Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2024, 11:35 UTC

General

  • Target

    https://dm-cn.aliyuncs.com/trace/v1/report?bid=1811124&env=600000071475529208&mac=303740&mf=catherine.guo%40derteblasting.com&msgid=cdda7d73-bc1c-4ad1-a503-b0cd19c28169%40alibaba.com&sac=0&tag=pcbassembly&tid=1811124&to=andrea.rapacchi%40mazzotti.it&tpl=&ts=1710742960&type=1&url=&v=1.0&sign=b7e64220f5d56ddde348245eb940a332

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dm-cn.aliyuncs.com/trace/v1/report?bid=1811124&env=600000071475529208&mac=303740&mf=catherine.guo%40derteblasting.com&msgid=cdda7d73-bc1c-4ad1-a503-b0cd19c28169%40alibaba.com&sac=0&tag=pcbassembly&tid=1811124&to=andrea.rapacchi%40mazzotti.it&tpl=&ts=1710742960&type=1&url=&v=1.0&sign=b7e64220f5d56ddde348245eb940a332
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4244
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6f5d9758,0x7ffa6f5d9768,0x7ffa6f5d9778
      2⤵
        PID:3228
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1856,i,10876836965118138531,5941071008979271647,131072 /prefetch:2
        2⤵
          PID:976
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1856,i,10876836965118138531,5941071008979271647,131072 /prefetch:8
          2⤵
            PID:4388
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2152 --field-trial-handle=1856,i,10876836965118138531,5941071008979271647,131072 /prefetch:8
            2⤵
              PID:3304
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1856,i,10876836965118138531,5941071008979271647,131072 /prefetch:1
              2⤵
                PID:2668
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1856,i,10876836965118138531,5941071008979271647,131072 /prefetch:1
                2⤵
                  PID:1976
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1856,i,10876836965118138531,5941071008979271647,131072 /prefetch:8
                  2⤵
                    PID:1600
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1856,i,10876836965118138531,5941071008979271647,131072 /prefetch:8
                    2⤵
                      PID:3848
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1448 --field-trial-handle=1856,i,10876836965118138531,5941071008979271647,131072 /prefetch:1
                      2⤵
                        PID:4264
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4552 --field-trial-handle=1856,i,10876836965118138531,5941071008979271647,131072 /prefetch:1
                        2⤵
                          PID:4928
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3868 --field-trial-handle=1856,i,10876836965118138531,5941071008979271647,131072 /prefetch:1
                          2⤵
                            PID:1344
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5112 --field-trial-handle=1856,i,10876836965118138531,5941071008979271647,131072 /prefetch:1
                            2⤵
                              PID:1872
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3232 --field-trial-handle=1856,i,10876836965118138531,5941071008979271647,131072 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3492
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3804 --field-trial-handle=1856,i,10876836965118138531,5941071008979271647,131072 /prefetch:1
                              2⤵
                                PID:2668
                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                              1⤵
                                PID:2552

