Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/05/2024, 16:26 UTC

General

  • Target

    67e1a81b2f7601bee9d9ee24be933fca_JaffaCakes118.html

  • Size

    138KB

  • MD5

    67e1a81b2f7601bee9d9ee24be933fca

  • SHA1

    776ad7728c7d8d405032bba8e512ca312c4ea700

  • SHA256

    5a43e4373bb74132f3e6055a9a0bef4f975c76ee1ecd6e5bc4676f3597820f3c

  • SHA512

    b606a82feba999091bded343a576ccfeea843a5a98989b350f690619666805ad8dfdac75159937d2731bdb5af4f8445ba680ddd461969c394a8656b44879f8b6

  • SSDEEP

    3072:SeA0gtw8EiudSZ5l7z5wP2BtraK1+Oh0bfuKTSEs:SB0gBJrbMbXTSx

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\67e1a81b2f7601bee9d9ee24be933fca_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef95246f8,0x7ffef9524708,0x7ffef9524718
      2⤵
        PID:4200
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        2⤵
          PID:2020
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2852
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
          2⤵
            PID:3572
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
            2⤵
              PID:2208
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
              2⤵
                PID:1340
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4856
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:4076
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:1344

                Network

                • flag-us
                  DNS
                  154.239.44.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  154.239.44.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  www.libafun.com
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  www.libafun.com
                  IN A
                  Response
                • flag-us
                  DNS
                  www.cas.cn
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  www.cas.cn
                  IN A
                  Response
                  www.cas.cn
                  IN A
                  159.226.242.61
                • flag-us
                  DNS
                  73.159.190.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  73.159.190.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  172.210.232.199.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  172.210.232.199.in-addr.arpa
                  IN PTR
                  Response
                • flag-cz
                  GET
                  https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                  Remote address:
                  95.100.146.18:443
                  Request
                  GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
                  host: www.bing.com
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-type: image/png
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  content-length: 1107
                  date: Wed, 22 May 2024 16:26:42 GMT
                  alt-svc: h3=":443"; ma=93600
                  x-cdn-traceid: 0.0e92645f.1716395202.11e3cdda
                • flag-us
                  DNS
                  18.146.100.95.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  18.146.100.95.in-addr.arpa
                  IN PTR
                  Response
                  18.146.100.95.in-addr.arpa
                  IN PTR
                  a95-100-146-18deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  55.36.223.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  55.36.223.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  183.142.211.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  183.142.211.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  dcs.conac.cn
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  dcs.conac.cn
                  IN A
                  Response
                  dcs.conac.cn
                  IN A
                  114.251.191.210
                  dcs.conac.cn
                  IN A
                  219.141.240.182
                • flag-us
                  DNS
                  26.165.165.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  26.165.165.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  15.164.165.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  15.164.165.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  142.53.16.96.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  142.53.16.96.in-addr.arpa
                  IN PTR
                  Response
                  142.53.16.96.in-addr.arpa
                  IN PTR
                  a96-16-53-142deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  71.121.18.2.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  71.121.18.2.in-addr.arpa
                  IN PTR
                  Response
                  71.121.18.2.in-addr.arpa
                  IN PTR
                  a2-18-121-71deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  push.zhanzhang.baidu.com
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  push.zhanzhang.baidu.com
                  IN A
                  Response
                  push.zhanzhang.baidu.com
                  IN CNAME
                  share.jomodns.com
                  share.jomodns.com
                  IN CNAME
                  share.n.shifen.com
                  share.n.shifen.com
                  IN A
                  180.101.212.103
                  share.n.shifen.com
                  IN A
                  182.61.201.93
                  share.n.shifen.com
                  IN A
                  182.61.201.94
                  share.n.shifen.com
                  IN A
                  182.61.244.229
                  share.n.shifen.com
                  IN A
                  14.215.182.161
                  share.n.shifen.com
                  IN A
                  39.156.68.163
                  share.n.shifen.com
                  IN A
                  112.34.113.148
                  share.n.shifen.com
                  IN A
                  163.177.17.97
                • flag-us
                  DNS
                  jspassport.ssl.qhimg.com
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  jspassport.ssl.qhimg.com
                  IN A
                  Response
                  jspassport.ssl.qhimg.com
                  IN CNAME
                  dqmal2h0p0osu.cloudfront.net
                  dqmal2h0p0osu.cloudfront.net
                  IN A
                  18.165.160.81
                  dqmal2h0p0osu.cloudfront.net
                  IN A
                  18.165.160.25
                  dqmal2h0p0osu.cloudfront.net
                  IN A
                  18.165.160.76
                  dqmal2h0p0osu.cloudfront.net
                  IN A
                  18.165.160.85
                • flag-gb
                  GET
                  https://jspassport.ssl.qhimg.com/11.0.1.js?eca7a4429f3c52746b81b7b733405f8f
                  msedge.exe
                  Remote address:
                  18.165.160.81:443
                  Request
                  GET /11.0.1.js?eca7a4429f3c52746b81b7b733405f8f HTTP/2.0
                  host: jspassport.ssl.qhimg.com
                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                  dnt: 1
                  sec-ch-ua-mobile: ?0
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                  intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
                  accept: */*
                  sec-fetch-site: cross-site
                  sec-fetch-mode: no-cors
                  sec-fetch-dest: script
                  accept-encoding: gzip, deflate, br
                  accept-language: en-US,en;q=0.9
                  Response
                  HTTP/2.0 200
                  content-type: application/x-javascript
                  last-modified: Wed, 28 Nov 2018 07:43:20 GMT
                  kcs-via: REVALIDATED from w-fc01.lato;REVALIDATED from w-sc01.lato
                  date: Wed, 22 May 2024 16:27:42 GMT
                  cache-control: max-age=600
                  expires: Wed, 22 May 2024 16:37:42 GMT
                  x-cache: RefreshHit from cloudfront
                  via: 1.1 49b27e0e3e94141e2c30cdc80ba48bc0.cloudfront.net (CloudFront)
                  x-amz-cf-pop: MAN51-P2
                  x-amz-cf-id: WssSfYY9EukYgj4v9_bbd9WjmmNanVOq6Ke1EKHTCqiB06WFfeeFfA==
                • flag-us
                  DNS
                  s.ssl.qhres2.com
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  s.ssl.qhres2.com
                  IN A
                  Response
                  s.ssl.qhres2.com
                  IN CNAME
                  s.ssl.qhres2.com.qh-cdn.com
                  s.ssl.qhres2.com.qh-cdn.com
                  IN CNAME
                  d22oj5itccz3aw.cloudfront.net
                  d22oj5itccz3aw.cloudfront.net
                  IN A
                  18.165.160.78
                  d22oj5itccz3aw.cloudfront.net
                  IN A
                  18.165.160.110
                  d22oj5itccz3aw.cloudfront.net
                  IN A
                  18.165.160.48
                  d22oj5itccz3aw.cloudfront.net
                  IN A
                  18.165.160.26
                • flag-us
                  DNS
                  81.160.165.18.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  81.160.165.18.in-addr.arpa
                  IN PTR
                  Response
                  81.160.165.18.in-addr.arpa
                  IN PTR
                  server-18-165-160-81man51r cloudfrontnet
                • flag-gb
                  GET
                  https://s.ssl.qhres2.com/ssl/ab77b6ea7f3fbf79.js
                  msedge.exe
                  Remote address:
                  18.165.160.78:443
                  Request
                  GET /ssl/ab77b6ea7f3fbf79.js HTTP/2.0
                  host: s.ssl.qhres2.com
                  sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                  dnt: 1
                  sec-ch-ua-mobile: ?0
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                  intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
