Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

http://lir.ae

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 17:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://lir.ae

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://lir.ae
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3308
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c0ee9758,0x7ff9c0ee9768,0x7ff9c0ee9778
      2⤵
        PID:2672
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1876,i,13148426701678899016,4804719428722662294,131072 /prefetch:2
        2⤵
          PID:4888
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1876,i,13148426701678899016,4804719428722662294,131072 /prefetch:8
          2⤵
            PID:3612
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1876,i,13148426701678899016,4804719428722662294,131072 /prefetch:8
            2⤵
              PID:3572
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1876,i,13148426701678899016,4804719428722662294,131072 /prefetch:1
              2⤵
                PID:436
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1876,i,13148426701678899016,4804719428722662294,131072 /prefetch:1
                2⤵
                  PID:5056
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4036 --field-trial-handle=1876,i,13148426701678899016,4804719428722662294,131072 /prefetch:1
                  2⤵
                    PID:1576
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2876 --field-trial-handle=1876,i,13148426701678899016,4804719428722662294,131072 /prefetch:1
                    2⤵
                      PID:3016
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1876,i,13148426701678899016,4804719428722662294,131072 /prefetch:8
                      2⤵
                        PID:4036
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1876,i,13148426701678899016,4804719428722662294,131072 /prefetch:8
                        2⤵
                          PID:2536
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3852 --field-trial-handle=1876,i,13148426701678899016,4804719428722662294,131072 /prefetch:1
                          2⤵
                            PID:4612
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2340 --field-trial-handle=1876,i,13148426701678899016,4804719428722662294,131072 /prefetch:1
                            2⤵
                              PID:1580
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3464 --field-trial-handle=1876,i,13148426701678899016,4804719428722662294,131072 /prefetch:1
                              2⤵
                                PID:5100
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4100 --field-trial-handle=1876,i,13148426701678899016,4804719428722662294,131072 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:2852
                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                              1⤵
                                PID:1420

