Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22/05/2024, 16:26 UTC
Static task
static1
Behavioral task
behavioral1
Sample
67e1a81b2f7601bee9d9ee24be933fca_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
67e1a81b2f7601bee9d9ee24be933fca_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
67e1a81b2f7601bee9d9ee24be933fca_JaffaCakes118.html
-
Size
138KB
-
MD5
67e1a81b2f7601bee9d9ee24be933fca
-
SHA1
776ad7728c7d8d405032bba8e512ca312c4ea700
-
SHA256
5a43e4373bb74132f3e6055a9a0bef4f975c76ee1ecd6e5bc4676f3597820f3c
-
SHA512
b606a82feba999091bded343a576ccfeea843a5a98989b350f690619666805ad8dfdac75159937d2731bdb5af4f8445ba680ddd461969c394a8656b44879f8b6
-
SSDEEP
3072:SeA0gtw8EiudSZ5l7z5wP2BtraK1+Oh0bfuKTSEs:SB0gBJrbMbXTSx
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2852 msedge.exe 2852 msedge.exe 1992 msedge.exe 1992 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1992 msedge.exe 1992 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1992 wrote to memory of 4200 1992 msedge.exe 83 PID 1992 wrote to memory of 4200 1992 msedge.exe 83 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2020 1992 msedge.exe 84 PID 1992 wrote to memory of 2852 1992 msedge.exe 85 PID 1992 wrote to memory of 2852 1992 msedge.exe 85 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86 PID 1992 wrote to memory of 3572 1992 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\67e1a81b2f7601bee9d9ee24be933fca_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1992 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef95246f8,0x7ffef9524708,0x7ffef95247182⤵PID:4200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:82⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:1340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4856
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4076
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1344
Network
-
Remote address:8.8.8.8:53Request154.239.44.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestwww.libafun.comIN AResponse
-
Remote address:8.8.8.8:53Requestwww.cas.cnIN AResponsewww.cas.cnIN A159.226.242.61
-
Remote address:8.8.8.8:53Request73.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
GEThttps://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90Remote address:95.100.146.18:443RequestGET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Wed, 22 May 2024 16:26:42 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.0e92645f.1716395202.11e3cdda
-
Remote address:8.8.8.8:53Request18.146.100.95.in-addr.arpaIN PTRResponse18.146.100.95.in-addr.arpaIN PTRa95-100-146-18deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request55.36.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request183.142.211.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestdcs.conac.cnIN AResponsedcs.conac.cnIN A114.251.191.210dcs.conac.cnIN A219.141.240.182
-
Remote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request142.53.16.96.in-addr.arpaIN PTRResponse142.53.16.96.in-addr.arpaIN PTRa96-16-53-142deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request71.121.18.2.in-addr.arpaIN PTRResponse71.121.18.2.in-addr.arpaIN PTRa2-18-121-71deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestpush.zhanzhang.baidu.comIN AResponsepush.zhanzhang.baidu.comIN CNAMEshare.jomodns.comshare.jomodns.comIN CNAMEshare.n.shifen.comshare.n.shifen.comIN A180.101.212.103share.n.shifen.comIN A182.61.201.93share.n.shifen.comIN A182.61.201.94share.n.shifen.comIN A182.61.244.229share.n.shifen.comIN A14.215.182.161share.n.shifen.comIN A39.156.68.163share.n.shifen.comIN A112.34.113.148share.n.shifen.comIN A163.177.17.97
