Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

603e56f8fa...8.html

windows7-x64

1

603e56f8fa...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2024, 17:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    603e56f8fadbdf281d8e38693912f0b6_JaffaCakes118.html

  • Size

    19KB

  • MD5

    603e56f8fadbdf281d8e38693912f0b6

  • SHA1

    fb7ecac52f7df47493c2940d9def2dda784f6668

  • SHA256

    edc7cb93b597995dd43293b0da92708398092776cb12dd30d3361494a729e027

  • SHA512

    efafe548ee1981d0fe5f8bc21399b887b39ef32dbf6b2077b58f628e49d3ad19253a96c98e2053421ade0c992698860629c8db9c528887810afa0ffbeaffc8c7

  • SSDEEP

    192:SIM3t0I5fo9cKivXQWxZxdkVSoAIm4mzUnjBhWY82qDB8:SIMd0I5nvHFsvWrxDB8

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\603e56f8fadbdf281d8e38693912f0b6_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:740
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff942fb46f8,0x7ff942fb4708,0x7ff942fb4718
      2⤵
        PID:3008
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14015967198816431739,1593249283659825144,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        2⤵
          PID:1248
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14015967198816431739,1593249283659825144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2900
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,14015967198816431739,1593249283659825144,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
          2⤵
            PID:3344
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14015967198816431739,1593249283659825144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
            2⤵
              PID:3688
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14015967198816431739,1593249283659825144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
              2⤵
                PID:4876
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14015967198816431739,1593249283659825144,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2992 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4036
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:4472
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:2352

