Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/09/2023, 19:03 UTC

General

  • Target

    https://192.168.22.107/acc_MOG#/login

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://192.168.22.107/acc_MOG#/login
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4560
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cf0546f8,0x7ff8cf054708,0x7ff8cf054718
      2⤵
        PID:1896
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16222367671601869250,13933343697066767352,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
        2⤵
          PID:2356
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16222367671601869250,13933343697066767352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1704
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,16222367671601869250,13933343697066767352,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
          2⤵
            PID:1860
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16222367671601869250,13933343697066767352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
            2⤵
              PID:3812
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16222367671601869250,13933343697066767352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
              2⤵
                PID:2096
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16222367671601869250,13933343697066767352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 /prefetch:8
                2⤵
                  PID:1680
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16222367671601869250,13933343697066767352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2888
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16222367671601869250,13933343697066767352,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
                  2⤵
                    PID:4740
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16222367671601869250,13933343697066767352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                    2⤵
                      PID:3240
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16222367671601869250,13933343697066767352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
                      2⤵
                        PID:4536
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16222367671601869250,13933343697066767352,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
                        2⤵
                          PID:684
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16222367671601869250,13933343697066767352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
                          2⤵
                            PID:3296
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16222367671601869250,13933343697066767352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
                            2⤵
                              PID:5088
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16222367671601869250,13933343697066767352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1
                              2⤵
                                PID:2116
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16222367671601869250,13933343697066767352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:1
                                2⤵
                                  PID:3516
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16222367671601869250,13933343697066767352,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3656 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:732
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3764
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:644

