hxxps://wisepops[.]net

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2023, 23:54 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wisepops.net

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133326429107134932"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
716	chrome.exe
716	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 2812	1780	chrome.exe	85
PID 1780 wrote to memory of 2812	1780	chrome.exe	85
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 3388	1780	chrome.exe	86
PID 1780 wrote to memory of 2592	1780	chrome.exe	87
PID 1780 wrote to memory of 2592	1780	chrome.exe	87
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88
PID 1780 wrote to memory of 224	1780	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://wisepops.net
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffabf0a9758,0x7ffabf0a9768,0x7ffabf0a9778
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1820,i,10415816848358090518,8699693368094077266,131072 /prefetch:2
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1820,i,10415816848358090518,8699693368094077266,131072 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1820,i,10415816848358090518,8699693368094077266,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1820,i,10415816848358090518,8699693368094077266,131072 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1820,i,10415816848358090518,8699693368094077266,131072 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4528 --field-trial-handle=1820,i,10415816848358090518,8699693368094077266,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3244 --field-trial-handle=1820,i,10415816848358090518,8699693368094077266,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1820,i,10415816848358090518,8699693368094077266,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4620 --field-trial-handle=1820,i,10415816848358090518,8699693368094077266,131072 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1820,i,10415816848358090518,8699693368094077266,131072 /prefetch:8
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1820,i,10415816848358090518,8699693368094077266,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3372 --field-trial-handle=1820,i,10415816848358090518,8699693368094077266,131072 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1820,i,10415816848358090518,8699693368094077266,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:716

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4788

Network

DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

wisepops.net

chrome.exe

Remote address:

8.8.8.8:53

Request

wisepops.net

IN A

Response

wisepops.net

IN A

104.26.15.97

wisepops.net

IN A

172.67.75.153

wisepops.net

IN A

104.26.14.97
GET

https://wisepops.net/

chrome.exe

Remote address:

104.26.15.97:443

Request

GET / HTTP/2.0
host: wisepops.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

date: Fri, 30 Jun 2023 23:55:07 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nvY7R784PRylvdC%2BfyEhd7t56hd%2F2ERmKFIkqXIEA2yFDBDEg5YxE6UK96%2ByQUPMcHR%2FRFc5dUQF8icT0rb6pnyMDjIKYRLV6qIcwkfnc%2BvUC3ApCOXDy53bLTShBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7dfa569a0ee7b782-AMS
GET

https://wisepops.net/

chrome.exe

Remote address:

104.26.15.97:443

Request

GET / HTTP/2.0
host: wisepops.net
cache-control: max-age=0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

date: Fri, 30 Jun 2023 23:55:10 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yq31NOQSY36w6ZNPmkWpLD9DGm2vAHcz8s%2BlmzAe7ZKBEjaKwqRwiU3asH%2FA2uC0BSQP55j%2BK%2BSBh7LDkGjHafZ0LzLBsqauISLOBl3l%2BNp%2BttfLuqX9p1eMTMoM%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7dfa56adbb36b782-AMS
GET

https://wisepops.net/

chrome.exe

Remote address:

104.26.15.97:443

Request

GET / HTTP/2.0
host: wisepops.net
cache-control: max-age=0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

date: Fri, 30 Jun 2023 23:55:13 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7c%2BwDTHN9TiGv3%2FsncQM7DAqHRQyEliqUQZV%2BdLtseIo2Vp6LChL%2BfTGkzHuzuzeU3ZiNdUuxmGYkaGcOR4VuOS0k3FeD4S9qYD3I4WC8OlJnKQyK6YEbgucIXjORw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7dfa56be6e4db782-AMS
DNS

a.nel.cloudflare.com

chrome.exe

Remote address:

8.8.8.8:53

Request

a.nel.cloudflare.com

IN A

Response

a.nel.cloudflare.com

IN A

35.190.80.1
OPTIONS

https://a.nel.cloudflare.com/report/v3?s=nvY7R784PRylvdC%2BfyEhd7t56hd%2F2ERmKFIkqXIEA2yFDBDEg5YxE6UK96%2ByQUPMcHR%2FRFc5dUQF8icT0rb6pnyMDjIKYRLV6qIcwkfnc%2BvUC3ApCOXDy53bLTShBA%3D%3D

chrome.exe

Remote address:

35.190.80.1:443

Request

OPTIONS /report/v3?s=nvY7R784PRylvdC%2BfyEhd7t56hd%2F2ERmKFIkqXIEA2yFDBDEg5YxE6UK96%2ByQUPMcHR%2FRFc5dUQF8icT0rb6pnyMDjIKYRLV6qIcwkfnc%2BvUC3ApCOXDy53bLTShBA%3D%3D HTTP/2.0
host: a.nel.cloudflare.com
origin: https://wisepops.net
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://a.nel.cloudflare.com/report/v3?s=nvY7R784PRylvdC%2BfyEhd7t56hd%2F2ERmKFIkqXIEA2yFDBDEg5YxE6UK96%2ByQUPMcHR%2FRFc5dUQF8icT0rb6pnyMDjIKYRLV6qIcwkfnc%2BvUC3ApCOXDy53bLTShBA%3D%3D

chrome.exe

Remote address:

35.190.80.1:443

Request

POST /report/v3?s=nvY7R784PRylvdC%2BfyEhd7t56hd%2F2ERmKFIkqXIEA2yFDBDEg5YxE6UK96%2ByQUPMcHR%2FRFc5dUQF8icT0rb6pnyMDjIKYRLV6qIcwkfnc%2BvUC3ApCOXDy53bLTShBA%3D%3D HTTP/2.0
host: a.nel.cloudflare.com
content-length: 376
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

apps.identrust.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

88.221.25.169

a1952.dscq.akamai.net

IN A

88.221.25.153
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

chrome.exe

Remote address:

88.221.25.169:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
ETag: "37d-5f433188daa00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Sat, 01 Jul 2023 00:55:07 GMT
Date: Fri, 30 Jun 2023 23:55:07 GMT
Connection: keep-alive
DNS

97.15.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.15.26.104.in-addr.arpa

IN PTR

Response
DNS

195.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.179.250.142.in-addr.arpa

IN PTR

Response

195.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f31e100net
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

1.80.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.80.190.35.in-addr.arpa

IN PTR

Response

1.80.190.35.in-addr.arpa

IN PTR

18019035bcgoogleusercontentcom
DNS

169.25.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

169.25.221.88.in-addr.arpa

IN PTR

Response

169.25.221.88.in-addr.arpa

IN PTR

a88-221-25-169deploystaticakamaitechnologiescom
DNS

assets.msn.com

Remote address:

8.8.8.8:53

Request

assets.msn.com

IN A

Response

assets.msn.com

IN CNAME

assets.msn.com.edgekey.net

assets.msn.com.edgekey.net

IN CNAME

e28578.d.akamaiedge.net

e28578.d.akamaiedge.net

IN A

2.22.54.144

e28578.d.akamaiedge.net

IN A

2.22.54.187
GET

https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=5f45b6e0-116a-4041-bcba-07ba2bdddb55&ocid=windows-windowsShell-feeds&user=m-a9d361711b0547dd89c98478bfd58293&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask

Remote address:

2.22.54.144:443

Request

GET /serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=5f45b6e0-116a-4041-bcba-07ba2bdddb55&ocid=windows-windowsShell-feeds&user=m-a9d361711b0547dd89c98478bfd58293&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask HTTP/2.0
host: assets.msn.com
x-search-account: None
accept-encoding: gzip, deflate
x-device-machineid: {0CB1EA16-0695-4FD0-8AD8-A52116124C74}
x-userageclass: Unknown
x-bm-market: US
x-bm-dateformat: M/d/yyyy
x-device-ossku: 48
x-bm-dtz: 0
x-deviceid: 0100B2E609000CC3
x-bm-windowsflights: FX:119E26AD,FX:11D898D7,FX:11DB147C,FX:11DE505A,FX:11E11E97,FX:11E3E2BA,FX:11E50151,FX:11E9EE98,FX:11F1992A,FX:11F4161E,FX:11F41B68,FX:11FB0F2F,FX:1201B330,FX:1202B7FC,FX:120BB68E,FX:121A20E1,FX:121BF15F,FX:121E5EC8,FX:122D8E86,FX:123031A3,FX:1231B88B,FX:123371B1,FX:1233C945,FX:123D7C31,FX:1240013C,FX:1246E4A3,FX:1248306D,FX:124B38D0,FX:1250080B,FX:125A7FDA,FX:1264FA75,FX:126DBC22,FX:127159BE,FX:12769734,FX:127C935B,FX:127DC03A,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5
sitename: www.msn.com
x-bm-theme: 000000;0078d7
muid: A9D361711B0547DD89C98478BFD58293
x-agent-deviceid: 0100B2E609000CC3
x-bm-onlinesearchdisabled: true
x-bm-cbt: 1688169304
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
x-device-isoptin: false
accept-language: en-US, en
x-device-touch: false
x-device-clientsession: FBF9570F7C57412D931CB5D07603BCD6
cookie: MUID=A9D361711B0547DD89C98478BFD58293