                Network

                • flag-us
                  DNS
                  133.211.185.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  133.211.185.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  t.cn
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  t.cn
                  IN A
                  Response
                  t.cn
                  IN A
                  39.105.18.168
                • flag-us
                  DNS
                  img1.jiehun.cn
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  img1.jiehun.cn
                  IN A
                  Response
                  img1.jiehun.cn
                  IN CNAME
                  img1.jiehun.cn.a.bdydns.com
                  img1.jiehun.cn.a.bdydns.com
                  IN CNAME
                  opencdnspy.jomodns.com
                  opencdnspy.jomodns.com
                  IN A
                  113.142.207.35
                  opencdnspy.jomodns.com
                  IN A
                  61.170.103.35
                  opencdnspy.jomodns.com
                  IN A
                  106.225.194.35
                  opencdnspy.jomodns.com
                  IN A
                  61.170.99.35
                  opencdnspy.jomodns.com
                  IN A
                  118.180.40.35
                  opencdnspy.jomodns.com
                  IN A
                  120.41.32.35
                  opencdnspy.jomodns.com
                  IN A
                  121.14.135.35
                  opencdnspy.jomodns.com
                  IN A
                  125.74.1.35
                  opencdnspy.jomodns.com
                  IN A
                  125.74.42.35
                  opencdnspy.jomodns.com
                  IN A
                  220.169.152.35
                • flag-us
                  DNS
                  www.googleadsl.com
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  www.googleadsl.com
                  IN A
                  Response
                  www.googleadsl.com
                  IN A
                  170.178.222.41
                • flag-us
                  DNS
                  74.32.126.40.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  74.32.126.40.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  79.190.18.2.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  79.190.18.2.in-addr.arpa
                  IN PTR
                  Response
                  79.190.18.2.in-addr.arpa
                  IN PTR
                  a2-18-190-79deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  95.221.229.192.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  95.221.229.192.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  g.bing.com
                  Remote address:
                  8.8.8.8:53
                  Request
                  g.bing.com
                  IN A
                  Response
                  g.bing.com
                  IN CNAME
                  g-bing-com.dual-a-0034.a-msedge.net
                  g-bing-com.dual-a-0034.a-msedge.net
                  IN CNAME
                  dual-a-0034.a-msedge.net
                  dual-a-0034.a-msedge.net
                  IN A
                  204.79.197.237
                  dual-a-0034.a-msedge.net
                  IN A
                  13.107.21.237
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8gO4dDztiGiM8aPZizSZ9ZDVUCUyH5PgadmUVv90yHNADrpIQCQvFs707XEQZLaUtIZ0OeLKL-RsgwAd3epnwMmDX0XGHpa4k_diEQJGzBEZCzCPKAPVvzcS-BH7NNe1BaYkPCpFmxyQ_bzj08CzZQfpKBGBakjIeTsJD8Xq6aspi05Th%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D452cfe3d74d11eecd4919816dd637671&TIME=20240426T131914Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949
                  Remote address:
                  204.79.197.237:443
                  Request
                  GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8gO4dDztiGiM8aPZizSZ9ZDVUCUyH5PgadmUVv90yHNADrpIQCQvFs707XEQZLaUtIZ0OeLKL-RsgwAd3epnwMmDX0XGHpa4k_diEQJGzBEZCzCPKAPVvzcS-BH7NNe1BaYkPCpFmxyQ_bzj08CzZQfpKBGBakjIeTsJD8Xq6aspi05Th%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D452cfe3d74d11eecd4919816dd637671&TIME=20240426T131914Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  set-cookie: MUID=3D252342F35B65A516E837C7F2E064C8; domain=.bing.com; expires=Sat, 14-Jun-2025 17:10:21 GMT; path=/; SameSite=None; Secure; Priority=High;
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 4264A01BE19B41D0817B4AE97122083E Ref B: LON04EDGE0807 Ref C: 2024-05-20T17:10:21Z
                  date: Mon, 20 May 2024 17:10:20 GMT
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8gO4dDztiGiM8aPZizSZ9ZDVUCUyH5PgadmUVv90yHNADrpIQCQvFs707XEQZLaUtIZ0OeLKL-RsgwAd3epnwMmDX0XGHpa4k_diEQJGzBEZCzCPKAPVvzcS-BH7NNe1BaYkPCpFmxyQ_bzj08CzZQfpKBGBakjIeTsJD8Xq6aspi05Th%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D452cfe3d74d11eecd4919816dd637671&TIME=20240426T131914Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949
                  Remote address:
                  204.79.197.237:443
                  Request
                  GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8gO4dDztiGiM8aPZizSZ9ZDVUCUyH5PgadmUVv90yHNADrpIQCQvFs707XEQZLaUtIZ0OeLKL-RsgwAd3epnwMmDX0XGHpa4k_diEQJGzBEZCzCPKAPVvzcS-BH7NNe1BaYkPCpFmxyQ_bzj08CzZQfpKBGBakjIeTsJD8Xq6aspi05Th%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D452cfe3d74d11eecd4919816dd637671&TIME=20240426T131914Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  cookie: MUID=3D252342F35B65A516E837C7F2E064C8; _EDGE_S=SID=2B7F77C943D469710F4F634C427E6805
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  set-cookie: MSPTC=wL5aozGvTCaDekUBsF2Lb6Tg1mpJbC7wQTiyt71GCp4; domain=.bing.com; expires=Sat, 14-Jun-2025 17:10:21 GMT; path=/; Partitioned; secure; SameSite=None