                                  Network

                                  • flag-us
                                    DNS
                                    8.8.8.8.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    8.8.8.8.in-addr.arpa
                                    IN PTR
                                    Response
                                    8.8.8.8.in-addr.arpa
                                    IN PTR
                                    dnsgoogle
                                  • flag-us
                                    DNS
                                    14.160.190.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    14.160.190.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    95.221.229.192.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    95.221.229.192.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    241.154.82.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    241.154.82.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    146.78.124.51.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    146.78.124.51.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    43.58.199.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    43.58.199.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    195.233.44.23.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    195.233.44.23.in-addr.arpa
                                    IN PTR
                                    Response
                                    195.233.44.23.in-addr.arpa
                                    IN PTR
                                    a23-44-233-195deploystaticakamaitechnologiescom
                                  • flag-us
                                    DNS
                                    50.23.12.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    50.23.12.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    198.187.3.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    198.187.3.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    254.109.26.67.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    254.109.26.67.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    205.47.74.20.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    205.47.74.20.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    48.229.111.52.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    48.229.111.52.in-addr.arpa
                                    IN PTR
                                    Response
                                  • flag-us
                                    DNS
                                    tse1.mm.bing.net
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    tse1.mm.bing.net
                                    IN A
                                    Response
                                    tse1.mm.bing.net
                                    IN CNAME
                                    mm-mm.bing.net.trafficmanager.net
                                    mm-mm.bing.net.trafficmanager.net
                                    IN CNAME
                                    dual-a-0001.a-msedge.net
                                    dual-a-0001.a-msedge.net
                                    IN A
                                    204.79.197.200
                                    dual-a-0001.a-msedge.net
                                    IN A
                                    13.107.21.200
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239317301370_1WTDA3QMJSZ92RY3W&pid=21.2&w=1080&h=1920&c=4
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239317301370_1WTDA3QMJSZ92RY3W&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 274066
                                    content-type: image/jpeg
                                    x-cache: TCP_HIT
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: A2F7258912F14DC69ACE06834AA1127A Ref B: AMS04EDGE2622 Ref C: 2023-09-30T19:05:15Z
                                    date: Sat, 30 Sep 2023 19:05:15 GMT
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239317301442_1NFWQDNBPD80GXFKU&pid=21.2&w=1080&h=1920&c=4
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239317301442_1NFWQDNBPD80GXFKU&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 360487
                                    content-type: image/jpeg
                                    x-cache: TCP_HIT
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: 2F5BCB33DB204BD1BA94CB73F5670E6D Ref B: AMS04EDGE2622 Ref C: 2023-09-30T19:05:15Z
                                    date: Sat, 30 Sep 2023 19:05:15 GMT
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239317301277_1JYIIJ2WQ4YZYJI0A&pid=21.2&w=1920&h=1080&c=4
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239317301277_1JYIIJ2WQ4YZYJI0A&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 457679
                                    content-type: image/jpeg
                                    x-cache: TCP_HIT
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: 80BF26EED5FB4F57B80E0A15D22C4998 Ref B: AMS04EDGE2622 Ref C: 2023-09-30T19:05:15Z
                                    date: Sat, 30 Sep 2023 19:05:15 GMT
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239317300937_1HHU6SR72RIO6JU61&pid=21.2&w=1920&h=1080&c=4
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239317300937_1HHU6SR72RIO6JU61&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 373128
                                    content-type: image/jpeg
                                    x-cache: TCP_HIT
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: 59CD9B3AF7184B75A927C46600629307 Ref B: AMS04EDGE2622 Ref C: 2023-09-30T19:05:15Z
                                    date: Sat, 30 Sep 2023 19:05:15 GMT
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239317301009_14C8U0B2GQT4CQK6B&pid=21.2&w=1920&h=1080&c=4
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239317301009_14C8U0B2GQT4CQK6B&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 342971
                                    content-type: image/jpeg
                                    x-cache: TCP_HIT
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: E8F876B4C3DB41FEB4565B883D95C661 Ref B: AMS04EDGE2622 Ref C: 2023-09-30T19:05:15Z
                                    date: Sat, 30 Sep 2023 19:05:15 GMT
                                  • flag-us
                                    GET
                                    https://tse1.mm.bing.net/th?id=OADD2.10239317301686_1KALYYHQJEHUB35MQ&pid=21.2&w=1080&h=1920&c=4
                                    Remote address:
                                    204.79.197.200:443
                                    Request
                                    GET /th?id=OADD2.10239317301686_1KALYYHQJEHUB35MQ&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                                    host: tse1.mm.bing.net
                                    accept: */*
                                    accept-encoding: gzip, deflate, br
                                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                    Response
                                    HTTP/2.0 200
                                    cache-control: public, max-age=2592000
                                    content-length: 398619
                                    content-type: image/jpeg
                                    x-cache: TCP_HIT
                                    access-control-allow-origin: *
                                    access-control-allow-headers: *
                                    access-control-allow-methods: GET, POST, OPTIONS
                                    timing-allow-origin: *
                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                    x-msedge-ref: Ref A: F551FCF63AFA4CDEB53D889215A2D3E0 Ref B: AMS04EDGE2622 Ref C: 2023-09-30T19:05:16Z
                                    date: Sat, 30 Sep 2023 19:05:16 GMT
                                  • flag-us
                                    DNS
                                    88.16.208.104.in-addr.arpa
                                    Remote address:
                                    8.8.8.8:53
                                    Request
                                    88.16.208.104.in-addr.arpa
                                    IN PTR
                                    Response
                                  • 192.168.22.107:443
                                    msedge.exe
                                    260 B
                                    5
                                  • 192.168.22.107:443
                                    msedge.exe
                                    260 B
                                    5
                                  • 192.168.22.107:443
                                    msedge.exe
                                    260 B
                                    5
                                  • 192.168.22.107:443
                                    msedge.exe
                                    260 B
                                    5
                                  • 192.168.22.107:443
                                    msedge.exe
                                    260 B
                                    5
                                  • 192.168.22.107:443
                                    msedge.exe
                                    260 B
                                    5
                                  • 192.168.22.107:443
                                    msedge.exe
                                    260 B
                                    5
                                  • 192.168.22.107:443
                                    msedge.exe
                                    260 B
                                    5
                                  • 192.168.22.107:443
                                    msedge.exe
                                    260 B
                                    5
                                  • 192.168.22.107:443
                                    msedge.exe
                                    260 B
                                    5
                                  • 192.168.22.107:443
                                    msedge.exe
                                    260 B
                                    5
                                  • 204.79.197.200:443
                                    tse1.mm.bing.net
                                    tls, http2
                                    1.2kB
                                    8.3kB
                                    16
                                    14
                                  • 204.79.197.200:443
                                    tse1.mm.bing.net
                                    tls, http2
                                    1.2kB
                                    8.3kB
                                    16
                                    14
                                  • 204.79.197.200:443
                                    https://tse1.mm.bing.net/th?id=OADD2.10239317301686_1KALYYHQJEHUB35MQ&pid=21.2&w=1080&h=1920&c=4
                                    tls, http2
                                    79.9kB
                                    2.3MB
                                    1660
                                    1654

