Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/05/2024, 21:53 UTC

General

  • Target

    5bab622bc3ac27d67f4463cf10cffcb3_JaffaCakes118.html

  • Size

    4KB

  • MD5

    5bab622bc3ac27d67f4463cf10cffcb3

  • SHA1

    b56c3e4c87e5e741bd31b169da647e90b37c8376

  • SHA256

    d26a550a168d100f26d62b531ce12f38e8cb413ebe8e556df0efb5479a53ee35

  • SHA512

    7814c9a773d363ad37a79ea491d934ad32cd058d3be79d0105843d4671834213c1ed13405f7353b6c2f69450dc5d32a8e22427ca7bb8d9fb4f71e4b85c06842f

  • SSDEEP

    96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8owNxmd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDI

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5bab622bc3ac27d67f4463cf10cffcb3_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4516
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff2ca46f8,0x7ffff2ca4708,0x7ffff2ca4718
      2⤵
        PID:1736
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3712744913008930028,7826060117458655974,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        2⤵
          PID:548
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3712744913008930028,7826060117458655974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4240
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,3712744913008930028,7826060117458655974,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
          2⤵
            PID:3712
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3712744913008930028,7826060117458655974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
            2⤵
              PID:2532
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3712744913008930028,7826060117458655974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
              2⤵
                PID:2300
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3712744913008930028,7826060117458655974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
                2⤵
                  PID:3584
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3712744913008930028,7826060117458655974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2556
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3712744913008930028,7826060117458655974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
                  2⤵
                    PID:4356
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3712744913008930028,7826060117458655974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
                    2⤵
                      PID:5028
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3712744913008930028,7826060117458655974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
                      2⤵
                        PID:3568
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3712744913008930028,7826060117458655974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
                        2⤵
                          PID:4904
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3712744913008930028,7826060117458655974,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4252
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1896
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1964