                              Network

                              • flag-us
                                DNS
                                241.150.49.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                241.150.49.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                71.31.126.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                71.31.126.40.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                dm-cn.aliyuncs.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dm-cn.aliyuncs.com
                                IN A
                                Response
                                dm-cn.aliyuncs.com
                                IN CNAME
                                alimail-access-agent-ay29.aliyun.com
                                alimail-access-agent-ay29.aliyun.com
                                IN CNAME
                                alimail-access-agent-ay29.aliyun.com.gds.alibabadns.com
                                alimail-access-agent-ay29.aliyun.com.gds.alibabadns.com
                                IN A
                                47.246.146.253
                              • flag-us
                                DNS
                                0.204.248.87.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                0.204.248.87.in-addr.arpa
                                IN PTR
                                Response
                                0.204.248.87.in-addr.arpa
                                IN PTR
                                https-87-248-204-0lhrllnwnet
                              • flag-us
                                DNS
                                170.214.58.216.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                170.214.58.216.in-addr.arpa
                                IN PTR
                                Response
                                170.214.58.216.in-addr.arpa
                                IN PTR
                                mad01s26-in-f1701e100net
                                170.214.58.216.in-addr.arpa
                                IN PTR
                                mad01s26-in-f10�J
                                170.214.58.216.in-addr.arpa
                                IN PTR
                                par10s42-in-f10�J
                              • flag-us
                                DNS
                                9.228.82.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                9.228.82.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                253.146.246.47.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                253.146.246.47.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                41.110.16.96.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                41.110.16.96.in-addr.arpa
                                IN PTR
                                Response
                                41.110.16.96.in-addr.arpa
                                IN PTR
                                a96-16-110-41deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                57.169.31.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                57.169.31.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                81.171.91.138.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                81.171.91.138.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                203.197.79.204.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                203.197.79.204.in-addr.arpa
                                IN PTR
                                Response
                                203.197.79.204.in-addr.arpa
                                IN PTR
                                a-0003a-msedgenet
                              • flag-us
                                DNS
                                50.23.12.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                50.23.12.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                206.23.85.13.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                206.23.85.13.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                133.211.185.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                133.211.185.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                104.241.123.92.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                104.241.123.92.in-addr.arpa
                                IN PTR
                                Response
                                104.241.123.92.in-addr.arpa
                                IN PTR
                                a92-123-241-104deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                119.110.54.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                119.110.54.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                173.178.17.96.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                173.178.17.96.in-addr.arpa
                                IN PTR
                                Response
                                173.178.17.96.in-addr.arpa
                                IN PTR
                                a96-17-178-173deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                18.134.221.88.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                18.134.221.88.in-addr.arpa
                                IN PTR
                                Response
                                18.134.221.88.in-addr.arpa
                                IN PTR
                                a88-221-134-18deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                64.134.221.88.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                64.134.221.88.in-addr.arpa
                                IN PTR
                                Response
                                64.134.221.88.in-addr.arpa
                                IN PTR
                                a88-221-134-64deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                aliyuncs.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                aliyuncs.com
                                IN A
                                Response
                                aliyuncs.com
                                IN A
                                106.15.148.44
                              • flag-us
                                DNS
                                aliyuncs.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                aliyuncs.com
                                IN A
                              • flag-us
                                DNS
                                196.178.17.96.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                196.178.17.96.in-addr.arpa
                                IN PTR
                                Response
                                196.178.17.96.in-addr.arpa
                                IN PTR
                                a96-17-178-196deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                196.178.17.96.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                196.178.17.96.in-addr.arpa
                                IN PTR
                                Response
                                196.178.17.96.in-addr.arpa
                                IN PTR
                                a96-17-178-196deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                200.178.17.96.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                200.178.17.96.in-addr.arpa
                                IN PTR
                                Response
                                200.178.17.96.in-addr.arpa
                                IN PTR
                                a96-17-178-200deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                200.178.17.96.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                200.178.17.96.in-addr.arpa
                                IN PTR
                                Response
                                200.178.17.96.in-addr.arpa
                                IN PTR
                                a96-17-178-200deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                88.156.103.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                88.156.103.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                88.156.103.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                88.156.103.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                13.227.111.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                13.227.111.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                13.227.111.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                13.227.111.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                tse1.mm.bing.net
                                Remote address:
                                8.8.8.8:53
                                Request
                                tse1.mm.bing.net
                                IN A
                                Response
                                tse1.mm.bing.net
                                IN CNAME
                                mm-mm.bing.net.trafficmanager.net
                                mm-mm.bing.net.trafficmanager.net