                              Network

                              • flag-us
                                DNS
                                lir.ae
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                lir.ae
                                IN A
                                Response
                              • flag-us
                                DNS
                                google.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                google.com
                                IN A
                                Response
                                google.com
                                IN A
                                172.217.23.206
                              • flag-us
                                DNS
                                google.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                google.com
                                IN A
                                Response
                                google.com
                                IN A
                                172.217.23.206
                              • flag-us
                                DNS
                                202.23.217.172.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                202.23.217.172.in-addr.arpa
                                IN PTR
                                Response
                                202.23.217.172.in-addr.arpa
                                IN PTR
                                ams16s37-in-f101e100net
                                202.23.217.172.in-addr.arpa
                                IN PTR
                                prg03s05-in-f10�I
                                202.23.217.172.in-addr.arpa
                                IN PTR
                                prg03s05-in-f202�I
                              • flag-us
                                DNS
                                13.86.106.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                13.86.106.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                198.178.17.96.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                198.178.17.96.in-addr.arpa
                                IN PTR
                                Response
                                198.178.17.96.in-addr.arpa
                                IN PTR
                                a96-17-178-198deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                241.154.82.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                241.154.82.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                195.233.44.23.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                195.233.44.23.in-addr.arpa
                                IN PTR
                                Response
                                195.233.44.23.in-addr.arpa
                                IN PTR
                                a23-44-233-195deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                26.35.223.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                26.35.223.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                157.123.68.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                157.123.68.40.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                lir.ae
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                lir.ae
                                IN A
                                Response
                              • flag-us
                                DNS
                                56.126.166.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                56.126.166.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                104.241.123.92.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                104.241.123.92.in-addr.arpa
                                IN PTR
                                Response
                                104.241.123.92.in-addr.arpa
                                IN PTR
                                a92-123-241-104deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                104.241.123.92.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                104.241.123.92.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                119.110.54.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                119.110.54.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                209.205.72.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                209.205.72.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                217.135.221.88.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                217.135.221.88.in-addr.arpa
                                IN PTR
                                Response
                                217.135.221.88.in-addr.arpa
                                IN PTR
                                a88-221-135-217deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                232.168.11.51.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                232.168.11.51.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                240.221.184.93.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                240.221.184.93.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                33.134.221.88.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                33.134.221.88.in-addr.arpa
                                IN PTR
                                Response
                                33.134.221.88.in-addr.arpa
                                IN PTR
                                a88-221-134-33deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                211.135.221.88.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                211.135.221.88.in-addr.arpa
                                IN PTR
                                Response
                                211.135.221.88.in-addr.arpa
                                IN PTR
                                a88-221-135-211deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                18.134.221.88.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                18.134.221.88.in-addr.arpa
                                IN PTR
                                Response
                                18.134.221.88.in-addr.arpa
                                IN PTR
                                a88-221-134-18deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                lir.ae
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                lir.ae
                                IN A
                                Response
                              • flag-us
                                DNS
                                lir.ae
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                lir.ae
                                IN A
                              • flag-us
                                DNS
                                211.178.17.96.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                211.178.17.96.in-addr.arpa
                                IN PTR
                                Response
                                211.178.17.96.in-addr.arpa
                                IN PTR
                                a96-17-178-211deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                211.178.17.96.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                211.178.17.96.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                199.178.17.96.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                199.178.17.96.in-addr.arpa
                                IN PTR
                                Response
                                199.178.17.96.in-addr.arpa
                                IN PTR
                                a96-17-178-199deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                199.178.17.96.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                199.178.17.96.in-addr.arpa
                                IN PTR
                                Response
                                199.178.17.96.in-addr.arpa
                                IN PTR
                                a96-17-178-199deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                206.178.17.96.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                206.178.17.96.in-addr.arpa
                                IN PTR
                                Response
                                206.178.17.96.in-addr.arpa
                                IN PTR
                                a96-17-178-206deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                206.178.17.96.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                206.178.17.96.in-addr.arpa
                                IN PTR
                                Response
                                206.178.17.96.in-addr.arpa
                                IN PTR
                                a96-17-178-206deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                218.135.221.88.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                218.135.221.88.in-addr.arpa
                                IN PTR
                                Response
                                218.135.221.88.in-addr.arpa
                                IN PTR
                                a88-221-135-218deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                218.135.221.88.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                218.135.221.88.in-addr.arpa
