hxxp://[:] hxxps://portal[.]digitaldeploy[.]com/nl/workstations/facilicom-group[.]57/2024-adresinventarisatie-laptopwissel[.]309/YSChuykFes

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 19:17 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://: https://portal.digitaldeploy.com/nl/workstations/facilicom-group.57/2024-adresinventarisatie-laptopwissel.309/YSChuykFes

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4940	msedge.exe
4940	msedge.exe
4784	identity_helper.exe
4784	identity_helper.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 1516	4940	msedge.exe	84
PID 4940 wrote to memory of 1516	4940	msedge.exe	84
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 2092	4940	msedge.exe	85
PID 4940 wrote to memory of 4548	4940	msedge.exe	86
PID 4940 wrote to memory of 4548	4940	msedge.exe	86
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87
PID 4940 wrote to memory of 376	4940	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://: https://portal.digitaldeploy.com/nl/workstations/facilicom-group.57/2024-adresinventarisatie-laptopwissel.309/YSChuykFes
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea46346f8,0x7ffea4634708,0x7ffea4634718
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3158302674006215166,5405283139097955437,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3158302674006215166,5405283139097955437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,3158302674006215166,5405283139097955437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3158302674006215166,5405283139097955437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3158302674006215166,5405283139097955437,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3158302674006215166,5405283139097955437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3158302674006215166,5405283139097955437,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3158302674006215166,5405283139097955437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3158302674006215166,5405283139097955437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3158302674006215166,5405283139097955437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3158302674006215166,5405283139097955437,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3158302674006215166,5405283139097955437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3158302674006215166,5405283139097955437,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4784

Network

DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

186.77.117.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

186.77.117.104.in-addr.arpa

IN PTR

Response

186.77.117.104.in-addr.arpa

IN PTR

a104-117-77-186deploystaticakamaitechnologiescom
DNS

186.77.117.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

186.77.117.104.in-addr.arpa

IN PTR
DNS

76.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.32.126.40.in-addr.arpa

IN PTR

Response
DNS

76.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.32.126.40.in-addr.arpa

IN PTR
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://www.bing.com/th?id=OADD2.10239381793954_1BHQ1BWFG78XLZOQQ&pid=21.2&c=16&roil=0.0049&roit=0&roir=0.9951&roib=1&w=24&h=24&dynsize=1&qlt=90

Remote address:

23.62.61.176:443

Request

GET /th?id=OADD2.10239381793954_1BHQ1BWFG78XLZOQQ&pid=21.2&c=16&roil=0.0049&roit=0&roir=0.9951&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QWthbWFp
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1299
date: Tue, 07 May 2024 19:18:07 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.ac3d3e17.1715109487.1e50d962
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 621794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D50B0384F0924BEA90422AB4DE638FF9 Ref B: LON04EDGE1222 Ref C: 2024-05-07T19:18:07Z
date: Tue, 07 May 2024 19:18:07 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 770657
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 932F1D5010FB4D9AA5D690A831E9B905 Ref B: LON04EDGE1222 Ref C: 2024-05-07T19:18:07Z
date: Tue, 07 May 2024 19:18:07 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 659775
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 24214445838345D29579C9C5F2794E4A Ref B: LON04EDGE1222 Ref C: 2024-05-07T19:18:07Z
date: Tue, 07 May 2024 19:18:07 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 430689
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9B179B386250465FBDCB8FE5E4797096 Ref B: LON04EDGE1222 Ref C: 2024-05-07T19:18:07Z
date: Tue, 07 May 2024 19:18:07 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 415458
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B16B9641CD8742CF989C368E642E28A6 Ref B: LON04EDGE1222 Ref C: 2024-05-07T19:18:07Z
date: Tue, 07 May 2024 19:18:07 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 835660
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2A7E11A0E89F4BAD8A9DE647FA92C032 Ref B: LON04EDGE1222 Ref C: 2024-05-07T19:18:08Z
date: Tue, 07 May 2024 19:18:08 GMT
DNS