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 93A672DB50DE466E902680C038B49F4B Ref B: LON04EDGE0807 Ref C: 2024-05-20T17:10:21Z
                  date: Mon, 20 May 2024 17:10:20 GMT
                • flag-nl
                  GET
                  https://www.bing.com/aes/c.gif?RG=c3c14100360d44aebe46e58efe237d6a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131914Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038
                  Remote address:
                  23.62.61.97:443
                  Request
                  GET /aes/c.gif?RG=c3c14100360d44aebe46e58efe237d6a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131914Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038 HTTP/2.0
                  host: www.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  cookie: MUID=3D252342F35B65A516E837C7F2E064C8
                  Response
                  HTTP/2.0 200
                  cache-control: private,no-store
                  pragma: no-cache
                  vary: Origin
                  p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 1BC935CE5F16463599C5B9EDD8E71504 Ref B: DUS30EDGE0908 Ref C: 2024-05-20T17:10:21Z
                  content-length: 0
                  date: Mon, 20 May 2024 17:10:21 GMT
                  set-cookie: _EDGE_S=SID=2B7F77C943D469710F4F634C427E6805; path=/; httponly; domain=bing.com
                  set-cookie: MUIDB=3D252342F35B65A516E837C7F2E064C8; path=/; httponly; expires=Sat, 14-Jun-2025 17:10:21 GMT
                  alt-svc: h3=":443"; ma=93600
                  x-cdn-traceid: 0.5d3d3e17.1716225021.c06c5e
                • flag-us
                  DNS
                  237.197.79.204.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  237.197.79.204.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  97.61.62.23.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  97.61.62.23.in-addr.arpa
                  IN PTR
                  Response
                  97.61.62.23.in-addr.arpa
                  IN PTR
                  a23-62-61-97deploystaticakamaitechnologiescom
                • flag-nl
                  GET
                  https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                  Remote address:
                  23.62.61.97:443
                  Request
                  GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
                  host: www.bing.com
                  accept: */*
                  cookie: MUID=3D252342F35B65A516E837C7F2E064C8; _EDGE_S=SID=2B7F77C943D469710F4F634C427E6805; MSPTC=wL5aozGvTCaDekUBsF2Lb6Tg1mpJbC7wQTiyt71GCp4; MUIDB=3D252342F35B65A516E837C7F2E064C8
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-type: image/png
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  content-length: 1107
                  date: Mon, 20 May 2024 17:10:23 GMT
                  alt-svc: h3=":443"; ma=93600
                  x-cdn-traceid: 0.5d3d3e17.1716225023.c070e8
                • flag-us
                  DNS
                  209.205.72.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  209.205.72.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-cn
                  GET
                  http://img1.jiehun.cn/image/logo.jpg
                  msedge.exe
                  Remote address:
                  61.170.103.35:80
                  Request
                  GET /image/logo.jpg HTTP/1.1
                  Host: img1.jiehun.cn
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                  DNT: 1
                  Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  Response
                  HTTP/1.1 504 Gateway Timeout
                  Server: JSP3/2.0.14
                  Date: Mon, 20 May 2024 17:10:53 GMT
                  Content-Type: text/plain
                  Content-Length: 15
                  Connection: keep-alive
                  Cache-Control: no-cache
                  Ohc-Cache-HIT: sh6ct85 [1], czix226 [0]
                  X-Error-Info: External_Connection
                  Ohc-File-Size: 15
                  X-Cache-Status: MISS
                • flag-cn
                  GET
                  http://img1.jiehun.cn/image/sousuoanniu.gif
                  msedge.exe
                  Remote address:
                  61.170.103.35:80
                  Request
                  GET /image/sousuoanniu.gif HTTP/1.1
                  Host: img1.jiehun.cn
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                  DNT: 1
                  Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  Response
                  HTTP/1.1 504 Gateway Timeout
                  Server: JSP3/2.0.14
                  Date: Mon, 20 May 2024 17:11:12 GMT
                  Content-Type: text/plain
                  Content-Length: 15
                  Connection: keep-alive
                  Cache-Control: no-cache
                  Ohc-Cache-HIT: sh6ct82 [1], cdix186 [0]
                  X-Error-Info: External_Connection
                  Ohc-File-Size: 15
                  X-Cache-Status: MISS
                • flag-cn
                  GET
                  http://img1.jiehun.cn/image/remendh.gif
                  msedge.exe
                  Remote address:
                  61.170.103.35:80
                  Request
                  GET /image/remendh.gif HTTP/1.1
                  Host: img1.jiehun.cn
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                  DNT: 1
                  Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                • flag-us
                  DNS
                  hm.baidu.com
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  hm.baidu.com
                  IN A
                  Response