-
Remote address:8.8.8.8:53Requestjspassport.ssl.qhimg.comIN AResponsejspassport.ssl.qhimg.comIN CNAMEdqmal2h0p0osu.cloudfront.netdqmal2h0p0osu.cloudfront.netIN A18.165.160.81dqmal2h0p0osu.cloudfront.netIN A18.165.160.25dqmal2h0p0osu.cloudfront.netIN A18.165.160.76dqmal2h0p0osu.cloudfront.netIN A18.165.160.85
-
Remote address:18.165.160.81:443RequestGET /11.0.1.js?eca7a4429f3c52746b81b7b733405f8f HTTP/2.0
host: jspassport.ssl.qhimg.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
last-modified: Wed, 28 Nov 2018 07:43:20 GMT
kcs-via: REVALIDATED from w-fc01.lato;REVALIDATED from w-sc01.lato
date: Wed, 22 May 2024 16:27:42 GMT
cache-control: max-age=600
expires: Wed, 22 May 2024 16:37:42 GMT
x-cache: RefreshHit from cloudfront
via: 1.1 49b27e0e3e94141e2c30cdc80ba48bc0.cloudfront.net (CloudFront)
x-amz-cf-pop: MAN51-P2
x-amz-cf-id: WssSfYY9EukYgj4v9_bbd9WjmmNanVOq6Ke1EKHTCqiB06WFfeeFfA==
-
Remote address:8.8.8.8:53Requests.ssl.qhres2.comIN AResponses.ssl.qhres2.comIN CNAMEs.ssl.qhres2.com.qh-cdn.coms.ssl.qhres2.com.qh-cdn.comIN CNAMEd22oj5itccz3aw.cloudfront.netd22oj5itccz3aw.cloudfront.netIN A18.165.160.78d22oj5itccz3aw.cloudfront.netIN A18.165.160.110d22oj5itccz3aw.cloudfront.netIN A18.165.160.48d22oj5itccz3aw.cloudfront.netIN A18.165.160.26
-
Remote address:8.8.8.8:53Request81.160.165.18.in-addr.arpaIN PTRResponse81.160.165.18.in-addr.arpaIN PTRserver-18-165-160-81man51r cloudfrontnet
-
Remote address:18.165.160.78:443RequestGET /ssl/ab77b6ea7f3fbf79.js HTTP/2.0
host: s.ssl.qhres2.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-length: 478
date: Tue, 14 May 2024 09:44:07 GMT
x-qstatic-hit: 1
last-modified: Mon, 01 Jan 2018 00:00:00 GMT
etag: W/"5ea522c52117c396"
access-control-allow-origin: *
cache-control: s-maxage=315360000, max-age=315360000, immutable
expires: Fri, 12 May 2034 09:44:07 GMT
kcs-via: HIT from w-fc01.lato;MISS from w-sc02.lato
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 c77ea39f799435256b0dedb7c85316ba.cloudfront.net (CloudFront)
x-amz-cf-pop: MAN51-P2
x-amz-cf-id: V2jXHwDhs3ykBgojuT9LYtkIANHZmY2ZxM_xAmIcSNsH2BApBb-Jdw==
age: 715416
-
Remote address:8.8.8.8:53Requests.360.cnIN AResponses.360.cnIN A101.198.2.147s.360.cnIN A180.163.251.231s.360.cnIN A180.163.251.230s.360.cnIN A171.8.167.90
-
Remote address:8.8.8.8:53Request78.160.165.18.in-addr.arpaIN PTRResponse78.160.165.18.in-addr.arpaIN PTRserver-18-165-160-78man51r cloudfrontnet
-
Remote address:8.8.8.8:53Requests.360.cnIN AResponses.360.cnIN A171.13.14.66s.360.cnIN A171.8.167.89s.360.cnIN A101.198.2.147s.360.cnIN A180.163.251.231
-
Remote address:8.8.8.8:53Request23.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 627437
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 436DAE492C624167850523C5CFE613DB Ref B: LON04EDGE0916 Ref C: 2024-05-22T16:28:19Z
date: Wed, 22 May 2024 16:28:19 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 792794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6F728550FC6143D28C4113F23EC3B635 Ref B: LON04EDGE0916 Ref C: 2024-05-22T16:28:19Z
date: Wed, 22 May 2024 16:28:19 GMT
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
260 B 5
-
260 B 5
-
260 B 5
-
95.100.146.18:443https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90tls, http21.5kB 6.3kB 17 11
HTTP Request
GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90HTTP Response
200 -
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
18.165.160.81:443https://jspassport.ssl.qhimg.com/11.0.1.js?eca7a4429f3c52746b81b7b733405f8ftls, http2msedge.exe1.7kB 6.3kB 12 13
HTTP Request
