0ddf83957fb2c19e0a1debb7f27560b491d4a7d3716ff1261f5eda9c381f0e7b

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 22:40 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2209fd172360655037f74ef373acb4d5_JaffaCakes118.html
Size

37KB
MD5

2209fd172360655037f74ef373acb4d5
SHA1

7e2829f053613c4a19a2609621c55f85973cb246
SHA256

0ddf83957fb2c19e0a1debb7f27560b491d4a7d3716ff1261f5eda9c381f0e7b
SHA512

d842e70422584c380eb4050744cfe5bf4a75b525c61b077650dcb95fb8730c04301766e209225c1ec04c8f8ea01703228ae7ea0027a6b2d390039cf591f88a0d
SSDEEP

768:LjecSODRbUIov/xMedxcdVO4VXyx5Kyzfor0ZWu61tKmFEpYz/b1L0wYT:LjectRbUIovN6XO5Ffor0ZWu61tKmFEp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3344	msedge.exe
3344	msedge.exe
4812	msedge.exe
4812	msedge.exe
3452	identity_helper.exe
3452	identity_helper.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 5008	4812	msedge.exe	83
PID 4812 wrote to memory of 5008	4812	msedge.exe	83
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 4696	4812	msedge.exe	84
PID 4812 wrote to memory of 3344	4812	msedge.exe	85
PID 4812 wrote to memory of 3344	4812	msedge.exe	85
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86
PID 4812 wrote to memory of 1040	4812	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2209fd172360655037f74ef373acb4d5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80ad846f8,0x7ff80ad84708,0x7ff80ad84718
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2197983496851035194,8653151129121410023,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6172 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1048

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

assets.pinterest.com

Remote address:

8.8.8.8:53

Request

assets.pinterest.com

IN A

Response

assets.pinterest.com

IN CNAME

s.pinimg.com

s.pinimg.com

IN CNAME

s-pinimg-com.gslb.pinterest.com

s-pinimg-com.gslb.pinterest.com

IN CNAME

2-01-37d2-0020.cdx.cedexis.net

2-01-37d2-0020.cdx.cedexis.net

IN CNAME

dualstack.pinterest.map.fastly.net

dualstack.pinterest.map.fastly.net

IN A

199.232.56.84
DNS

connect.facebook.net

msedge.exe

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.151.21
DNS

bassobsessed.com

msedge.exe

Remote address:

8.8.8.8:53

Request

bassobsessed.com

IN A

Response
GET

http://pagead2.googlesyndication.com/pagead/show_ads.js

msedge.exe

Remote address:

142.250.180.2:80

Request

GET /pagead/show_ads.js HTTP/1.1
Host: pagead2.googlesyndication.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Date: Tue, 07 May 2024 22:40:26 GMT
Expires: Tue, 07 May 2024 22:40:26 GMT
Cache-Control: private, max-age=3600
Content-Type: text/javascript; charset=UTF-8
ETag: 13913197332289157765
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 10856
X-XSS-Protection: 0
GET

http://www.google-analytics.com/ga.js

msedge.exe

Remote address:

142.250.180.14:80

Request

GET /ga.js HTTP/1.1
Host: www.google-analytics.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Tue, 07 May 2024 21:20:31 GMT
Expires: Tue, 07 May 2024 23:20:31 GMT
Cache-Control: public, max-age=7200
Age: 4795
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

216.58.201.110
GET

https://apis.google.com/js/plusone.js

msedge.exe

Remote address:

216.58.201.110:443

Request

GET /js/plusone.js HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

msedge.exe

Remote address:

216.58.201.110:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

msedge.exe

Remote address:

216.58.201.110:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&origin=file%3A%2F%2F&url=http%3A%2F%2Fbassobsessed.com%2F&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

msedge.exe

Remote address:

216.58.201.110:443

Request

GET /u/0/se/0/_/+1/fastbutton?usegapi=1&origin=file%3A%2F%2F&url=http%3A%2F%2Fbassobsessed.com%2F&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&width=80&origin=file%3A%2F%2F&url=http%3A%2F%2Fbassobsessed.com%2Fwarwick-thumb-bolt-on-5-string-lefty%2F&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

msedge.exe

Remote address:

216.58.201.110:443

Request

GET /u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&width=80&origin=file%3A%2F%2F&url=http%3A%2F%2Fbassobsessed.com%2Fwarwick-thumb-bolt-on-5-string-lefty%2F&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

20.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.160.190.20.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

2.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.180.250.142.in-addr.arpa

IN PTR

Response

2.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f21e100net
DNS

110.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.201.58.216.in-addr.arpa