                  hm.baidu.com
                  IN CNAME
                  hm.e.shifen.com
                  hm.e.shifen.com
                  IN A
                  183.240.98.228
                  hm.e.shifen.com
                  IN A
                  14.215.182.140
                  hm.e.shifen.com
                  IN A
                  14.215.183.79
                  hm.e.shifen.com
                  IN A
                  111.45.3.198
                  hm.e.shifen.com
                  IN A
                  111.45.11.83
                • flag-us
                  DNS
                  www.jiehun.cn
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  www.jiehun.cn
                  IN A
                  Response
                  www.jiehun.cn
                  IN A
                  61.160.251.208
                • flag-us
                  DNS
                  35.103.170.61.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  35.103.170.61.in-addr.arpa
                  IN PTR
                  Response
                  35.103.170.61.in-addr.arpa
                  IN PTR
                  3510317061broadxwshdynamic163datacomcn
                • flag-us
                  DNS
                  50.23.12.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  50.23.12.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  198.187.3.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  198.187.3.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  96.136.73.23.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  96.136.73.23.in-addr.arpa
                  IN PTR
                  Response
                  96.136.73.23.in-addr.arpa
                  IN PTR
                  a23-73-136-96deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  96.136.73.23.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  96.136.73.23.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  48.229.111.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  48.229.111.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  tse1.mm.bing.net
                  Remote address:
                  8.8.8.8:53
                  Request
                  tse1.mm.bing.net
                  IN A
                  Response
                  tse1.mm.bing.net
                  IN CNAME
                  mm-mm.bing.net.trafficmanager.net
                  mm-mm.bing.net.trafficmanager.net
                  IN CNAME
                  dual-a-0001.a-msedge.net
                  dual-a-0001.a-msedge.net
                  IN A
                  204.79.197.200
                  dual-a-0001.a-msedge.net
                  IN A
                  13.107.21.200
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 430689
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: F736D2E3D2294669A695C8732286CB6B Ref B: LON04EDGE0919 Ref C: 2024-05-20T17:12:06Z
                  date: Mon, 20 May 2024 17:12:05 GMT
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 442324
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: C67DBDB6B9F94626A6BB148EA08EE1AC Ref B: LON04EDGE0919 Ref C: 2024-05-20T17:12:06Z
                  date: Mon, 20 May 2024 17:12:06 GMT
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 415458
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: DB470B828A97459398B8093873443CAA Ref B: LON04EDGE0919 Ref C: 2024-05-20T17:12:06Z
                  date: Mon, 20 May 2024 17:12:06 GMT
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 627437
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 3FA0C7466810415F9EB7A5BF16AB4EB6 Ref B: LON04EDGE0919 Ref C: 2024-05-20T17:12:06Z
                  date: Mon, 20 May 2024 17:12:06 GMT
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 792794
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 4A8602D4CFB34BE7B0C7F9D214401111 Ref B: LON04EDGE0919 Ref C: 2024-05-20T17:12:06Z
                  date: Mon, 20 May 2024 17:12:06 GMT
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 394521
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 812363B07A994598804CC6B4FF2B333C Ref B: LON04EDGE0919 Ref C: 2024-05-20T17:12:07Z
                  date: Mon, 20 May 2024 17:12:06 GMT
                • flag-us
                  DNS
                  200.197.79.204.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  200.197.79.204.in-addr.arpa
                  IN PTR
                  Response
                  200.197.79.204.in-addr.arpa
                  IN PTR
                  a-0001a-msedgenet
                • 113.142.207.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 170.178.222.41:80
                  www.googleadsl.com
                  msedge.exe
                  260 B
                   5
                • 113.142.207.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 170.178.222.41:80
                  www.googleadsl.com
                  msedge.exe
                  260 B
                   5
                • 39.105.18.168:80
                  t.cn
                  msedge.exe
                  260 B
                   5
                • 39.105.18.168:80
                  t.cn
                  msedge.exe
                  260 B
                   5
                • 204.79.197.237:443
                  https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8gO4dDztiGiM8aPZizSZ9ZDVUCUyH5PgadmUVv90yHNADrpIQCQvFs707XEQZLaUtIZ0OeLKL-RsgwAd3epnwMmDX0XGHpa4k_diEQJGzBEZCzCPKAPVvzcS-BH7NNe1BaYkPCpFmxyQ_bzj08CzZQfpKBGBakjIeTsJD8Xq6aspi05Th%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D452cfe3d74d11eecd4919816dd637671&TIME=20240426T131914Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949
                  tls, http2
                  2.5kB
                   9.0kB
                   20
                  17