                                IN PTR
                                Response
                                218.135.221.88.in-addr.arpa
                                IN PTR
                                a88-221-135-218deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                21.236.111.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                21.236.111.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                21.236.111.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                21.236.111.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                lir.ae
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                lir.ae
                                IN A
                                Response
                              • flag-us
                                DNS
                                lir.ae
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                lir.ae
                                IN A
                                Response
                              • flag-us
                                DNS
                                beacons.gcp.gvt2.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                beacons.gcp.gvt2.com
                                IN A
                                Response
                                beacons.gcp.gvt2.com
                                IN CNAME
                                beacons-handoff.gcp.gvt2.com
                                beacons-handoff.gcp.gvt2.com
                                IN A
                                192.178.49.3
                              • flag-us
                                DNS
                                beacons.gcp.gvt2.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                beacons.gcp.gvt2.com
                                IN A
                                Response
                                beacons.gcp.gvt2.com
                                IN CNAME
                                beacons-handoff.gcp.gvt2.com
                                beacons-handoff.gcp.gvt2.com
                                IN A
                                192.178.49.3
                              • flag-us
                                POST
                                https://beacons.gcp.gvt2.com/domainreliability/upload
                                chrome.exe
                                Remote address:
                                192.178.49.3:443
                                Request
                                POST /domainreliability/upload HTTP/2.0
                                host: beacons.gcp.gvt2.com
                                content-length: 272
                                content-type: application/json; charset=utf-8
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-us
                                POST
                                https://beacons.gcp.gvt2.com/domainreliability/upload-nel
                                chrome.exe
                                Remote address:
                                192.178.49.3:443
                                Request
                                POST /domainreliability/upload-nel HTTP/2.0
                                host: beacons.gcp.gvt2.com
                                content-length: 401
                                content-type: application/reports+json
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-us
                                DNS
                                3.49.178.192.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                3.49.178.192.in-addr.arpa
                                IN PTR
                                Response
                                3.49.178.192.in-addr.arpa
                                IN PTR
                                phx18s08-in-f31e100net
                              • flag-us
                                DNS
                                3.49.178.192.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                3.49.178.192.in-addr.arpa
                                IN PTR
                                Response
                                3.49.178.192.in-addr.arpa
                                IN PTR
                                phx18s08-in-f31e100net
                              • flag-us
                                DNS
                                tse1.mm.bing.net
                                Remote address:
                                8.8.8.8:53
                                Request
                                tse1.mm.bing.net
                                IN A
                                Response
                                tse1.mm.bing.net
                                IN CNAME
                                mm-mm.bing.net.trafficmanager.net
                                mm-mm.bing.net.trafficmanager.net
                                IN CNAME
                                dual-a-0001.a-msedge.net
                                dual-a-0001.a-msedge.net
                                IN A
                                204.79.197.200
                                dual-a-0001.a-msedge.net
                                IN A
                                13.107.21.200
                              • flag-us
                                DNS
                                tse1.mm.bing.net
                                Remote address:
                                8.8.8.8:53
                                Request
                                tse1.mm.bing.net
                                IN A
                                Response
                                tse1.mm.bing.net
                                IN CNAME
                                mm-mm.bing.net.trafficmanager.net
                                mm-mm.bing.net.trafficmanager.net
                                IN CNAME
                                dual-a-0001.a-msedge.net
                                dual-a-0001.a-msedge.net
                                IN A
                                204.79.197.200
                                dual-a-0001.a-msedge.net
                                IN A
                                13.107.21.200
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239339388214_1UWGHWC2WCGKUMA6H&pid=21.2&w=1920&h=1080&c=4
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239339388214_1UWGHWC2WCGKUMA6H&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 412793
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: BA618DF026124FB49ABFCC1AA117C371 Ref B: LON04EDGE1220 Ref C: 2024-03-10T17:16:48Z
                                date: Sun, 10 Mar 2024 17:16:48 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239317301218_1B7RSJ3ZTR7CQSX5W&pid=21.2&w=1920&h=1080&c=4
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239317301218_1B7RSJ3ZTR7CQSX5W&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 570479
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 3EDC4F7F03CE4ABB8D38DB35D09860F8 Ref B: LON04EDGE1220 Ref C: 2024-03-10T17:16:48Z
                                date: Sun, 10 Mar 2024 17:16:48 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239317301288_1GU97O2L0EVD7325U&pid=21.2&w=1920&h=1080&c=4
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239317301288_1GU97O2L0EVD7325U&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 334566
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 92EF05EDC94944E18AB8CA7858197C1E Ref B: LON04EDGE1220 Ref C: 2024-03-10T17:16:48Z
                                date: Sun, 10 Mar 2024 17:16:48 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239317301627_1W86XP38C3HTKT30H&pid=21.2&w=1080&h=1920&c=4
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239317301627_1W86XP38C3HTKT30H&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 518294
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 73DFE91F09AD4BADB120347281C2546D Ref B: LON04EDGE1220 Ref C: 2024-03-10T17:16:48Z
                                date: Sun, 10 Mar 2024 17:16:48 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239339388215_16IMSQNWG15X43RXM&pid=21.2&w=1080&h=1920&c=4
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239339388215_16IMSQNWG15X43RXM&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 317022
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 9C44A91249BC4131B0500A6BFF1687A6 Ref B: LON04EDGE1220 Ref C: 2024-03-10T17:16:48Z
                                date: Sun, 10 Mar 2024 17:16:48 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239317301697_1IS6I39WFTNHNV537&pid=21.2&w=1080&h=1920&c=4
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239317301697_1IS6I39WFTNHNV537&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 246852
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 0C5C57CB792A44369356F9CCAF937626 Ref B: LON04EDGE1220 Ref C: 2024-03-10T17:16:48Z
                                date: Sun, 10 Mar 2024 17:16:48 GMT
                              • flag-us
                                DNS
                                55.36.223.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                55.36.223.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                55.36.223.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                55.36.223.20.in-addr.arpa
                                IN PTR
                              • 192.178.49.3:443
                                https://beacons.gcp.gvt2.com/domainreliability/upload-nel
                                tls, http2
                                chrome.exe
                                2.8kB
                                 7.5kB
                                 21
                                22

