Resubmissions

17-04-2024 07:33

240417-jdvvtsae31 10

17-04-2024 06:33

240417-ha7jsahe7s 10

Analysis

  • max time kernel
    285s
  • max time network
    278s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-04-2024 06:33

General

  • Target

    x64/Templates/TemplateCorreoCliente.htm

  • Size

    2KB

  • MD5

    ce4c1f3ba9e690c4119e8ed39aa8eb78

  • SHA1

    dc2da00c92b51431c01c5e598de4665c9989e856

  • SHA256

    e17621dc67919e53a0d1be6a03fa0d97f01c8932f8d8912d556327e620310432

  • SHA512

    daf95e6329b060fe230096fc7a594cf0a13801e2dcf9869affa5530a2d03bf6c0dd2d9340be5c312b82d41dad48057f86811a23b23fba93b0dc9a478986ac4ef

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\x64\Templates\TemplateCorreoCliente.htm
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:8
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd398046f8,0x7ffd39804708,0x7ffd39804718
      2⤵
        PID:1736
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        2⤵
          PID:5016
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4080
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
          2⤵
            PID:3952
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
            2⤵
              PID:3208
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
              2⤵
                PID:3224
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
                2⤵
                  PID:4360
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3804
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
                  2⤵
                    PID:1400
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
                    2⤵
                      PID:3264
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
                      2⤵
                        PID:552
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
                        2⤵
                          PID:1364
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6915841711328140763,4672428044403753963,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2340
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2496
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3452