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8gO4dDztiGiM8aPZizSZ9ZDVUCUyH5PgadmUVv90yHNADrpIQCQvFs707XEQZLaUtIZ0OeLKL-RsgwAd3epnwMmDX0XGHpa4k_diEQJGzBEZCzCPKAPVvzcS-BH7NNe1BaYkPCpFmxyQ_bzj08CzZQfpKBGBakjIeTsJD8Xq6aspi05Th%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D452cfe3d74d11eecd4919816dd637671&TIME=20240426T131914Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

                  HTTP Response

                  204

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8gO4dDztiGiM8aPZizSZ9ZDVUCUyH5PgadmUVv90yHNADrpIQCQvFs707XEQZLaUtIZ0OeLKL-RsgwAd3epnwMmDX0XGHpa4k_diEQJGzBEZCzCPKAPVvzcS-BH7NNe1BaYkPCpFmxyQ_bzj08CzZQfpKBGBakjIeTsJD8Xq6aspi05Th%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D452cfe3d74d11eecd4919816dd637671&TIME=20240426T131914Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

                  HTTP Response

                  204
                • 23.62.61.97:443
                  https://www.bing.com/aes/c.gif?RG=c3c14100360d44aebe46e58efe237d6a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131914Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038
                  tls, http2
                  1.4kB
                   5.3kB
                   16
                  11

                  HTTP Request

                  GET https://www.bing.com/aes/c.gif?RG=c3c14100360d44aebe46e58efe237d6a&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131914Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038

                  HTTP Response

                  200
                • 23.62.61.97:443
                  https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                  tls, http2
                  1.6kB
                   6.4kB
                   16
                  12

                  HTTP Request

                  GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

                  HTTP Response

                  200
                • 61.170.103.35:80
                  http://img1.jiehun.cn/image/remendh.gif
                  http
                  msedge.exe
                  3.8kB
                   4.7kB
                   27
                  20

                  HTTP Request

                  GET http://img1.jiehun.cn/image/logo.jpg

                  HTTP Response

                  504

                  HTTP Request

                  GET http://img1.jiehun.cn/image/sousuoanniu.gif

                  HTTP Response

                  504

                  HTTP Request

                  GET http://img1.jiehun.cn/image/remendh.gif
                • 61.170.103.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 113.142.207.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 113.142.207.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 113.142.207.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 113.142.207.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 61.160.251.208:80
                  www.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 61.160.251.208:80
                  www.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 183.240.98.228:80
                  hm.baidu.com
                  msedge.exe
                  260 B
                   5
                • 183.240.98.228:80
                  hm.baidu.com
                  msedge.exe
                  260 B
                   5
                • 106.225.194.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 61.170.103.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 61.170.103.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 61.170.103.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 61.170.103.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 14.215.182.140:80
                  hm.baidu.com
                  msedge.exe
                  260 B
                   5
                • 14.215.182.140:80
                  hm.baidu.com
                  msedge.exe
                  260 B
                   5
                • 61.170.99.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 106.225.194.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 106.225.194.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 106.225.194.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 106.225.194.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 14.215.183.79:80
                  hm.baidu.com
                  msedge.exe
                  260 B
                   5
                • 14.215.183.79:80
                  hm.baidu.com
                  msedge.exe
                  260 B
                   5
                • 118.180.40.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 61.170.99.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 61.170.99.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 61.170.99.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 61.170.99.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 111.45.3.198:80
                  hm.baidu.com
                  msedge.exe
                  260 B
                   5
                • 111.45.3.198:80
                  hm.baidu.com
                  msedge.exe
                  260 B
                   5
                • 120.41.32.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 118.180.40.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 118.180.40.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 118.180.40.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 118.180.40.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 111.45.11.83:80
                  hm.baidu.com
                  msedge.exe
                  260 B
                   5
                • 111.45.11.83:80
                  hm.baidu.com
                  msedge.exe
                  260 B
                   5
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls, http2
                  1.7kB
                   8.1kB
                   18
                  13
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls, http2
                  1.7kB
                   8.1kB
                   18
                  13
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls, http2
                  1.5kB
                   8.0kB
                   16
                  12
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls, http2
                  1.7kB
                   8.1kB
                   18
                  13
                • 204.79.197.200:443
                  https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                  tls, http2
                  113.6kB
                   3.2MB
                   2386
                  2379

