Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
05/05/2024, 15:06 UTC
Static task
static1
Behavioral task
behavioral1
Sample
183d150d0c0fa29e4ead8b4f64a9d6a4_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
183d150d0c0fa29e4ead8b4f64a9d6a4_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
183d150d0c0fa29e4ead8b4f64a9d6a4_JaffaCakes118.html
-
Size
18KB
-
MD5
183d150d0c0fa29e4ead8b4f64a9d6a4
-
SHA1
a018f42fa3c9a280f8f38fdcc037f060b961ad90
-
SHA256
915edac7250b0005fbfea0c494531ff1ccf4b90aa4801b9d114743281b1ec727
-
SHA512
cf3cfe817110913d92a58d7623252c6233825b2f90fac640a2d1de5e1d50d19567fea966860c09b43c9d5955961c5f10d790d25cb9b99584021dfe6f4397619d
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIW4MzUnjBhAK82qDB8:SIMd0I5nvHPsvAJxDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4456 msedge.exe 4456 msedge.exe 1676 msedge.exe 1676 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1676 msedge.exe 1676 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1676 wrote to memory of 2948 1676 msedge.exe 84 PID 1676 wrote to memory of 2948 1676 msedge.exe 84 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 3532 1676 msedge.exe 85 PID 1676 wrote to memory of 4456 1676 msedge.exe 86 PID 1676 wrote to memory of 4456 1676 msedge.exe 86 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87 PID 1676 wrote to memory of 3988 1676 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\183d150d0c0fa29e4ead8b4f64a9d6a4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1676 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8ba346f8,0x7fff8ba34708,0x7fff8ba347182⤵PID:2948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8673440223833773008,14036032983799298593,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8673440223833773008,14036032983799298593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8673440223833773008,14036032983799298593,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:82⤵PID:3988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8673440223833773008,14036032983799298593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:1324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8673440223833773008,14036032983799298593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:3500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8673440223833773008,14036032983799298593,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2068
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4136
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4120
Network
-
Remote address:8.8.8.8:53Requestt.cnIN AResponset.cnIN A39.105.18.168
-
Remote address:8.8.8.8:53Requestimg1.jiehun.cnIN AResponseimg1.jiehun.cnIN CNAMEimg1.jiehun.cn.a.bdydns.comimg1.jiehun.cn.a.bdydns.comIN CNAMEopencdnspy.jomodns.comopencdnspy.jomodns.comIN A1.71.157.35opencdnspy.jomodns.comIN A182.140.225.35opencdnspy.jomodns.comIN A183.61.177.35opencdnspy.jomodns.comIN A220.169.152.35opencdnspy.jomodns.comIN A222.216.122.35opencdnspy.jomodns.comIN A182.106.158.35opencdnspy.jomodns.comIN A1.193.146.35opencdnspy.jomodns.comIN A1.194.253.35opencdnspy.jomodns.comIN A27.221.77.35opencdnspy.jomodns.comIN A58.42.14.35
-
Remote address:8.8.8.8:53Requestwww.googleadsl.comIN AResponsewww.googleadsl.comIN A170.178.222.41
-
