Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 19:31 UTC

General

  • Target

    881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html

  • Size

    22KB

  • MD5

    881aa98283b14a09f2f6cb8ad607ff49

  • SHA1

    c67ae4954887aaf18f0c12842a79daa8a4e81bed

  • SHA256

    ef51b9d05cce7bbbffb03800d64144321dbd33511eeccecd88a0e7334ebf53fa

  • SHA512

    a3ea0fb95e3c0b551d8f28ae9286d5f6c96885482e35f3d6c191d42db25420e548ea884cfa0874c35e1361b3bad7bf74a700d1ab8feab7a36f287d693792baf1

  • SSDEEP

    384:QvRl1JZ+n9zbA7BREl2+v1P1kDlTy0gbAx57heyOTrSSCqdhFylgzb:QvRn7BRGlv1cmcx57hsJCIX

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3604
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa819846f8,0x7ffa81984708,0x7ffa81984718
      2⤵
        PID:1064
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        2⤵
          PID:5092
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:6112
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
          2⤵
            PID:4324
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
            2⤵
              PID:464
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
              2⤵
                PID:5128
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
                2⤵
                  PID:572
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3064
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
                  2⤵
                    PID:2372
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
                    2⤵
                      PID:4548
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                      2⤵
                        PID:3068
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
                        2⤵
                          PID:1684
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
                          2⤵
                            PID:4112
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
                            2⤵
                              PID:2572
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
                              2⤵
                                PID:5960
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
                                2⤵
                                  PID:3672
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
                                  2⤵
                                    PID:3428
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3153189055152114145,4735309679462672132,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4484 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:5540
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:5112
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3976

