Analysis
-
max time kernel
111s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
18-10-2024 09:45
Behavioral task
behavioral1
Sample
b86969a58ddc0261f15b36dedf350ecd6f522304c1e84448f2427497e979e7cbN.exe
Resource
win7-20240903-en
General
-
Target
b86969a58ddc0261f15b36dedf350ecd6f522304c1e84448f2427497e979e7cbN.exe
-
Size
83KB
-
MD5
f5cd90da1a481ed0b0be68296778fb10
-
SHA1
09094631bee35af71a83372c3c3ef659f7a49d28
-
SHA256
b86969a58ddc0261f15b36dedf350ecd6f522304c1e84448f2427497e979e7cb
-
SHA512
b484656cf43456d84ecdaa5ef174c646bbdfc85f287c0315b7d6bc25e45adcd2643de1c92d14e518c7bb6c101c37baa1dc432e06c6b1ba87bd91d1174d701749
-
SSDEEP
1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF++K:LJ0TAz6Mte4A+aaZx8EnCGVu+
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4872-0-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4872-1-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4872-4-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4872-8-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/files/0x000900000001e581-11.dat upx behavioral2/memory/4872-12-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4872-18-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4872-22-0x0000000000400000-0x000000000042A000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language b86969a58ddc0261f15b36dedf350ecd6f522304c1e84448f2427497e979e7cbN.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.ax-0001.ax-msedge.netg-bing-com.ax-0001.ax-msedge.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8d48ad407043433a992dc89c99301d45&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8d48ad407043433a992dc89c99301d45&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1529C07727176BF41C31D56B26886AF1; domain=.bing.com; expires=Wed, 12-Nov-2025 09:45:13 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 524D1E94A9CA4700841475D6E4689C67 Ref B: LON601060104052 Ref C: 2024-10-18T09:45:13Z
date: Fri, 18 Oct 2024 09:45:12 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8d48ad407043433a992dc89c99301d45&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8d48ad407043433a992dc89c99301d45&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1529C07727176BF41C31D56B26886AF1
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=5J6APUs_fwpTlSvQtebxCdKQpKqAe5xbcUQq1Ad61qw; domain=.bing.com; expires=Wed, 12-Nov-2025 09:45:13 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 88BFD9E436E24D209A509968549C8C1F Ref B: LON601060104052 Ref C: 2024-10-18T09:45:13Z
date: Fri, 18 Oct 2024 09:45:12 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8d48ad407043433a992dc89c99301d45&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8d48ad407043433a992dc89c99301d45&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1529C07727176BF41C31D56B26886AF1; MSPTC=5J6APUs_fwpTlSvQtebxCdKQpKqAe5xbcUQq1Ad61qw
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 342FA0532AF04DF2861C14771F535428 Ref B: LON601060104052 Ref C: 2024-10-18T09:45:13Z
date: Fri, 18 Oct 2024 09:45:12 GMT
-
Remote address:8.8.8.8:53Request133.211.185.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request23.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request10.28.171.150.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request196.249.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestwecan.hasthe.technologyIN AResponsewecan.hasthe.technologyIN A104.21.59.199wecan.hasthe.technologyIN A172.67.183.40
-
POSThttp://wecan.hasthe.technology/uploadb86969a58ddc0261f15b36dedf350ecd6f522304c1e84448f2427497e979e7cbN.exeRemote address:104.21.59.199:80RequestPOST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 85412
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------3648240628eb10c7
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 18 Oct 2024 10:45:42 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c%2B8346l1nEcC2D3o0CCrwmsmkqczwh50wGzmFpHSGQ4c%2FNvymW9ShCvedQSS46ZwPiUGFSSr%2Bdeq9mCdGvkdEsRCOQpwQnasAeVLpIUu1Sade57FT7MS6E5O3E%2F1K5mIXbZiTUv5k8h4Gw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8d4798dadebccd25-LHR
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request199.59.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request171.39.242.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request98.117.19.2.in-addr.arpaIN PTRResponse98.117.19.2.in-addr.arpaIN PTRa2-19-117-98deploystaticakamaitechnologiescom
-
POSThttp://wecan.hasthe.technology/uploadb86969a58ddc0261f15b36dedf350ecd6f522304c1e84448f2427497e979e7cbN.exeRemote address:104.21.59.199:80RequestPOST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 85412
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------aa06409f3ce17edf
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 18 Oct 2024 10:46:13 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tkCvH1xXonYJlqT88gIM1ZvtO%2FFH84yRK6EavbppwtDcSj807JcpRVA91ThbqfEew2H549Z5cp6Se8dG6RCoWz%2BDzq8dGuXZ%2B5kvMLf3%2F4hQbCKlVNfzFgz4IHLJvqJd6QbVDUhbR8sBKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8d4799975aed94db-LHR
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
POSThttp://wecan.hasthe.technology/uploadb86969a58ddc0261f15b36dedf350ecd6f522304c1e84448f2427497e979e7cbN.exeRemote address:104.21.59.199:80RequestPOST /upload HTTP/1.1
Host: wecan.hasthe.technology
Accept: */*
Content-Length: 85412
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------6ef4856c68c7306d
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 18 Oct 2024 10:46:44 GMT
Location: https://computernewb.com/collab-vm/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uTuj3SbCKtzAHugF5D9xw%2FEKOqI%2F%2B2FLb12V1AeWz2xqfcZGkQxVtAI5vMSVEtkBFX%2FRkWYZnrnmAPvXj5utnKcKxlhBsNKM3U7FlHFbNUCPMBSUy0WzLjVYnV01%2FUbscV2jJgmztMxyQw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8d479a5a2f734089-LHR
-
