e945c073a787ec7b3d3375630a6be75cc2b0d053b193c75dc7124cd5b4d81cf5

Analysis

max time kernel
149s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 12:11 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24c79cd0a9e8b9c026461093f9df19d2_JaffaCakes118.html
Size

62KB
MD5

24c79cd0a9e8b9c026461093f9df19d2
SHA1

ed6380ae7f5eda2dc8332985053e3e494eebba56
SHA256

e945c073a787ec7b3d3375630a6be75cc2b0d053b193c75dc7124cd5b4d81cf5
SHA512

7709e28bb2866068db06646e91845e1c0f60c85d52aa01686436f168b499bed2ba209cc76c86bcbeade5fe53baf30f16a3d7ead1b907d4f673f84efd5ac9ea7d
SSDEEP

1536:eRWjzuPnJz8FMipvyXN0o7xYNnjIRfVqX733GeKNpvU9+cnSPtsmC17mWlX2uHL2:+qzuPnJz8F4YMRUv92Ptsm47mqX2uHL2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
468	msedge.exe
468	msedge.exe
4132	identity_helper.exe
4132	identity_helper.exe
5840	msedge.exe
5840	msedge.exe
5840	msedge.exe
5840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 468 wrote to memory of 4072	468	msedge.exe	85
PID 468 wrote to memory of 4072	468	msedge.exe	85
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 3124	468	msedge.exe	86
PID 468 wrote to memory of 1540	468	msedge.exe	87
PID 468 wrote to memory of 1540	468	msedge.exe	87
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88
PID 468 wrote to memory of 4424	468	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\24c79cd0a9e8b9c026461093f9df19d2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf3c146f8,0x7ffdf3c14708,0x7ffdf3c14718
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5120273131048398575,10705279126436336877,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,5120273131048398575,10705279126436336877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,5120273131048398575,10705279126436336877,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5120273131048398575,10705279126436336877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5120273131048398575,10705279126436336877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5120273131048398575,10705279126436336877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5120273131048398575,10705279126436336877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5120273131048398575,10705279126436336877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5120273131048398575,10705279126436336877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5120273131048398575,10705279126436336877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5120273131048398575,10705279126436336877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5120273131048398575,10705279126436336877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5120273131048398575,10705279126436336877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5120273131048398575,10705279126436336877,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:644

Network

DNS

s.w.org

msedge.exe

Remote address:

8.8.8.8:53

Request

s.w.org

IN A

Response

s.w.org

IN A

192.0.77.48
DNS

s0.wp.com

msedge.exe

Remote address:

8.8.8.8:53

Request

s0.wp.com

IN A

Response

s0.wp.com

IN A

192.0.77.32
DNS

biblioraca.com.br

msedge.exe

Remote address:

8.8.8.8:53

Request

biblioraca.com.br

IN A

Response
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

133.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.32.126.40.in-addr.arpa

IN PTR

Response
GET

https://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201737

msedge.exe

Remote address:

192.0.77.32:443

Request

GET /wp-content/js/devicepx-jetpack.js?ver=201737 HTTP/2.0
host: s0.wp.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 08 May 2024 12:11:51 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/21174-1695422021149.3977
content-encoding: br
expires: Tue, 17 Dec 2024 15:17:17 GMT
cache-control: max-age=31536000
x-ac: 4.lhr _dca MISS
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
x-nc: HIT lhr 2
GET

https://widgets.wp.com/likes/master.html?ver=20170629

msedge.exe

Remote address:

192.0.77.32:443

Request

GET /likes/master.html?ver=20170629 HTTP/2.0
host: widgets.wp.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 08 May 2024 12:11:52 GMT
content-type: text/html
last-modified: Thu, 26 Oct 2023 07:00:52 GMT
vary: Accept-Encoding
etag: W/"653a0ea4-ae1"
content-encoding: br
x-ac: 4.lhr _dca MISS
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
x-nc: HIT lhr 2
GET

https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122

msedge.exe

Remote address:

192.0.77.32:443

Request

GET /wp-content/js/rlt-proxy.js?m=20211122 HTTP/2.0
host: s0.wp.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://widgets.wp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 08 May 2024 12:11:52 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/7325-1684460857544.3708
content-encoding: br
expires: Thu, 30 May 2024 14:44:30 GMT
cache-control: max-age=31536000
x-ac: 4.lhr _dca MISS
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
x-nc: HIT lhr 2
GET

https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20231026

msedge.exe

Remote address:

192.0.77.32:443

Request

GET /_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20231026 HTTP/2.0
host: s0.wp.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://widgets.wp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 08 May 2024 12:11:52 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 11 Oct 2023 01:21:31 GMT
etag: W/"6525f89b-144cb"
content-encoding: br
expires: Fri, 25 Oct 2024 08:19:26 GMT
cache-control: max-age=31536000
x-ac: 4.lhr _dca MISS
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
x-nc: HIT lhr 2
GET

https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122

msedge.exe

Remote address:

192.0.77.32:443

Request

GET /wp-content/js/rlt-proxy.js?m=20211122 HTTP/2.0
host: s0.wp.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://public-api.wordpress.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 08 May 2024 12:11:53 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/7325-1684460857544.3708
content-encoding: br
expires: Thu, 30 May 2024 14:44:30 GMT
cache-control: max-age=31536000
x-ac: 4.lhr _dca MISS
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
x-nc: HIT lhr 2
DNS

1.gravatar.com

msedge.exe

Remote address:

8.8.8.8:53

Request

1.gravatar.com

IN A

Response

1.gravatar.com

IN A

192.0.73.2
DNS

0.gravatar.com

msedge.exe

Remote address:

8.8.8.8:53

Request

0.gravatar.com

IN A

Response

0.gravatar.com

IN A

192.0.73.2
DNS

2.gravatar.com

msedge.exe

Remote address:

8.8.8.8:53

Request

2.gravatar.com

IN A

Response

2.gravatar.com

IN A

192.0.73.2
DNS

i0.wp.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i0.wp.com

IN A

Response

i0.wp.com

IN A

192.0.77.2
DNS

i2.wp.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i2.wp.com

IN A

Response

i2.wp.com

IN A

192.0.77.2
DNS

stats.wp.com

msedge.exe

Remote address:

8.8.8.8:53

Request

stats.wp.com

IN A

Response

stats.wp.com

IN A

192.0.76.3
GET

https://i2.wp.com/biblioraca.com.br/wp-content/uploads/2017/03/trocatrocabpscpeq.jpg?resize=90%2C60&ssl=1

msedge.exe

Remote address:

192.0.77.2:443

Request

GET /biblioraca.com.br/wp-content/uploads/2017/03/trocatrocabpscpeq.jpg?resize=90%2C60&ssl=1 HTTP/2.0
host: i2.wp.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 400

server: nginx
date: Wed, 08 May 2024 12:11:52 GMT
content-type: text/html; charset=utf-8
x-nc: MISS lhr 3
alt-svc: h3=":443"; ma=86400
DNS

i1.wp.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i1.wp.com

IN A

Response

i1.wp.com

IN A

192.0.77.2
DNS

v0.wordpress.com

msedge.exe

Remote address:

8.8.8.8:53

Request

v0.wordpress.com

IN A

Response

v0.wordpress.com

IN CNAME

lb.wordpress.com

lb.wordpress.com

IN A

192.0.78.13

lb.wordpress.com

IN A

192.0.78.12
DNS

widgets.wp.com

msedge.exe

Remote address:

8.8.8.8:53

Request

widgets.wp.com

IN A

Response

widgets.wp.com

IN A

192.0.77.32
GET

https://i0.wp.com/biblioraca.com.br/wp-content/uploads/2017/03/facainscricao-1.jpg?fit=720%2C480&ssl=1

msedge.exe

Remote address:

192.0.77.2:443

Request

GET /biblioraca.com.br/wp-content/uploads/2017/03/facainscricao-1.jpg?fit=720%2C480&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 400

server: nginx
date: Wed, 08 May 2024 12:11:52 GMT
content-type: text/html; charset=utf-8
x-nc: MISS lhr 4
alt-svc: h3=":443"; ma=86400
GET

https://i0.wp.com/biblioraca.com.br/wp-content/uploads/2017/04/direitousp.jpg?resize=90%2C60&ssl=1

msedge.exe

Remote address:

192.0.77.2:443

Request

GET /biblioraca.com.br/wp-content/uploads/2017/04/direitousp.jpg?resize=90%2C60&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 400

server: nginx
date: Wed, 08 May 2024 12:11:52 GMT
content-type: text/html; charset=utf-8
x-nc: MISS lhr 4
alt-svc: h3=":443"; ma=86400
GET

https://i0.wp.com/biblioraca.com.br/wp-content/uploads/2017/05/bpsc.jpg?resize=190%2C122&ssl=1

msedge.exe

Remote address:

192.0.77.2:443

Request

GET /biblioraca.com.br/wp-content/uploads/2017/05/bpsc.jpg?resize=190%2C122&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 400

server: nginx
date: Wed, 08 May 2024 12:11:52 GMT
content-type: text/html; charset=utf-8
x-nc: MISS lhr 4
alt-svc: h3=":443"; ma=86400
GET

https://i0.wp.com/biblioraca.com.br/wp-content/uploads/2015/10/cropped-Book_icon.png?fit=32%2C32&ssl=1

msedge.exe

Remote address:

192.0.77.2:443

Request

GET /biblioraca.com.br/wp-content/uploads/2015/10/cropped-Book_icon.png?fit=32%2C32&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 400

server: nginx
date: Wed, 08 May 2024 12:12:13 GMT
content-type: text/html; charset=utf-8
x-nc: MISS lhr 8
alt-svc: h3=":443"; ma=86400
GET

https://i0.wp.com/biblioraca.com.br/wp-content/uploads/2015/10/cropped-Book_icon.png?fit=192%2C192&ssl=1

msedge.exe

Remote address:

192.0.77.2:443

Request

GET /biblioraca.com.br/wp-content/uploads/2015/10/cropped-Book_icon.png?fit=192%2C192&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 400

server: nginx
date: Wed, 08 May 2024 12:12:13 GMT
content-type: text/html; charset=utf-8
x-nc: MISS lhr 8
alt-svc: h3=":443"; ma=86400
GET

https://stats.wp.com/e-201737.js

msedge.exe

Remote address:

192.0.76.3:443

Request

GET /e-201737.js HTTP/2.0
host: stats.wp.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 08 May 2024 12:11:52 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/13576-1695421998473.3982
content-encoding: br
expires: Sun, 10 Nov 2024 15:24:15 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT lhr
alt-svc: h3=":443"; ma=86400
DNS

pixel.wp.com

Remote address:

8.8.8.8:53

Request

pixel.wp.com

IN A

Response

pixel.wp.com

IN A

192.0.76.3
DNS

public-api.wordpress.com

msedge.exe

Remote address:

8.8.8.8:53

Request

public-api.wordpress.com

IN A

Response

public-api.wordpress.com

IN A

192.0.78.23

public-api.wordpress.com

IN A

192.0.78.22
DNS

74.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.204.58.216.in-addr.arpa

IN PTR

Response

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f741e100net

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f10�H

74.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f10�H
DNS

32.77.0.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

32.77.0.192.in-addr.arpa

IN PTR

Response

32.77.0.192.in-addr.arpa

IN PTR

wordpresscom
DNS

227.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.212.58.216.in-addr.arpa

IN PTR

Response

227.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f31e100net

227.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f3�H

227.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f227�H
DNS

3.76.0.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.76.0.192.in-addr.arpa

IN PTR

Response
DNS

2.77.0.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.77.0.192.in-addr.arpa

IN PTR

Response

2.77.0.192.in-addr.arpa

IN PTR

i1wpcom

2.77.0.192.in-addr.arpa

IN PTR

i2�8

2.77.0.192.in-addr.arpa

IN PTR

i0�8
GET

https://public-api.wordpress.com/wp-admin/rest-proxy/

msedge.exe

Remote address:

192.0.78.23:443

Request

GET /wp-admin/rest-proxy/ HTTP/2.0
host: public-api.wordpress.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://widgets.wp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 08 May 2024 12:11:52 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
p3p: CP="CAO PSA OUR"
set-cookie: wp_api=%20; expires=Tue, 09-May-2023 12:11:52 GMT; Max-Age=0; path=/wp-admin/rest-proxy/; domain=public-api.wordpress.com; secure; SameSite=None
set-cookie: wp_api_sec=%20; expires=Tue, 09-May-2023 12:11:52 GMT; Max-Age=0; path=/; domain=public-api.wordpress.com; secure; HttpOnly; SameSite=None
content-encoding: br
x-ac: 2.lhr _dfw BYPASS
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400
DNS