                                    Network

                                    • flag-us
                                      DNS
                                      js-agent.newrelic.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      js-agent.newrelic.com
                                      IN A
                                      Response
                                      js-agent.newrelic.com
                                      IN A
                                      162.247.243.39
                                    • flag-us
                                      GET
                                      http://js-agent.newrelic.com/nr-943.min.js
                                      msedge.exe
                                      Remote address:
                                      162.247.243.39:80
                                      Request
                                      GET /nr-943.min.js HTTP/1.1
                                      Host: js-agent.newrelic.com
                                      Connection: keep-alive
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      DNT: 1
                                      Accept: */*
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Response
                                      HTTP/1.1 301 Moved Permanently
                                      Connection: close
                                      Content-Length: 0
                                      Server: Varnish
                                      Retry-After: 0
                                      Location: https://nr-browser-agent.s3.amazonaws.com/nr-943.min.js
                                      Accept-Ranges: bytes
                                      Date: Fri, 31 May 2024 19:31:07 GMT
                                      Via: 1.1 varnish
                                      X-Served-By: cache-lcy-eglc8600051-LCY
                                      X-Cache: HIT
                                      X-Cache-Hits: 0
                                      X-Timer: S1717183868.935744,VS0,VE0
                                      Cross-Origin-Resource-Policy: cross-origin
                                      Strict-Transport-Security: max-age=300
                                    • flag-us
                                      DNS
                                      nr-browser-agent.s3.amazonaws.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      nr-browser-agent.s3.amazonaws.com
                                      IN A
                                      Response
                                      nr-browser-agent.s3.amazonaws.com
                                      IN CNAME
                                      s3-1-w.amazonaws.com
                                      s3-1-w.amazonaws.com
                                      IN CNAME
                                      s3-w.us-east-1.amazonaws.com
                                      s3-w.us-east-1.amazonaws.com
                                      IN A
                                      52.217.64.20
                                      s3-w.us-east-1.amazonaws.com
                                      IN A
                                      16.182.40.129
                                      s3-w.us-east-1.amazonaws.com
                                      IN A
                                      52.217.72.148
                                      s3-w.us-east-1.amazonaws.com
                                      IN A
                                      3.5.28.215
                                      s3-w.us-east-1.amazonaws.com
                                      IN A
                                      52.217.124.185
                                      s3-w.us-east-1.amazonaws.com
                                      IN A
                                      52.216.48.129
                                      s3-w.us-east-1.amazonaws.com
                                      IN A
                                      3.5.29.192
                                      s3-w.us-east-1.amazonaws.com
                                      IN A
                                      16.182.36.57
                                    • flag-us
                                      GET
                                      https://nr-browser-agent.s3.amazonaws.com/nr-943.min.js
                                      msedge.exe
                                      Remote address:
                                      52.217.64.20:443
                                      Request
                                      GET /nr-943.min.js HTTP/1.1
                                      Host: nr-browser-agent.s3.amazonaws.com
                                      Connection: keep-alive
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      DNT: 1
                                      Accept: */*
                                      Sec-Fetch-Site: cross-site
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: script
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Response
                                      HTTP/1.1 200 OK
                                      x-amz-id-2: B9qPIk+n6pugRZN6HyhdiR0kQgA2aaXUVTzpgUgMC8P7PCV379nNgXu/ZIthfGo0bH9Unvn+zmQ=
                                      x-amz-request-id: TZQSVNJPSRYRWDY0
                                      Date: Fri, 31 May 2024 19:31:09 GMT
                                      Last-Modified: Wed, 18 Oct 2023 21:02:15 GMT
                                      ETag: "0909a6e7f1ea17aa3a97acab0754bb45"
                                      x-amz-server-side-encryption: AES256
                                      Cache-Control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
                                      x-amz-version-id: f.bDSPYdaEiS7QBoNBuX0T2RfNZwW1PI
                                      Accept-Ranges: bytes
                                      Content-Type: application/javascript
                                      Server: AmazonS3
                                      Content-Length: 22677
                                    • flag-us
                                      DNS
                                      39.243.247.162.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      39.243.247.162.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      217.106.137.52.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      217.106.137.52.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      20.64.217.52.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      20.64.217.52.in-addr.arpa
                                      IN PTR
                                      Response
                                      20.64.217.52.in-addr.arpa
                                      IN PTR
                                      s3-1-w amazonawscom
                                    • flag-us
                                      DNS
                                      bam.nr-data.net
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      bam.nr-data.net
                                      IN A
                                      Response
                                      bam.nr-data.net
                                      IN CNAME
                                      bam.cell.nr-data.net
                                      bam.cell.nr-data.net
                                      IN CNAME
                                      fastly-tls12-bam.nr-data.net
                                      fastly-tls12-bam.nr-data.net
                                      IN A
                                      162.247.243.29
                                    • flag-us
                                      GET
                                      http://bam.nr-data.net/1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=1444&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&ap=10&be=320&fe=69&dc=17&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1717183866747,%22n%22:0,%22dl%22:237,%22di%22:336,%22ds%22:337,%22de%22:337,%22dc%22:389,%22l%22:389,%22le%22:392,%22f%22:32,%22dn%22:32,%22dne%22:32,%22c%22:32,%22ce%22:32,%22rq%22:32,%22rp%22:32,%22rpe%22:142%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
                                      msedge.exe
                                      Remote address:
                                      162.247.243.29:80
                                      Request
                                      GET /1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=1444&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&ap=10&be=320&fe=69&dc=17&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1717183866747,%22n%22:0,%22dl%22:237,%22di%22:336,%22ds%22:337,%22de%22:337,%22dc%22:389,%22l%22:389,%22le%22:392,%22f%22:32,%22dn%22:32,%22dne%22:32,%22c%22:32,%22ce%22:32,%22rq%22:32,%22rp%22:32,%22rpe%22:142%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken HTTP/1.1
                                      Host: bam.nr-data.net
                                      Connection: keep-alive
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      DNT: 1
                                      Accept: */*
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Response
                                      HTTP/1.1 308 Permanent Redirect
                                      Connection: keep-alive
                                      Content-Length: 730
                                      location: https://bam.nr-data.net/1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=1444&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&ap=10&be=320&fe=69&dc=17&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1717183866747,%22n%22:0,%22dl%22:237,%22di%22:336,%22ds%22:337,%22de%22:337,%22dc%22:389,%22l%22:389,%22le%22:392,%22f%22:32,%22dn%22:32,%22dne%22:32,%22c%22:32,%22ce%22:32,%22rq%22:32,%22rp%22:32,%22rpe%22:142%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
                                      content-type: text/html; charset=utf-8
                                    • flag-us
                                      GET
                                      https://bam.nr-data.net/1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=1444&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&ap=10&be=320&fe=69&dc=17&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1717183866747,%22n%22:0,%22dl%22:237,%22di%22:336,%22ds%22:337,%22de%22:337,%22dc%22:389,%22l%22:389,%22le%22:392,%22f%22:32,%22dn%22:32,%22dne%22:32,%22c%22:32,%22ce%22:32,%22rq%22:32,%22rp%22:32,%22rpe%22:142%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
                                      msedge.exe
                                      Remote address:
                                      162.247.243.29:443
                                      Request
                                      GET /1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=1444&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&ap=10&be=320&fe=69&dc=17&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1717183866747,%22n%22:0,%22dl%22:237,%22di%22:336,%22ds%22:337,%22de%22:337,%22dc%22:389,%22l%22:389,%22le%22:392,%22f%22:32,%22dn%22:32,%22dne%22:32,%22c%22:32,%22ce%22:32,%22rq%22:32,%22rp%22:32,%22rpe%22:142%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken HTTP/1.1