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                  HTTP Response

                  200

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                  HTTP Response

                  200

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                  HTTP Response

                  200

                  HTTP Response

                  200

                  HTTP Response

                  200

                  HTTP Response

                  200
                • 121.14.135.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 120.41.32.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 120.41.32.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 120.41.32.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 120.41.32.35:80
                  img1.jiehun.cn
                  msedge.exe
                  260 B
                   5
                • 125.74.1.35:80
                  img1.jiehun.cn
                  msedge.exe
                  52 B
                   1
                • 121.14.135.35:80
                  img1.jiehun.cn
                  msedge.exe
                  52 B
                   1
                • 121.14.135.35:80
                  img1.jiehun.cn
                  msedge.exe
                  52 B
                   1
                • 121.14.135.35:80
                  img1.jiehun.cn
                  msedge.exe
                  52 B
                   1
                • 121.14.135.35:80
                  img1.jiehun.cn
                  msedge.exe
                  52 B
                   1
                • 8.8.8.8:53
                  133.211.185.52.in-addr.arpa
                  dns
                  73 B
                   147 B
                   1
                  1

                  DNS Request

                  133.211.185.52.in-addr.arpa

                • 8.8.8.8:53
                  t.cn
                  dns
                  msedge.exe
                  50 B
                   66 B
                   1
                  1

                  DNS Request

                  t.cn

                  DNS Response

                  39.105.18.168

                • 8.8.8.8:53
                  img1.jiehun.cn
                  dns
                  msedge.exe
                  60 B
                   294 B
                   1
                  1

                  DNS Request

                  img1.jiehun.cn

                  DNS Response

                  113.142.207.35
                  61.170.103.35
                  106.225.194.35
                  61.170.99.35
                  118.180.40.35
                  120.41.32.35
                  121.14.135.35
                  125.74.1.35
                  125.74.42.35
                  220.169.152.35

                • 8.8.8.8:53
                  www.googleadsl.com
                  dns
                  msedge.exe
                  64 B
                   80 B
                   1
                  1

                  DNS Request

                  www.googleadsl.com

                  DNS Response

                  170.178.222.41

                • 8.8.8.8:53
                  74.32.126.40.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  74.32.126.40.in-addr.arpa

                • 8.8.8.8:53
                  79.190.18.2.in-addr.arpa
                  dns
                  70 B
                   133 B
                   1
                  1

                  DNS Request

                  79.190.18.2.in-addr.arpa

                • 8.8.8.8:53
                  95.221.229.192.in-addr.arpa
                  dns
                  73 B
                   144 B
                   1
                  1

                  DNS Request

                  95.221.229.192.in-addr.arpa

                • 8.8.8.8:53
                  g.bing.com
                  dns
                  56 B
                   151 B
                   1
                  1

                  DNS Request

                  g.bing.com

                  DNS Response

                  204.79.197.237
                  13.107.21.237

                • 8.8.8.8:53
                  237.197.79.204.in-addr.arpa
                  dns
                  73 B
                   143 B
                   1
                  1

                  DNS Request

                  237.197.79.204.in-addr.arpa

                • 8.8.8.8:53
                  97.61.62.23.in-addr.arpa
                  dns
                  70 B
                   133 B
                   1
                  1

                  DNS Request

                  97.61.62.23.in-addr.arpa

                • 224.0.0.251:5353
                  301 B
                   5
                • 8.8.8.8:53
                  209.205.72.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  209.205.72.20.in-addr.arpa

                • 8.8.8.8:53
                  hm.baidu.com
                  dns
                  msedge.exe
                  58 B
                   164 B
                   1
                  1

                  DNS Request

                  hm.baidu.com

                  DNS Response

                  183.240.98.228
                  14.215.182.140
                  14.215.183.79
                  111.45.3.198
                  111.45.11.83

