 2024 08:22:51 GMT
      • flag-us
        DNS
        10.28.171.150.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        10.28.171.150.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • flag-us
        DNS
        Khxotic-36214.portmap.host
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        Remote address:
        8.8.8.8:53
        Request
        Khxotic-36214.portmap.host
        IN A
        Response
      • 13.107.21.237:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
        tls, http2
        2.0kB
        9.3kB
        22
        19

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

        HTTP Response

        204
      • 150.171.28.10:443
        https://tse1.mm.bing.net/th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        tls, http2
        116.5kB
        3.3MB
        2373
        2366

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301063_149G85DV7JWSKM1IM&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301496_1OD7PWAV06HYZ5MV4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Response

        200
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        6.9kB
        15
        13
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        6.9kB
        15
        13
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        6.9kB
        15
        13
      • 150.171.28.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
        6.8kB
        15
        12
      • 8.8.8.8:53
        8.8.8.8.in-addr.arpa
        dns
        66 B
        90 B
        1
        1

        DNS Request

        8.8.8.8.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
        151 B
        1
        1

        DNS Request

        g.bing.com

        DNS Response

        13.107.21.237
        204.79.197.237

      • 8.8.8.8:53
        149.220.183.52.in-addr.arpa
        dns
        73 B
        147 B
        1
        1

        DNS Request

        149.220.183.52.in-addr.arpa

      • 8.8.8.8:53
        0.205.248.87.in-addr.arpa
        dns
        71 B
        116 B
        1
        1

        DNS Request

        0.205.248.87.in-addr.arpa

      • 8.8.8.8:53
        4.181.190.20.in-addr.arpa
        dns
        71 B
        157 B
        1
        1

        DNS Request

        4.181.190.20.in-addr.arpa

      • 8.8.8.8:53
        237.21.107.13.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        237.21.107.13.in-addr.arpa

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
        144 B
        1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        26.35.223.20.in-addr.arpa
        dns
        71 B
        157 B
        1
        1

        DNS Request

        26.35.223.20.in-addr.arpa

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        104.219.191.52.in-addr.arpa
        dns
        73 B
        147 B
        1
        1

        DNS Request

        104.219.191.52.in-addr.arpa

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        26.165.165.52.in-addr.arpa
        dns
        72 B
        146 B
        1
        1

        DNS Request

        26.165.165.52.in-addr.arpa

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        18.31.95.13.in-addr.arpa
        dns
        70 B
        144 B
        1
        1

        DNS Request

        18.31.95.13.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
        128 B
        1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        31.243.111.52.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        31.243.111.52.in-addr.arpa

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
        170 B
        1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        150.171.28.10
        150.171.27.10

      • 8.8.8.8:53
        10.28.171.150.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        10.28.171.150.in-addr.arpa

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      • 8.8.8.8:53
        Khxotic-36214.portmap.host
        dns
        8ba7ad8bd2fb9d7b7da8ee89989993a0N.exe
        72 B
        165 B
        1
        1

        DNS Request

        Khxotic-36214.portmap.host

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4560-0-0x00000000006B0000-0x00000000006C2000-memory.dmp

        Filesize

        72KB

      • memory/4560-1-0x00007FFDE9423000-0x00007FFDE9425000-memory.dmp

        Filesize

        8KB

      • memory/4560-2-0x00007FFDE9420000-0x00007FFDE9EE1000-memory.dmp

        Filesize

        10.8MB

      • memory/4560-3-0x00007FFDE9420000-0x00007FFDE9EE1000-memory.dmp

        Filesize

        10.8MB

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.