                                      Host: bam.nr-data.net
                                      Connection: keep-alive
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      DNT: 1
                                      Accept: */*
                                      Sec-Fetch-Site: cross-site
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: script
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Response
                                      HTTP/1.1 200
                                      Connection: keep-alive
                                      Content-Length: 79
                                      date: Fri, 31 May 2024 19:31:09 GMT
                                      content-type: text/javascript
                                      cross-origin-resource-policy: cross-origin
                                      access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
                                      access-control-allow-credentials: true
                                      access-control-allow-origin: *
                                      access-control-expose-headers: Date
                                      timing-allow-origin: *
                                      set-cookie: JSESSIONID=8f84cb2ac127b2fb; Path=/; Domain=.nr-data.net; SameSite=None
                                      x-served-by: cache-lcy-eglc8600023-LCY
                                    • flag-us
                                      POST
                                      https://bam.nr-data.net/resources/1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=2281&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&st=1717183866747
                                      msedge.exe
                                      Remote address:
                                      162.247.243.29:443
                                      Request
                                      POST /resources/1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=2281&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&st=1717183866747 HTTP/1.1
                                      Host: bam.nr-data.net
                                      Connection: keep-alive
                                      Content-Length: 1257
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      DNT: 1
                                      sec-ch-ua-mobile: ?0
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      content-type: text/plain
                                      Accept: */*
                                      Origin: null
                                      Sec-Fetch-Site: cross-site
                                      Sec-Fetch-Mode: cors
                                      Sec-Fetch-Dest: empty
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Response
                                      HTTP/1.1 200
                                      Connection: keep-alive
                                      Content-Length: 36
                                      date: Fri, 31 May 2024 19:31:09 GMT
                                      content-type: text/plain
                                      access-control-allow-origin: null
                                      access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
                                      access-control-allow-credentials: true
                                      x-served-by: cache-lcy-eglc8600023-LCY
                                    • flag-us
                                      POST
                                      https://bam.nr-data.net/jserrors/1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=3211&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&xhr=%5B%7B%22params%22:%7B%22method%22:%22POST%22,%22host%22:%22bam.nr-data.net:443%22,%22pathname%22:%22/resources/1/0d385ba8a0%22,%22status%22:200%7D,%22metrics%22:%7B%22count%22:1,%22txSize%22:%7B%22t%22:1257%7D,%22duration%22:%7B%22t%22:221%7D,%22rxSize%22:%7B%22t%22:36%7D,%22cbTime%22:%7B%22t%22:0%7D,%22time%22:%7B%22t%22:2281%7D%7D%7D%5D
                                      msedge.exe
                                      Remote address:
                                      162.247.243.29:443
                                      Request
                                      POST /jserrors/1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=3211&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&xhr=%5B%7B%22params%22:%7B%22method%22:%22POST%22,%22host%22:%22bam.nr-data.net:443%22,%22pathname%22:%22/resources/1/0d385ba8a0%22,%22status%22:200%7D,%22metrics%22:%7B%22count%22:1,%22txSize%22:%7B%22t%22:1257%7D,%22duration%22:%7B%22t%22:221%7D,%22rxSize%22:%7B%22t%22:36%7D,%22cbTime%22:%7B%22t%22:0%7D,%22time%22:%7B%22t%22:2281%7D%7D%7D%5D HTTP/1.1
                                      Host: bam.nr-data.net
                                      Connection: keep-alive
                                      Content-Length: 0
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      DNT: 1
                                      sec-ch-ua-mobile: ?0
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      Content-Type: text/plain;charset=UTF-8
                                      Accept: */*
                                      Origin: null
                                      Sec-Fetch-Site: cross-site
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: empty
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Response
                                      HTTP/1.1 200
                                      Connection: keep-alive
                                      Content-Length: 24
                                      date: Fri, 31 May 2024 19:31:10 GMT
                                      content-type: image/gif
                                      cross-origin-resource-policy: cross-origin
                                      access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
                                      access-control-allow-credentials: true
                                      access-control-allow-origin: null
                                      x-served-by: cache-lcy-eglc8600041-LCY
                                    • flag-us
                                      POST
                                      https://bam.nr-data.net/resources/1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=3214&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&st=1717183866747&ptid=114daef3-0001-b4e0-82d2-018fd02273bd
                                      msedge.exe
                                      Remote address:
                                      162.247.243.29:443
                                      Request
                                      POST /resources/1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=3214&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&st=1717183866747&ptid=114daef3-0001-b4e0-82d2-018fd02273bd HTTP/1.1
                                      Host: bam.nr-data.net
                                      Connection: keep-alive
                                      Content-Length: 1070
                                      sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                      DNT: 1
                                      sec-ch-ua-mobile: ?0
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                      Content-Type: text/plain;charset=UTF-8
                                      Accept: */*
                                      Origin: null
                                      Sec-Fetch-Site: cross-site
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: empty
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      Response
                                      HTTP/1.1 200
                                      Connection: keep-alive
                                      Content-Length: 36
                                      date: Fri, 31 May 2024 19:31:11 GMT
                                      content-type: text/plain
                                      cross-origin-resource-policy: cross-origin
                                      access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
                                      access-control-allow-credentials: true
                                      access-control-allow-origin: null
                                      x-served-by: cache-lcy-eglc8600027-LCY
                                    • flag-us
                                      DNS
                                      81.81.224.13.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      81.81.224.13.in-addr.arpa
                                      IN PTR
                                      Response
                                      81.81.224.13.in-addr.arpa
                                      IN PTR
                                      server-13-224-81-81man50r cloudfrontnet
                                    • flag-us
                                      DNS
                                      240.197.17.2.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      240.197.17.2.in-addr.arpa
                                      IN PTR
                                      Response
                                      240.197.17.2.in-addr.arpa
                                      IN PTR
                                      a2-17-197-240deploystaticakamaitechnologiescom
                                    • flag-us
                                      DNS
                                      g.bing.com
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      g.bing.com
                                      IN A
                                      Response
                                      g.bing.com
                                      IN CNAME
                                      g-bing-com.dual-a-0034.a-msedge.net
                                      g-bing-com.dual-a-0034.a-msedge.net
                                      IN CNAME
                                      dual-a-0034.a-msedge.net
                                      dual-a-0034.a-msedge.net
                                      IN A
                                      204.79.197.237
                                      dual-a-0034.a-msedge.net
                                      IN A
                                      13.107.21.237
                                    • flag-us
                                      GET
                                      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8KWp6onm8L4tIk0GsxDvOMTVUCUwIJ_tY6PHDF1Fadvt8d48gfbtuXvgG7i7RGQUcZbk93iwOzWIQwOLeWa6qKLcfPtihQl9jse1Jgsn8hOglvwgiVAsh0Ie5S_vOHSfNphmZFWwMDzqDHuY3GO13RgmEimiaSP-3bS5BzHjXdZHa-n4W%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da04cc55536271a180d19a36e52b32d7f&TIME=20240508T114033Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
                                      Remote address:
                                      204.79.197.237:443