Remote address:8.8.8.8:53Request183.142.211.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request68.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request79.190.18.2.in-addr.arpaIN PTRResponse79.190.18.2.in-addr.arpaIN PTRa2-18-190-79deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8eNJHdQhqZfHWBRQoTTaWzDVUCUwGjdlw1msc8FekEBnw-kCXq8F4--JBNp9WHxKIrtXnlZSBe3AOD1z_MinaWOZUyKHDMcfcuPgMPv-qAB2ZZ5uw6h3_5_pQgk_1nHomV1D2JsWgJ3SXymTolDGTZTyDaexknxkHuvBDuDeN6_WaH3T3%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOTTlWNkZRWFBEWCUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Db6af3340e6b21c3539dd5562cfd54102&TIME=20240419T082158Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&muid=9686F94716CC59E27F90076D2B78DA93Remote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8eNJHdQhqZfHWBRQoTTaWzDVUCUwGjdlw1msc8FekEBnw-kCXq8F4--JBNp9WHxKIrtXnlZSBe3AOD1z_MinaWOZUyKHDMcfcuPgMPv-qAB2ZZ5uw6h3_5_pQgk_1nHomV1D2JsWgJ3SXymTolDGTZTyDaexknxkHuvBDuDeN6_WaH3T3%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOTTlWNkZRWFBEWCUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Db6af3340e6b21c3539dd5562cfd54102&TIME=20240419T082158Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&muid=9686F94716CC59E27F90076D2B78DA93 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2E0C4D064D6D66AE0F9659704C4A6767; domain=.bing.com; expires=Fri, 30-May-2025 15:06:09 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 09367FDE0A324D25A1F156394008E2CC Ref B: LON04EDGE0618 Ref C: 2024-05-05T15:06:09Z
date: Sun, 05 May 2024 15:06:09 GMT
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8eNJHdQhqZfHWBRQoTTaWzDVUCUwGjdlw1msc8FekEBnw-kCXq8F4--JBNp9WHxKIrtXnlZSBe3AOD1z_MinaWOZUyKHDMcfcuPgMPv-qAB2ZZ5uw6h3_5_pQgk_1nHomV1D2JsWgJ3SXymTolDGTZTyDaexknxkHuvBDuDeN6_WaH3T3%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOTTlWNkZRWFBEWCUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Db6af3340e6b21c3539dd5562cfd54102&TIME=20240419T082158Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&muid=9686F94716CC59E27F90076D2B78DA93Remote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8eNJHdQhqZfHWBRQoTTaWzDVUCUwGjdlw1msc8FekEBnw-kCXq8F4--JBNp9WHxKIrtXnlZSBe3AOD1z_MinaWOZUyKHDMcfcuPgMPv-qAB2ZZ5uw6h3_5_pQgk_1nHomV1D2JsWgJ3SXymTolDGTZTyDaexknxkHuvBDuDeN6_WaH3T3%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOTTlWNkZRWFBEWCUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Db6af3340e6b21c3539dd5562cfd54102&TIME=20240419T082158Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&muid=9686F94716CC59E27F90076D2B78DA93 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2E0C4D064D6D66AE0F9659704C4A6767; _EDGE_S=SID=3EE7229EF670695A211736E8F7DA6809
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=uWNTdFG2KqDN7Y1ID1rDP_WfXNPsHG6RKJ9azpAnYbM; domain=.bing.com; expires=Fri, 30-May-2025 15:06:09 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D2C20A99A7824FE4AC727996A9235386 Ref B: LON04EDGE0618 Ref C: 2024-05-05T15:06:09Z
date: Sun, 05 May 2024 15:06:09 GMT
-
GEThttps://www.bing.com/aes/c.gif?RG=a18305e92ece47c78b829258a562221c&med=10&PubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240419T082158Z&adUnitId=11730597&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710Remote address:23.62.61.194:443RequestGET /aes/c.gif?RG=a18305e92ece47c78b829258a562221c&med=10&PubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240419T082158Z&adUnitId=11730597&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2E0C4D064D6D66AE0F9659704C4A6767
ResponseHTTP/2.0 200
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ABA48A0A2B2A4EC1B156CAC135DD4DC8 Ref B: DUS30EDGE0716 Ref C: 2024-05-05T15:06:09Z
content-length: 0
date: Sun, 05 May 2024 15:06:09 GMT
set-cookie: _EDGE_S=SID=3EE7229EF670695A211736E8F7DA6809; path=/; httponly; domain=bing.com
set-cookie: MUIDB=2E0C4D064D6D66AE0F9659704C4A6767; path=/; httponly; expires=Fri, 30-May-2025 15:06:09 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1714921569.5d7ffd
