Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
167s -
max time network
166s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
13/03/2024, 08:44 UTC
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://mem.gfx.ms
Resource
win11-20240221-en
General
-
Target
http://mem.gfx.ms
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547931138208692" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1500 chrome.exe 1500 chrome.exe 5024 chrome.exe 5024 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1500 chrome.exe 1500 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe Token: SeShutdownPrivilege 1500 chrome.exe Token: SeCreatePagefilePrivilege 1500 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe 1500 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1500 wrote to memory of 4236 1500 chrome.exe 80 PID 1500 wrote to memory of 4236 1500 chrome.exe 80 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 2680 1500 chrome.exe 82 PID 1500 wrote to memory of 1752 1500 chrome.exe 83 PID 1500 wrote to memory of 1752 1500 chrome.exe 83 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84 PID 1500 wrote to memory of 4848 1500 chrome.exe 84
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mem.gfx.ms1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1500 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc84069758,0x7ffc84069768,0x7ffc840697782⤵PID:4236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1820,i,9294845460293534596,2971158879591433319,131072 /prefetch:22⤵PID:2680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1820,i,9294845460293534596,2971158879591433319,131072 /prefetch:82⤵PID:1752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,9294845460293534596,2971158879591433319,131072 /prefetch:82⤵PID:4848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1820,i,9294845460293534596,2971158879591433319,131072 /prefetch:12⤵PID:4272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1820,i,9294845460293534596,2971158879591433319,131072 /prefetch:12⤵PID:1128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1820,i,9294845460293534596,2971158879591433319,131072 /prefetch:82⤵PID:2504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1820,i,9294845460293534596,2971158879591433319,131072 /prefetch:82⤵PID:5016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4392 --field-trial-handle=1820,i,9294845460293534596,2971158879591433319,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5024
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2264
Network
-
Remote address:8.8.8.8:53Requestmem.gfx.msIN AResponsemem.gfx.msIN CNAMEamcdnmsftuswe.azureedge.netamcdnmsftuswe.azureedge.netIN CNAMEamcdnmsftuswe.afd.azureedge.netamcdnmsftuswe.afd.azureedge.netIN CNAMEfirstparty-azurefd-prod.trafficmanager.netfirstparty-azurefd-prod.trafficmanager.netIN CNAMEshed.dual-low.part-0036.t-0009.t-msedge.netshed.dual-low.part-0036.t-0009.t-msedge.netIN CNAMEpart-0036.t-0009.t-msedge.netpart-0036.t-0009.t-msedge.netIN A13.107.246.64part-0036.t-0009.t-msedge.netIN A13.107.213.64
-
Remote address:8.8.8.8:53Requestlogin.live.comIN AResponselogin.live.comIN CNAMElogin.msa.msidentity.comlogin.msa.msidentity.comIN CNAMEwww.tm.lg.prod.aadmsa.trafficmanager.netwww.tm.lg.prod.aadmsa.trafficmanager.netIN CNAMEprdv4a.aadg.msidentity.comprdv4a.aadg.msidentity.comIN CNAMEwww.tm.v4.a.prd.aadg.trafficmanager.netwww.tm.v4.a.prd.aadg.trafficmanager.netIN A40.126.32.76www.tm.v4.a.prd.aadg.trafficmanager.netIN A40.126.32.136www.tm.v4.a.prd.aadg.trafficmanager.netIN A40.126.32.138www.tm.v4.a.prd.aadg.trafficmanager.netIN A40.126.32.72www.tm.v4.a.prd.aadg.trafficmanager.netIN A20.190.160.20www.tm.v4.a.prd.aadg.trafficmanager.netIN A20.190.160.17www.tm.v4.a.prd.aadg.trafficmanager.netIN A40.126.32.74www.tm.v4.a.prd.aadg.trafficmanager.netIN A40.126.32.133
-
Remote address:8.8.8.8:53Request106.39.251.142.in-addr.arpaIN PTRResponse106.39.251.142.in-addr.arpaIN PTRams15s48-in-f101e100net
-
Remote address:8.8.8.8:53Request205.178.17.96.in-addr.arpaIN PTRResponse205.178.17.96.in-addr.arpaIN PTRa96-17-178-205deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request205.178.17.96.in-addr.arpaIN PTR
-
Remote address:13.107.246.64:80RequestGET / HTTP/1.1
Host: mem.gfx.ms
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 400 Bad Request
X-MSEdge-Ref: 0mGfxZQAAAAAMRYoyy736SZZpEO5ktWkwTE9OMjFFREdFMTcxOQBFZGdl
Date: Wed, 13 Mar 2024 08:45:11 GMT
-
Remote address:13.107.246.64:80RequestGET /favicon.ico HTTP/1.1