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-origin: *.msn.com
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent
content-encoding: gzip
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-tmpl: lowC:0;tbn:0;partialResponse:1;coldStartUpsell:1;coldStart:1;lowT:0
x-wpo-activityid: 1B548778-CD7B-4B0B-B398-F16EB25125A8|2023-06-30T23:55:09.0616128Z|fabric:/wpo|WEU|WPO_26
ddd-feednewsitemcount: 0
ddd-activityid: 1b548778-cd7b-4b0b-b398-f16eb25125a8
ddd-strategyexecutionlatency: 00:00:00.3052852
ddd-debugid: 1b548778-cd7b-4b0b-b398-f16eb25125a8|2023-06-30T23:55:09.0724581Z|fabric:/winfeed|WEU|WinFeed_476
onewebservicelatency: 307
x-msedge-responseinfo: 307
x-ceto-ref: 649f6b5c42ca4234825a68a71b24121f|2023-06-30T23:55:08.761Z
expires: Fri, 30 Jun 2023 23:55:09 GMT
date: Fri, 30 Jun 2023 23:55:09 GMT
content-length: 5928
akamai-request-bc: [a=2.22.54.140,b=583993204,c=g,n=NL__SCHIPHOL,o=20940],[a=20.23.114.34,c=o]
server-timing: clientrtt; dur=2, clienttt; dur=314, origin; dur=313 , cdntime; dur=1
akamai-cache-status: Miss from child
akamai-server-ip: 2.22.54.140
akamai-request-id: 22cf0774
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
vary: Origin
DNS

144.54.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

144.54.22.2.in-addr.arpa

IN PTR

Response

144.54.22.2.in-addr.arpa

IN PTR

a2-22-54-144deploystaticakamaitechnologiescom
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
GET

https://www.bing.com/th?id=OADD2.10239317301650_189LTJSQL1S9ICG4N&pid=21.2&w=1080&h=1920&c=4

Remote address:

2.22.54.105:443

Request

GET /th?id=OADD2.10239317301650_189LTJSQL1S9ICG4N&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 411895
date: Fri, 30 Jun 2023 23:55:45 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.65361602.1688169345.8fccc54
GET

https://www.bing.com/th?id=OADD2.10239317301482_1ANKRYMGEF2OSNOYS&pid=21.2&w=1080&h=1920&c=4

Remote address:

2.22.54.105:443

Request

GET /th?id=OADD2.10239317301482_1ANKRYMGEF2OSNOYS&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 454216
date: Fri, 30 Jun 2023 23:55:45 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.65361602.1688169345.8fccc5a
GET

https://www.bing.com/th?id=OADD2.10239317301049_1YMSK8KHVRAKI78X3&pid=21.2&w=1920&h=1080&c=4

Remote address:

2.22.54.105:443

Request

GET /th?id=OADD2.10239317301049_1YMSK8KHVRAKI78X3&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 439798
date: Fri, 30 Jun 2023 23:55:45 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.65361602.1688169345.8fccc5b
GET

https://www.bing.com/th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&w=1080&h=1920&c=4

Remote address:

2.22.54.105:443

Request

GET /th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 430426
date: Fri, 30 Jun 2023 23:55:45 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.65361602.1688169345.8fccdb5
GET

https://www.bing.com/th?id=OADD2.10239317301241_15T7JHPVJQ55GZJQ2&pid=21.2&w=1920&h=1080&c=4

Remote address:

2.22.54.105:443

Request

GET /th?id=OADD2.10239317301241_15T7JHPVJQ55GZJQ2&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 480156
date: Fri, 30 Jun 2023 23:55:46 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.65361602.1688169346.8fccf29
GET

https://www.bing.com/th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&w=1920&h=1080&c=4

Remote address:

2.22.54.105:443

Request

GET /th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 485036
date: Fri, 30 Jun 2023 23:55:46 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.65361602.1688169346.8fccf2c
DNS