IN PTR

Response

110.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f141e100net

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f14�I

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f110�I
DNS

developers.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

developers.google.com

IN A

Response

developers.google.com

IN A

172.217.169.78
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

209.85.203.84
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A
GET

http://developers.google.com/

msedge.exe

Remote address:

172.217.169.78:80

Request

GET / HTTP/1.1
Host: developers.google.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: https://developers.google.com/
X-Cloud-Trace-Context: c71b9018d59bdaf74588d92a686134fb
Date: Tue, 07 May 2024 22:40:27 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0
GET

https://developers.google.com/

msedge.exe

Remote address:

172.217.169.78:443

Request

GET / HTTP/2.0
host: developers.google.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

assets.pinterest.com

Remote address:

8.8.8.8:53

Request

assets.pinterest.com

IN A

Response

assets.pinterest.com

IN CNAME

s.pinimg.com

s.pinimg.com

IN CNAME

s-pinimg-com.gslb.pinterest.com

s-pinimg-com.gslb.pinterest.com

IN CNAME

static.gslb.pinterest.net

static.gslb.pinterest.net

IN CNAME

dualstack.pinterest.map.fastly.net

dualstack.pinterest.map.fastly.net

IN A

199.232.56.84
DNS

78.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.169.217.172.in-addr.arpa

IN PTR

Response

78.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f141e100net
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

msedge.exe

Remote address:

209.85.203.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/2.0
host: accounts.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

ssl.gstatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

142.250.180.3
GET

https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

msedge.exe

Remote address:

142.250.180.3:443

Request

GET /accounts/o/3604799710-postmessagerelay.js HTTP/2.0
host: ssl.gstatic.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=916dfb22b75c4afc98f14dd862f4a9c9&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=916dfb22b75c4afc98f14dd862f4a9c9&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0BA8F7F239006E6C10C9E38A38E06FF5; domain=.bing.com; expires=Sun, 01-Jun-2025 22:40:29 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 19DC2D17F36342EB9A1BB7F7C53E1BC2 Ref B: LON04EDGE1011 Ref C: 2024-05-07T22:40:28Z
date: Tue, 07 May 2024 22:40:28 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=916dfb22b75c4afc98f14dd862f4a9c9&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=916dfb22b75c4afc98f14dd862f4a9c9&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0BA8F7F239006E6C10C9E38A38E06FF5

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=JYTc4Dv2CPh3Vtm3yFcazvplm4XWCqot2n0QF6F7skw; domain=.bing.com; expires=Sun, 01-Jun-2025 22:40:29 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7953D67D63544420BA8276A2B3F6C82A Ref B: LON04EDGE1011 Ref C: 2024-05-07T22:40:29Z
date: Tue, 07 May 2024 22:40:28 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=916dfb22b75c4afc98f14dd862f4a9c9&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=916dfb22b75c4afc98f14dd862f4a9c9&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0BA8F7F239006E6C10C9E38A38E06FF5; MSPTC=JYTc4Dv2CPh3Vtm3yFcazvplm4XWCqot2n0QF6F7skw

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2DDA4B658C204158ACDDCD31A830922B Ref B: LON04EDGE1011 Ref C: 2024-05-07T22:40:29Z
date: Tue, 07 May 2024 22:40:28 GMT
DNS

84.203.85.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.203.85.209.in-addr.arpa

IN PTR

Response

84.203.85.209.in-addr.arpa

IN PTR

dh-in-f841e100net
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
GET

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

Remote address:

23.62.61.194:443

Request

GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=0BA8F7F239006E6C10C9E38A38E06FF5; MSPTC=JYTc4Dv2CPh3Vtm3yFcazvplm4XWCqot2n0QF6F7skw
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Tue, 07 May 2024 22:40:31 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1715121631.97f8178
DNS

194.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.61.62.23.in-addr.arpa

IN PTR

Response

194.61.62.23.in-addr.arpa

IN PTR

a23-62-61-194deploystaticakamaitechnologiescom
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

bassobsessed.com

msedge.exe

Remote address:

8.8.8.8:53

Request

bassobsessed.com

IN A

Response
DNS

googleads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

216.58.204.66
DNS

66.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.204.58.216.in-addr.arpa

IN PTR

Response

66.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f661e100net

66.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f2�H

66.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f2�H
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

platform.twitter.com

Remote address:

8.8.8.8:53

Request

platform.twitter.com

IN A

Response

platform.twitter.com

IN CNAME

cs472.wac.edgecastcdn.net

cs472.wac.edgecastcdn.net

IN CNAME

cs1-apr-8315.wac.edgecastcdn.net

cs1-apr-8315.wac.edgecastcdn.net

IN CNAME

wac.apr-8315.edgecastdns.net

wac.apr-8315.edgecastdns.net

IN CNAME

cs1-lb-eu.8315.ecdns.net

cs1-lb-eu.8315.ecdns.net

IN CNAME

cs491.wac.edgecastcdn.net

cs491.wac.edgecastcdn.net

IN A

192.229.233.25
DNS

platform.twitter.com

Remote address:

8.8.8.8:53

Request

platform.twitter.com

IN A

Response

platform.twitter.com

IN CNAME

cs472.wac.edgecastcdn.net

cs472.wac.edgecastcdn.net

IN CNAME

cs1-apr-8315.wac.edgecastcdn.net

cs1-apr-8315.wac.edgecastcdn.net

IN CNAME

wac.apr-8315.edgecastdns.net

wac.apr-8315.edgecastdns.net

IN CNAME

cs1-lb-eu.8315.ecdns.net

cs1-lb-eu.8315.ecdns.net

IN CNAME

cs491.wac.edgecastcdn.net

cs491.wac.edgecastcdn.net

IN A

192.229.233.25
DNS

connect.facebook.net

msedge.exe

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.151.21
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

connect.facebook.net

msedge.exe

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.151.21
DNS

51.15.97.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

51.15.97.104.in-addr.arpa

IN PTR

Response

51.15.97.104.in-addr.arpa

IN PTR

a104-97-15-51deploystaticakamaitechnologiescom
DNS

basspalace.zeitgeistmarketing.com

msedge.exe

Remote address:

8.8.8.8:53

Request

basspalace.zeitgeistmarketing.com

IN A

Response
DNS

basspalace.zeitgeistmarketing.com

msedge.exe

Remote address:

8.8.8.8:53

Request

basspalace.zeitgeistmarketing.com

IN A

Response
DNS

tpc.googlesyndication.com

msedge.exe

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

142.250.200.33
GET

https://tpc.googlesyndication.com/sodar/sodar2.js

msedge.exe

Remote address:

142.250.200.33:443

Request

GET /sodar/sodar2.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

33.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.200.250.142.in-addr.arpa

IN PTR

Response

33.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f11e100net
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 468637
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 58141023150743A6A7F3EDD117120B99 Ref B: LON04EDGE0910 Ref C: 2024-05-07T22:42:06Z
date: Tue, 07 May 2024 22:42:06 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 449656
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0881D93EED654F3E871F08F103B79330 Ref B: LON04EDGE0910 Ref C: 2024-05-07T22:42:06Z
date: Tue, 07 May 2024 22:42:06 GMT
DNS

58.99.105.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.99.105.20.in-addr.arpa

IN PTR

Response
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet

199.232.56.84:445

assets.pinterest.com

260 B
5
142.250.180.2:80

http://pagead2.googlesyndication.com/pagead/show_ads.js

http

msedge.exe

834 B
12.0kB
11
14

HTTP Request

GET http://pagead2.googlesyndication.com/pagead/show_ads.js

HTTP Response

200
142.250.180.14:80

http://www.google-analytics.com/ga.js

http

msedge.exe

908 B
18.3kB
13
17

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
216.58.201.110:443

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&width=80&origin=file%3A%2F%2F&url=http%3A%2F%2Fbassobsessed.com%2Fwarwick-thumb-bolt-on-5-string-lefty%2F&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http2

msedge.exe

5.6kB
127.8kB
76
106

HTTP Request

GET https://apis.google.com/js/plusone.js

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

HTTP Request

GET https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&origin=file%3A%2F%2F&url=http%3A%2F%2Fbassobsessed.com%2F&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Request

GET https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&width=80&origin=file%3A%2F%2F&url=http%3A%2F%2Fbassobsessed.com%2Fwarwick-thumb-bolt-on-5-string-lefty%2F&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
172.217.169.78:80

http://developers.google.com/

http

msedge.exe

775 B
527 B
7
6

HTTP Request

GET http://developers.google.com/

HTTP Response

301
172.217.169.78:443

https://developers.google.com/

tls, http2

msedge.exe

2.1kB
25.2kB
21
29

HTTP Request

GET https://developers.google.com/
199.232.56.84:139

assets.pinterest.com

260 B
5
209.85.203.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http2

msedge.exe

2.1kB
7.7kB
16
19

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
142.250.180.3:443

https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

tls, http2

msedge.exe

2.0kB
11.9kB
19
19

HTTP Request

GET https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js
204.79.197.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=916dfb22b75c4afc98f14dd862f4a9c9&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&anid=

tls, http2

2.0kB
9.2kB
22
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=916dfb22b75c4afc98f14dd862f4a9c9&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=916dfb22b75c4afc98f14dd862f4a9c9&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=916dfb22b75c4afc98f14dd862f4a9c9&localId=w:5128B8A4-055F-6043-9311-1EEEFB4045B4&deviceId=6825828473859725&anid=