                  accept: */*
                  sec-fetch-site: cross-site
                  sec-fetch-mode: no-cors
                  sec-fetch-dest: script
                  accept-encoding: gzip, deflate, br
                  accept-language: en-US,en;q=0.9
                  Response
                  HTTP/2.0 200
                  content-type: application/javascript; charset=utf-8
                  content-length: 478
                  date: Tue, 14 May 2024 09:44:07 GMT
                  x-qstatic-hit: 1
                  last-modified: Mon, 01 Jan 2018 00:00:00 GMT
                  etag: W/"5ea522c52117c396"
                  access-control-allow-origin: *
                  cache-control: s-maxage=315360000, max-age=315360000, immutable
                  expires: Fri, 12 May 2034 09:44:07 GMT
                  kcs-via: HIT from w-fc01.lato;MISS from w-sc02.lato
                  accept-ranges: bytes
                  x-cache: Hit from cloudfront
                  via: 1.1 c77ea39f799435256b0dedb7c85316ba.cloudfront.net (CloudFront)
                  x-amz-cf-pop: MAN51-P2
                  x-amz-cf-id: V2jXHwDhs3ykBgojuT9LYtkIANHZmY2ZxM_xAmIcSNsH2BApBb-Jdw==
                  age: 715416
                • flag-us
                  DNS
                  s.360.cn
                  Remote address:
                  8.8.8.8:53
                  Request
                  s.360.cn
                  IN A
                  Response
                  s.360.cn
                  IN A
                  101.198.2.147
                  s.360.cn
                  IN A
                  180.163.251.231
                  s.360.cn
                  IN A
                  180.163.251.230
                  s.360.cn
                  IN A
                  171.8.167.90
                • flag-us
                  DNS
                  78.160.165.18.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  78.160.165.18.in-addr.arpa
                  IN PTR
                  Response
                  78.160.165.18.in-addr.arpa
                  IN PTR
                  server-18-165-160-78man51r cloudfrontnet
                • flag-us
                  DNS
                  s.360.cn
                  Remote address:
                  8.8.8.8:53
                  Request
                  s.360.cn
                  IN A
                  Response
                  s.360.cn
                  IN A
                  171.13.14.66
                  s.360.cn
                  IN A
                  171.8.167.89
                  s.360.cn
                  IN A
                  101.198.2.147
                  s.360.cn
                  IN A
                  180.163.251.231
                • flag-us
                  DNS
                  23.236.111.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  23.236.111.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  tse1.mm.bing.net
                  Remote address:
                  8.8.8.8:53
                  Request
                  tse1.mm.bing.net
                  IN A
                  Response
                  tse1.mm.bing.net
                  IN CNAME
                  mm-mm.bing.net.trafficmanager.net
                  mm-mm.bing.net.trafficmanager.net
                  IN CNAME
                  dual-a-0001.a-msedge.net
                  dual-a-0001.a-msedge.net
                  IN A
                  204.79.197.200
                  dual-a-0001.a-msedge.net
                  IN A
                  13.107.21.200
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 627437
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 436DAE492C624167850523C5CFE613DB Ref B: LON04EDGE0916 Ref C: 2024-05-22T16:28:19Z
                  date: Wed, 22 May 2024 16:28:19 GMT
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 792794
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 6F728550FC6143D28C4113F23EC3B635 Ref B: LON04EDGE0916 Ref C: 2024-05-22T16:28:19Z
                  date: Wed, 22 May 2024 16:28:19 GMT
                • flag-us
                  DNS
                  200.197.79.204.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  200.197.79.204.in-addr.arpa
                  IN PTR
                  Response
                  200.197.79.204.in-addr.arpa
                  IN PTR
                  a-0001a-msedgenet
                • 159.226.242.61:80
                  www.cas.cn
                  msedge.exe
                  260 B
                  5
                • 159.226.242.61:80
                  www.cas.cn
                  msedge.exe
                  260 B
                  5
                • 159.226.242.61:80
                  www.cas.cn
                  msedge.exe
                  260 B
                  5
                • 95.100.146.18:443
                  https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                  tls, http2
                  1.5kB
                  6.3kB
                  17
                  11