                                      Request
                                      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8KWp6onm8L4tIk0GsxDvOMTVUCUwIJ_tY6PHDF1Fadvt8d48gfbtuXvgG7i7RGQUcZbk93iwOzWIQwOLeWa6qKLcfPtihQl9jse1Jgsn8hOglvwgiVAsh0Ie5S_vOHSfNphmZFWwMDzqDHuY3GO13RgmEimiaSP-3bS5BzHjXdZHa-n4W%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da04cc55536271a180d19a36e52b32d7f&TIME=20240508T114033Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48 HTTP/2.0
                                      host: g.bing.com
                                      accept-encoding: gzip, deflate
                                      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                      Response
                                      HTTP/2.0 204
                                      cache-control: no-cache, must-revalidate
                                      pragma: no-cache
                                      expires: Fri, 01 Jan 1990 00:00:00 GMT
                                      set-cookie: MUID=1DE935FDFB456D05296B216DFAA56C23; domain=.bing.com; expires=Wed, 25-Jun-2025 19:31:09 GMT; path=/; SameSite=None; Secure; Priority=High;
                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                      access-control-allow-origin: *
                                      x-cache: CONFIG_NOCACHE
                                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      x-msedge-ref: Ref A: 8ECA3391567A4731BEDF78C73EBA9798 Ref B: LON04EDGE1213 Ref C: 2024-05-31T19:31:09Z
                                      date: Fri, 31 May 2024 19:31:09 GMT
                                    • flag-us
                                      GET
                                      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8KWp6onm8L4tIk0GsxDvOMTVUCUwIJ_tY6PHDF1Fadvt8d48gfbtuXvgG7i7RGQUcZbk93iwOzWIQwOLeWa6qKLcfPtihQl9jse1Jgsn8hOglvwgiVAsh0Ie5S_vOHSfNphmZFWwMDzqDHuY3GO13RgmEimiaSP-3bS5BzHjXdZHa-n4W%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da04cc55536271a180d19a36e52b32d7f&TIME=20240508T114033Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
                                      Remote address:
                                      204.79.197.237:443
                                      Request
                                      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8KWp6onm8L4tIk0GsxDvOMTVUCUwIJ_tY6PHDF1Fadvt8d48gfbtuXvgG7i7RGQUcZbk93iwOzWIQwOLeWa6qKLcfPtihQl9jse1Jgsn8hOglvwgiVAsh0Ie5S_vOHSfNphmZFWwMDzqDHuY3GO13RgmEimiaSP-3bS5BzHjXdZHa-n4W%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da04cc55536271a180d19a36e52b32d7f&TIME=20240508T114033Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48 HTTP/2.0
                                      host: g.bing.com
                                      accept-encoding: gzip, deflate
                                      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                      cookie: MUID=1DE935FDFB456D05296B216DFAA56C23; _EDGE_S=SID=22A98600718063021F39929070C86260
                                      Response
                                      HTTP/2.0 204
                                      cache-control: no-cache, must-revalidate
                                      pragma: no-cache
                                      expires: Fri, 01 Jan 1990 00:00:00 GMT
                                      set-cookie: MSPTC=lHp2s6ziFcWH_PG6M9LvQF_SFoJPLRtywrY74Tx5FHA; domain=.bing.com; expires=Wed, 25-Jun-2025 19:31:10 GMT; path=/; Partitioned; secure; SameSite=None
                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                      access-control-allow-origin: *
                                      x-cache: CONFIG_NOCACHE
                                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      x-msedge-ref: Ref A: 87EDE9372C5F4024A7783498914201DD Ref B: LON04EDGE1213 Ref C: 2024-05-31T19:31:10Z
                                      date: Fri, 31 May 2024 19:31:09 GMT
                                    • flag-nl
                                      GET
                                      https://www.bing.com/aes/c.gif?RG=3999f65e6b8146ae8e6773eff2f78b4c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T114033Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182
                                      Remote address:
                                      23.62.61.97:443
                                      Request
                                      GET /aes/c.gif?RG=3999f65e6b8146ae8e6773eff2f78b4c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T114033Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182 HTTP/2.0
                                      host: www.bing.com
                                      accept-encoding: gzip, deflate
                                      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                      cookie: MUID=1DE935FDFB456D05296B216DFAA56C23
                                      Response
                                      HTTP/2.0 200
                                      cache-control: private,no-store
                                      pragma: no-cache
                                      vary: Origin
                                      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
                                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      x-msedge-ref: Ref A: B9A0418917954B2D97D9FD6E6FBCFBCA Ref B: BRU30EDGE0918 Ref C: 2024-05-31T19:31:10Z
                                      content-length: 0
                                      date: Fri, 31 May 2024 19:31:10 GMT
                                      set-cookie: _EDGE_S=SID=22A98600718063021F39929070C86260; path=/; httponly; domain=bing.com
                                      set-cookie: MUIDB=1DE935FDFB456D05296B216DFAA56C23; path=/; httponly; expires=Wed, 25-Jun-2025 19:31:10 GMT
                                      alt-svc: h3=":443"; ma=93600
                                      x-cdn-traceid: 0.973d3e17.1717183869.e20fdd3
                                    • flag-us
                                      DNS
                                      midifilehosting.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      midifilehosting.com
                                      IN A
                                      Response
                                    • flag-us
                                      DNS
                                      29.243.247.162.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      29.243.247.162.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      237.197.79.204.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      237.197.79.204.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      97.61.62.23.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      97.61.62.23.in-addr.arpa
                                      IN PTR
                                      Response
                                      97.61.62.23.in-addr.arpa
                                      IN PTR
                                      a23-62-61-97deploystaticakamaitechnologiescom
                                    • flag-us
                                      DNS
                                      75.159.190.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      75.159.190.20.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      google.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      google.com
                                      IN A
                                    • flag-us
                                      DNS
                                      google.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      google.com
                                      IN A
                                    • flag-us
                                      DNS
                                      google.com
                                      msedge.exe
                                      Remote address:
                                      8.8.4.4:53
                                      Request
                                      google.com
                                      IN A
                                      Response
                                      google.com
                                      IN A
                                      142.250.178.14
                                    • flag-us
                                      DNS
                                      4.4.8.8.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      4.4.8.8.in-addr.arpa
                                      IN PTR
                                      Response
                                      4.4.8.8.in-addr.arpa
                                      IN PTR
                                      dnsgoogle
                                    • flag-us
                                      DNS
                                      43.58.199.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      43.58.199.20.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-nl
                                      GET
                                      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                                      Remote address:
                                      23.62.61.97:443
                                      Request
                                      GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
                                      host: www.bing.com
                                      accept: */*
                                      cookie: MUID=1DE935FDFB456D05296B216DFAA56C23; _EDGE_S=SID=22A98600718063021F39929070C86260; MSPTC=lHp2s6ziFcWH_PG6M9LvQF_SFoJPLRtywrY74Tx5FHA; MUIDB=1DE935FDFB456D05296B216DFAA56C23
                                      accept-encoding: gzip, deflate, br
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                      Response
                                      HTTP/2.0 200
                                      cache-control: public, max-age=2592000
                                      content-type: image/png
                                      access-control-allow-origin: *
                                      access-control-allow-headers: *
                                      access-control-allow-methods: GET, POST, OPTIONS
                                      timing-allow-origin: *
                                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
                                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                      content-length: 1107
                                      date: Fri, 31 May 2024 19:31:14 GMT
                                      alt-svc: h3=":443"; ma=93600
                                      x-cdn-traceid: 0.7d3d3e17.1717183874.11f0fafa
                                    • flag-us
                                      DNS
                                      midifilehosting.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      midifilehosting.com
                                      IN A
                                      Response