105.54.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

105.54.22.2.in-addr.arpa

IN PTR

Response

105.54.22.2.in-addr.arpa

IN PTR

a2-22-54-105deploystaticakamaitechnologiescom
DNS

73.254.224.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.254.224.20.in-addr.arpa

IN PTR

Response

209.197.3.8:80

322 B
7
192.229.221.95:80

322 B
7
104.26.15.97:443

https://wisepops.net/

tls, http2

chrome.exe

2.1kB
6.5kB
18
17

HTTP Request

GET https://wisepops.net/

HTTP Response

404

HTTP Request

GET https://wisepops.net/

HTTP Response

404

HTTP Request

GET https://wisepops.net/

HTTP Response

404
35.190.80.1:443

https://a.nel.cloudflare.com/report/v3?s=nvY7R784PRylvdC%2BfyEhd7t56hd%2F2ERmKFIkqXIEA2yFDBDEg5YxE6UK96%2ByQUPMcHR%2FRFc5dUQF8icT0rb6pnyMDjIKYRLV6qIcwkfnc%2BvUC3ApCOXDy53bLTShBA%3D%3D

tls, http2

chrome.exe

2.7kB
6.4kB
20
21

HTTP Request

OPTIONS https://a.nel.cloudflare.com/report/v3?s=nvY7R784PRylvdC%2BfyEhd7t56hd%2F2ERmKFIkqXIEA2yFDBDEg5YxE6UK96%2ByQUPMcHR%2FRFc5dUQF8icT0rb6pnyMDjIKYRLV6qIcwkfnc%2BvUC3ApCOXDy53bLTShBA%3D%3D

HTTP Request

POST https://a.nel.cloudflare.com/report/v3?s=nvY7R784PRylvdC%2BfyEhd7t56hd%2F2ERmKFIkqXIEA2yFDBDEg5YxE6UK96%2ByQUPMcHR%2FRFc5dUQF8icT0rb6pnyMDjIKYRLV6qIcwkfnc%2BvUC3ApCOXDy53bLTShBA%3D%3D
88.221.25.169:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

chrome.exe

416 B
1.7kB
6
5

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
2.22.54.144:443

https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=5f45b6e0-116a-4041-bcba-07ba2bdddb55&ocid=windows-windowsShell-feeds&user=m-a9d361711b0547dd89c98478bfd58293&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask

tls, http2

2.8kB
15.1kB
23
22

HTTP Request

GET https://assets.msn.com/serviceak/v1/news/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&activityId=5f45b6e0-116a-4041-bcba-07ba2bdddb55&ocid=windows-windowsShell-feeds&user=m-a9d361711b0547dd89c98478bfd58293&Treatment=T6&MaximumDimensions=660x640&experience=Taskbar&AppVersion=1&osLocale=en-US&caller=bgtask

HTTP Response

200
13.69.239.72:443

322 B
7
2.22.54.105:443

www.bing.com

tls, http2

1.2kB
6.8kB
17
14
2.22.54.105:443

www.bing.com

tls, http2

1.2kB
6.8kB
17
14
2.22.54.105:443

www.bing.com

tls, http2

1.2kB
6.8kB
16
14
2.22.54.105:443

https://www.bing.com/th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&w=1920&h=1080&c=4

tls, http2

94.5kB
2.8MB
2028
2024

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239317301650_189LTJSQL1S9ICG4N&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239317301482_1ANKRYMGEF2OSNOYS&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239317301049_1YMSK8KHVRAKI78X3&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239317301241_15T7JHPVJQ55GZJQ2&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200
2.22.54.105:443

www.bing.com

tls, http2

1.2kB
6.8kB
16
14
209.197.3.8:80

322 B
7

8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

wisepops.net

dns

chrome.exe

58 B
106 B
1
1

DNS Request

wisepops.net

DNS Response

104.26.15.97

172.67.75.153

104.26.14.97
8.8.8.8:53

a.nel.cloudflare.com

dns

chrome.exe

66 B
82 B
1
1

DNS Request

a.nel.cloudflare.com

DNS Response

35.190.80.1
8.8.8.8:53

apps.identrust.com

dns

chrome.exe

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

88.221.25.169

88.221.25.153
8.8.8.8:53

97.15.26.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

97.15.26.104.in-addr.arpa
8.8.8.8:53

195.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.179.250.142.in-addr.arpa
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