                                IN CNAME
                                dual-a-0001.a-msedge.net
                                dual-a-0001.a-msedge.net
                                IN A
                                204.79.197.200
                                dual-a-0001.a-msedge.net
                                IN A
                                13.107.21.200
                              • flag-us
                                DNS
                                tse1.mm.bing.net
                                Remote address:
                                8.8.8.8:53
                                Request
                                tse1.mm.bing.net
                                IN A
                                Response
                                tse1.mm.bing.net
                                IN CNAME
                                mm-mm.bing.net.trafficmanager.net
                                mm-mm.bing.net.trafficmanager.net
                                IN CNAME
                                dual-a-0001.a-msedge.net
                                dual-a-0001.a-msedge.net
                                IN A
                                204.79.197.200
                                dual-a-0001.a-msedge.net
                                IN A
                                13.107.21.200
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239339388038_1RWYOHY1X3SG16VKA&pid=21.2&w=1920&h=1080&c=4
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239339388038_1RWYOHY1X3SG16VKA&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 430624
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 1057C5B9A7CF4384B45D1D39388BADB2 Ref B: LON04EDGE0816 Ref C: 2024-03-18T11:38:47Z
                                date: Mon, 18 Mar 2024 11:38:46 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239339388039_1SUI2NOXAULEFZLP3&pid=21.2&w=1080&h=1920&c=4
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239339388039_1SUI2NOXAULEFZLP3&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 405506
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 49D172BBFA7F4D37B1D2287A803D53F9 Ref B: LON04EDGE0816 Ref C: 2024-03-18T11:38:47Z
                                date: Mon, 18 Mar 2024 11:38:46 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239340418599_1G42Z13GRT0FB3ANC&pid=21.2&w=1920&h=1080&c=4
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239340418599_1G42Z13GRT0FB3ANC&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 471475
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: CF0EFB9D10854F8D879F6BF72D1417B9 Ref B: LON04EDGE0816 Ref C: 2024-03-18T11:38:47Z
                                date: Mon, 18 Mar 2024 11:38:46 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239340418600_11EQ8QDR6IPB0F4AN&pid=21.2&w=1080&h=1920&c=4
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239340418600_11EQ8QDR6IPB0F4AN&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 407132
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: E33F758CF83D47C8A77B8B48555BE551 Ref B: LON04EDGE0816 Ref C: 2024-03-18T11:38:47Z
                                date: Mon, 18 Mar 2024 11:38:46 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239339388266_1J4KSPP65Y4N6T5S1&pid=21.2&w=1920&h=1080&c=4
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239339388266_1J4KSPP65Y4N6T5S1&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 252077
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 0E45433FE182451C818B5C39DBB4919C Ref B: LON04EDGE0816 Ref C: 2024-03-18T11:38:47Z
                                date: Mon, 18 Mar 2024 11:38:46 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239339388267_1DFP94UDBWNO6AJBT&pid=21.2&w=1080&h=1920&c=4
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239339388267_1DFP94UDBWNO6AJBT&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 249535
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 3DE6F1A3FB51449CB4005E2FE5F0F603 Ref B: LON04EDGE0816 Ref C: 2024-03-18T11:38:47Z
                                date: Mon, 18 Mar 2024 11:38:46 GMT
                              • flag-us
                                DNS
                                23.173.189.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                23.173.189.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                23.173.189.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                23.173.189.20.in-addr.arpa
                                IN PTR
                                Response
                              • 47.246.146.253:443
                                dm-cn.aliyuncs.com
                                tls
                                chrome.exe
                                1.9kB
                                9.3kB
                                14
                                15
                              • 47.246.146.253:443
                                dm-cn.aliyuncs.com
                                tls
                                chrome.exe
                                3.3kB
                                9.6kB
                                15
                                17
                              • 47.246.146.253:443
                                dm-cn.aliyuncs.com
                                tls
                                chrome.exe
                                891 B
                                531 B
                                7
                                8
                              • 106.15.148.44:443
                                aliyuncs.com
                                chrome.exe
                                260 B
                                5
                              • 106.15.148.44:443
                                aliyuncs.com
                                chrome.exe
                                260 B
                                5
                              • 106.15.148.44:443
                                aliyuncs.com
                                chrome.exe
                                260 B
                                5
                              • 106.15.148.44:80
                                aliyuncs.com
                                chrome.exe
                                260 B
                                5
                              • 106.15.148.44:80
                                aliyuncs.com
                                chrome.exe
                                260 B
                                5
                              • 106.15.148.44:80
                                aliyuncs.com
                                chrome.exe
                                260 B
                                5
                              • 106.15.148.44:80
                                aliyuncs.com
                                chrome.exe
                                260 B
                                5
                              • 106.15.148.44:80
                                aliyuncs.com
                                chrome.exe
                                260 B
                                5
                              • 106.15.148.44:80
                                aliyuncs.com
                                chrome.exe
                                260 B
                                5
                              • 106.15.148.44:80
                                aliyuncs.com
                                chrome.exe
                                260 B
                                5
                              • 106.15.148.44:80
                                aliyuncs.com
                                chrome.exe
                                260 B
                                5
                              • 106.15.148.44:80
                                aliyuncs.com
                                chrome.exe
                                260 B
                                5
                              • 204.79.197.200:443
                                tse1.mm.bing.net
                                tls, http2
                                1.2kB
                                8.1kB
                                16
                                13
                              • 204.79.197.200:443
                                tse1.mm.bing.net
                                tls, http2
                                1.2kB
                                8.1kB
                                16
                                14
                              • 204.79.197.200:443
                                tse1.mm.bing.net
                                tls, http2
                                1.2kB
                                8.1kB
                                16
                                14
                              • 204.79.197.200:443
                                tse1.mm.bing.net
                                tls, http2
                                1.2kB
                                8.1kB
                                16
                                14
                              • 204.79.197.200:443
                                https://tse1.mm.bing.net/th?id=OADD2.10239339388267_1DFP94UDBWNO6AJBT&pid=21.2&w=1080&h=1920&c=4
                                tls, http2
                                81.4kB
                                2.3MB
                                1695
                                1690

