Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 05:17 UTC

General

  • Target

    8d01094941b75f749ea7e77096f771f6_JaffaCakes118.html

  • Size

    139KB

  • MD5

    8d01094941b75f749ea7e77096f771f6

  • SHA1

    6adb19d936cf1e440caa5b57822f27b765a85716

  • SHA256

    72f68300b1a920676906910af2da54baefb8143c4debc8698323dcfe0121f46a

  • SHA512

    074ecd5740eb0ae83cb384b8299f767dbe2abcb7c463ec9092cf29cbc7d3d1d9180729a5d1aaf98277792a388247154a0f748186753bc6957c942d590813c966

  • SSDEEP

    1536:SaFUs7llMEyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTs:SaV70EyfkMY+BES09JXAnyrZalI+YQ

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8d01094941b75f749ea7e77096f771f6_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1916
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2ac46f8,0x7ffdc2ac4708,0x7ffdc2ac4718
      2⤵
        PID:1512
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6027210320850329796,7240636766307983257,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
        2⤵
          PID:4368
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,6027210320850329796,7240636766307983257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3156
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,6027210320850329796,7240636766307983257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
          2⤵
            PID:984
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6027210320850329796,7240636766307983257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
            2⤵
              PID:2096
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6027210320850329796,7240636766307983257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
              2⤵
                PID:516
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6027210320850329796,7240636766307983257,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2996 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4176
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:2676
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:2480

                Network

                • flag-us
                  DNS
                  www.fiyqs.cn
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  www.fiyqs.cn
                  IN A
                  Response
                • flag-us
                  DNS
                  bdimg.share.baidu.com
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  bdimg.share.baidu.com
                  IN A
                  Response
                  bdimg.share.baidu.com
                  IN CNAME
                  share.jomodns.com
                  share.jomodns.com
                  IN CNAME
                  share.n.shifen.com
                  share.n.shifen.com
                  IN A
                  182.61.244.229
                  share.n.shifen.com
                  IN A
                  14.215.182.161
                  share.n.shifen.com
                  IN A
                  39.156.68.163
                  share.n.shifen.com
                  IN A
                  112.34.113.148
                  share.n.shifen.com
                  IN A
                  163.177.17.97
                  share.n.shifen.com
                  IN A
                  180.101.212.103
                  share.n.shifen.com
                  IN A
                  182.61.201.93
                  share.n.shifen.com
                  IN A
                  182.61.201.94
                • flag-us
                  DNS
                  149.220.183.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  149.220.183.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  172.210.232.199.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  172.210.232.199.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  69.31.126.40.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  69.31.126.40.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  g.bing.com
                  Remote address:
                  8.8.8.8:53
                  Request
                  g.bing.com
                  IN A
                  Response
                  g.bing.com
                  IN CNAME
                  g-bing-com.dual-a-0034.a-msedge.net
                  g-bing-com.dual-a-0034.a-msedge.net
                  IN CNAME
                  dual-a-0034.a-msedge.net
                  dual-a-0034.a-msedge.net
                  IN A
                  204.79.197.237
                  dual-a-0034.a-msedge.net
                  IN A
                  13.107.21.237
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=
                  Remote address:
                  204.79.197.237:443
                  Request
                  GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid= HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  set-cookie: MUID=169CFD1271CA63DA1751E980707162B0; domain=.bing.com; expires=Fri, 27-Jun-2025 05:17:43 GMT; path=/; SameSite=None; Secure; Priority=High;
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: E61B828EB11E493B8581CE7A0242D1ED Ref B: LON04EDGE0917 Ref C: 2024-06-02T05:17:43Z
                  date: Sun, 02 Jun 2024 05:17:43 GMT
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=
                  Remote address:
                  204.79.197.237:443
                  Request
                  GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid= HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  cookie: MUID=169CFD1271CA63DA1751E980707162B0
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  set-cookie: MSPTC=z7muo5zeLM84JGyVNqN6v8XUSnO_DmtC1HvVlhti4QU; domain=.bing.com; expires=Fri, 27-Jun-2025 05:17:43 GMT; path=/; Partitioned; secure; SameSite=None
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 150A88FC2255442B9FB3E2E951C015DC Ref B: LON04EDGE0917 Ref C: 2024-06-02T05:17:43Z
                  date: Sun, 02 Jun 2024 05:17:43 GMT
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=
                  Remote address:
                  204.79.197.237:443
                  Request
                  GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid= HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  cookie: MUID=169CFD1271CA63DA1751E980707162B0; MSPTC=z7muo5zeLM84JGyVNqN6v8XUSnO_DmtC1HvVlhti4QU
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 3726D58F4D5140E3B5634C00CD6DA43A Ref B: LON04EDGE0917 Ref C: 2024-06-02T05:17:43Z
                  date: Sun, 02 Jun 2024 05:17:43 GMT
                • flag-nl
                  GET
                  https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                  Remote address:
                  23.62.61.97:443
                  Request
                  GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
                  host: www.bing.com
                  accept: */*
                  cookie: MUID=169CFD1271CA63DA1751E980707162B0; MSPTC=z7muo5zeLM84JGyVNqN6v8XUSnO_DmtC1HvVlhti4QU
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-type: image/png
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  content-length: 1107
                  date: Sun, 02 Jun 2024 05:17:44 GMT
                  alt-svc: h3=":443"; ma=93600
                  x-cdn-traceid: 0.be3d3e17.1717305464.c8c3102
                • flag-us
                  DNS
                  237.197.79.204.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  237.197.79.204.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  138.201.86.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  138.201.86.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  97.61.62.23.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  97.61.62.23.in-addr.arpa
                  IN PTR
                  Response
                  97.61.62.23.in-addr.arpa
                  IN PTR
                  a23-62-61-97deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  13.86.106.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  13.86.106.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  14.227.111.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  14.227.111.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  14.227.111.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  14.227.111.52.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  86.23.85.13.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  86.23.85.13.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  18.31.95.13.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  18.31.95.13.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  tse1.mm.bing.net
                  Remote address:
                  8.8.8.8:53
                  Request
                  tse1.mm.bing.net
                  IN A
                  Response
                  tse1.mm.bing.net
                  IN CNAME
                  mm-mm.bing.net.trafficmanager.net
                  mm-mm.bing.net.trafficmanager.net
                  IN CNAME
                  dual-a-0001.a-msedge.net
                  dual-a-0001.a-msedge.net
                  IN A
                  204.79.197.200
                  dual-a-0001.a-msedge.net
                  IN A
                  13.107.21.200
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 449656
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 443619773EFD44DEAB2A2BDC168A5D7F Ref B: LON04EDGE0716 Ref C: 2024-06-02T05:19:22Z
                  date: Sun, 02 Jun 2024 05:19:21 GMT
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 621794
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 33B69520D2834B1BB4DE9EE9329313B3 Ref B: LON04EDGE0716 Ref C: 2024-06-02T05:19:22Z
                  date: Sun, 02 Jun 2024 05:19:22 GMT
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 468637
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 3DDC6B7E4BAF4288AD7C47FE591ACD70 Ref B: LON04EDGE0716 Ref C: 2024-06-02T05:19:22Z
                  date: Sun, 02 Jun 2024 05:19:22 GMT
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 659775
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: D8924E43C7FF411BAEF6333BA93F3FB2 Ref B: LON04EDGE0716 Ref C: 2024-06-02T05:19:22Z
                  date: Sun, 02 Jun 2024 05:19:22 GMT
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 449656
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: F8B34A262EAE4D71B62431DE9EBCAD8D Ref B: LON04EDGE0716 Ref C: 2024-06-02T05:20:09Z
                  date: Sun, 02 Jun 2024 05:20:08 GMT
                • flag-us
                  DNS
                  88.156.103.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  88.156.103.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  27.73.42.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  27.73.42.20.in-addr.arpa
                  IN PTR
                  Response
                • 182.61.244.229:80
                  bdimg.share.baidu.com
                  msedge.exe
                  260 B
                  5
                • 182.61.244.229:80
                  bdimg.share.baidu.com
                  msedge.exe
                  260 B
                  5
                • 204.79.197.237:443
                  https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=
                  tls, http2
                  2.0kB
                  9.2kB
                  21
                  19

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=

                  HTTP Response

                  204

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=

                  HTTP Response

                  204

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=

                  HTTP Response

                  204
                • 23.62.61.97:443
                  https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                  tls, http2
                  1.5kB
                  6.4kB
                  17
                  13

                  HTTP Request

                  GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

                  HTTP Response

                  200
                • 14.215.182.161:80
                  bdimg.share.baidu.com
                  msedge.exe
                  260 B
                  5
                • 14.215.182.161:80
                  bdimg.share.baidu.com
                  msedge.exe
                  260 B
                  5
                • 39.156.68.163:80
                  bdimg.share.baidu.com
                  msedge.exe
                  260 B
                  5
                • 39.156.68.163:80
                  bdimg.share.baidu.com
                  msedge.exe
                  260 B
                  5
                • 112.34.113.148:80
                  bdimg.share.baidu.com
                  msedge.exe
                  260 B
                  5
                • 112.34.113.148:80
                  bdimg.share.baidu.com
                  msedge.exe
                  260 B
                  5
                • 163.177.17.97:80
                  bdimg.share.baidu.com
                  msedge.exe
                  260 B
                  5
                • 163.177.17.97:80
                  bdimg.share.baidu.com
                  msedge.exe
                  260 B
                  5
                • 204.79.197.200:443
                  https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                  tls, http2
                  88.1kB
                  2.6MB
                  1868
                  1864

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                  HTTP Response

                  200

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                  HTTP Response

                  200

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                  HTTP Response

                  200

                  HTTP Response

                  200

                  HTTP Response

                  200
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls, http2
                  1.5kB
                  8.1kB
                  16
                  13
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls, http2
                  1.1kB
                  9.1kB
                  13
                  12
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls, http2
                  1.4kB
                  8.1kB
                  16
                  13
                • 180.101.212.103:80
                  bdimg.share.baidu.com
                  msedge.exe
                  260 B
                  5
                • 180.101.212.103:80
                  bdimg.share.baidu.com
                  msedge.exe
                  260 B
                  5
                • 182.61.201.93:80
                  bdimg.share.baidu.com
                  msedge.exe
                  260 B
                  5
                • 182.61.201.93:80
                  bdimg.share.baidu.com
                  msedge.exe
                  260 B
                  5
                • 182.61.201.94:80
                  bdimg.share.baidu.com
                  msedge.exe
                  52 B
                  1
                • 182.61.201.94:80
                  bdimg.share.baidu.com
                  msedge.exe
                  52 B
                  1
                • 8.8.8.8:53
                  www.fiyqs.cn
                  dns
                  msedge.exe
                  58 B
                  111 B
                  1
                  1

                  DNS Request

                  www.fiyqs.cn

                • 8.8.8.8:53
                  bdimg.share.baidu.com
                  dns
                  msedge.exe
                  67 B
                  252 B
                  1
                  1

                  DNS Request

                  bdimg.share.baidu.com

                  DNS Response

                  182.61.244.229
                  14.215.182.161
                  39.156.68.163
                  112.34.113.148
                  163.177.17.97
                  180.101.212.103
                  182.61.201.93
                  182.61.201.94

                • 8.8.8.8:53
                  149.220.183.52.in-addr.arpa
                  dns
                  73 B
                  147 B
                  1
                  1

                  DNS Request

                  149.220.183.52.in-addr.arpa

                • 8.8.8.8:53
                  172.210.232.199.in-addr.arpa
                  dns
                  74 B
                  128 B
                  1
                  1

                  DNS Request

                  172.210.232.199.in-addr.arpa

                • 8.8.8.8:53
                  69.31.126.40.in-addr.arpa
                  dns
                  71 B
                  157 B
                  1
                  1

                  DNS Request

                  69.31.126.40.in-addr.arpa

                • 8.8.8.8:53
                  g.bing.com
                  dns
                  56 B
                  151 B
                  1
                  1

                  DNS Request

                  g.bing.com

                  DNS Response

                  204.79.197.237
                  13.107.21.237

                • 8.8.8.8:53
                  138.201.86.20.in-addr.arpa
                  dns
                  72 B
                  158 B
                  1
                  1

                  DNS Request

                  138.201.86.20.in-addr.arpa

                • 8.8.8.8:53
                  237.197.79.204.in-addr.arpa
                  dns
                  73 B
                  143 B
                  1
                  1

                  DNS Request

                  237.197.79.204.in-addr.arpa

                • 8.8.8.8:53
                  97.61.62.23.in-addr.arpa
                  dns
                  70 B
                  133 B
                  1
                  1

                  DNS Request

                  97.61.62.23.in-addr.arpa

                • 224.0.0.251:5353
                  322 B
                  5
                • 8.8.8.8:53
                  13.86.106.20.in-addr.arpa
                  dns
                  215 B
                  315 B
                  3
                  2

                  DNS Request

                  13.86.106.20.in-addr.arpa

                  DNS Request

                  14.227.111.52.in-addr.arpa

                  DNS Request

                  14.227.111.52.in-addr.arpa

                • 8.8.8.8:53
                  86.23.85.13.in-addr.arpa
                  dns
                  70 B
                  144 B
                  1
                  1

                  DNS Request

                  86.23.85.13.in-addr.arpa

                • 8.8.8.8:53
                  18.31.95.13.in-addr.arpa
                  dns
                  70 B
                  144 B
                  1
                  1

                  DNS Request

                  18.31.95.13.in-addr.arpa

                • 8.8.8.8:53
                  tse1.mm.bing.net
                  dns
                  62 B
                  173 B
                  1
                  1

                  DNS Request

                  tse1.mm.bing.net

                  DNS Response

                  204.79.197.200
                  13.107.21.200

                • 8.8.8.8:53
                  88.156.103.20.in-addr.arpa
                  dns
                  72 B
                  158 B
                  1
                  1

                  DNS Request

                  88.156.103.20.in-addr.arpa

                • 8.8.8.8:53
                  27.73.42.20.in-addr.arpa
                  dns
                  70 B
                  156 B
                  1
                  1

                  DNS Request

                  27.73.42.20.in-addr.arpa

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                  Filesize

                  152B

                  MD5

                  a8e767fd33edd97d306efb6905f93252

                  SHA1

                  a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

                  SHA256

                  c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

                  SHA512

                  07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                  Filesize

                  152B

                  MD5

                  439b5e04ca18c7fb02cf406e6eb24167

                  SHA1

                  e0c5bb6216903934726e3570b7d63295b9d28987

                  SHA256

                  247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

                  SHA512

                  d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                  Filesize

                  5KB

                  MD5

                  906d6a8a80f566e98f30bb8d6f60a38d

                  SHA1

                  1a2e814973564914b99b6a2b23c6adab94dd8fa6

                  SHA256

                  bc9a4a98fcda5676422c6db9ca3d840068fd7f10d39e0521e40c5b0cb7ed603c

                  SHA512

                  c226e6a563e743fdc6a19755503531bd193f2bf62c73c45f2bc229e9f3ee29f11390bec5922f896ec9b42617ed63d9241b2773ff9ceb191cf214e62d7413d0e0

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                  Filesize

                  6KB

                  MD5

                  cd8a0eee7f8537feda13fd2be713038a

                  SHA1

                  a308352391d87c83a515017fe9528895a48b954b

                  SHA256

                  20efe195c887417126df7d69e07b6a795ce981c701e96a6ade281014ca482871

                  SHA512

                  44b213274ea9f4a92587cdd5a49cf8b318644d21fe7c137a05879b2603184ffe581494493367e261057b17e03be66689327e0718a1c63c3bfb33b37696f30921

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                  Filesize

                  11KB

                  MD5

                  6afcd6ef04cc040d0f0640b26d5650aa

                  SHA1

                  660411e91c6b52bb602fc93791c5ba3bdda489e1

                  SHA256

                  26f72a5dc7a7a258bd761c7f84ae39b3618bf0e20caadc5110c1dc8507416862

                  SHA512

                  4dc09d42869eb6be962440a42c546caa5fbc718466a348374e22ff29afe51b11e93f240349620c56b1fa8b470b1f6f4cabbdc5b23e8b405c8d17c80020fdedb2

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.