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request194.61.62.23.in-addr.arpaIN PTRResponse194.61.62.23.in-addr.arpaIN PTRa23-62-61-194deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesthm.baidu.comIN AResponsehm.baidu.comIN CNAMEhm.e.shifen.comhm.e.shifen.comIN A183.240.98.228hm.e.shifen.comIN A14.215.182.140hm.e.shifen.comIN A14.215.183.79hm.e.shifen.comIN A111.45.3.198hm.e.shifen.comIN A111.45.11.83
-
Remote address:8.8.8.8:53Requestwww.jiehun.cnIN AResponsewww.jiehun.cnIN A61.160.251.208
-
Remote address:8.8.8.8:53Request157.123.68.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request142.126.19.2.in-addr.arpaIN PTRResponse142.126.19.2.in-addr.arpaIN PTRa2-19-126-142deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request77.190.18.2.in-addr.arpaIN PTRResponse77.190.18.2.in-addr.arpaIN PTRa2-18-190-77deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request165.191.110.104.in-addr.arpaIN PTRResponse165.191.110.104.in-addr.arpaIN PTRa104-110-191-165deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request43.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 415458
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5C54D2421116447FA3454ED4643144B3 Ref B: LON04EDGE0809 Ref C: 2024-05-05T15:07:48Z
date: Sun, 05 May 2024 15:07:47 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 682798
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F1422FE89AF44CA68DA9788A45672952 Ref B: LON04EDGE0809 Ref C: 2024-05-05T15:07:48Z
date: Sun, 05 May 2024 15:07:47 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 664406
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 46659C5F13A64CD792CF3DAA68AAE7E8 Ref B: LON04EDGE0809 Ref C: 2024-05-05T15:07:48Z
date: Sun, 05 May 2024 15:07:47 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 430689
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 31E0F793671C4A1786B828564D8CB341 Ref B: LON04EDGE0809 Ref C: 2024-05-05T15:07:48Z
date: Sun, 05 May 2024 15:07:47 GMT
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
204.79.197.237:443https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8eNJHdQhqZfHWBRQoTTaWzDVUCUwGjdlw1msc8FekEBnw-kCXq8F4--JBNp9WHxKIrtXnlZSBe3AOD1z_MinaWOZUyKHDMcfcuPgMPv-qAB2ZZ5uw6h3_5_pQgk_1nHomV1D2JsWgJ3SXymTolDGTZTyDaexknxkHuvBDuDeN6_WaH3T3%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOTTlWNkZRWFBEWCUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Db6af3340e6b21c3539dd5562cfd54102&TIME=20240419T082158Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&muid=9686F94716CC59E27F90076D2B78DA93tls, http22.5kB 9.0kB 20 17
HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8eNJHdQhqZfHWBRQoTTaWzDVUCUwGjdlw1msc8FekEBnw-kCXq8F4--JBNp9WHxKIrtXnlZSBe3AOD1z_MinaWOZUyKHDMcfcuPgMPv-qAB2ZZ5uw6h3_5_pQgk_1nHomV1D2JsWgJ3SXymTolDGTZTyDaexknxkHuvBDuDeN6_WaH3T3%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOTTlWNkZRWFBEWCUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Db6af3340e6b21c3539dd5562cfd54102&TIME=20240419T082158Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&muid=9686F94716CC59E27F90076D2B78DA93HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8eNJHdQhqZfHWBRQoTTaWzDVUCUwGjdlw1msc8FekEBnw-kCXq8F4--JBNp9WHxKIrtXnlZSBe3AOD1z_MinaWOZUyKHDMcfcuPgMPv-qAB2ZZ5uw6h3_5_pQgk_1nHomV1D2JsWgJ3SXymTolDGTZTyDaexknxkHuvBDuDeN6_WaH3T3%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOTTlWNkZRWFBEWCUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Db6af3340e6b21c3539dd5562cfd54102&TIME=20240419T082158Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710&muid=9686F94716CC59E27F90076D2B78DA93HTTP Response
204 -