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239339388038_1RWYOHY1X3SG16VKA&pid=21.2&w=1920&h=1080&c=4

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239339388039_1SUI2NOXAULEFZLP3&pid=21.2&w=1080&h=1920&c=4

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239340418599_1G42Z13GRT0FB3ANC&pid=21.2&w=1920&h=1080&c=4

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239340418600_11EQ8QDR6IPB0F4AN&pid=21.2&w=1080&h=1920&c=4

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239339388266_1J4KSPP65Y4N6T5S1&pid=21.2&w=1920&h=1080&c=4

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239339388267_1DFP94UDBWNO6AJBT&pid=21.2&w=1080&h=1920&c=4

                                HTTP Response

                                200
                              • 106.15.148.44:80
                                aliyuncs.com
                                chrome.exe
                                104 B
                                2
                              • 106.15.148.44:80
                                aliyuncs.com
                                chrome.exe
                                104 B
                                2
                              • 106.15.148.44:80
                                aliyuncs.com
                                chrome.exe
                                104 B
                                2
                              • 8.8.8.8:53
                                241.150.49.20.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                241.150.49.20.in-addr.arpa

                              • 8.8.8.8:53
                                71.31.126.40.in-addr.arpa
                                dns
                                71 B
                                157 B
                                1
                                1

                                DNS Request

                                71.31.126.40.in-addr.arpa

                              • 8.8.8.8:53
                                dm-cn.aliyuncs.com
                                dns
                                chrome.exe
                                64 B
                                193 B
                                1
                                1

                                DNS Request

                                dm-cn.aliyuncs.com

                                DNS Response

                                47.246.146.253

                              • 8.8.8.8:53
                                0.204.248.87.in-addr.arpa
                                dns
                                71 B
                                116 B
                                1
                                1

                                DNS Request

                                0.204.248.87.in-addr.arpa

                              • 8.8.8.8:53
                                170.214.58.216.in-addr.arpa
                                dns
                                73 B
                                173 B
                                1
                                1

                                DNS Request

                                170.214.58.216.in-addr.arpa

                              • 8.8.8.8:53
                                9.228.82.20.in-addr.arpa
                                dns
                                70 B
                                156 B
                                1
                                1