                                HTTP Request

                                POST https://beacons.gcp.gvt2.com/domainreliability/upload

                                HTTP Request

                                POST https://beacons.gcp.gvt2.com/domainreliability/upload-nel
                              • 204.79.197.200:443
                                tse1.mm.bing.net
                                tls, http2
                                1.4kB
                                 8.1kB
                                 17
                                14
                              • 204.79.197.200:443
                                tse1.mm.bing.net
                                tls, http2
                                1.4kB
                                 8.1kB
                                 17
                                13
                              • 204.79.197.200:443
                                tse1.mm.bing.net
                                tls, http2
                                1.8kB
                                 8.1kB
                                 19
                                13
                              • 204.79.197.200:443
                                tse1.mm.bing.net
                                tls, http2
                                1.7kB
                                 8.1kB
                                 18
                                13
                              • 204.79.197.200:443
                                https://tse1.mm.bing.net/th?id=OADD2.10239317301697_1IS6I39WFTNHNV537&pid=21.2&w=1080&h=1920&c=4
                                tls, http2
                                90.2kB
                                 2.5MB
                                 1821
                                1814

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239339388214_1UWGHWC2WCGKUMA6H&pid=21.2&w=1920&h=1080&c=4

                                HTTP Response

                                200

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301218_1B7RSJ3ZTR7CQSX5W&pid=21.2&w=1920&h=1080&c=4

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301288_1GU97O2L0EVD7325U&pid=21.2&w=1920&h=1080&c=4

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301627_1W86XP38C3HTKT30H&pid=21.2&w=1080&h=1920&c=4

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239339388215_16IMSQNWG15X43RXM&pid=21.2&w=1080&h=1920&c=4

                                HTTP Response

                                200

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301697_1IS6I39WFTNHNV537&pid=21.2&w=1080&h=1920&c=4

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200
                              • 96.17.178.206:80
                              • 8.8.8.8:53
                                lir.ae
                                dns
                                chrome.exe
                                52 B
                                 116 B
                                 1
                                1

                                DNS Request

                                lir.ae

                              • 8.8.8.8:53
                                google.com
                                dns
                                chrome.exe
                                56 B
                                 72 B
                                 1
                                1

                                DNS Request

                                google.com

                                DNS Response

                                172.217.23.206

                              • 8.8.8.8:53
                                google.com
                                dns
                                chrome.exe
                                56 B
                                 72 B
                                 1
                                1

                                DNS Request

                                google.com

                                DNS Response

                                172.217.23.206

                              • 8.8.8.8:53
                                202.23.217.172.in-addr.arpa
                                dns
                                73 B
                                 173 B
                                 1
                                1

                                DNS Request

                                202.23.217.172.in-addr.arpa

                              • 8.8.8.8:53
                                13.86.106.20.in-addr.arpa
                                dns
                                71 B
                                 157 B
                                 1
                                1

                                DNS Request

                                13.86.106.20.in-addr.arpa

                              • 8.8.8.8:53
                                198.178.17.96.in-addr.arpa
                                dns
                                72 B
                                 137 B
                                 1
                                1

                                DNS Request

                                198.178.17.96.in-addr.arpa

                              • 224.0.0.251:5353
                                chrome.exe
                                204 B
                                 3
                              • 8.8.8.8:53
                                241.154.82.20.in-addr.arpa
                                dns
                                72 B
                                 158 B
                                 1
                                1

                                DNS Request

                                241.154.82.20.in-addr.arpa

                              • 8.8.8.8:53
                                195.233.44.23.in-addr.arpa
                                dns
                                72 B
                                 137 B
                                 1
                                1