                          Network

                          • flag-us
                            DNS
                            71.159.190.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            71.159.190.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            82.90.14.23.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            82.90.14.23.in-addr.arpa
                            IN PTR
                            Response
                            82.90.14.23.in-addr.arpa
                            IN PTR
                            a23-14-90-82deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            9.228.82.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            9.228.82.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            g.bing.com
                            Remote address:
                            8.8.8.8:53
                            Request
                            g.bing.com
                            IN A
                            Response
                            g.bing.com
                            IN CNAME
                            g-bing-com.dual-a-0034.a-msedge.net
                            g-bing-com.dual-a-0034.a-msedge.net
                            IN CNAME
                            dual-a-0034.a-msedge.net
                            dual-a-0034.a-msedge.net
                            IN A
                            204.79.197.237
                            dual-a-0034.a-msedge.net
                            IN A
                            13.107.21.237
                          • flag-us
                            GET
                            https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=
                            Remote address:
                            204.79.197.237:443
                            Request
                            GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
                            host: g.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            Response
                            HTTP/2.0 204
                            cache-control: no-cache, must-revalidate
                            pragma: no-cache
                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                            set-cookie: MUID=0A7A3336761A6B373602275277A16A3F; domain=.bing.com; expires=Mon, 12-May-2025 06:38:26 GMT; path=/; SameSite=None; Secure; Priority=High;
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            access-control-allow-origin: *
                            x-cache: CONFIG_NOCACHE
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: AC93F7C619DC4F3BBA652D909C972E34 Ref B: LON04EDGE0909 Ref C: 2024-04-17T06:38:26Z
                            date: Wed, 17 Apr 2024 06:38:25 GMT
                          • flag-us
                            GET
                            https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=
                            Remote address:
                            204.79.197.237:443
                            Request
                            GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
                            host: g.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            cookie: MUID=0A7A3336761A6B373602275277A16A3F
                            Response
                            HTTP/2.0 204
                            cache-control: no-cache, must-revalidate
                            pragma: no-cache
                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                            set-cookie: MSPTC=Xr8DTO14JC8RJYphgJjwllkh28zR8ZgTptr00rGY6gE; domain=.bing.com; expires=Mon, 12-May-2025 06:38:26 GMT; path=/; Partitioned; secure; SameSite=None
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            access-control-allow-origin: *
                            x-cache: CONFIG_NOCACHE
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 750C84380C5A4A31B498D69D9798F38F Ref B: LON04EDGE0909 Ref C: 2024-04-17T06:38:26Z
                            date: Wed, 17 Apr 2024 06:38:26 GMT
                          • flag-us
                            GET
                            https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=
                            Remote address:
                            204.79.197.237:443
                            Request
                            GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
                            host: g.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            cookie: MUID=0A7A3336761A6B373602275277A16A3F; MSPTC=Xr8DTO14JC8RJYphgJjwllkh28zR8ZgTptr00rGY6gE
                            Response
                            HTTP/2.0 204
                            cache-control: no-cache, must-revalidate
                            pragma: no-cache
                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            access-control-allow-origin: *
                            x-cache: CONFIG_NOCACHE
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 9C614BAE55CD4FAE9D011FE2C15F374E Ref B: LON04EDGE0909 Ref C: 2024-04-17T06:38:26Z
                            date: Wed, 17 Apr 2024 06:38:26 GMT
                          • flag-us
                            DNS
                            88.156.103.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            88.156.103.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            21.114.53.23.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            21.114.53.23.in-addr.arpa
                            IN PTR
                            Response
                            21.114.53.23.in-addr.arpa
                            IN PTR
                            a23-53-114-21deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            237.197.79.204.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            237.197.79.204.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            95.221.229.192.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            95.221.229.192.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            tse1.mm.bing.net
                            Remote address:
                            8.8.8.8:53
                            Request
                            tse1.mm.bing.net
                            IN A
                            Response
                            tse1.mm.bing.net
                            IN CNAME
                            mm-mm.bing.net.trafficmanager.net
                            mm-mm.bing.net.trafficmanager.net
                            IN CNAME
                            dual-a-0001.a-msedge.net
                            dual-a-0001.a-msedge.net
                            IN A
                            204.79.197.200
                            dual-a-0001.a-msedge.net
                            IN A
                            13.107.21.200
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 565422
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 7E782537603841DF91BA8F8D39B6F0B8 Ref B: LON04EDGE0915 Ref C: 2024-04-17T06:38:27Z
                            date: Wed, 17 Apr 2024 06:38:27 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 583094
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: A1981521B6724498A265F23DC2CEA611 Ref B: LON04EDGE0915 Ref C: 2024-04-17T06:38:27Z
                            date: Wed, 17 Apr 2024 06:38:27 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 496229
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: E8A1DC624E16440A80DBCFEA9913EC19 Ref B: LON04EDGE0915 Ref C: 2024-04-17T06:38:27Z
                            date: Wed, 17 Apr 2024 06:38:27 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 496166
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 2CC232CEB1924CEE92FA84E23572D81B Ref B: LON04EDGE0915 Ref C: 2024-04-17T06:38:27Z
                            date: Wed, 17 Apr 2024 06:38:27 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 442324
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: A7EFEF5AF97148BB83092AC194E3C309 Ref B: LON04EDGE0915 Ref C: 2024-04-17T06:38:27Z
                            date: Wed, 17 Apr 2024 06:38:27 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 394521
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 412E3A74CCF3423DA25B634795DE40AF Ref B: LON04EDGE0915 Ref C: 2024-04-17T06:38:28Z
                            date: Wed, 17 Apr 2024 06:38:28 GMT
                          • flag-us
                            DNS
                            200.197.79.204.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            200.197.79.204.in-addr.arpa
                            IN PTR
                            Response
                            200.197.79.204.in-addr.arpa
                            IN PTR
                            a-0001a-msedgenet
                          • flag-us
                            DNS
                            18.31.95.13.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            18.31.95.13.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            103.169.127.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            103.169.127.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            172.210.232.199.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            172.210.232.199.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            91.90.14.23.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            91.90.14.23.in-addr.arpa
                            IN PTR
                            Response
                            91.90.14.23.in-addr.arpa
                            IN PTR
                            a23-14-90-91deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            22.236.111.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            22.236.111.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            41.173.79.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            41.173.79.40.in-addr.arpa
                            IN PTR
                            Response
                          • 204.79.197.237:443
                            https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=
                            tls, http2
                            2.0kB
                            9.2kB
                            21
                            19

                            HTTP Request

                            GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

                            HTTP Response

                            204

                            HTTP Request

                            GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

                            HTTP Response

                            204

                            HTTP Request

                            GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=4d435e02b58e4b319cb069b1fedb39f8&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

                            HTTP Response

                            204
                          • 204.79.197.200:443
                            tse1.mm.bing.net
                            tls, http2
                            1.2kB
                            8.1kB
                            16
                            14
                          • 204.79.197.200:443
                            https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                            tls, http2
                            107.9kB
                            3.1MB
                            2252
                            2247

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239370255173_1DU5CK10FBZ5UERKJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239370255172_1LGH0N1M3BEVIZPTE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                            HTTP Response

                            200

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                            HTTP Response

                            200
                          • 204.79.197.200:443
                            tse1.mm.bing.net
                            tls, http2
                            1.2kB
                            8.1kB
                            16
                            14
                          • 8.8.8.8:53
                            71.159.190.20.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            71.159.190.20.in-addr.arpa

                          • 8.8.8.8:53
                            82.90.14.23.in-addr.arpa
                            dns
                            70 B
                            133 B
                            1
                            1

                            DNS Request

                            82.90.14.23.in-addr.arpa

                          • 8.8.8.8:53
                            9.228.82.20.in-addr.arpa
                            dns
                            70 B
                            156 B
                            1
                            1