                                    • flag-us
                                      DNS
                                      midifilehosting.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      midifilehosting.com
                                      IN A
                                    • flag-us
                                      DNS
                                      midifilehosting.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      midifilehosting.com
                                      IN A
                                    • flag-us
                                      DNS
                                      midifilehosting.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      midifilehosting.com
                                      IN A
                                    • flag-us
                                      DNS
                                      28.118.140.52.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      28.118.140.52.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      157.123.68.40.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      157.123.68.40.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      18.31.95.13.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      18.31.95.13.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      midifilehosting.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      midifilehosting.com
                                      IN A
                                      Response
                                    • flag-us
                                      DNS
                                      172.210.232.199.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      172.210.232.199.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      172.210.232.199.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      172.210.232.199.in-addr.arpa
                                      IN PTR
                                    • flag-us
                                      DNS
                                      57.169.31.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      57.169.31.20.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      midifilehosting.com
                                      msedge.exe
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      midifilehosting.com
                                      IN A
                                      Response
                                    • flag-us
                                      DNS
                                      tse1.mm.bing.net
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      tse1.mm.bing.net
                                      IN A
                                      Response
                                      tse1.mm.bing.net
                                      IN CNAME
                                      mm-mm.bing.net.trafficmanager.net
                                      mm-mm.bing.net.trafficmanager.net
                                      IN CNAME
                                      dual-a-0001.a-msedge.net
                                      dual-a-0001.a-msedge.net
                                      IN A
                                      204.79.197.200
                                      dual-a-0001.a-msedge.net
                                      IN A
                                      13.107.21.200
                                    • flag-us
                                      GET
                                      https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                      Remote address:
                                      204.79.197.200:443
                                      Request
                                      GET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                      host: tse1.mm.bing.net
                                      accept: */*
                                      accept-encoding: gzip, deflate, br
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                      Response
                                      HTTP/2.0 200
                                      cache-control: public, max-age=2592000
                                      content-length: 621794
                                      content-type: image/jpeg
                                      x-cache: TCP_HIT
                                      access-control-allow-origin: *
                                      access-control-allow-headers: *
                                      access-control-allow-methods: GET, POST, OPTIONS
                                      timing-allow-origin: *
                                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      x-msedge-ref: Ref A: D39BDC9F1A04446BAB4C05DDEE23F662 Ref B: LON04EDGE1210 Ref C: 2024-05-31T19:32:51Z
                                      date: Fri, 31 May 2024 19:32:50 GMT
                                    • flag-us
                                      GET
                                      https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                      Remote address:
                                      204.79.197.200:443
                                      Request
                                      GET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                      host: tse1.mm.bing.net
                                      accept: */*
                                      accept-encoding: gzip, deflate, br
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                      Response
                                      HTTP/2.0 200
                                      cache-control: public, max-age=2592000
                                      content-length: 555746
                                      content-type: image/jpeg
                                      x-cache: TCP_HIT
                                      access-control-allow-origin: *
                                      access-control-allow-headers: *
                                      access-control-allow-methods: GET, POST, OPTIONS
                                      timing-allow-origin: *
                                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      x-msedge-ref: Ref A: CC9B28AE95554A6B9828A2243D3C9AED Ref B: LON04EDGE1210 Ref C: 2024-05-31T19:32:51Z
                                      date: Fri, 31 May 2024 19:32:50 GMT
                                    • flag-us
                                      GET
                                      https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                      Remote address:
                                      204.79.197.200:443
                                      Request
                                      GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                      host: tse1.mm.bing.net
                                      accept: */*
                                      accept-encoding: gzip, deflate, br
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                      Response
                                      HTTP/2.0 200
                                      cache-control: public, max-age=2592000
                                      content-length: 638730
                                      content-type: image/jpeg
                                      x-cache: TCP_HIT
                                      access-control-allow-origin: *
                                      access-control-allow-headers: *
                                      access-control-allow-methods: GET, POST, OPTIONS
                                      timing-allow-origin: *
                                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      x-msedge-ref: Ref A: 2480AECBD4084D528C7520109839DBEC Ref B: LON04EDGE1210 Ref C: 2024-05-31T19:32:51Z
                                      date: Fri, 31 May 2024 19:32:50 GMT
                                    • flag-us
                                      GET
                                      https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                      Remote address:
                                      204.79.197.200:443
                                      Request
                                      GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                      host: tse1.mm.bing.net
                                      accept: */*
                                      accept-encoding: gzip, deflate, br
                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                      Response
                                      HTTP/2.0 200
                                      cache-control: public, max-age=2592000
                                      content-length: 659775
                                      content-type: image/jpeg
                                      x-cache: TCP_HIT
                                      access-control-allow-origin: *
                                      access-control-allow-headers: *
                                      access-control-allow-methods: GET, POST, OPTIONS
                                      timing-allow-origin: *
                                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      x-msedge-ref: Ref A: 2C8B598C57FB447E998AFFCAE1B8407E Ref B: LON04EDGE1210 Ref C: 2024-05-31T19:32:51Z
                                      date: Fri, 31 May 2024 19:32:50 GMT
                                    • flag-us
                                      DNS
                                      55.36.223.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      55.36.223.20.in-addr.arpa
                                      IN PTR
                                      Response
                                    • flag-us
                                      DNS
                                      200.197.79.204.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      200.197.79.204.in-addr.arpa
                                      IN PTR
                                      Response
                                      200.197.79.204.in-addr.arpa
                                      IN PTR
                                      a-0001a-msedgenet
                                    • flag-us
                                      DNS
                                      24.173.189.20.in-addr.arpa
                                      Remote address:
                                      8.8.8.8:53
                                      Request
                                      24.173.189.20.in-addr.arpa
                                      IN PTR
                                      Response
                                    • 162.247.243.39:80
                                      http://js-agent.newrelic.com/nr-943.min.js
                                      http
                                      msedge.exe
                                      545 B
                                      653 B
                                      5
                                      5

                                      HTTP Request

                                      GET http://js-agent.newrelic.com/nr-943.min.js

                                      HTTP Response

                                      301
                                    • 52.217.64.20:443
                                      https://nr-browser-agent.s3.amazonaws.com/nr-943.min.js
                                      tls, http
                                      msedge.exe
                                      3.3kB
                                      30.2kB
                                      27
                                      32

                                      HTTP Request

                                      GET https://nr-browser-agent.s3.amazonaws.com/nr-943.min.js

                                      HTTP Response

                                      200
                                    • 162.247.243.29:80
                                      bam.nr-data.net
                                      msedge.exe
                                      248 B
                                      144 B
                                      5
                                      3
                                    • 162.247.243.29:80
                                      http://bam.nr-data.net/1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=1444&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&ap=10&be=320&fe=69&dc=17&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1717183866747,%22n%22:0,%22dl%22:237,%22di%22:336,%22ds%22:337,%22de%22:337,%22dc%22:389,%22l%22:389,%22le%22:392,%22f%22:32,%22dn%22:32,%22dne%22:32,%22c%22:32,%22ce%22:32,%22rq%22:32,%22rp%22:32,%22rpe%22:142%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
                                      http
                                      msedge.exe
                                      1.2kB
                                      1.8kB
                                      7
                                      7

                                      HTTP Request

                                      GET http://bam.nr-data.net/1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=1444&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&ap=10&be=320&fe=69&dc=17&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1717183866747,%22n%22:0,%22dl%22:237,%22di%22:336,%22ds%22:337,%22de%22:337,%22dc%22:389,%22l%22:389,%22le%22:392,%22f%22:32,%22dn%22:32,%22dne%22:32,%22c%22:32,%22ce%22:32,%22rq%22:32,%22rp%22:32,%22rpe%22:142%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken

                                      HTTP Response

                                      308
                                    • 162.247.243.29:443
                                      https://bam.nr-data.net/resources/1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=3214&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&st=1717183866747&ptid=114daef3-0001-b4e0-82d2-018fd02273bd
                                      tls, http
                                      msedge.exe
                                      10.5kB
                                      8.7kB
                                      21
                                      24

                                      HTTP Request

                                      GET https://bam.nr-data.net/1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=1444&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&ap=10&be=320&fe=69&dc=17&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1717183866747,%22n%22:0,%22dl%22:237,%22di%22:336,%22ds%22:337,%22de%22:337,%22dc%22:389,%22l%22:389,%22le%22:392,%22f%22:32,%22dn%22:32,%22dne%22:32,%22c%22:32,%22ce%22:32,%22rq%22:32,%22rp%22:32,%22rpe%22:142%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken

                                      HTTP Response

                                      200

                                      HTTP Request

                                      POST https://bam.nr-data.net/resources/1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=2281&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&st=1717183866747

                                      HTTP Response

                                      200

                                      HTTP Request

                                      POST https://bam.nr-data.net/jserrors/1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=3211&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&xhr=%5B%7B%22params%22:%7B%22method%22:%22POST%22,%22host%22:%22bam.nr-data.net:443%22,%22pathname%22:%22/resources/1/0d385ba8a0%22,%22status%22:200%7D,%22metrics%22:%7B%22count%22:1,%22txSize%22:%7B%22t%22:1257%7D,%22duration%22:%7B%22t%22:221%7D,%22rxSize%22:%7B%22t%22:36%7D,%22cbTime%22:%7B%22t%22:0%7D,%22time%22:%7B%22t%22:2281%7D%7D%7D%5D

                                      HTTP Response

                                      200

                                      HTTP Request

                                      POST https://bam.nr-data.net/resources/1/0d385ba8a0?a=4351484&v=943.9bd99bf&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXwpbEFMKVQ%3D%3D&rst=3214&ref=file:///C:/Users/Admin/AppData/Local/Temp/881aa98283b14a09f2f6cb8ad607ff49_JaffaCakes118.html&st=1717183866747&ptid=114daef3-0001-b4e0-82d2-018fd02273bd

                                      HTTP Response

                                      200
                                    • 204.79.197.237:443
                                      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8KWp6onm8L4tIk0GsxDvOMTVUCUwIJ_tY6PHDF1Fadvt8d48gfbtuXvgG7i7RGQUcZbk93iwOzWIQwOLeWa6qKLcfPtihQl9jse1Jgsn8hOglvwgiVAsh0Ie5S_vOHSfNphmZFWwMDzqDHuY3GO13RgmEimiaSP-3bS5BzHjXdZHa-n4W%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da04cc55536271a180d19a36e52b32d7f&TIME=20240508T114033Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
                                      tls, http2
                                      2.5kB
                                      9.0kB
                                      20
                                      17

                                      HTTP Request

                                      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8KWp6onm8L4tIk0GsxDvOMTVUCUwIJ_tY6PHDF1Fadvt8d48gfbtuXvgG7i7RGQUcZbk93iwOzWIQwOLeWa6qKLcfPtihQl9jse1Jgsn8hOglvwgiVAsh0Ie5S_vOHSfNphmZFWwMDzqDHuY3GO13RgmEimiaSP-3bS5BzHjXdZHa-n4W%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da04cc55536271a180d19a36e52b32d7f&TIME=20240508T114033Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48

                                      HTTP Response

                                      204

                                      HTTP Request

                                      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8KWp6onm8L4tIk0GsxDvOMTVUCUwIJ_tY6PHDF1Fadvt8d48gfbtuXvgG7i7RGQUcZbk93iwOzWIQwOLeWa6qKLcfPtihQl9jse1Jgsn8hOglvwgiVAsh0Ie5S_vOHSfNphmZFWwMDzqDHuY3GO13RgmEimiaSP-3bS5BzHjXdZHa-n4W%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da04cc55536271a180d19a36e52b32d7f&TIME=20240508T114033Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48

                                      HTTP Response

                                      204
                                    • 23.62.61.97:443
                                      https://www.bing.com/aes/c.gif?RG=3999f65e6b8146ae8e6773eff2f78b4c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T114033Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182
                                      tls, http2
                                      1.4kB
                                      5.3kB
                                      16
                                      11

                                      HTTP Request

                                      GET https://www.bing.com/aes/c.gif?RG=3999f65e6b8146ae8e6773eff2f78b4c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T114033Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182

                                      HTTP Response

                                      200
                                    • 162.247.243.29:443
                                      bam.nr-data.net
                                      tls
                                      msedge.exe
                                      1.1kB
                                      891 B
                                      10
                                      9
                                    • 23.62.61.97:443
                                      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                                      tls, http2
                                      1.6kB
                                      6.4kB
                                      17
                                      13

                                      HTTP Request

                                      GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

                                      HTTP Response

                                      200
                                    • 204.79.197.200:443
                                      https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                      tls, http2
                                      88.4kB
                                      2.6MB
                                      1870
                                      1867

                                      HTTP Request

                                      GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                      HTTP Request

                                      GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                      HTTP Request

                                      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                      HTTP Request

                                      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200

                                      HTTP Response

                                      200
                                    • 204.79.197.200:443
                                      tse1.mm.bing.net
                                      tls, http2
                                      1.2kB
                                      8.1kB
                                      16
                                      14
                                    • 204.79.197.200:443
                                      tse1.mm.bing.net
                                      tls, http2
                                      1.2kB
                                      8.0kB
                                      16
                                      12
                                    • 204.79.197.200:443
                                      tse1.mm.bing.net
                                      tls, http2
                                      1.2kB
                                      8.1kB
                                      16
                                      14
                                    • 8.8.8.8:53
                                      js-agent.newrelic.com
                                      dns
                                      msedge.exe
                                      67 B
                                      83 B
                                      1
                                      1

                                      DNS Request

                                      js-agent.newrelic.com

                                      DNS Response

                                      162.247.243.39

                                    • 8.8.8.8:53
                                      nr-browser-agent.s3.amazonaws.com
                                      dns
                                      msedge.exe
                                      79 B
                                      257 B
                                      1
                                      1

                                      DNS Request

                                      nr-browser-agent.s3.amazonaws.com

                                      DNS Response

                                      52.217.64.20
                                      16.182.40.129
                                      52.217.72.148
                                      3.5.28.215
                                      52.217.124.185
                                      52.216.48.129
                                      3.5.29.192
                                      16.182.36.57

                                    • 8.8.8.8:53
                                      39.243.247.162.in-addr.arpa
                                      dns
                                      73 B
                                      138 B
                                      1
                                      1

                                      DNS Request

                                      39.243.247.162.in-addr.arpa

                                    • 8.8.8.8:53
                                      217.106.137.52.in-addr.arpa
                                      dns
                                      73 B
                                      147 B
                                      1
                                      1

                                      DNS Request

                                      217.106.137.52.in-addr.arpa

                                    • 8.8.8.8:53
                                      20.64.217.52.in-addr.arpa
                                      dns
                                      71 B
                                      105 B
                                      1
                                      1

                                      DNS Request

                                      20.64.217.52.in-addr.arpa

                                    • 8.8.8.8:53
                                      bam.nr-data.net
                                      dns
                                      msedge.exe
                                      61 B
                                      131 B
                                      1
                                      1

                                      DNS Request

                                      bam.nr-data.net

                                      DNS Response

                                      162.247.243.29

                                    • 8.8.8.8:53
                                      81.81.224.13.in-addr.arpa
                                      dns
                                      71 B
                                      127 B
                                      1
                                      1

                                      DNS Request

                                      81.81.224.13.in-addr.arpa

                                    • 8.8.8.8:53
                                      240.197.17.2.in-addr.arpa
                                      dns
                                      71 B
                                      135 B
                                      1
                                      1

                                      DNS Request

                                      240.197.17.2.in-addr.arpa

                                    • 8.8.8.8:53
                                      g.bing.com
                                      dns
                                      56 B
                                      151 B
                                      1
                                      1

                                      DNS Request

                                      g.bing.com

                                      DNS Response

                                      204.79.197.237
                                      13.107.21.237

                                    • 224.0.0.251:5353
                                      530 B
                                      8
                                    • 8.8.8.8:53
                                      midifilehosting.com
                                      dns
                                      msedge.exe
                                      65 B
                                      138 B
                                      1
                                      1

                                      DNS Request

                                      midifilehosting.com

                                    • 8.8.8.8:53
                                      29.243.247.162.in-addr.arpa
                                      dns
                                      73 B
                                      138 B
                                      1
                                      1

                                      DNS Request

                                      29.243.247.162.in-addr.arpa

                                    • 8.8.8.8:53
                                      237.197.79.204.in-addr.arpa
                                      dns
                                      73 B
                                      143 B
                                      1
                                      1

                                      DNS Request

                                      237.197.79.204.in-addr.arpa

                                    • 8.8.8.8:53
                                      97.61.62.23.in-addr.arpa
                                      dns
                                      70 B
                                      133 B
                                      1
                                      1

                                      DNS Request

                                      97.61.62.23.in-addr.arpa

                                    • 8.8.8.8:53
                                      75.159.190.20.in-addr.arpa
                                      dns
                                      72 B
                                      158 B
                                      1
                                      1

                                      DNS Request

                                      75.159.190.20.in-addr.arpa

                                    • 8.8.8.8:53
                                      google.com
                                      dns
                                      msedge.exe
                                      56 B
                                      1

                                      DNS Request

                                      google.com

                                    • 8.8.8.8:53
                                      google.com
                                      dns
                                      msedge.exe
                                      56 B
                                      1

                                      DNS Request

                                      google.com

                                    • 8.8.4.4:53
                                      google.com
                                      dns
                                      msedge.exe
                                      56 B
                                      72 B
                                      1
                                      1

                                      DNS Request

                                      google.com

                                      DNS Response

                                      142.250.178.14

                                    • 8.8.8.8:53
                                      4.4.8.8.in-addr.arpa
                                      dns
                                      66 B
                                      90 B
                                      1
                                      1

                                      DNS Request

                                      4.4.8.8.in-addr.arpa

                                    • 8.8.8.8:53
                                      43.58.199.20.in-addr.arpa
                                      dns
                                      71 B
                                      157 B
                                      1
                                      1

                                      DNS Request

                                      43.58.199.20.in-addr.arpa

                                    • 8.8.8.8:53
                                      midifilehosting.com
                                      dns
                                      msedge.exe
                                      260 B
                                      138 B
                                      4
                                      1

                                      DNS Request

                                      midifilehosting.com

                                      DNS Request

                                      midifilehosting.com

                                      DNS Request

                                      midifilehosting.com

                                      DNS Request

                                      midifilehosting.com

                                    • 8.8.8.8:53
                                      28.118.140.52.in-addr.arpa
                                      dns
                                      72 B
                                      158 B
                                      1
                                      1

                                      DNS Request

                                      28.118.140.52.in-addr.arpa

                                    • 8.8.8.8:53
                                      157.123.68.40.in-addr.arpa
                                      dns
                                      72 B
                                      146 B
                                      1
                                      1

                                      DNS Request

                                      157.123.68.40.in-addr.arpa

                                    • 8.8.8.8:53
                                      18.31.95.13.in-addr.arpa
                                      dns
                                      70 B
                                      144 B
                                      1
                                      1

                                      DNS Request

                                      18.31.95.13.in-addr.arpa

                                    • 8.8.8.8:53
                                      midifilehosting.com
                                      dns
                                      msedge.exe
                                      65 B
                                      138 B
                                      1
                                      1

                                      DNS Request

                                      midifilehosting.com

                                    • 8.8.8.8:53
                                      172.210.232.199.in-addr.arpa
                                      dns
                                      148 B
                                      128 B
                                      2
                                      1

                                      DNS Request

                                      172.210.232.199.in-addr.arpa

                                      DNS Request

                                      172.210.232.199.in-addr.arpa

                                    • 8.8.8.8:53
                                      57.169.31.20.in-addr.arpa
                                      dns
                                      71 B
                                      157 B
                                      1
                                      1

                                      DNS Request

                                      57.169.31.20.in-addr.arpa

                                    • 8.8.8.8:53
                                      midifilehosting.com
                                      dns
                                      msedge.exe
                                      65 B
                                      138 B
                                      1
                                      1

                                      DNS Request

                                      midifilehosting.com

                                    • 8.8.8.8:53
                                      tse1.mm.bing.net
                                      dns
                                      62 B
                                      173 B
                                      1
                                      1

                                      DNS Request

                                      tse1.mm.bing.net

                                      DNS Response

                                      204.79.197.200
                                      13.107.21.200

                                    • 8.8.8.8:53
                                      55.36.223.20.in-addr.arpa
                                      dns
                                      71 B
                                      157 B
                                      1
                                      1

                                      DNS Request

                                      55.36.223.20.in-addr.arpa

                                    • 8.8.8.8:53
                                      200.197.79.204.in-addr.arpa
                                      dns
                                      73 B
                                      106 B
                                      1
                                      1

                                      DNS Request

                                      200.197.79.204.in-addr.arpa

                                    • 8.8.8.8:53
                                      24.173.189.20.in-addr.arpa
                                      dns
                                      72 B
                                      158 B
                                      1
                                      1

                                      DNS Request

                                      24.173.189.20.in-addr.arpa

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      4b4f91fa1b362ba5341ecb2836438dea

                                      SHA1

                                      9561f5aabed742404d455da735259a2c6781fa07

                                      SHA256

                                      d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

                                      SHA512

                                      fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      eaa3db555ab5bc0cb364826204aad3f0

                                      SHA1

                                      a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

                                      SHA256

                                      ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

                                      SHA512

                                      e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      21c4af456704f5e6180125b0390f5648

                                      SHA1

                                      75796cd714efa57ec10e61a3f98e5c5e5c9b20b2

                                      SHA256

                                      aca97c153733847b898718ea936e70f6aed7d096818c98c187407349903c01ea

                                      SHA512

                                      38dcbfd69edd1e5bad77de81af58030d0cc633be59d0cd0e00c2879357bbe8e9df6ed475a52c8c96ecab5a14a3ae49376d9a231cffdde4c9a1cdccfde766c4d1

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      534029b9de12ea181629d7e121d7010a

                                      SHA1

                                      8ed0e0ef442a95ef080379f96aa9caa8ab3f88a7

                                      SHA256

                                      96b06bc224d3a99f2936f938232f53ae9ab5ec753f478608e1d9dbb9d47ef204

                                      SHA512

                                      04d3c2c7d815fe7815acda99cbd6dbc1bb704d246829ea19c90c90abc9db142c587014f185ca740e3f87aadba19c84ed0e4268771e4ad5153ff49cad1a5aa3aa

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      11KB

                                      MD5

                                      96aa1d2601e43f9bbc40aafc7e2043ed

                                      SHA1

                                      2090fe7ac910b5c80b8eff43ff01af86dd67c9b2

                                      SHA256

                                      364d954b1ab12c36f4159769634d07c82e168d1adf5c92fb860844d9e1ed42d2

                                      SHA512

                                      2112fc553b764027c0605484af1d3fdb82e6259ef700c25a57ea2f107876c9d1f0181dacb33dee0f51e6bebc7bc1b647224c3ad9f8b0c26305fa6c839cfc228e

                                    We care about your privacy.

                                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.