                                DNS Request

                                9.228.82.20.in-addr.arpa

                              • 8.8.8.8:53
                                253.146.246.47.in-addr.arpa
                                dns
                                73 B
                                144 B
                                1
                                1

                                DNS Request

                                253.146.246.47.in-addr.arpa

                              • 8.8.8.8:53
                                41.110.16.96.in-addr.arpa
                                dns
                                71 B
                                135 B
                                1
                                1

                                DNS Request

                                41.110.16.96.in-addr.arpa

                              • 8.8.8.8:53
                                57.169.31.20.in-addr.arpa
                                dns
                                71 B
                                157 B
                                1
                                1

                                DNS Request

                                57.169.31.20.in-addr.arpa

                              • 8.8.8.8:53
                                81.171.91.138.in-addr.arpa
                                dns
                                72 B
                                146 B
                                1
                                1

                                DNS Request

                                81.171.91.138.in-addr.arpa

                              • 8.8.8.8:53
                                203.197.79.204.in-addr.arpa
                                dns
                                73 B
                                106 B
                                1
                                1

                                DNS Request

                                203.197.79.204.in-addr.arpa

                              • 224.0.0.251:5353
                                chrome.exe
                                204 B
                                3
                              • 8.8.8.8:53
                                50.23.12.20.in-addr.arpa
                                dns
                                70 B
                                156 B
                                1
                                1

                                DNS Request

                                50.23.12.20.in-addr.arpa

                              • 8.8.8.8:53
                                206.23.85.13.in-addr.arpa
                                dns
                                71 B
                                145 B
                                1
                                1

                                DNS Request

                                206.23.85.13.in-addr.arpa

                              • 8.8.8.8:53
                                133.211.185.52.in-addr.arpa
                                dns
                                73 B
                                147 B
                                1
                                1

                                DNS Request

                                133.211.185.52.in-addr.arpa

                              • 8.8.8.8:53
                                104.241.123.92.in-addr.arpa
                                dns
                                73 B
                                139 B
                                1
                                1

                                DNS Request

                                104.241.123.92.in-addr.arpa

                              • 8.8.8.8:53
                                119.110.54.20.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                119.110.54.20.in-addr.arpa

                              • 8.8.8.8:53
                                18.134.221.88.in-addr.arpa
                                dns
                                72 B
                                137 B
                                1
                                1

                                DNS Request

                                18.134.221.88.in-addr.arpa

                              • 8.8.8.8:53
                                173.178.17.96.in-addr.arpa
                                dns
                                72 B
                                137 B
                                1
                                1

                                DNS Request

                                173.178.17.96.in-addr.arpa

                              • 8.8.8.8:53
                                64.134.221.88.in-addr.arpa
                                dns
                                72 B
                                137 B
                                1
                                1

                                DNS Request

                                64.134.221.88.in-addr.arpa

                              • 8.8.8.8:53
                                aliyuncs.com
                                dns
                                chrome.exe
                                116 B
                                74 B
                                2
                                1

                                DNS Request

                                aliyuncs.com

                                DNS Request

                                aliyuncs.com

                                DNS Response

                                106.15.148.44

                              • 8.8.8.8:53
                                196.178.17.96.in-addr.arpa
                                dns
                                144 B
                                274 B
                                2
                                2

                                DNS Request

                                196.178.17.96.in-addr.arpa

                                DNS Request

                                196.178.17.96.in-addr.arpa

                              • 8.8.8.8:53
                                200.178.17.96.in-addr.arpa
                                dns
                                144 B
                                274 B
                                2
                                2

                                DNS Request

                                200.178.17.96.in-addr.arpa

                                DNS Request

                                200.178.17.96.in-addr.arpa

                              • 8.8.8.8:53
                                88.156.103.20.in-addr.arpa
                                dns
                                144 B
                                316 B
                                2
                                2