HTTP Response

204
23.62.61.194:443

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

tls, http2

1.5kB
6.4kB
17
12

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

HTTP Response

200
142.250.180.14:445

www.google-analytics.com

260 B
5
216.58.204.66:443

googleads.g.doubleclick.net

tls, http2

msedge.exe

1.0kB
6.1kB
10
9
142.250.180.14:139

www.google-analytics.com

260 B
5
192.229.233.25:445

platform.twitter.com

260 B
5
192.229.233.25:139

platform.twitter.com

260 B
5
163.70.151.21:445

connect.facebook.net

260 B
5
163.70.151.21:139

connect.facebook.net

260 B
5
142.250.200.33:443

https://tpc.googlesyndication.com/sodar/sodar2.js

tls, http2

msedge.exe

1.9kB
13.6kB
19
18

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2.js
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

33.8kB
957.9kB
706
704

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
13

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

132 B
90 B
2
1

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

assets.pinterest.com

dns

66 B
226 B
1
1

DNS Request

assets.pinterest.com

DNS Response

199.232.56.84
8.8.8.8:53

connect.facebook.net

dns

msedge.exe

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

163.70.151.21
8.8.8.8:53

bassobsessed.com

dns

msedge.exe

62 B
135 B
1
1

DNS Request

bassobsessed.com
8.8.8.8:53

apis.google.com

dns

msedge.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

216.58.201.110
216.58.201.110:443

apis.google.com

https

msedge.exe

4.7kB
39.5kB
24
37
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

20.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

20.160.190.20.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

2.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

2.180.250.142.in-addr.arpa
8.8.8.8:53

110.201.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

110.201.58.216.in-addr.arpa
8.8.8.8:53

developers.google.com

dns

msedge.exe

67 B
83 B
1
1

DNS Request

developers.google.com

DNS Response

172.217.169.78
8.8.8.8:53

accounts.google.com

dns

msedge.exe

130 B
81 B
2
1

DNS Request

accounts.google.com

DNS Request

accounts.google.com

DNS Response

209.85.203.84
8.8.8.8:53

assets.pinterest.com

dns

66 B
221 B
1
1

DNS Request

assets.pinterest.com

DNS Response

199.232.56.84
8.8.8.8:53

78.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

78.169.217.172.in-addr.arpa
172.217.169.78:443

developers.google.com

https

msedge.exe

5.3kB
57.2kB
33
51
8.8.8.8:53

ssl.gstatic.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

142.250.180.3
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

84.203.85.209.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

84.203.85.209.in-addr.arpa
8.8.8.8:53

3.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.180.250.142.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

194.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

194.61.62.23.in-addr.arpa
224.0.0.251:5353

msedge.exe

511 B
8
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

bassobsessed.com

dns

msedge.exe

62 B
135 B
1
1

DNS Request

bassobsessed.com
8.8.8.8:53

googleads.g.doubleclick.net

dns

msedge.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

216.58.204.66
8.8.8.8:53

66.204.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

66.204.58.216.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

platform.twitter.com

dns

66 B
242 B
1
1

DNS Request

platform.twitter.com

DNS Response

192.229.233.25
8.8.8.8:53

platform.twitter.com

dns

66 B
242 B
1
1

DNS Request

platform.twitter.com

DNS Response

192.229.233.25
209.85.203.84:443

accounts.google.com

https

msedge.exe

4.0kB
8.5kB
11
12
8.8.8.8:53

connect.facebook.net

dns

msedge.exe

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

163.70.151.21
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

connect.facebook.net

dns

msedge.exe

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

163.70.151.21
8.8.8.8:53

51.15.97.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

51.15.97.104.in-addr.arpa
8.8.8.8:53

basspalace.zeitgeistmarketing.com

dns

msedge.exe

158 B
298 B
2
2

DNS Request

basspalace.zeitgeistmarketing.com

DNS Request

basspalace.zeitgeistmarketing.com
8.8.8.8:53

tpc.googlesyndication.com

dns

msedge.exe

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

142.250.200.33
142.250.200.33:443

tpc.googlesyndication.com

https

msedge.exe

4.2kB
12.7kB
15
15
8.8.8.8:53

33.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

33.200.250.142.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

58.99.105.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

58.99.105.20.in-addr.arpa
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
209.85.203.84:443

accounts.google.com

https

msedge.exe

3.7kB
3.7kB
8
10

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8b717389-a5c4-4155-ae67-93e5933852b0.tmp