Remote address:8.8.8.8:53Request14.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.27.10ax-0001.ax-msedge.netIN A150.171.28.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360492575_1SSJ82L6CB3K86OHJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239360492575_1SSJ82L6CB3K86OHJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 666447
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F9FB697120754EBDB9C83FBF6ADCF06B Ref B: LON601060101054 Ref C: 2024-10-18T09:46:51Z
date: Fri, 18 Oct 2024 09:46:51 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418579_1UMXSJ3YHHNUEPPRM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239340418579_1UMXSJ3YHHNUEPPRM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 802236
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EF8B5A6437CE43E4A5820C4AA70DB51E Ref B: LON601060101054 Ref C: 2024-10-18T09:46:51Z
date: Fri, 18 Oct 2024 09:46:51 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418580_1XZDKNXCHEXKE96NH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239340418580_1XZDKNXCHEXKE96NH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 604205
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8F34A8AFC92C432999938DDC411069AB Ref B: LON601060101054 Ref C: 2024-10-18T09:46:51Z
date: Fri, 18 Oct 2024 09:46:51 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360492574_10ZLIEYNNW01DP6QS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239360492574_10ZLIEYNNW01DP6QS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 653514
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A9BDC22B25F04BCB95D79BD261489B2A Ref B: LON601060101054 Ref C: 2024-10-18T09:46:51Z
date: Fri, 18 Oct 2024 09:46:51 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239398629741_1IOH1H6D1NJ8OMST7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239398629741_1IOH1H6D1NJ8OMST7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 500116
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3B4631F0A1434024B2A20268408C0FA0 Ref B: LON601060101054 Ref C: 2024-10-18T09:46:51Z
date: Fri, 18 Oct 2024 09:46:51 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239398629742_1P7YH795LJPRHWP9N&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239398629742_1P7YH795LJPRHWP9N&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 437546
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E4129C00493041EF8EBD5698A6D5819E Ref B: LON601060101054 Ref C: 2024-10-18T09:46:52Z
date: Fri, 18 Oct 2024 09:46:52 GMT
-
150.171.28.10:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8d48ad407043433a992dc89c99301d45&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=tls, http22.0kB 9.3kB 22 18
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8d48ad407043433a992dc89c99301d45&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8d48ad407043433a992dc89c99301d45&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8d48ad407043433a992dc89c99301d45&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=HTTP Response
204 -
104.21.59.199:80http://wecan.hasthe.technology/uploadhttpb86969a58ddc0261f15b36dedf350ecd6f522304c1e84448f2427497e979e7cbN.exe88.4kB 1.8kB 70 23
HTTP Request
POST http://wecan.hasthe.technology/uploadHTTP Response
301 -
104.21.59.199:80http://wecan.hasthe.technology/uploadhttpb86969a58ddc0261f15b36dedf350ecd6f522304c1e84448f2427497e979e7cbN.exe88.4kB 2.0kB 70 29
HTTP Request
POST http://wecan.hasthe.technology/uploadHTTP Response
301 -
104.21.59.199:80http://wecan.hasthe.technology/uploadhttpb86969a58ddc0261f15b36dedf350ecd6f522304c1e84448f2427497e979e7cbN.exe88.5kB 1.9kB 71 25
HTTP Request
POST http://wecan.hasthe.technology/uploadHTTP Response
301 -
172.67.183.40:80wecan.hasthe.technologyb86969a58ddc0261f15b36dedf350ecd6f522304c1e84448f2427497e979e7cbN.exe52 B 1
-
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
150.171.27.10:443https://tse1.mm.bing.net/th?id=OADD2.10239398629742_1P7YH795LJPRHWP9N&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http2138.4kB 3.8MB 2771 2764
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360492575_1SSJ82L6CB3K86OHJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418579_1UMXSJ3YHHNUEPPRM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418580_1XZDKNXCHEXKE96NH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360492574_10ZLIEYNNW01DP6QS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239398629741_1IOH1H6D1NJ8OMST7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239398629742_1P7YH795LJPRHWP9N&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 6.9kB 15 13
-
56 B 148 B 1 1
DNS Request
g.bing.com
DNS Response
150.171.28.10150.171.27.10
-
73 B 147 B 1 1
DNS Request
133.211.185.52.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
23.159.190.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
10.28.171.150.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
196.249.167.52.in-addr.arpa
-
8.8.8.8:53wecan.hasthe.technologydnsb86969a58ddc0261f15b36dedf350ecd6f522304c1e84448f2427497e979e7cbN.exe69 B 101 B 1 1
DNS Request
wecan.hasthe.technology
DNS Response
104.21.59.199172.67.183.40
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
199.59.21.104.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
171.39.242.20.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
98.117.19.2.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
26.35.223.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
14.227.111.52.in-addr.arpa
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.27.10150.171.28.10
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
83KB
MD5ba829b931ab30a6c86dc6a4db266a8c2
SHA16cfcc276a448f2023fad719262f1060299081d03
SHA256f57ff94911b4d5b4953869d55c14f4009b0858393f0bf8c8fab4dcb09a4edaf1
SHA512835720ed5fcb6c8efc99aa876bbf8f943ac623cf34342cf0749d303f830060399f906163f327aa33e93a762551efef912ff5d69715fa2fca4e82d6394cbef000