23.78.0.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.78.0.192.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=defb8fe3eb6f45888ce3a16c21d57d8a&localId=w:514E7E71-4CE0-645C-5005-1E4EAC1BBA78&deviceId=6896200266421081&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=defb8fe3eb6f45888ce3a16c21d57d8a&localId=w:514E7E71-4CE0-645C-5005-1E4EAC1BBA78&deviceId=6896200266421081&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2EA12D86C59F6E1911E439FFC47F6F79; domain=.bing.com; expires=Mon, 02-Jun-2025 12:11:54 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 80064F30D2F44FF7805D02D6D3F4828F Ref B: LON04EDGE1214 Ref C: 2024-05-08T12:11:54Z
date: Wed, 08 May 2024 12:11:53 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=defb8fe3eb6f45888ce3a16c21d57d8a&localId=w:514E7E71-4CE0-645C-5005-1E4EAC1BBA78&deviceId=6896200266421081&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=defb8fe3eb6f45888ce3a16c21d57d8a&localId=w:514E7E71-4CE0-645C-5005-1E4EAC1BBA78&deviceId=6896200266421081&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2EA12D86C59F6E1911E439FFC47F6F79

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=g-MQ0SDcnrxSur73j2scb4OiofP1iXQo4qKItGdCm_s; domain=.bing.com; expires=Mon, 02-Jun-2025 12:11:54 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7D2153DF7C97436282B613916D8FB887 Ref B: LON04EDGE1214 Ref C: 2024-05-08T12:11:54Z
date: Wed, 08 May 2024 12:11:53 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=defb8fe3eb6f45888ce3a16c21d57d8a&localId=w:514E7E71-4CE0-645C-5005-1E4EAC1BBA78&deviceId=6896200266421081&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=defb8fe3eb6f45888ce3a16c21d57d8a&localId=w:514E7E71-4CE0-645C-5005-1E4EAC1BBA78&deviceId=6896200266421081&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2EA12D86C59F6E1911E439FFC47F6F79; MSPTC=g-MQ0SDcnrxSur73j2scb4OiofP1iXQo4qKItGdCm_s

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D2635F2D426D47539753C0CCE2A0E8A7 Ref B: LON04EDGE1214 Ref C: 2024-05-08T12:11:54Z
date: Wed, 08 May 2024 12:11:53 GMT
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

pixel.wp.com

Remote address:

8.8.8.8:53

Request

pixel.wp.com

IN A

Response

pixel.wp.com

IN A

192.0.76.3
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR
DNS

14.251.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.251.17.2.in-addr.arpa

IN PTR

Response

14.251.17.2.in-addr.arpa

IN PTR

a2-17-251-14deploystaticakamaitechnologiescom
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 496166
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 932B5068D7D2411C975180277DFB9270 Ref B: LON04EDGE0821 Ref C: 2024-05-08T12:13:33Z
date: Wed, 08 May 2024 12:13:32 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 638730
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 16B544CC5DBB4560A1717E3601C4B47F Ref B: LON04EDGE0821 Ref C: 2024-05-08T12:13:33Z
date: Wed, 08 May 2024 12:13:32 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 496229
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 439C6BF42D9443B38E3C083E4E40074A Ref B: LON04EDGE0821 Ref C: 2024-05-08T12:13:33Z
date: Wed, 08 May 2024 12:13:32 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 555746
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C47A7E8D24094C139663FA8B100F9478 Ref B: LON04EDGE0821 Ref C: 2024-05-08T12:13:34Z
date: Wed, 08 May 2024 12:13:33 GMT

192.0.77.32:443

https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122

tls, http2

msedge.exe

3.3kB
35.4kB
37
50

HTTP Request

GET https://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201737

HTTP Response

200

HTTP Request

GET https://widgets.wp.com/likes/master.html?ver=20170629

HTTP Response

200

HTTP Request

GET https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122

HTTP Request

GET https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20231026

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122

HTTP Response

200
192.0.77.2:443

https://i2.wp.com/biblioraca.com.br/wp-content/uploads/2017/03/trocatrocabpscpeq.jpg?resize=90%2C60&ssl=1

tls, http2

msedge.exe

1.8kB
5.3kB
14
15

HTTP Request

GET https://i2.wp.com/biblioraca.com.br/wp-content/uploads/2017/03/trocatrocabpscpeq.jpg?resize=90%2C60&ssl=1

HTTP Response

400
192.0.77.2:443

i0.wp.com

tls, http2

msedge.exe

1.0kB
4.7kB
10
9
192.0.77.2:443

https://i0.wp.com/biblioraca.com.br/wp-content/uploads/2015/10/cropped-Book_icon.png?fit=192%2C192&ssl=1

tls, http2

msedge.exe

2.6kB
6.6kB
22
25

HTTP Request

GET https://i0.wp.com/biblioraca.com.br/wp-content/uploads/2017/03/facainscricao-1.jpg?fit=720%2C480&ssl=1