                  HTTP Request

                  GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

                  HTTP Response

                  200
                • 114.251.191.210:80
                  dcs.conac.cn
                  msedge.exe
                  260 B
                  5
                • 114.251.191.210:80
                  dcs.conac.cn
                  msedge.exe
                  260 B
                  5
                • 219.141.240.182:80
                  dcs.conac.cn
                  msedge.exe
                  260 B
                  5
                • 219.141.240.182:80
                  dcs.conac.cn
                  msedge.exe
                  260 B
                  5
                • 18.165.160.81:443
                  https://jspassport.ssl.qhimg.com/11.0.1.js?eca7a4429f3c52746b81b7b733405f8f
                  tls, http2
                  msedge.exe
                  1.7kB
                  6.3kB
                  12
                  13

                  HTTP Request

                  GET https://jspassport.ssl.qhimg.com/11.0.1.js?eca7a4429f3c52746b81b7b733405f8f

                  HTTP Response

                  200
                • 18.165.160.81:443
                  jspassport.ssl.qhimg.com
                  tls, http2
                  msedge.exe
                  943 B
                  6.2kB
                  8
                  11
                • 180.101.212.103:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                  5
                • 180.101.212.103:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                  5
                • 18.165.160.78:443
                  https://s.ssl.qhres2.com/ssl/ab77b6ea7f3fbf79.js
                  tls, http2
                  msedge.exe
                  1.7kB
                  7.3kB
                  12
                  13

                  HTTP Request

                  GET https://s.ssl.qhres2.com/ssl/ab77b6ea7f3fbf79.js

                  HTTP Response

                  200
                • 101.198.2.147:445
                  s.360.cn
                  260 B
                  5
                • 180.163.251.231:445
                  s.360.cn
                  260 B
                  5
                • 180.163.251.230:445
                  s.360.cn
                  260 B
                  5
                • 171.8.167.90:445
                  s.360.cn
                  260 B
                  5
                • 182.61.201.93:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                  5
                • 182.61.201.93:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                  5
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls, http2
                  1.2kB
                  8.1kB
                  16
                  14
                • 204.79.197.200:443
                  https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                  tls, http2
                  54.4kB
                  1.5MB
                  1085
                  1082

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                  HTTP Response

                  200

                  HTTP Response

                  200
                • 182.61.201.94:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                  5
                • 182.61.201.94:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                  5
                • 182.61.244.229:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                  5
                • 182.61.244.229:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                  5
                • 14.215.182.161:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  52 B
                  1
                • 14.215.182.161:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  52 B
                  1
                • 8.8.8.8:53
                  154.239.44.20.in-addr.arpa
                  dns
                  72 B
                  158 B
                  1
                  1

                  DNS Request

                  154.239.44.20.in-addr.arpa

                • 8.8.8.8:53
                  www.libafun.com
                  dns
                  msedge.exe
                  61 B
                  134 B
                  1
                  1

                  DNS Request

                  www.libafun.com

                • 8.8.8.8:53
                  www.cas.cn
                  dns
                  msedge.exe
                  56 B
                  72 B
                  1
                  1

                  DNS Request

                  www.cas.cn

                  DNS Response

                  159.226.242.61

                • 8.8.8.8:53
                  73.159.190.20.in-addr.arpa
                  dns
                  72 B
                  158 B
                  1
                  1

                  DNS Request

                  73.159.190.20.in-addr.arpa

                • 8.8.8.8:53
                  172.210.232.199.in-addr.arpa
                  dns
                  74 B
                  128 B
                  1
                  1

                  DNS Request

                  172.210.232.199.in-addr.arpa

                • 8.8.8.8:53
                  18.146.100.95.in-addr.arpa
                  dns
                  72 B
                  137 B
                  1
                  1