1.80.190.35.in-addr.arpa

dns

70 B
120 B
1
1

DNS Request

1.80.190.35.in-addr.arpa
8.8.8.8:53

169.25.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

169.25.221.88.in-addr.arpa
35.190.80.1:443

a.nel.cloudflare.com

https

chrome.exe

3.1kB
5.0kB
6
7
8.8.8.8:53

assets.msn.com

dns

60 B
166 B
1
1

DNS Request

assets.msn.com

DNS Response

2.22.54.144

2.22.54.187
8.8.8.8:53

144.54.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

144.54.22.2.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

105.54.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

105.54.22.2.in-addr.arpa
8.8.8.8:53

73.254.224.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

73.254.224.20.in-addr.arpa
35.190.80.1:443

a.nel.cloudflare.com

https

chrome.exe

4.3kB
2.4kB
10
8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9a3ec57140aceadf8b43f9aabe850bd5

SHA1
bca18b74567d43436e2f272c94fd4260feb0d0e4

SHA256
ba79a0384a5087118695f461d9caa0addd9b645af643d2877752c31bf0d9b647

SHA512
5f875a06b6ee9c38dd0821f65c36b1089c4597b48ea84fd5365c6c47d1db7c3eb207059ad32dd16b706644b1e0fe8f7f75f0591f6e4cff4b2c178cfdc5b9a18c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9bcc5b4e0a431fa93d0756625477b977

SHA1
0c9f6e704e63726c7443b690c787a68288966eac

SHA256
4d5652b8ea016d06ad4378cc2c0be95646dcae952c709f9356d35a342d08b6b9

SHA512
b489d4b007f62c2a4c374ddffc1f22fb1e1e2270602bb61edf46e07d6c94d007bc481a4c21df12bc5dfcf5ae8dfa75d32b1149cf079f3838ec2e0c32296a8a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fe0560865b7b707e1ddb499c25d48370

SHA1
39df382c9412ff72fab95ffb0c52325eb4516bd6

SHA256
688b0deb3fb5ab4a7438a4bee577d867f3aa0245e6cf7810c5aeeb934b66e8d6

SHA512
35a873869f50868fb8cd96a33277d60f183b9bc8628494286bf747139d54caf3a3dcdb9b578aa4ef1f4fd9d25e2b7f6ebf57610eeed8af5e41ab7c6a0bbc803c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
66946a6f7f46fc1fc1bda776d76753e0

SHA1
f3cceaf96b7f2b1e1dc28412cad8a212bf571be7

SHA256
29b56a83c4e5661a7740246d39c6404e83c940a603160d15ae4e21f7ea644b56

SHA512
e9d96716ca1eb10c432136258e7e936112d2d8d0a48d46664cfcaf1042a043a10ba2168f2a48e54f01675c5028efed85e79582dd677179cac0299a65b5e77c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
88KB

MD5
79629c4d84b7567a63a9e396112a0b3a

SHA1
4459acefc39a3cc2c106bb6944da34d84cd73d40

SHA256
131e23691a30938c543560a1d55aa0eb157751e41e35e087725ccac5c9b42e10

SHA512
5046eec3e258e648cdfc8c2a024a4960c3f999971cda648da330a434e57625ee8b33d46200e2ee9350da0125c366d100bd84328a156209263f13ab8ecbaa9347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
cab89f8c303d54d4a31f0711a530f882

SHA1
0ebc9e10c3fa00a0c75dabf8a01a3a49652ca123

SHA256
7d53caccac0265877e3d6c651bb18bdd1bd13737fb0754c2ab14edf4a74bf2da

SHA512
3afb1b8be03f123c354a25dfdbc8d3966c164baf7752e392596a72771504205ef3b7ed2fdfe94d1272c42a3c95a16f989cb189a55f5418acca72f8b74bd18326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
9944fd28b005d241c1489bae41b4b29b

SHA1
41a413f11c11b7dea6326b7e7326ac7793cc5e86

SHA256
8efbd2d063aba7731b456eb247b14256132b71eb0abf1b0c415a9cfc6c5145f5

SHA512
49485c10d0648bfd045fffc7d3ad90545dc801ba1808ee1bb0625de1c09f9f291ff3e1128344e02abf09c110bf2f5f04a8c578c3826b12f26a98f4653914f4cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.