23.62.61.194:443https://www.bing.com/aes/c.gif?RG=a18305e92ece47c78b829258a562221c&med=10&PubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240419T082158Z&adUnitId=11730597&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710tls, http21.4kB 5.3kB 16 10
HTTP Request
GET https://www.bing.com/aes/c.gif?RG=a18305e92ece47c78b829258a562221c&med=10&PubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240419T082158Z&adUnitId=11730597&localId=w:9686F947-16CC-59E2-7F90-076D2B78DA93&deviceId=6825828473710710HTTP Response
200 -
46 B 1
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http281.1kB 2.3MB 1669 1666
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200 -
1.2kB 8.1kB 16 14
-
1.2kB 8.1kB 16 14
-
1.2kB 8.1kB 16 14
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
50 B 66 B 1 1
DNS Request
t.cn
DNS Response
39.105.18.168
-
60 B 294 B 1 1
DNS Request
img1.jiehun.cn
DNS Response
1.71.157.35182.140.225.35183.61.177.35220.169.152.35222.216.122.35182.106.158.351.193.146.351.194.253.3527.221.77.3558.42.14.35
-
64 B 80 B 1 1
DNS Request
www.googleadsl.com
DNS Response
170.178.222.41
-
73 B 159 B 1 1
DNS Request
183.142.211.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
68.32.126.40.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
79.190.18.2.in-addr.arpa
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
194.61.62.23.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
43.58.199.20.in-addr.arpa
-
315 B 5
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
58 B 164 B 1 1
DNS Request
hm.baidu.com
DNS Response
183.240.98.22814.215.182.14014.215.183.79111.45.3.198111.45.11.83
-
59 B 75 B 1 1
DNS Request
www.jiehun.cn
DNS Response
61.160.251.208
-
72 B 146 B 1 1
DNS Request
157.123.68.40.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
18.31.95.13.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
142.126.19.2.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
77.190.18.2.in-addr.arpa
-
74 B 141 B 1 1
DNS Request
165.191.110.104.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
43.229.111.52.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58b2290ca03b4ca5fe52d82550c7e7d69
SHA120583a7851a906444204ce8ba4fa51153e6cd494
SHA256f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2
SHA512704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d
-
Filesize
152B
MD5919c29d42fb6034fee2f5de14d573c63
SHA124a2e1042347b3853344157239bde3ed699047a8
SHA25617cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141
SHA512bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d
-
Filesize
5KB
MD502c4274f4f5f7409aea42e76fac4d622
SHA181337f422b2ac4ab8de3aa0c97eb7d6627573bf2
SHA25683ce3c63e41d25778863153a49ace03c65848d010f7282debf5ff40477c20b16
SHA5126c9b2a23302c788a8f95a94f24daff213cb2e7aa91a097d31fbc1315d7841ce7ed411fa99edd9c12e048b0dd9dbd280f33dd6d73b360f82fbfd2c2a2fcbbdee6
-
Filesize
6KB
MD5f495f26fd03ed50b0450c14cae5a6a6c
SHA1b10deda279379db89aeecdfeccc1a7210cf8fd3c
SHA256d67b5e0ae09cea4d1e22239a6f3383c35117b6b6ca9e486478830cb7312b0329
SHA5122156b2af5b037cb12131e3142ae8fb6232179ae76810f5e5ed08504763f6919e02a2103a02977e22c62ad76813eece3b350da8a0e7e1486b837e9f885b9cd69c
-
Filesize
6KB
MD567fbe711a5408f33056eea730de99958
SHA1b116148b913f93cbf2975c96b2880dce866aeb96
SHA256042f66bba3f441269fa2667a068989a8abcf45d3b53e4b7ecc1afa1bb9780c37
SHA512cb217708188e6e6b0edc02b5a8738d21c9cf01cb005a70f0ff36ae0b35684a84b17b18b7df3ec2395c10e493493c6d69b94c21fba6f54788da74977cad4fce42
-
Filesize
11KB
MD527db1907eaf1c1c38800c56d23472c94
SHA1e6c1a1b8b22d422d821613d64cd6f4584a26d8fc
SHA256e473bf588718bdbeca7f1dd7c405f1df7f7e0ed9ed798acac2d6f0404607b57a
SHA512681ba89be66694859a9b4c66e990c7ff28d86137d6b1fc65c362a3b57b8feae5783d66628c2d03a2a8999a838d0db56a17276f01f5cfc846f212444244074b6f