HTTP Request

GET https://i0.wp.com/biblioraca.com.br/wp-content/uploads/2017/04/direitousp.jpg?resize=90%2C60&ssl=1

HTTP Request

GET https://i0.wp.com/biblioraca.com.br/wp-content/uploads/2017/05/bpsc.jpg?resize=190%2C122&ssl=1

HTTP Response

400

HTTP Response

400

HTTP Response

400

HTTP Request

GET https://i0.wp.com/biblioraca.com.br/wp-content/uploads/2015/10/cropped-Book_icon.png?fit=32%2C32&ssl=1

HTTP Response

400

HTTP Request

GET https://i0.wp.com/biblioraca.com.br/wp-content/uploads/2015/10/cropped-Book_icon.png?fit=192%2C192&ssl=1

HTTP Response

400
192.0.77.2:443

i0.wp.com

tls, http2

msedge.exe

1.0kB
4.7kB
10
9
192.0.76.3:443

https://stats.wp.com/e-201737.js

tls, http2

msedge.exe

1.8kB
8.1kB
18
19

HTTP Request

GET https://stats.wp.com/e-201737.js

HTTP Response

200
192.0.76.3:445

pixel.wp.com

260 B
5
192.0.78.23:443

https://public-api.wordpress.com/wp-admin/rest-proxy/

tls, http2

msedge.exe

2.2kB
9.6kB
22
22

HTTP Request

GET https://public-api.wordpress.com/wp-admin/rest-proxy/

HTTP Response

200
204.79.197.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=defb8fe3eb6f45888ce3a16c21d57d8a&localId=w:514E7E71-4CE0-645C-5005-1E4EAC1BBA78&deviceId=6896200266421081&anid=

tls, http2

2.0kB
9.2kB
22
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=defb8fe3eb6f45888ce3a16c21d57d8a&localId=w:514E7E71-4CE0-645C-5005-1E4EAC1BBA78&deviceId=6896200266421081&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=defb8fe3eb6f45888ce3a16c21d57d8a&localId=w:514E7E71-4CE0-645C-5005-1E4EAC1BBA78&deviceId=6896200266421081&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=defb8fe3eb6f45888ce3a16c21d57d8a&localId=w:514E7E71-4CE0-645C-5005-1E4EAC1BBA78&deviceId=6896200266421081&anid=

HTTP Response

204
20.231.121.79:80

46 B
1
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.6kB
8.1kB
17
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