Filesize
5KB

MD5
acd56b829f2f1e1d4fff4278bb71f6bd

SHA1
0caa28afd863f5b380e4184f4fc9fe6d896f4832

SHA256
183cc8c129c768c4c2bcd69d0613a35d3d773001bd2c0090335c26abee882791

SHA512
9518162355870e6716bda38d8387835bc141278aff2527f93d6e844abc94f9a55a412f62b38b9e23e02861941566a525894993d11a18fa668c69c5bd4aafb845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b072d147452dbf95f138baa9f603f1fe

SHA1
d35a5632b11cf94ca137addc7d470c0b108ea89b

SHA256
aa26491ad5de0f621bfcbb2a81824f0a5433729a039ea221b0e3d1484a09ffde

SHA512
da6efc7d3ee67e8449ad303eaac08d64db103561415298a15d3e6161536fe2b2fb58d6d931df512755affec97a6d1a6345fcc30514326eac9f79d71c33bd0c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
52f7c06e8474dbc9a0ec05b9e0b258a6

SHA1
6cf04212bf63e15138699393f3eff475b3e7f8bb

SHA256
4b7549b0137b207ca5397de8d86196cffc281aff1607a2cf6978f8253d16ac2d

SHA512
10af12e4571583d93aa21d4a2fe8af39e53d289b1be8aced8959042d26ab6d6a2b9fe2f841e0e37896ba26ad6763315cd8fe198d41646f2862b69f7055d011d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
aff5e0d6907f1a3c1249bcdfe9143972

SHA1
ce54838271777360368306d5e032b2fa5ea1bd40

SHA256
72e29e6e0ad89baef5c247f4f072777ef82893ca324c81935361a2ecba149fa9

SHA512
91a321fdec0358bd06e379e629030d3a4ba806921a6a8abc7ea7228661b3cafd4de35bc742d906a997f05ec08e4e5aab8605a7b2bbe06e5a1ac88e23f068d6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5424bba13f19115922e1291cdced0097

SHA1
e5c2d49f9b04993281900e378d4d1e076712f726

SHA256
3b3a04a4d226c347c043be34007f97090a9ebe81165c57465c028aa681ed1090

SHA512
46aabc59e229c7cb9bfc1f8f1eefba8ebfeb3cc42746d0e5268d97d12e544cd84d4159b743bc600c320b4b006c408b6b79d37c5724e1e9e5c0ced715321ee5ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
878fa98647213fa73b8c6e6550f52790

SHA1
d9bd7fe91646e3637daee2ae2ce42602cd79fe74

SHA256
93421ee0fa13849890d57be7fa036d9cb994bb7cc7af6cdc12b1d4dc124f3c22

SHA512
deecd595714b95b47b2cd3293cb719b8b702a5e9fb7888a274ed78bb7cf41f5ef6762004b733e13c800da8817a5c04b43d11b302800ff60cdaa30e922f8d68cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7c8e97d5efab42d082b0632574953990

SHA1
4db8435f32006f8a10ba5cceac826d6603ea4a95

SHA256
b9c3b5035d01389cc0594fa33a8fac1a191bebe0f41a69ce9aef973033d92e2f

SHA512
a112c1fd6b3a29967ab9cb2ad296045314655b121dee07f0d7f64bc1d20ac7fad050cba4784fe900bbea330de43e05595611c0801601a14f5e1f2372ac7b03bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc42a7b0802b498c9f1a25a23b9c3bc7

SHA1
ae7de86c7680931e2e7b9e9d695d3b182363edbc

SHA256
18c85597ebc66a8a25265350118cf2ebc29e0e5eeb175e0dd783a02554866194

SHA512
225b025e4858607addf0bbdf26e45eaae51e5a09e1c594442023fabe204ecb3de16b9503a60b98cde1fc89829fa80cdc9d4b440984d46998ce5a363e94be94e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7277348b3feef0e81df57c1b7825da6a

SHA1
65a17c2a42894bd04c7bd2fedeb36e74ec36dfb3

SHA256
68ce7154a1ca1e959de823b16d505c33ad18a115bb3bd6495f11eba3b3f625af

SHA512
caed45c563221566ff9269fa40c345f4fbcdbeeb12a3a9707434fa9d6738edd3dbaf04b68326fc42dbf9c0b46b4cc465ddcf078b11df05ba74b05da827d2efc7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request