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301370_1WTDA3QMJSZ92RY3W&pid=21.2&w=1080&h=1920&c=4

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301442_1NFWQDNBPD80GXFKU&pid=21.2&w=1080&h=1920&c=4

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301277_1JYIIJ2WQ4YZYJI0A&pid=21.2&w=1920&h=1080&c=4

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300937_1HHU6SR72RIO6JU61&pid=21.2&w=1920&h=1080&c=4

                                    HTTP Response

                                    200

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301009_14C8U0B2GQT4CQK6B&pid=21.2&w=1920&h=1080&c=4

                                    HTTP Response

                                    200

                                    HTTP Response

                                    200

                                    HTTP Response

                                    200

                                    HTTP Response

                                    200

                                    HTTP Request

                                    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301686_1KALYYHQJEHUB35MQ&pid=21.2&w=1080&h=1920&c=4

                                    HTTP Response

                                    200
                                  • 204.79.197.200:443
                                    tse1.mm.bing.net
                                    tls, http2
                                    1.2kB
                                    8.3kB
                                    16
                                    14
                                  • 8.8.8.8:53
                                    8.8.8.8.in-addr.arpa
                                    dns
                                    66 B
                                    90 B
                                    1
                                    1

                                    DNS Request

                                    8.8.8.8.in-addr.arpa

                                  • 8.8.8.8:53
                                    14.160.190.20.in-addr.arpa
                                    dns
                                    72 B
                                    158 B
                                    1
                                    1

                                    DNS Request

                                    14.160.190.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    95.221.229.192.in-addr.arpa
                                    dns
                                    145 B
                                    302 B
                                    2
                                    2

                                    DNS Request

                                    95.221.229.192.in-addr.arpa

                                    DNS Request

                                    241.154.82.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    146.78.124.51.in-addr.arpa
                                    dns
                                    72 B
                                    158 B
                                    1
                                    1

                                    DNS Request

                                    146.78.124.51.in-addr.arpa

                                  • 8.8.8.8:53
                                    43.58.199.20.in-addr.arpa
                                    dns
                                    71 B
                                    157 B
                                    1
                                    1

                                    DNS Request

                                    43.58.199.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    195.233.44.23.in-addr.arpa
                                    dns
                                    72 B
                                    137 B
                                    1
                                    1

                                    DNS Request

                                    195.233.44.23.in-addr.arpa

                                  • 224.0.0.251:5353
                                    449 B
                                    7
                                  • 8.8.8.8:53
                                    50.23.12.20.in-addr.arpa
                                    dns
                                    70 B
                                    156 B
                                    1
                                    1

                                    DNS Request

                                    50.23.12.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    198.187.3.20.in-addr.arpa
                                    dns
                                    71 B
                                    157 B
                                    1
                                    1

                                    DNS Request

                                    198.187.3.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    254.109.26.67.in-addr.arpa
                                    dns
                                    72 B
                                    126 B
                                    1
                                    1

                                    DNS Request

                                    254.109.26.67.in-addr.arpa

                                  • 8.8.8.8:53
                                    205.47.74.20.in-addr.arpa
                                    dns
                                    71 B
                                    157 B
                                    1
                                    1

                                    DNS Request

                                    205.47.74.20.in-addr.arpa

                                  • 8.8.8.8:53
                                    48.229.111.52.in-addr.arpa
                                    dns
                                    72 B
                                    158 B
                                    1
                                    1