                            DNS Request

                            9.228.82.20.in-addr.arpa

                          • 8.8.8.8:53
                            g.bing.com
                            dns
                            56 B
                            151 B
                            1
                            1

                            DNS Request

                            g.bing.com

                            DNS Response

                            204.79.197.237
                            13.107.21.237

                          • 8.8.8.8:53
                            88.156.103.20.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            88.156.103.20.in-addr.arpa

                          • 8.8.8.8:53
                            21.114.53.23.in-addr.arpa
                            dns
                            71 B
                            135 B
                            1
                            1

                            DNS Request

                            21.114.53.23.in-addr.arpa

                          • 8.8.8.8:53
                            237.197.79.204.in-addr.arpa
                            dns
                            73 B
                            143 B
                            1
                            1

                            DNS Request

                            237.197.79.204.in-addr.arpa

                          • 8.8.8.8:53
                            95.221.229.192.in-addr.arpa
                            dns
                            73 B
                            144 B
                            1
                            1

                            DNS Request

                            95.221.229.192.in-addr.arpa

                          • 8.8.8.8:53
                            tse1.mm.bing.net
                            dns
                            62 B
                            173 B
                            1
                            1

                            DNS Request

                            tse1.mm.bing.net

                            DNS Response

                            204.79.197.200
                            13.107.21.200

                          • 8.8.8.8:53
                            200.197.79.204.in-addr.arpa
                            dns
                            73 B
                            106 B
                            1
                            1

                            DNS Request

                            200.197.79.204.in-addr.arpa

                          • 224.0.0.251:5353
                            397 B
                            6
                          • 8.8.8.8:53
                            18.31.95.13.in-addr.arpa
                            dns
                            70 B
                            144 B
                            1
                            1

                            DNS Request

                            18.31.95.13.in-addr.arpa

                          • 8.8.8.8:53
                            103.169.127.40.in-addr.arpa
                            dns
                            73 B
                            147 B
                            1
                            1

                            DNS Request

                            103.169.127.40.in-addr.arpa

                          • 8.8.8.8:53
                            172.210.232.199.in-addr.arpa
                            dns
                            74 B
                            128 B
                            1
                            1

                            DNS Request

                            172.210.232.199.in-addr.arpa

                          • 8.8.8.8:53
                            91.90.14.23.in-addr.arpa
                            dns
                            70 B
                            133 B
                            1
                            1

                            DNS Request

                            91.90.14.23.in-addr.arpa

                          • 8.8.8.8:53
                            22.236.111.52.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            22.236.111.52.in-addr.arpa

                          • 8.8.8.8:53
                            41.173.79.40.in-addr.arpa
                            dns
                            71 B
                            145 B
                            1
                            1

                            DNS Request

                            41.173.79.40.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            120a75f233314ba1fe34e9d6c09f30b9

                            SHA1

                            a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

                            SHA256

                            e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

                            SHA512

                            3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            bc2edd0741d97ae237e9f00bf3244144

                            SHA1

                            7c1e5d324f5c7137a3c4ec85146659f026c11782

                            SHA256

                            dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

                            SHA512

                            00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            25f6e7c23ba47e3e018f081328a22650

                            SHA1

                            2d86f2131941ba1f65ea56d43f3949177807218f

                            SHA256

                            2dcc0d14ade3d84dac6ac167f6bbc249b3677ee57f9a0497251f07e08a2abeb8

                            SHA512

                            0570f7ee6ef2be9a5c122308da3460ed5a8a30046d8e53e4d30106fc27e6f897e56a6d5cd38f442864ff127fe40e0d208ca232b04f54957e7704dc7e5675a2f4

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            f072e772a7e8ba73111a7e1b5f14a817

                            SHA1

                            151b54fffa3043befb358fe2c640b684e63b81e4

                            SHA256

                            cb68a6c014224127f75272785c067864e648b1110a23b68a59f7576c93c7a6c4

                            SHA512

                            ae12febbb8f27f71a6ee45374b7f44f213dd61d8d77fd9c3c3001951c2d1934afead02e9993c34489693fbde9fb887c2edcde9aab7ee495fbe9c7356ecf45f68

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                            Filesize

                            11KB

                            MD5

                            2d594535146e021b3e5273dca5d0eaf4

                            SHA1

                            3a6c8ada9e4a9982ba203d3dc2e362356c3bb806

                            SHA256

                            e21f5e277d1b8c20eb0f947a2f9aa09ccf373380cc6e69c4f0fe66281521d69a

                            SHA512

                            eda09dfc5fc6f9daf3667056dc2b8e5fdf7bb2280271381d08383883e3aa3cb688bb87102ba7346b11f5a81755cbf739eeffe77acb53cabb3b4a5ae7845a6974

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.