                                DNS Request

                                88.156.103.20.in-addr.arpa

                                DNS Request

                                88.156.103.20.in-addr.arpa

                              • 8.8.8.8:53
                                13.227.111.52.in-addr.arpa
                                dns
                                144 B
                                316 B
                                2
                                2

                                DNS Request

                                13.227.111.52.in-addr.arpa

                                DNS Request

                                13.227.111.52.in-addr.arpa

                              • 8.8.8.8:53
                                tse1.mm.bing.net
                                dns
                                124 B
                                346 B
                                2
                                2

                                DNS Request

                                tse1.mm.bing.net

                                DNS Request

                                tse1.mm.bing.net

                                DNS Response

                                204.79.197.200
                                13.107.21.200

                                DNS Response

                                204.79.197.200
                                13.107.21.200

                              • 8.8.8.8:53
                                23.173.189.20.in-addr.arpa
                                dns
                                144 B
                                316 B
                                2
                                2

                                DNS Request

                                23.173.189.20.in-addr.arpa

                                DNS Request

                                23.173.189.20.in-addr.arpa

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                1KB

                                MD5

                                c93e658df025490fd376966106d93e2e

                                SHA1

                                3d3758b024480f8ec3b38252813e19a47c944e26

                                SHA256

                                cb53b1b843d9746dc7e3272a9530a3a0d9e32d95a0ff8a7b15a79c9c45fa17f4

                                SHA512

                                7290e8dee645b8310f1e05735c3554b1e7e8764ce4b08eba35205371a6082c493d98e20de43c1015c567733805fb2ca54a0f46e5967a1e090848c7209a4d60a9

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                Filesize

                                1KB

                                MD5

                                bdaad050699bfb13cd3a06a4e25882f2

                                SHA1

                                25f817fb69f24fc671d11091e8e798e758a14f24

                                SHA256

                                4ba7096c5b5ce696f422765094daae3855709a98fc235fff4d41d5188c9d7611

                                SHA512

                                6535f361edd70c63a88113919eb1abea026dd476486ca03879047fb79152dd85a2d8cb02fc1b7fdbfea2f21267865d50a4d9ab7018af68b93971b663bfcc95f5

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                ab6d5b1db154428922a352da6c57588b

                                SHA1

                                97413c1a8eb4206205834de9770e4319f9ffe097

                                SHA256

                                161add0bdcf76026029f9aa61146e5585e510342930c03a08343c5f7084e7c5a

                                SHA512

                                926fef9891633a0e5f0539cc640f4e1d32ebc8cf540f464562f44e95ee1ba41c6103af910c8fc9a2bd12de74c8d8955a7c93ba35339d876ac9815d0cf0aef11c

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                1578ab0c62b2ade3ce6ed9d1c40eaad6

                                SHA1

                                fda79a13eaddb263e0b47bda16b9b3c2a0d5c357

                                SHA256

                                3e5ee3dfa6488d96ddfae72a2b2935b7fbb5e3aa1b2d3b05df2c08496a22671b

                                SHA512

                                9883e16fd22384c681624df7d0f7c946dc4b87f153728ae9558a756ce1c8d42ed51ea28e035f44b2759894810255a897594e4e17a599fb1771dd407f6bd0921a

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                128KB

                                MD5

                                53535a6b7ee1f2214796bf62ca8256b5

                                SHA1

                                51ee908ccfec7ac912e1c5f6d36158727152d48d

                                SHA256

                                0c28ee749dda2403f5f869e9247050bf807f56e6da87c5085362a3f7a0589751

                                SHA512

                                afe12b9bfc702094a37714391abf09e82830598d72aef573528581c5226be833f3271b21b6976cde903421e54328ea0212b1c1543acd676af47fdfe3e01bd4a5

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f1330bf7-2492-4632-ab54-d08e6dd9f722.tmp

                                Filesize

                                2B

                                MD5

                                99914b932bd37a50b983c5e7c90ae93b

                                SHA1

                                bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                SHA256

                                44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                SHA512

                                27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.