78.7kB
2.3MB
1654
1650

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14

8.8.8.8:53

s.w.org

dns

msedge.exe

53 B
69 B
1
1

DNS Request

s.w.org

DNS Response

192.0.77.48
8.8.8.8:53

s0.wp.com

dns

msedge.exe

55 B
71 B
1
1

DNS Request

s0.wp.com

DNS Response

192.0.77.32
8.8.8.8:53

biblioraca.com.br

dns

msedge.exe

63 B
125 B
1
1

DNS Request

biblioraca.com.br
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

133.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

133.32.126.40.in-addr.arpa
8.8.8.8:53

1.gravatar.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

1.gravatar.com

DNS Response

192.0.73.2
8.8.8.8:53

0.gravatar.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

0.gravatar.com

DNS Response

192.0.73.2
8.8.8.8:53

2.gravatar.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

2.gravatar.com

DNS Response

192.0.73.2
8.8.8.8:53

i0.wp.com

dns

msedge.exe

55 B
71 B
1
1

DNS Request

i0.wp.com

DNS Response

192.0.77.2
8.8.8.8:53

i2.wp.com

dns

msedge.exe

55 B
71 B
1
1

DNS Request

i2.wp.com

DNS Response

192.0.77.2
8.8.8.8:53

stats.wp.com

dns

msedge.exe

58 B
74 B
1
1

DNS Request

stats.wp.com

DNS Response

192.0.76.3
8.8.8.8:53

i1.wp.com

dns

msedge.exe

55 B
71 B
1
1

DNS Request

i1.wp.com

DNS Response

192.0.77.2
8.8.8.8:53

v0.wordpress.com

dns

msedge.exe

62 B
111 B
1
1

DNS Request

v0.wordpress.com

DNS Response

192.0.78.13

192.0.78.12
8.8.8.8:53

widgets.wp.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

widgets.wp.com

DNS Response

192.0.77.32
8.8.8.8:53

pixel.wp.com

dns

58 B
74 B
1
1

DNS Request

pixel.wp.com

DNS Response

192.0.76.3
8.8.8.8:53

public-api.wordpress.com

dns

msedge.exe

70 B
102 B
1
1

DNS Request

public-api.wordpress.com

DNS Response

192.0.78.23

192.0.78.22
8.8.8.8:53

74.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

74.204.58.216.in-addr.arpa
8.8.8.8:53

32.77.0.192.in-addr.arpa

dns

70 B
97 B
1
1

DNS Request

32.77.0.192.in-addr.arpa
8.8.8.8:53

227.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

227.212.58.216.in-addr.arpa
8.8.8.8:53

3.76.0.192.in-addr.arpa

dns

69 B
134 B
1
1

DNS Request

3.76.0.192.in-addr.arpa
8.8.8.8:53

2.77.0.192.in-addr.arpa

dns

69 B
126 B
1
1

DNS Request

2.77.0.192.in-addr.arpa
8.8.8.8:53

23.78.0.192.in-addr.arpa

dns

70 B
135 B
1
1

DNS Request

23.78.0.192.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

pixel.wp.com

dns

58 B
74 B
1
1

DNS Request

pixel.wp.com

DNS Response

192.0.76.3
8.8.8.8:53

205.47.74.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

205.47.74.20.in-addr.arpa
224.0.0.251:5353

msedge.exe

580 B
9
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

43.58.199.20.in-addr.arpa

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

14.251.17.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

14.251.17.2.in-addr.arpa
8.8.8.8:53

31.243.111.52.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

31.243.111.52.in-addr.arpa

DNS Request

31.243.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
2cd8763469c356b54082f2b22c2b6361

SHA1
c8f49682cf810d098316e3fc8fc5880e3309106b

SHA256
e194ba4f1b922ded5315860986f0418995b6e623133b856c2e92c2ea43a5b346

SHA512
c5a2bcf4b8b1af5a9ae6cab0a2cad8977e9468e438143e9a30a6cd2e5ff9fcc7650609607edd276cba7c5d0d8c5396594b470728539df5c6cd66a7308b0a3402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
662B

MD5
14366b1c5c5606adcf7ef8c24f00e676

SHA1
debfd03041a52053d4de74b95b7c86c314266c8e

SHA256
57c2548dbb22afa433238f37d4b9bf98f4069a38f236e1b9b4800c492ac81e5b

SHA512
ad4028506cc48ec6ab9b24a3e4b31124863ac0e492aa5aae4583cdc0d251996444a68dbad447489b690d7ba417238076a9dbf798d3071986bf3f1636d593c41b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e323765e7380050ebe497912170e19a9

SHA1
2c7e5fca8a0e53a3a70dbf7c67eddd1c2cc86b2f

SHA256
e3c832eef102a479b5bf6f4730f9e70f146387640b98e90d45d1743cc99c63d4

SHA512
6eef03f23bc08918c96f2c69e066c22d81748e3b7049eea83411b4af8a8e899b040a998ff1b7c972028828da157e189804389af3a3782ef6507ef5740eef4c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4e7494243a9185bc3e4216d63234f482

SHA1
f9ef28b7e453566ea64ce7cf22d5838af1fb2723

SHA256
eedc362ef7450465420fb54ccc6ed777a01fd6cf8318926957b5e1f3558917e6

SHA512
0e6dd7de379b1fab41ea1985faf315909c66d51df1ee9939a0fa2fe2caed184db8d53fae96551e206330a98115ee19c57c73658e47f2615344c76f8972254117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a854f210073045989094ff3d9de13c0

SHA1
3123a579db6aae58276b5d0a0f86d8a35d34ffbc

SHA256
059f3379d0b2199a30ff7bbc0a0a5bf8a3590ef0c9f7285eb6afb00e0d3b93e9

SHA512
5ea7be7edc307972bdc6542f0d63fc3429312ef4b6178d341ce6d3b6af0fd3b1873720bd3de401e25ddcecc6b928c79cb6741526a5efbc57efc295866bc194ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5f8f33311417234f27461158bb980f29

SHA1
543afa32baca9d993cc0cf6d0febd1b8b5de6162

SHA256
e7e17c13a89d108ec3d75bea8ef65226572e9869f248ea163f2d1ac75337a393

SHA512
b919a8c6508e97d56fb30a77deebc949b8ec373b35a3c34399680d8a77e3187e3571bebdc044756da0ac685f75b444ed477327dbe6146b1055a52cb3b42c0d1e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request