                          Network

                          • flag-us
                            DNS
                            8.8.8.8.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            Response
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            dnsgoogle
                          • flag-us
                            DNS
                            cdn-adef.akamaized.net
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            cdn-adef.akamaized.net
                            IN A
                            Response
                            cdn-adef.akamaized.net
                            IN CNAME
                            a326.d.akamai.net
                            a326.d.akamai.net
                            IN A
                            104.109.143.95
                            a326.d.akamai.net
                            IN A
                            104.109.143.99
                          • flag-nl
                            GET
                            https://cdn-adef.akamaized.net/images/jump-favicon.ico
                            msedge.exe
                            Remote address:
                            104.109.143.95:443
                            Request
                            GET /images/jump-favicon.ico HTTP/1.1
                            Host: cdn-adef.akamaized.net
                            Connection: keep-alive
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            DNT: 1
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Sec-Fetch-Site: cross-site
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: image
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            x-amz-id-2: 44K1KHOKWVERSAAHwqDapmPpRp5WTg+S9rEMCn0OnqUVqpacLSdUP1Qk8KJ9tbTd4qE9t6OmJG0=
                            x-amz-request-id: NM0HVX1MRRQC0JJC
                            Last-Modified: Wed, 07 Nov 2018 10:05:44 GMT
                            ETag: "4cdf3256cd7b8ec3917adb79d6bf457e"
                            Accept-Ranges: bytes
                            Content-Type: image/x-icon
                            Server: AmazonS3
                            Content-Length: 4103
                            Date: Sun, 19 May 2024 21:53:23 GMT
                            Connection: keep-alive
                            Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
                          • flag-us
                            DNS
                            97.17.167.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            97.17.167.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            138.107.17.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            138.107.17.2.in-addr.arpa
                            IN PTR
                            Response
                            138.107.17.2.in-addr.arpa
                            IN PTR
                            a2-17-107-138deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            20.160.190.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            20.160.190.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            95.221.229.192.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            95.221.229.192.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            95.143.109.104.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            95.143.109.104.in-addr.arpa
                            IN PTR
                            Response
                            95.143.109.104.in-addr.arpa
                            IN PTR
                            a104-109-143-95deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            g.bing.com
                            Remote address:
                            8.8.8.8:53
                            Request
                            g.bing.com
                            IN A
                            Response
                            g.bing.com
                            IN CNAME
                            g-bing-com.dual-a-0034.a-msedge.net
                            g-bing-com.dual-a-0034.a-msedge.net
                            IN CNAME
                            dual-a-0034.a-msedge.net
                            dual-a-0034.a-msedge.net
                            IN A
                            204.79.197.237
                            dual-a-0034.a-msedge.net
                            IN A
                            13.107.21.237
                          • flag-us
                            GET
                            https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rK9tm4NJ0qjClIGRsEkRyzVUCUzgfVd5PnGdA5mJdPo2J6bw4PiSWPvn3URuXqnFzPxd3Lj8oxw2Vwy1NC5vDX9wb50fORvkpiuQ9ZyNVwBYA3z8pGzN-onfrp5660raGtHHR0muqcuWs7MLMLZ45OIW7IiRAKUCk-MqEDFzbl6zFp_e%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D70c8e01502c91e12d909863ea8ba0448&TIME=20240426T132254Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
                            Remote address:
                            204.79.197.237:443
                            Request
                            GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rK9tm4NJ0qjClIGRsEkRyzVUCUzgfVd5PnGdA5mJdPo2J6bw4PiSWPvn3URuXqnFzPxd3Lj8oxw2Vwy1NC5vDX9wb50fORvkpiuQ9ZyNVwBYA3z8pGzN-onfrp5660raGtHHR0muqcuWs7MLMLZ45OIW7IiRAKUCk-MqEDFzbl6zFp_e%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D70c8e01502c91e12d909863ea8ba0448&TIME=20240426T132254Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
                            host: g.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            Response
                            HTTP/2.0 204
                            cache-control: no-cache, must-revalidate
                            pragma: no-cache
                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                            set-cookie: MUID=09C09202C908609504B88686C82F61FC; domain=.bing.com; expires=Fri, 13-Jun-2025 21:53:24 GMT; path=/; SameSite=None; Secure; Priority=High;
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            access-control-allow-origin: *
                            x-cache: CONFIG_NOCACHE
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 56966263FF904253A64101DC9A1D8112 Ref B: LON04EDGE0708 Ref C: 2024-05-19T21:53:24Z
                            date: Sun, 19 May 2024 21:53:24 GMT
                          • flag-us
                            GET
                            https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rK9tm4NJ0qjClIGRsEkRyzVUCUzgfVd5PnGdA5mJdPo2J6bw4PiSWPvn3URuXqnFzPxd3Lj8oxw2Vwy1NC5vDX9wb50fORvkpiuQ9ZyNVwBYA3z8pGzN-onfrp5660raGtHHR0muqcuWs7MLMLZ45OIW7IiRAKUCk-MqEDFzbl6zFp_e%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D70c8e01502c91e12d909863ea8ba0448&TIME=20240426T132254Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
                            Remote address:
                            204.79.197.237:443
                            Request
                            GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rK9tm4NJ0qjClIGRsEkRyzVUCUzgfVd5PnGdA5mJdPo2J6bw4PiSWPvn3URuXqnFzPxd3Lj8oxw2Vwy1NC5vDX9wb50fORvkpiuQ9ZyNVwBYA3z8pGzN-onfrp5660raGtHHR0muqcuWs7MLMLZ45OIW7IiRAKUCk-MqEDFzbl6zFp_e%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D70c8e01502c91e12d909863ea8ba0448&TIME=20240426T132254Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
                            host: g.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            cookie: MUID=09C09202C908609504B88686C82F61FC; _EDGE_S=SID=1CAF462678D96B681F6452A279916A63
                            Response
                            HTTP/2.0 204
                            cache-control: no-cache, must-revalidate
                            pragma: no-cache