                • 8.8.8.8:53
                  www.jiehun.cn
                  dns
                  msedge.exe
                  59 B
                   75 B
                   1
                  1

                  DNS Request

                  www.jiehun.cn

                  DNS Response

                  61.160.251.208

                • 8.8.8.8:53
                  35.103.170.61.in-addr.arpa
                  dns
                  72 B
                   134 B
                   1
                  1

                  DNS Request

                  35.103.170.61.in-addr.arpa

                • 8.8.8.8:53
                  50.23.12.20.in-addr.arpa
                  dns
                  70 B
                   156 B
                   1
                  1

                  DNS Request

                  50.23.12.20.in-addr.arpa

                • 8.8.8.8:53
                  198.187.3.20.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  198.187.3.20.in-addr.arpa

                • 8.8.8.8:53
                  96.136.73.23.in-addr.arpa
                  dns
                  142 B
                   135 B
                   2
                  1

                  DNS Request

                  96.136.73.23.in-addr.arpa

                  DNS Request

                  96.136.73.23.in-addr.arpa

                • 8.8.8.8:53
                  48.229.111.52.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  48.229.111.52.in-addr.arpa

                • 8.8.8.8:53
                  tse1.mm.bing.net
                  dns
                  62 B
                   173 B
                   1
                  1

                  DNS Request

                  tse1.mm.bing.net

                  DNS Response

                  204.79.197.200
                  13.107.21.200

                • 8.8.8.8:53
                  200.197.79.204.in-addr.arpa
                  dns
                  73 B
                   106 B
                   1
                  1

                  DNS Request

                  200.197.79.204.in-addr.arpa

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  1ac52e2503cc26baee4322f02f5b8d9c

                  SHA1

                  38e0cee911f5f2a24888a64780ffdf6fa72207c8

                  SHA256

                  f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

                  SHA512

                  7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  b2a1398f937474c51a48b347387ee36a

                  SHA1

                  922a8567f09e68a04233e84e5919043034635949

                  SHA256

                  2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

                  SHA512

                  4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  fa7c64dc91f8179600dcd4fc135fd447

                  SHA1

                  2038ccea104873cbec21da4a71029e4320bf9107

                  SHA256

                  47379140f926fffef91371dd5eb9e539bbba1d122da4339ad32f03a5fed9d335

                  SHA512

                  94cd1610801d49f38eed2cc7fc5be1410e8503821ee09486d4cec43022a74813ddd360f5cd337a14eab119d76ef176d41467a119af6a69dd0e538927f443db72

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  563a71d58f86d70eaf0070d186ed702d

                  SHA1

                  16bb3e39a6ac060f3d12e2453fa0b74ab885298b

                  SHA256

                  8a3a785328248581ab9d04b29f46aae015084ded55c2005975fb4a9878401fe7

                  SHA512

                  03819f14bb89bdef2c9e225eec682e56bcf1d383b6654b08d054d10bc7a670670b33e0720acad2ba9c971ad5085b1edf23d551faa30a4d5d93ce03960faf3afd

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  1cebd6b31a877b6ffd75e2c2d1e41d4a

                  SHA1

                  e2cfc9b6114ca6769e84ad6d2ceb55b885974734

                  SHA256

                  d25e4d06bb8839e1db54be6795d6ecdd8ceb557f5ec858572c847be3c98f5f43

                  SHA512

                  edba2a002263ab85b6c4850005751a61e187290176ad0c75d93f1edbcfab0035ad304a0230b45534e2b3b7331cce7d151beb6d8687b3292410c31422e820d2bf

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  11KB

                  MD5

                  fce7ab4001d1254b853429b3723f6497

                  SHA1

                  12f11f593d3867dbd0aebeca597ef6012d691efa

                  SHA256

                  1eef2cf74d8a33d9792f8681fb959e7b9b6fdb76e0c998fb5823e305f31c570c

                  SHA512

                  32de08b9461f7c84287facda878abdae74e999272c2c8d314ab1eaed2da3625e38a6a802167322bc860660a9970c38397a113ebe43dfde239f55809f754bd8ba

                  Download Submit

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.