176.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

176.61.62.23.in-addr.arpa

IN PTR

Response

176.61.62.23.in-addr.arpa

IN PTR

a23-62-61-176deploystaticakamaitechnologiescom
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
GET

https://www.bing.com/qbox?query=&language=en-US&pt=EdgBox&cvid=6140a1fbe2aa459b8ef91961146b2df8&oit=0

msedge.exe

Remote address:

23.62.61.97:443

Request

GET /qbox?query=&language=en-US&pt=EdgBox&cvid=6140a1fbe2aa459b8ef91961146b2df8&oit=0 HTTP/2.0
host: www.bing.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 258
content-type: application/json; charset=utf-8
cache-control: public, max-age=300
content-encoding: br
vary: Accept-Encoding
x-eventid: 663a7e77f26b49169bd656fba0592322
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy-report-only: script-src https: 'strict-dynamic' 'report-sample' 'nonce-rj7/aq1y983I38AEz/UmL3SWFJBVNkftjNqNaE9LDQs='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
date: Tue, 07 May 2024 19:18:15 GMT
set-cookie: MUID=01D960A9C0D7657B353974D1C1D86470; domain=.bing.com; expires=Sun, 01-Jun-2025 19:18:15 GMT; path=/; secure; SameSite=None
set-cookie: MUIDB=01D960A9C0D7657B353974D1C1D86470; expires=Sun, 01-Jun-2025 19:18:15 GMT; path=/; HttpOnly
set-cookie: _EDGE_S=F=1&SID=144B5232AFE76E923313464AAEE86F07; domain=.bing.com; path=/; HttpOnly
set-cookie: _EDGE_V=1; domain=.bing.com; expires=Sun, 01-Jun-2025 19:18:15 GMT; path=/; HttpOnly
set-cookie: USRLOC=HS=1; domain=.bing.com; expires=Sun, 01-Jun-2025 19:18:15 GMT; path=/; secure; HttpOnly; SameSite=None
set-cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Sun, 01-Jun-2025 19:18:15 GMT; path=/; secure; SameSite=None
set-cookie: SRCHUID=V=2&GUID=A6236C700FB84ED5AEE6185B13262666&dmnchg=1; domain=.bing.com; expires=Sun, 01-Jun-2025 19:18:15 GMT; path=/; secure; SameSite=None
set-cookie: SRCHUSR=DOB=20240507; domain=.bing.com; expires=Sun, 01-Jun-2025 19:18:15 GMT; path=/; secure; SameSite=None
set-cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Sun, 01-Jun-2025 19:18:15 GMT; path=/; secure; SameSite=None
set-cookie: _SS=SID=144B5232AFE76E923313464AAEE86F07; domain=.bing.com; path=/; secure; SameSite=None
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.5d3d3e17.1715109495.4d59037
DNS

97.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.61.62.23.in-addr.arpa

IN PTR

Response

97.61.62.23.in-addr.arpa

IN PTR

a23-62-61-97deploystaticakamaitechnologiescom
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

24.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

24.121.18.2.in-addr.arpa

IN PTR

Response

24.121.18.2.in-addr.arpa

IN PTR

a2-18-121-24deploystaticakamaitechnologiescom
DNS

227.77.117.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.77.117.104.in-addr.arpa

IN PTR

Response

227.77.117.104.in-addr.arpa

IN PTR

a104-117-77-227deploystaticakamaitechnologiescom
DNS

113.77.117.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

113.77.117.104.in-addr.arpa

IN PTR

Response

113.77.117.104.in-addr.arpa

IN PTR

a104-117-77-113deploystaticakamaitechnologiescom
DNS

14.251.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.251.17.2.in-addr.arpa

IN PTR

Response

14.251.17.2.in-addr.arpa

IN PTR

a2-17-251-14deploystaticakamaitechnologiescom
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response