                                DNS Request

                                195.233.44.23.in-addr.arpa

                              • 8.8.8.8:53
                                26.35.223.20.in-addr.arpa
                                dns
                                71 B
                                 157 B
                                 1
                                1

                                DNS Request

                                26.35.223.20.in-addr.arpa

                              • 8.8.8.8:53
                                157.123.68.40.in-addr.arpa
                                dns
                                72 B
                                 146 B
                                 1
                                1

                                DNS Request

                                157.123.68.40.in-addr.arpa

                              • 8.8.8.8:53
                                lir.ae
                                dns
                                chrome.exe
                                52 B
                                 116 B
                                 1
                                1

                                DNS Request

                                lir.ae

                              • 8.8.8.8:53
                                56.126.166.20.in-addr.arpa
                                dns
                                72 B
                                 158 B
                                 1
                                1

                                DNS Request

                                56.126.166.20.in-addr.arpa

                              • 8.8.8.8:53
                                104.241.123.92.in-addr.arpa
                                dns
                                146 B
                                 139 B
                                 2
                                1

                                DNS Request

                                104.241.123.92.in-addr.arpa

                                DNS Request

                                104.241.123.92.in-addr.arpa

                              • 8.8.8.8:53
                                119.110.54.20.in-addr.arpa
                                dns
                                72 B
                                 158 B
                                 1
                                1

                                DNS Request

                                119.110.54.20.in-addr.arpa

                              • 8.8.8.8:53
                                209.205.72.20.in-addr.arpa
                                dns
                                72 B
                                 158 B
                                 1
                                1

                                DNS Request

                                209.205.72.20.in-addr.arpa

                              • 8.8.8.8:53
                                217.135.221.88.in-addr.arpa
                                dns
                                73 B
                                 139 B
                                 1
                                1

                                DNS Request

                                217.135.221.88.in-addr.arpa

                              • 8.8.8.8:53
                                232.168.11.51.in-addr.arpa
                                dns
                                72 B
                                 158 B
                                 1
                                1

                                DNS Request

                                232.168.11.51.in-addr.arpa

                              • 8.8.8.8:53
                                240.221.184.93.in-addr.arpa
                                dns
                                73 B
                                 144 B
                                 1
                                1

                                DNS Request

                                240.221.184.93.in-addr.arpa

                              • 8.8.8.8:53
                                33.134.221.88.in-addr.arpa
                                dns
                                72 B
                                 137 B
                                 1
                                1

                                DNS Request

                                33.134.221.88.in-addr.arpa

                              • 8.8.8.8:53
                                211.135.221.88.in-addr.arpa
                                dns
                                73 B
                                 139 B
                                 1
                                1

                                DNS Request

                                211.135.221.88.in-addr.arpa

                              • 8.8.8.8:53
                                18.134.221.88.in-addr.arpa
                                dns
                                72 B
                                 137 B
                                 1
                                1

                                DNS Request

                                18.134.221.88.in-addr.arpa

                              • 8.8.8.8:53
                                lir.ae
                                dns
                                chrome.exe
                                104 B
                                 116 B
                                 2
                                1

                                DNS Request

                                lir.ae

                                DNS Request

                                lir.ae

                              • 8.8.8.8:53
                                211.178.17.96.in-addr.arpa
                                dns
                                144 B
                                 137 B
                                 2
                                1

                                DNS Request

                                211.178.17.96.in-addr.arpa

                                DNS Request

                                211.178.17.96.in-addr.arpa

                              • 8.8.8.8:53
                                199.178.17.96.in-addr.arpa
                                dns
                                144 B
                                 274 B
                                 2
                                2

                                DNS Request

                                199.178.17.96.in-addr.arpa

                                DNS Request

                                199.178.17.96.in-addr.arpa

                              • 8.8.8.8:53
                                206.178.17.96.in-addr.arpa
                                dns
                                144 B
                                 274 B
                                 2
                                2

                                DNS Request

                                206.178.17.96.in-addr.arpa

                                DNS Request

                                206.178.17.96.in-addr.arpa

                              • 8.8.8.8:53
                                218.135.221.88.in-addr.arpa
                                dns
                                146 B
                                 278 B
                                 2
                                2