                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                            set-cookie: MSPTC=0wz8bP3mbyp23bFu1ceCXTP2Iwp5KVogP2RrZIVztkM; domain=.bing.com; expires=Fri, 13-Jun-2025 21:53:25 GMT; path=/; Partitioned; secure; SameSite=None
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            access-control-allow-origin: *
                            x-cache: CONFIG_NOCACHE
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 014CA2F44BDE4917BEBE7D1FDD30E4BD Ref B: LON04EDGE0708 Ref C: 2024-05-19T21:53:25Z
                            date: Sun, 19 May 2024 21:53:24 GMT
                          • flag-be
                            GET
                            https://www.bing.com/aes/c.gif?RG=1e9db3957ea744e886a0277f12600ef7&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T132254Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644
                            Remote address:
                            2.17.107.122:443
                            Request
                            GET /aes/c.gif?RG=1e9db3957ea744e886a0277f12600ef7&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T132254Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644 HTTP/2.0
                            host: www.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            cookie: MUID=09C09202C908609504B88686C82F61FC
                            Response
                            HTTP/2.0 200
                            cache-control: private,no-store
                            pragma: no-cache
                            vary: Origin
                            p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: E36B7A2B7E3441CF990C274D955514A9 Ref B: BRU30EDGE0920 Ref C: 2024-05-19T21:53:25Z
                            content-length: 0
                            date: Sun, 19 May 2024 21:53:25 GMT
                            set-cookie: _EDGE_S=SID=1CAF462678D96B681F6452A279916A63; path=/; httponly; domain=bing.com
                            set-cookie: MUIDB=09C09202C908609504B88686C82F61FC; path=/; httponly; expires=Fri, 13-Jun-2025 21:53:25 GMT
                            alt-svc: h3=":443"; ma=93600
                            x-cdn-traceid: 0.766b1102.1716155605.6be2703a
                          • flag-us
                            DNS
                            237.197.79.204.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            237.197.79.204.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            122.107.17.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            122.107.17.2.in-addr.arpa
                            IN PTR
                            Response
                            122.107.17.2.in-addr.arpa
                            IN PTR
                            a2-17-107-122deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            26.35.223.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            26.35.223.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-be
                            GET
                            https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                            Remote address:
                            2.17.107.122:443
                            Request
                            GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
                            host: www.bing.com
                            accept: */*
                            cookie: MUID=09C09202C908609504B88686C82F61FC; _EDGE_S=SID=1CAF462678D96B681F6452A279916A63; MSPTC=0wz8bP3mbyp23bFu1ceCXTP2Iwp5KVogP2RrZIVztkM; MUIDB=09C09202C908609504B88686C82F61FC
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-type: image/png
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QWthbWFp
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            content-length: 1107
                            date: Sun, 19 May 2024 21:53:27 GMT
                            alt-svc: h3=":443"; ma=93600
                            x-cdn-traceid: 0.766b1102.1716155607.6be27cb0
                          • flag-us
                            DNS
                            86.23.85.13.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            86.23.85.13.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            18.31.95.13.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            18.31.95.13.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            203.107.17.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            203.107.17.2.in-addr.arpa
                            IN PTR
                            Response
                            203.107.17.2.in-addr.arpa
                            IN PTR
                            a2-17-107-203deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            22.236.111.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            22.236.111.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            tse1.mm.bing.net
                            Remote address:
                            8.8.8.8:53
                            Request
                            tse1.mm.bing.net
                            IN A
                            Response
                            tse1.mm.bing.net
                            IN CNAME
                            mm-mm.bing.net.trafficmanager.net
                            mm-mm.bing.net.trafficmanager.net
                            IN CNAME
                            dual-a-0001.a-msedge.net
                            dual-a-0001.a-msedge.net
                            IN A
                            204.79.197.200
                            dual-a-0001.a-msedge.net
                            IN A
                            13.107.21.200
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 627437
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 4E96A0FC2BF0425EA84D096402110175 Ref B: LON04EDGE1018 Ref C: 2024-05-19T21:55:05Z
                            date: Sun, 19 May 2024 21:55:05 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 415458
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 737C5F6D766140249B6C5B6FB9C676DC Ref B: LON04EDGE1018 Ref C: 2024-05-19T21:55:05Z
                            date: Sun, 19 May 2024 21:55:05 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 430689
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: B2A5CE53207647C5B55816BDC645680A Ref B: LON04EDGE1018 Ref C: 2024-05-19T21:55:05Z
                            date: Sun, 19 May 2024 21:55:05 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 792794
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: C7F2154B523B4683A8BD1C1DC3BDB875 Ref B: LON04EDGE1018 Ref C: 2024-05-19T21:55:05Z
                            date: Sun, 19 May 2024 21:55:05 GMT
                          • flag-us
                            DNS
                            200.197.79.204.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            200.197.79.204.in-addr.arpa
                            IN PTR
                            Response
                            200.197.79.204.in-addr.arpa
                            IN PTR
                            a-0001a-msedgenet
                          • flag-us
                            DNS
                            15.173.189.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            15.173.189.20.in-addr.arpa
                            IN PTR
                            Response
                          • 104.109.143.95:443
                            https://cdn-adef.akamaized.net/images/jump-favicon.ico
                            tls, http
                            msedge.exe
                            2.7kB
                            9.6kB
                            13
                            17