                  DNS Request

                  18.146.100.95.in-addr.arpa

                • 8.8.8.8:53
                  55.36.223.20.in-addr.arpa
                  dns
                  71 B
                  157 B
                  1
                  1

                  DNS Request

                  55.36.223.20.in-addr.arpa

                • 224.0.0.251:5353
                  256 B
                  4
                • 8.8.8.8:53
                  183.142.211.20.in-addr.arpa
                  dns
                  73 B
                  159 B
                  1
                  1

                  DNS Request

                  183.142.211.20.in-addr.arpa

                • 8.8.8.8:53
                  dcs.conac.cn
                  dns
                  msedge.exe
                  58 B
                  90 B
                  1
                  1

                  DNS Request

                  dcs.conac.cn

                  DNS Response

                  114.251.191.210
                  219.141.240.182

                • 8.8.8.8:53
                  26.165.165.52.in-addr.arpa
                  dns
                  72 B
                  146 B
                  1
                  1

                  DNS Request

                  26.165.165.52.in-addr.arpa

                • 8.8.8.8:53
                  15.164.165.52.in-addr.arpa
                  dns
                  72 B
                  146 B
                  1
                  1

                  DNS Request

                  15.164.165.52.in-addr.arpa

                • 8.8.8.8:53
                  142.53.16.96.in-addr.arpa
                  dns
                  71 B
                  135 B
                  1
                  1

                  DNS Request

                  142.53.16.96.in-addr.arpa

                • 8.8.8.8:53
                  71.121.18.2.in-addr.arpa
                  dns
                  70 B
                  133 B
                  1
                  1

                  DNS Request

                  71.121.18.2.in-addr.arpa

                • 8.8.8.8:53
                  push.zhanzhang.baidu.com
                  dns
                  msedge.exe
                  70 B
                  255 B
                  1
                  1

                  DNS Request

                  push.zhanzhang.baidu.com

                  DNS Response

                  180.101.212.103
                  182.61.201.93
                  182.61.201.94
                  182.61.244.229
                  14.215.182.161
                  39.156.68.163
                  112.34.113.148
                  163.177.17.97

                • 8.8.8.8:53
                  jspassport.ssl.qhimg.com
                  dns
                  msedge.exe
                  70 B
                  176 B
                  1
                  1

                  DNS Request

                  jspassport.ssl.qhimg.com

                  DNS Response

                  18.165.160.81
                  18.165.160.25
                  18.165.160.76
                  18.165.160.85

                • 8.8.8.8:53
                  s.ssl.qhres2.com
                  dns
                  msedge.exe
                  62 B
                  207 B
                  1
                  1

                  DNS Request

                  s.ssl.qhres2.com

                  DNS Response

                  18.165.160.78
                  18.165.160.110
                  18.165.160.48
                  18.165.160.26

                • 8.8.8.8:53
                  81.160.165.18.in-addr.arpa
                  dns
                  72 B
                  129 B
                  1
                  1

                  DNS Request

                  81.160.165.18.in-addr.arpa

                • 8.8.8.8:53
                  s.360.cn
                  dns
                  54 B
                  118 B
                  1
                  1

                  DNS Request

                  s.360.cn

                  DNS Response

                  101.198.2.147
                  180.163.251.231
                  180.163.251.230
                  171.8.167.90

                • 8.8.8.8:53
                  78.160.165.18.in-addr.arpa
                  dns
                  72 B
                  129 B
                  1
                  1

                  DNS Request

                  78.160.165.18.in-addr.arpa

                • 8.8.8.8:53
                  s.360.cn
                  dns
                  54 B
                  118 B
                  1
                  1

                  DNS Request

                  s.360.cn

                  DNS Response

                  171.13.14.66
                  171.8.167.89
                  101.198.2.147
                  180.163.251.231