                                    DNS Request

                                    48.229.111.52.in-addr.arpa

                                  • 8.8.8.8:53
                                    tse1.mm.bing.net
                                    dns
                                    62 B
                                    173 B
                                    1
                                    1

                                    DNS Request

                                    tse1.mm.bing.net

                                    DNS Response

                                    204.79.197.200
                                    13.107.21.200

                                  • 8.8.8.8:53
                                    88.16.208.104.in-addr.arpa
                                    dns
                                    72 B
                                    146 B
                                    1
                                    1

                                    DNS Request

                                    88.16.208.104.in-addr.arpa

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    db9dbef3f8b1f616429f605c1ebca2f0

                                    SHA1

                                    ffba76f0836c024828d4ff1982cc4240c41a8f16

                                    SHA256

                                    3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

                                    SHA512

                                    4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                    Filesize

                                    111B

                                    MD5

                                    285252a2f6327d41eab203dc2f402c67

                                    SHA1

                                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                    SHA256

                                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                    SHA512

                                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    5KB

                                    MD5

                                    c31a4803419f5c5758d901dbe1a8d543

                                    SHA1

                                    d85c3db87fee5c4e72fb118045e592fb9a63f6d1

                                    SHA256

                                    12d2435314950818b38d36ca4b6105ec3436b195835bda86b11d8893c73b30df

                                    SHA512

                                    d8ca10a28a78437720c712df6037d7eba7c40de62c4d986d57544b7819792e1fb0e68ceeaa5c0ddb56b42815fc715c0ec9eab1cd53bcecaa1c98c5443f86a1b2

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    5KB

                                    MD5

                                    48499db3bbe8279750931db279de7cf8

                                    SHA1

                                    5d8c7f1f661a8dba79778e094b41def65d945aa2

                                    SHA256

                                    801bb8f6dddbc2a4f1ba3e31fb77dc89df04662b4d938a9879c4d0b3d4442f37

                                    SHA512

                                    a0577e1abe8834cc04ac80b372f268b0ac2d170c0299dd07ca050e22c8e543f3a9fb464f85ae4ea4e85cc6ee0b07561540fcb77382fbdab9936456e45f90e831

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                    Filesize

                                    24KB

                                    MD5

                                    6dcb90ba1ba8e06c1d4f27ec78f6911a

                                    SHA1

                                    71e7834c7952aeb9f1aa6eb88e1959a1ae4985d9

                                    SHA256

                                    30d89e5026668c5a58bef231930a8bfb27ca099b24399a2615b210210d418416

                                    SHA512

                                    dc31807eaeb5221ac60d598035ca3ccab1dbeecc95caaff5e1f5a2a89ba1c83ef0a708ee0b8ed05b588ea5d50e360032a534356f84c89d3791df91d419daeff9

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    10KB

                                    MD5

                                    3b4943cde5772b7060490be5e9618c77

                                    SHA1

                                    4ca27e40a7aece5cb2976a3f7481509ed08b6948

                                    SHA256

                                    4d4ad390fed6124390b735216221cd5a8d8f710610a40ee171b6fd4984c04b46

                                    SHA512

                                    9c186c9afbdd34ae5b5f3418cc0bd322eeb6940a6588ebe40c9dccc2c568aa8421e3d990e41b4bfccb3267a93155030cd2417fefb312b49783f47d33afc8628b

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    10KB

                                    MD5

                                    56dc288cc6ceb37f96244914f03a387d

                                    SHA1

                                    30512457c008bb6693e7597aadd9cda435c91689

                                    SHA256

                                    9c7df4d8bba7db9d6e30d4143c809ad6a96d11df46e0a01660db674e76664029

                                    SHA512

                                    295469dcb094581c02b2d55582ccccec8cbb3fd0c8772eaed9896323cd914ba1af49811e7efe518967353df71a489a09856e43f1b2ebee0430f65091b61cc7af

                                  We care about your privacy.

                                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.