23.62.61.176:443

https://www.bing.com/th?id=OADD2.10239381793954_1BHQ1BWFG78XLZOQQ&pid=21.2&c=16&roil=0.0049&roit=0&roir=0.9951&roib=1&w=24&h=24&dynsize=1&qlt=90

tls, http2

2.2kB
6.5kB
18
11

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239381793954_1BHQ1BWFG78XLZOQQ&pid=21.2&c=16&roil=0.0049&roit=0&roir=0.9951&roib=1&w=24&h=24&dynsize=1&qlt=90

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.6kB
8.2kB
18
15
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
667 B
12
9
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
589 B
11
8
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

134.2kB
3.9MB
2842
2836

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
23.62.61.97:443

https://www.bing.com/qbox?query=&language=en-US&pt=EdgBox&cvid=6140a1fbe2aa459b8ef91961146b2df8&oit=0

tls, http2

msedge.exe

1.9kB
7.4kB
19
18

HTTP Request

GET https://www.bing.com/qbox?query=&language=en-US&pt=EdgBox&cvid=6140a1fbe2aa459b8ef91961146b2df8&oit=0

HTTP Response

200

8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

186.77.117.104.in-addr.arpa

dns

146 B
139 B
2
1

DNS Request

186.77.117.104.in-addr.arpa

DNS Request

186.77.117.104.in-addr.arpa
8.8.8.8:53

76.32.126.40.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

76.32.126.40.in-addr.arpa

DNS Request

76.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

146 B
144 B
2
1

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa
224.0.0.251:5353

522 B
8
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

176.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

176.61.62.23.in-addr.arpa
8.8.8.8:53

97.61.62.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

97.61.62.23.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

24.121.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

24.121.18.2.in-addr.arpa
8.8.8.8:53

227.77.117.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

227.77.117.104.in-addr.arpa
8.8.8.8:53

113.77.117.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

113.77.117.104.in-addr.arpa
8.8.8.8:53

14.251.17.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

14.251.17.2.in-addr.arpa
8.8.8.8:53

31.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

31.243.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2d2421e6c0493971d0f80854a6eb2ca

SHA1
c0169be3cb796d192869746c33db19b9d796b146

SHA256
fdc840a839638893f347a2fb133df88d8e063831163d4cda3f9507c6b790b96a

SHA512
a9dcb9dd32b4e9af151e2fbceb876ec7bc4ce1185c56f53b5e4cda8b01cae21df89b8cea83b3e6508efc914f26e869a19f72edf2a80cbcf192a4da16b3afc82a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9071625d608ed033cb12366fd55861f

SHA1
20ce2cde1ca4024eaab75bfdd1def3ad05759e9d

SHA256
92b9c624603dd1960ae55e7617b84507805c3608f7f5189551ee0fa5fcc3c89d

SHA512
ac09ced55553f9791ddfccc9b3f247298764215b94cc8101fbdfcb8cf31159a54483a958d67bbe1540c5cc2b4a5a10d26433d97928a516aed8506f3b8c765017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5942a6ab52cd1114187f865633331e0f

SHA1
c96b3d6132451500e66d778c058d5cba2c181660

SHA256
c1bb1d99d8295f14142d4a7e5fd1654ac0816147b8a8c9f7a080cb3c90b1ec4c

SHA512
38d8dfe72971e35e28a1602cb607594f856313aec220e81d79283a657f6db1255c69cf0778f173bacc288335ea067b60f62b9f60c487d8a1573d636df93980f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
30daa121428cd95e6ca34c7f4b607fd3

SHA1
eccc7a88675f93c360b725737127899a88c7d8be

SHA256
3c480c1709264d68c6f4a36624d6febf3c7f2e8bd10ca77dea0112cff0995d85

SHA512
ccaa99e693e494ecfed8ce35f8c2f1ab53ffdc94984c515eefec57f09134383cbf8edc6d846f471c160381e3973f34fb7904afafab4ea83d9263be3670e5d115

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.