                            HTTP Request

                            GET https://cdn-adef.akamaized.net/images/jump-favicon.ico

                            HTTP Response

                            200
                          • 204.79.197.237:443
                            https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rK9tm4NJ0qjClIGRsEkRyzVUCUzgfVd5PnGdA5mJdPo2J6bw4PiSWPvn3URuXqnFzPxd3Lj8oxw2Vwy1NC5vDX9wb50fORvkpiuQ9ZyNVwBYA3z8pGzN-onfrp5660raGtHHR0muqcuWs7MLMLZ45OIW7IiRAKUCk-MqEDFzbl6zFp_e%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D70c8e01502c91e12d909863ea8ba0448&TIME=20240426T132254Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
                            tls, http2
                            2.5kB
                            9.0kB
                            20
                            17

                            HTTP Request

                            GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rK9tm4NJ0qjClIGRsEkRyzVUCUzgfVd5PnGdA5mJdPo2J6bw4PiSWPvn3URuXqnFzPxd3Lj8oxw2Vwy1NC5vDX9wb50fORvkpiuQ9ZyNVwBYA3z8pGzN-onfrp5660raGtHHR0muqcuWs7MLMLZ45OIW7IiRAKUCk-MqEDFzbl6zFp_e%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D70c8e01502c91e12d909863ea8ba0448&TIME=20240426T132254Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

                            HTTP Response

                            204

                            HTTP Request

                            GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rK9tm4NJ0qjClIGRsEkRyzVUCUzgfVd5PnGdA5mJdPo2J6bw4PiSWPvn3URuXqnFzPxd3Lj8oxw2Vwy1NC5vDX9wb50fORvkpiuQ9ZyNVwBYA3z8pGzN-onfrp5660raGtHHR0muqcuWs7MLMLZ45OIW7IiRAKUCk-MqEDFzbl6zFp_e%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D70c8e01502c91e12d909863ea8ba0448&TIME=20240426T132254Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

                            HTTP Response

                            204
                          • 2.17.107.122:443
                            https://www.bing.com/aes/c.gif?RG=1e9db3957ea744e886a0277f12600ef7&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T132254Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644
                            tls, http2
                            1.5kB
                            5.4kB
                            17
                            12

                            HTTP Request

                            GET https://www.bing.com/aes/c.gif?RG=1e9db3957ea744e886a0277f12600ef7&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T132254Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644

                            HTTP Response

                            200
                          • 2.17.107.122:443
                            https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                            tls, http2
                            1.7kB
                            6.4kB
                            18
                            13

                            HTTP Request

                            GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

                            HTTP Response

                            200
                          • 204.79.197.200:443
                            tse1.mm.bing.net
                            tls, http2
                            1.2kB
                            8.1kB
                            16
                            13
                          • 204.79.197.200:443
                            https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                            tls, http2
                            89.3kB
                            2.4MB
                            1722
                            1718

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200
                          • 204.79.197.200:443
                            tse1.mm.bing.net
                            tls, http2
                            1.2kB
                            8.1kB
                            16
                            14
                          • 204.79.197.200:443
                            tse1.mm.bing.net
                            tls, http2
                            1.2kB
                            8.1kB
                            16
                            13
                          • 8.8.8.8:53
                            8.8.8.8.in-addr.arpa
                            dns
                            66 B
                            90 B
                            1
                            1

                            DNS Request

                            8.8.8.8.in-addr.arpa

                          • 8.8.8.8:53
                            cdn-adef.akamaized.net
                            dns
                            msedge.exe
                            68 B
                            128 B
                            1
                            1

                            DNS Request

                            cdn-adef.akamaized.net

                            DNS Response

                            104.109.143.95
                            104.109.143.99

                          • 8.8.8.8:53
                            97.17.167.52.in-addr.arpa
                            dns
                            71 B
                            145 B
                            1
                            1

                            DNS Request

                            97.17.167.52.in-addr.arpa

                          • 8.8.8.8:53
                            138.107.17.2.in-addr.arpa
                            dns
                            71 B
                            135 B
                            1
                            1

                            DNS Request

                            138.107.17.2.in-addr.arpa

                          • 8.8.8.8:53
                            20.160.190.20.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            20.160.190.20.in-addr.arpa

                          • 8.8.8.8:53
                            95.221.229.192.in-addr.arpa
                            dns
                            73 B
                            144 B
                            1
                            1

                            DNS Request

                            95.221.229.192.in-addr.arpa

                          • 8.8.8.8:53
                            95.143.109.104.in-addr.arpa
                            dns
                            73 B
                            139 B
                            1
                            1

                            DNS Request

                            95.143.109.104.in-addr.arpa

                          • 8.8.8.8:53
                            g.bing.com
                            dns
                            56 B
                            151 B
                            1
                            1

                            DNS Request

                            g.bing.com

                            DNS Response

                            204.79.197.237
                            13.107.21.237

                          • 224.0.0.251:5353
                            596 B
                            9
                          • 8.8.8.8:53
                            237.197.79.204.in-addr.arpa
                            dns
                            73 B
                            143 B
                            1
                            1