                • 8.8.8.8:53
                  23.236.111.52.in-addr.arpa
                  dns
                  72 B
                  158 B
                  1
                  1

                  DNS Request

                  23.236.111.52.in-addr.arpa

                • 8.8.8.8:53
                  tse1.mm.bing.net
                  dns
                  62 B
                  173 B
                  1
                  1

                  DNS Request

                  tse1.mm.bing.net

                  DNS Response

                  204.79.197.200
                  13.107.21.200

                • 8.8.8.8:53
                  200.197.79.204.in-addr.arpa
                  dns
                  73 B
                  106 B
                  1
                  1

                  DNS Request

                  200.197.79.204.in-addr.arpa

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                  Filesize

                  152B

                  MD5

                  ce4c898f8fc7601e2fbc252fdadb5115

                  SHA1

                  01bf06badc5da353e539c7c07527d30dccc55a91

                  SHA256

                  bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

                  SHA512

                  80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                  Filesize

                  152B

                  MD5

                  4158365912175436289496136e7912c2

                  SHA1

                  813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

                  SHA256

                  354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

                  SHA512

                  74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                  Filesize

                  266B

                  MD5

                  89b056240af807a1278d46f325dc5f62

                  SHA1

                  1e66dd4c9e030c5d2c23047a085822a372f17887

                  SHA256

                  f5f9f29fbb067a58ba60bebb0f36a61c535a234e45ff52f47f192d2836bac9f7

                  SHA512

                  109696dba2069f9b711948a93ebb6be8ee851336b14512c613196ca495158e8e53c3ad9bbc07aed6ea037b432f1101492a0e3c761d658f78e6e04d87b2715044

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                  Filesize

                  5KB

                  MD5

                  eb4a9caef2fc106e7c000ae87e989aa1

                  SHA1

                  023fbf627d912cb3113e11a0532f3027471cd90c

                  SHA256

                  b00bbde96f0041d6baced9f07259ae12db35c727725dcaf8e99daefc255645f2

                  SHA512

                  e80a3d75a7431269764882ac8c921a3de1ac17d1fe9fcc9f67f4c998262d47fed4eea03ff08000e21bcec6cf568fd7cf6f326c6d720cd30ae8096decbc6422ef

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                  Filesize

                  6KB

                  MD5

                  9f0c36d9df94908ad376618b1f9cae52

                  SHA1

                  f2dd7734aa8034157b4499700f1bcd3043c1287e

                  SHA256

                  584a7d9f710695897c1d571f0097ecef482d6483dfaee015695c8f63d780ce45

                  SHA512

                  0c17ab9160b6606aac576914adf068b0179f9275abd77485070c2b5881d161fb017ba31930ee89dc0bcc9dbc1ce37d17d5e3951ff2e581fb1679b105dbb6c6d3

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                  Filesize

                  6KB

                  MD5

                  7b31d9d24628258e18b897f03acd4de9

                  SHA1

                  579fc0f21a6756c4bdaed538e3e4e531dff754a6

                  SHA256

                  2420af7d6b8990cefd62cc723ece880be5dbbe101dafdefdb4dc29b18cfc4c5c

                  SHA512

                  e591898324818fccf2b6d7c57828e7ce096a5e70d8bec4e2dddfd35cc4132d1b434540bf10387ed5d2aa50734b79ee36225ef1060259484a3a697eedbadb9acd

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                  Filesize

                  11KB

                  MD5

                  aba08f8ea057b4ee57c071bdafcdf9c5

                  SHA1

                  5e270c0db75bff99b0b06aa987ef75501af2d102

                  SHA256

                  61b9653c442fad96c527e19122fc65142e50fceba67cd0694bfface5be453aee

                  SHA512

                  6702e1b1267cbb88b96c30c11174e4b53951bdbc731f48adcf7db1f09da490a91c8c707263d6266e73f5dfc2ae6910fb1e0b6e585dbcf5f25b550a9c48e86d0a

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.