GET https://jspassport.ssl.qhimg.com/11.0.1.js?eca7a4429f3c52746b81b7b733405f8fHTTP Response
200 -
943 B 6.2kB 8 11
-
260 B 5
-
260 B 5
-
1.7kB 7.3kB 12 13
HTTP Request
GET https://s.ssl.qhres2.com/ssl/ab77b6ea7f3fbf79.jsHTTP Response
200 -
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
1.2kB 8.1kB 16 14
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http254.4kB 1.5MB 1085 1082
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200 -
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
52 B 1
-
52 B 1
-
72 B 158 B 1 1
DNS Request
154.239.44.20.in-addr.arpa
-
61 B 134 B 1 1
DNS Request
www.libafun.com
-
56 B 72 B 1 1
DNS Request
www.cas.cn
DNS Response
159.226.242.61
-
72 B 158 B 1 1
DNS Request
73.159.190.20.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
18.146.100.95.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
55.36.223.20.in-addr.arpa
-
256 B 4
-
73 B 159 B 1 1
DNS Request
183.142.211.20.in-addr.arpa
-
58 B 90 B 1 1
DNS Request
dcs.conac.cn
DNS Response
114.251.191.210219.141.240.182
-
72 B 146 B 1 1
DNS Request
26.165.165.52.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
142.53.16.96.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
71.121.18.2.in-addr.arpa
-
70 B 255 B 1 1
DNS Request
push.zhanzhang.baidu.com
DNS Response
180.101.212.103182.61.201.93182.61.201.94182.61.244.22914.215.182.16139.156.68.163112.34.113.148163.177.17.97
-
70 B 176 B 1 1
DNS Request
jspassport.ssl.qhimg.com
DNS Response
18.165.160.8118.165.160.2518.165.160.7618.165.160.85
-
62 B 207 B 1 1
DNS Request
s.ssl.qhres2.com
DNS Response
18.165.160.7818.165.160.11018.165.160.4818.165.160.26
-
72 B 129 B 1 1
DNS Request
81.160.165.18.in-addr.arpa
-
54 B 118 B 1 1
DNS Request
s.360.cn
DNS Response
101.198.2.147180.163.251.231180.163.251.230171.8.167.90
-
72 B 129 B 1 1
DNS Request
78.160.165.18.in-addr.arpa
-
54 B 118 B 1 1
DNS Request
s.360.cn
DNS Response
171.13.14.66171.8.167.89101.198.2.147180.163.251.231
-
72 B 158 B 1 1
DNS Request
23.236.111.52.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
73 B 106 B 1 1
DNS Request
200.197.79.204.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
266B
MD589b056240af807a1278d46f325dc5f62
SHA11e66dd4c9e030c5d2c23047a085822a372f17887
SHA256f5f9f29fbb067a58ba60bebb0f36a61c535a234e45ff52f47f192d2836bac9f7
SHA512109696dba2069f9b711948a93ebb6be8ee851336b14512c613196ca495158e8e53c3ad9bbc07aed6ea037b432f1101492a0e3c761d658f78e6e04d87b2715044
-
Filesize
5KB
MD5eb4a9caef2fc106e7c000ae87e989aa1
SHA1023fbf627d912cb3113e11a0532f3027471cd90c
SHA256b00bbde96f0041d6baced9f07259ae12db35c727725dcaf8e99daefc255645f2
SHA512e80a3d75a7431269764882ac8c921a3de1ac17d1fe9fcc9f67f4c998262d47fed4eea03ff08000e21bcec6cf568fd7cf6f326c6d720cd30ae8096decbc6422ef
-
Filesize
6KB
MD59f0c36d9df94908ad376618b1f9cae52
SHA1f2dd7734aa8034157b4499700f1bcd3043c1287e
SHA256584a7d9f710695897c1d571f0097ecef482d6483dfaee015695c8f63d780ce45
SHA5120c17ab9160b6606aac576914adf068b0179f9275abd77485070c2b5881d161fb017ba31930ee89dc0bcc9dbc1ce37d17d5e3951ff2e581fb1679b105dbb6c6d3
-
Filesize
6KB
MD57b31d9d24628258e18b897f03acd4de9
SHA1579fc0f21a6756c4bdaed538e3e4e531dff754a6
SHA2562420af7d6b8990cefd62cc723ece880be5dbbe101dafdefdb4dc29b18cfc4c5c
SHA512e591898324818fccf2b6d7c57828e7ce096a5e70d8bec4e2dddfd35cc4132d1b434540bf10387ed5d2aa50734b79ee36225ef1060259484a3a697eedbadb9acd
-
Filesize
11KB
MD5aba08f8ea057b4ee57c071bdafcdf9c5
SHA15e270c0db75bff99b0b06aa987ef75501af2d102
SHA25661b9653c442fad96c527e19122fc65142e50fceba67cd0694bfface5be453aee
SHA5126702e1b1267cbb88b96c30c11174e4b53951bdbc731f48adcf7db1f09da490a91c8c707263d6266e73f5dfc2ae6910fb1e0b6e585dbcf5f25b550a9c48e86d0a