                            DNS Request

                            237.197.79.204.in-addr.arpa

                          • 8.8.8.8:53
                            122.107.17.2.in-addr.arpa
                            dns
                            71 B
                            135 B
                            1
                            1

                            DNS Request

                            122.107.17.2.in-addr.arpa

                          • 8.8.8.8:53
                            26.35.223.20.in-addr.arpa
                            dns
                            71 B
                            157 B
                            1
                            1

                            DNS Request

                            26.35.223.20.in-addr.arpa

                          • 8.8.8.8:53
                            86.23.85.13.in-addr.arpa
                            dns
                            70 B
                            144 B
                            1
                            1

                            DNS Request

                            86.23.85.13.in-addr.arpa

                          • 8.8.8.8:53
                            18.31.95.13.in-addr.arpa
                            dns
                            70 B
                            144 B
                            1
                            1

                            DNS Request

                            18.31.95.13.in-addr.arpa

                          • 8.8.8.8:53
                            203.107.17.2.in-addr.arpa
                            dns
                            71 B
                            135 B
                            1
                            1

                            DNS Request

                            203.107.17.2.in-addr.arpa

                          • 8.8.8.8:53
                            22.236.111.52.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            22.236.111.52.in-addr.arpa

                          • 8.8.8.8:53
                            tse1.mm.bing.net
                            dns
                            62 B
                            173 B
                            1
                            1

                            DNS Request

                            tse1.mm.bing.net

                            DNS Response

                            204.79.197.200
                            13.107.21.200

                          • 8.8.8.8:53
                            200.197.79.204.in-addr.arpa
                            dns
                            73 B
                            106 B
                            1
                            1

                            DNS Request

                            200.197.79.204.in-addr.arpa

                          • 8.8.8.8:53
                            15.173.189.20.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            15.173.189.20.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            c9c4c494f8fba32d95ba2125f00586a3

                            SHA1

                            8a600205528aef7953144f1cf6f7a5115e3611de

                            SHA256

                            a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

                            SHA512

                            9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            4dc6fc5e708279a3310fe55d9c44743d

                            SHA1

                            a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

                            SHA256

                            a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

                            SHA512

                            5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                            Filesize

                            292B

                            MD5

                            c339e52a18941e0edeeec72f3c0eac32

                            SHA1

                            90e38b1245827528c12fd5c86b9f79b15663768f

                            SHA256

                            6c074848d4ee9dfb6b0770eec4842949108ab7a90009ffc14cf1114afd957b68

                            SHA512

                            685def006a52ed1bb53c76578148798cf2f6290954acb307cdcfaaf20aa0d163191b9cf23c727892d7370506621c90863803d8e4827ba67e3ed0299434f41d8e

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            7c97321a981a8c0c268c46224f861024

                            SHA1

                            cf981400ce77e54b8e3592ad6304c0e2ecea55ba

                            SHA256

                            342fd7c577f4b5efbb65a802733609910fb88474bed0340ddac00743379a9500

                            SHA512

                            5d686fc30d7ebd3f51fa37c093d9600322f74667ca7f5cd9b8a82d7102ffb889cfa9e2d2a22edc5e1043e40666fff2ff5eefcef1c6db34b2b11948386cfc3541

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            5KB

                            MD5

                            eb1d5fbd11c0c935192d9c722d9c8d1a

                            SHA1

                            179384f83092abee196e1ca528f80d569d501b00

                            SHA256

                            c2d451d1c26bdffe18bf3cacc18d51051b728622fb1963c9308a0233fab5259b

                            SHA512

                            919d7e00c57d8e877c2967d997d03ae22f0a68109e9d990fb1addca77befd790cd8fc40e4c810a759da0cc6673a7e4e835b6f5736c187277d69f5aab17e0afc8

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            206702161f94c5cd39fadd03f4014d98

                            SHA1

                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                            SHA256

                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                            SHA512

                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                            Filesize

                            11KB

                            MD5

                            1d056f7cb0555cdaa199176d9010eb7e

                            SHA1

                            57cf336d73c57ac3ed09ef09e453ab7ec9201453

                            SHA256

                            2dab4767bb7c6d976fd716dc4becae229e3129cda53c13115f729a0c013cdc5a

                            SHA512

                            c86f856e549183aedc48582569d85631056b2583ee0e44f1d243ef908e4be18eb946d383c4a219fe2b3bf34304ef6ad608edd864d1da38d96e02e37cd7233b43

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.