Host: mem.gfx.ms
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://mem.gfx.ms/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 400 Bad Request
X-MSEdge-Ref: 0mGfxZQAAAADxeZLDffi0TbIEKDMxf+RMTE9OMjFFREdFMTcxOQBFZGdl
Date: Wed, 13 Mar 2024 08:45:12 GMT
-
Remote address:8.8.8.8:53Request76.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request55.36.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestarc.msn.comIN AResponsearc.msn.comIN CNAMEarc.trafficmanager.netarc.trafficmanager.netIN CNAMEiris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.comiris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.comIN A20.223.36.55
-
Remote address:8.8.8.8:53Requestarc.msn.comIN A
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301631_1JS0AMCX251CLJ5OX&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301631_1JS0AMCX251CLJ5OX&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
ResponseHTTP/2.0 200
content-length: 405726
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BB71C806B1F1434CAA6B3E349E13A9A4 Ref B: LON04EDGE1114 Ref C: 2024-03-13T08:45:44Z
date: Wed, 13 Mar 2024 08:45:44 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&w=1080&h=1920&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
ResponseHTTP/2.0 200
content-length: 163886
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3FEFAFE9BB9D46878451883A59F5A747 Ref B: LON04EDGE1114 Ref C: 2024-03-13T08:45:44Z
date: Wed, 13 Mar 2024 08:45:44 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301222_1FJU5PIOORZE0KYBN&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239317301222_1FJU5PIOORZE0KYBN&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
ResponseHTTP/2.0 200
content-length: 384492
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6B510FBD3BE8441D8579F937D4681629 Ref B: LON04EDGE1114 Ref C: 2024-03-13T08:45:44Z
date: Wed, 13 Mar 2024 08:45:44 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&w=1920&h=1080&c=4Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
ResponseHTTP/2.0 200
content-length: 246369
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0DF359209D504C45BAC497E09FDAA536 Ref B: LON04EDGE1114 Ref C: 2024-03-13T08:45:44Z
date: Wed, 13 Mar 2024 08:45:44 GMT
-
1.1kB 1.1kB 7 9
HTTP Request
GET http://mem.gfx.ms/HTTP Response
400HTTP Request
GET http://mem.gfx.ms/favicon.icoHTTP Response
400 -
190 B 132 B 4 3
-
1.3kB 8.1kB 16 14
-
1.3kB 8.1kB 16 13
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&w=1920&h=1080&c=4tls, http245.0kB 1.3MB 921 919
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301631_1JS0AMCX251CLJ5OX&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&w=1080&h=1920&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301222_1FJU5PIOORZE0KYBN&pid=21.2&w=1920&h=1080&c=4HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&w=1920&h=1080&c=4HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200 -
1.3kB 8.1kB 16 13
-
333 B 869 B 5 4
DNS Request
mem.gfx.ms
DNS Response
13.107.246.6413.107.213.64
DNS Request
login.live.com
DNS Response
40.126.32.7640.126.32.13640.126.32.13840.126.32.7220.190.160.2020.190.160.1740.126.32.7440.126.32.133
DNS Request
106.39.251.142.in-addr.arpa
DNS Request
205.178.17.96.in-addr.arpa
DNS Request
205.178.17.96.in-addr.arpa
-
327 B 648 B 5 4
DNS Request
76.32.126.40.in-addr.arpa
DNS Request
57.169.31.20.in-addr.arpa
DNS Request
55.36.223.20.in-addr.arpa
DNS Request
arc.msn.com
DNS Request
arc.msn.com
DNS Response
20.223.36.55
-
204 B 3
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD59b163df35694380eee520949b33581c7
SHA19860027924025e10701f9592eded119801280e56
SHA256b87d19d02f9eaef86d09acdb0d3de9a3714d1815e2194bc5cb366c1cd67b32f2
SHA5129b58343195e867ce823c073d48f6f6e6a9f033f036b07835502820ec9e03f149e214c25ab192af37d44be923b66993bab9562f7412aa74a33e183a5231329c8c
-
Filesize
6KB
MD56e2d746556423062a0e7b606140a3d85
SHA16ed1e7b82251174cc54dbd1fe60a4d1c00b866db
SHA25605310c37eb120673c6616c2de16fe6f9744e295f498627993df64432f154446c
SHA512f80548cf63ea1ae5115004706ce6f1c745112431e26ba9b185de024a4b9ef03b51c1186407408dca0c95eb6087f91ff6eba2f11f339ab1e1f592b85320876abe
-
Filesize
130KB
MD5ace3c4cfc16c704e08027934181859de
SHA1ad7b8dccda778d9c94d5137d7c281eba15c4ce5d
SHA25632efb4ede0a172b50c6fc1387b1c1b322e8e89f5a87bc11b827fb542fc3cb36a
SHA512e052af8f2d8c91cffbd3d8929bcc26b61cce394ab89fdd2783c2e4de667dc5b4f0fa332f49661b2d23fbd45fabaf4200ebf27cec95ef06b168da505d8c90852c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd