Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 05:17 UTC
Static task
static1
Behavioral task
behavioral1
Sample
8d01094941b75f749ea7e77096f771f6_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8d01094941b75f749ea7e77096f771f6_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8d01094941b75f749ea7e77096f771f6_JaffaCakes118.html
-
Size
139KB
-
MD5
8d01094941b75f749ea7e77096f771f6
-
SHA1
6adb19d936cf1e440caa5b57822f27b765a85716
-
SHA256
72f68300b1a920676906910af2da54baefb8143c4debc8698323dcfe0121f46a
-
SHA512
074ecd5740eb0ae83cb384b8299f767dbe2abcb7c463ec9092cf29cbc7d3d1d9180729a5d1aaf98277792a388247154a0f748186753bc6957c942d590813c966
-
SSDEEP
1536:SaFUs7llMEyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTs:SaV70EyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3156 msedge.exe 3156 msedge.exe 1916 msedge.exe 1916 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe 4176 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1916 msedge.exe 1916 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1916 wrote to memory of 1512 1916 msedge.exe 83 PID 1916 wrote to memory of 1512 1916 msedge.exe 83 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 4368 1916 msedge.exe 84 PID 1916 wrote to memory of 3156 1916 msedge.exe 85 PID 1916 wrote to memory of 3156 1916 msedge.exe 85 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86 PID 1916 wrote to memory of 984 1916 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8d01094941b75f749ea7e77096f771f6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1916 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2ac46f8,0x7ffdc2ac4708,0x7ffdc2ac47182⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6027210320850329796,7240636766307983257,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,6027210320850329796,7240636766307983257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,6027210320850329796,7240636766307983257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵PID:984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6027210320850329796,7240636766307983257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6027210320850329796,7240636766307983257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6027210320850329796,7240636766307983257,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2996 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4176
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2676
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2480
Network
-
Remote address:8.8.8.8:53Requestwww.fiyqs.cnIN AResponse
-
Remote address:8.8.8.8:53Requestbdimg.share.baidu.comIN AResponsebdimg.share.baidu.comIN CNAMEshare.jomodns.comshare.jomodns.comIN CNAMEshare.n.shifen.comshare.n.shifen.comIN A182.61.244.229share.n.shifen.comIN A14.215.182.161share.n.shifen.comIN A39.156.68.163share.n.shifen.comIN A112.34.113.148share.n.shifen.comIN A163.177.17.97share.n.shifen.comIN A180.101.212.103share.n.shifen.comIN A182.61.201.93share.n.shifen.comIN A182.61.201.94
-
Remote address:8.8.8.8:53Request149.220.183.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request69.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=169CFD1271CA63DA1751E980707162B0; domain=.bing.com; expires=Fri, 27-Jun-2025 05:17:43 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E61B828EB11E493B8581CE7A0242D1ED Ref B: LON04EDGE0917 Ref C: 2024-06-02T05:17:43Z
date: Sun, 02 Jun 2024 05:17:43 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=169CFD1271CA63DA1751E980707162B0
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=z7muo5zeLM84JGyVNqN6v8XUSnO_DmtC1HvVlhti4QU; domain=.bing.com; expires=Fri, 27-Jun-2025 05:17:43 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 150A88FC2255442B9FB3E2E951C015DC Ref B: LON04EDGE0917 Ref C: 2024-06-02T05:17:43Z
date: Sun, 02 Jun 2024 05:17:43 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=Remote address:204.79.197.237:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=169CFD1271CA63DA1751E980707162B0; MSPTC=z7muo5zeLM84JGyVNqN6v8XUSnO_DmtC1HvVlhti4QU
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3726D58F4D5140E3B5634C00CD6DA43A Ref B: LON04EDGE0917 Ref C: 2024-06-02T05:17:43Z
date: Sun, 02 Jun 2024 05:17:43 GMT
-
GEThttps://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90Remote address:23.62.61.97:443RequestGET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=169CFD1271CA63DA1751E980707162B0; MSPTC=z7muo5zeLM84JGyVNqN6v8XUSnO_DmtC1HvVlhti4QU
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Sun, 02 Jun 2024 05:17:44 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1717305464.c8c3102
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request138.201.86.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request97.61.62.23.in-addr.arpaIN PTRResponse97.61.62.23.in-addr.arpaIN PTRa23-62-61-97deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request14.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request14.227.111.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request18.31.95.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 449656
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 443619773EFD44DEAB2A2BDC168A5D7F Ref B: LON04EDGE0716 Ref C: 2024-06-02T05:19:22Z
date: Sun, 02 Jun 2024 05:19:21 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 621794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 33B69520D2834B1BB4DE9EE9329313B3 Ref B: LON04EDGE0716 Ref C: 2024-06-02T05:19:22Z
date: Sun, 02 Jun 2024 05:19:22 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 468637
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3DDC6B7E4BAF4288AD7C47FE591ACD70 Ref B: LON04EDGE0716 Ref C: 2024-06-02T05:19:22Z
date: Sun, 02 Jun 2024 05:19:22 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 659775
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D8924E43C7FF411BAEF6333BA93F3FB2 Ref B: LON04EDGE0716 Ref C: 2024-06-02T05:19:22Z
date: Sun, 02 Jun 2024 05:19:22 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 449656
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F8B34A262EAE4D71B62431DE9EBCAD8D Ref B: LON04EDGE0716 Ref C: 2024-06-02T05:20:09Z
date: Sun, 02 Jun 2024 05:20:08 GMT
-
Remote address:8.8.8.8:53Request88.156.103.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request27.73.42.20.in-addr.arpaIN PTRResponse
-
260 B 5
-
260 B 5
-
204.79.197.237:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=tls, http22.0kB 9.2kB 21 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7bea495b787f4f93bc419b7c02e7f0bc&localId=w:1C8BDEF5-626C-207C-B098-8D9DBC09C387&deviceId=6966565258095583&anid=HTTP Response
204 -
23.62.61.97:443https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90tls, http21.5kB 6.4kB 17 13
HTTP Request
GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90HTTP Response
200 -
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http288.1kB 2.6MB 1868 1864
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200 -
1.5kB 8.1kB 16 13
-
1.1kB 9.1kB 13 12
-
1.4kB 8.1kB 16 13
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
52 B 1
-
52 B 1
-
58 B 111 B 1 1
DNS Request
www.fiyqs.cn
-
67 B 252 B 1 1
DNS Request
bdimg.share.baidu.com
DNS Response
182.61.244.22914.215.182.16139.156.68.163112.34.113.148163.177.17.97180.101.212.103182.61.201.93182.61.201.94
-
73 B 147 B 1 1
DNS Request
149.220.183.52.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
69.31.126.40.in-addr.arpa
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
72 B 158 B 1 1
DNS Request
138.201.86.20.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
237.197.79.204.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
97.61.62.23.in-addr.arpa
-
322 B 5
-
215 B 315 B 3 2
DNS Request
13.86.106.20.in-addr.arpa
DNS Request
14.227.111.52.in-addr.arpa
DNS Request
14.227.111.52.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
86.23.85.13.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
18.31.95.13.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
72 B 158 B 1 1
DNS Request
88.156.103.20.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
27.73.42.20.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD5906d6a8a80f566e98f30bb8d6f60a38d
SHA11a2e814973564914b99b6a2b23c6adab94dd8fa6
SHA256bc9a4a98fcda5676422c6db9ca3d840068fd7f10d39e0521e40c5b0cb7ed603c
SHA512c226e6a563e743fdc6a19755503531bd193f2bf62c73c45f2bc229e9f3ee29f11390bec5922f896ec9b42617ed63d9241b2773ff9ceb191cf214e62d7413d0e0
-
Filesize
6KB
MD5cd8a0eee7f8537feda13fd2be713038a
SHA1a308352391d87c83a515017fe9528895a48b954b
SHA25620efe195c887417126df7d69e07b6a795ce981c701e96a6ade281014ca482871
SHA51244b213274ea9f4a92587cdd5a49cf8b318644d21fe7c137a05879b2603184ffe581494493367e261057b17e03be66689327e0718a1c63c3bfb33b37696f30921
-
Filesize
11KB
MD56afcd6ef04cc040d0f0640b26d5650aa
SHA1660411e91c6b52bb602fc93791c5ba3bdda489e1
SHA25626f72a5dc7a7a258bd761c7f84ae39b3618bf0e20caadc5110c1dc8507416862
SHA5124dc09d42869eb6be962440a42c546caa5fbc718466a348374e22ff29afe51b11e93f240349620c56b1fa8b470b1f6f4cabbdc5b23e8b405c8d17c80020fdedb2