                                DNS Request

                                218.135.221.88.in-addr.arpa

                                DNS Request

                                218.135.221.88.in-addr.arpa

                              • 8.8.8.8:53
                                21.236.111.52.in-addr.arpa
                                dns
                                144 B
                                 316 B
                                 2
                                2

                                DNS Request

                                21.236.111.52.in-addr.arpa

                                DNS Request

                                21.236.111.52.in-addr.arpa

                              • 8.8.8.8:53
                                lir.ae
                                dns
                                chrome.exe
                                104 B
                                 232 B
                                 2
                                2

                                DNS Request

                                lir.ae

                                DNS Request

                                lir.ae

                              • 8.8.8.8:53
                                beacons.gcp.gvt2.com
                                dns
                                chrome.exe
                                132 B
                                 224 B
                                 2
                                2

                                DNS Request

                                beacons.gcp.gvt2.com

                                DNS Request

                                beacons.gcp.gvt2.com

                                DNS Response

                                192.178.49.3

                                DNS Response

                                192.178.49.3

                              • 192.178.49.3:443
                                beacons.gcp.gvt2.com
                                https
                                chrome.exe
                                3.2kB
                                 7.6kB
                                 8
                                9
                              • 8.8.8.8:53
                                3.49.178.192.in-addr.arpa
                                dns
                                142 B
                                 218 B
                                 2
                                2

                                DNS Request

                                3.49.178.192.in-addr.arpa

                                DNS Request

                                3.49.178.192.in-addr.arpa

                              • 8.8.8.8:53
                                tse1.mm.bing.net
                                dns
                                124 B
                                 346 B
                                 2
                                2

                                DNS Request

                                tse1.mm.bing.net

                                DNS Request

                                tse1.mm.bing.net

                                DNS Response

                                204.79.197.200
                                13.107.21.200

                                DNS Response

                                204.79.197.200
                                13.107.21.200

                              • 8.8.8.8:53
                                55.36.223.20.in-addr.arpa
                                dns
                                142 B
                                 157 B
                                 2
                                1

                                DNS Request

                                55.36.223.20.in-addr.arpa

                                DNS Request

                                55.36.223.20.in-addr.arpa

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                48dc2df8b29e5af127c1464d45153404

                                SHA1

                                4802e661f234bd5bbed0bc32fdab75a1be47c5f2

                                SHA256

                                e5d6214139ea0142b324227cbf9b42a03e71a787644dd92e165a4e616f7d862a

                                SHA512

                                4d67ae5d3d4711a9b77d275ad078af68dd17293737db9f273ce59e5edd6e6d4aeb2db2a5dc8db8331f98badf5b3b073cbb40e203db5845650decf0b9744ea37b

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                e4c61220b365f28c7ce4a53b63fd5c78

                                SHA1

                                9f63dac1c29d10f87a1e3070346123bc41ea7973

                                SHA256

                                83153bbd41af5009f3fa7e431e194de8f9f19b3c58993d5c9bfe3b2f927ad834

                                SHA512

                                c142e31550009921685a45e546b4beae983d546cab088069eb842e38b5426a480870d542841f0bb234392763231cb7cdcd432ee8dade47e8b84ba723115e2065

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                Filesize

                                253KB

                                MD5

                                c64004efd213d9ee40b757c53370e78a

                                SHA1

                                068f9fe9010bb0f2ebc3b4920e98bbc8ee1b4f5a

                                SHA256

                                54a8d464f635b640e106db2224ecb7ee42b99cceb65e470791fc180770411d44

                                SHA512

                                84978a77101e9152b95f79c61ad085290579453b5b3d2900a6f83a05362e225b4dcfb38aa642d353f4848c7c15fa9f26cb450089084968ab5eff25d26568df04

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                Filesize

                                2B

                                MD5

                                99914b932bd37a50b983c5e7c90ae93b

                                SHA1

                                bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                SHA256

                                44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                SHA512

                                27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                Download Submit

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.