Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-06-2024 11:04

General

  • Target

    94987167f989eca4f8d7121d98090e6d_JaffaCakes118.html

  • Size

    11KB

  • MD5

    94987167f989eca4f8d7121d98090e6d

  • SHA1

    4a649929f9614dbb944d32f02bb441a005d5c196

  • SHA256

    dead099917e867bb57ef83f94c8aa8ae8c24c6f3fa5323e865d0809671b39398

  • SHA512

    9be4213864d4bc5d5d6323fcb12dfbe9e7656f3c0bfd0f16429657fedd8fdce273b3e27fe1d49f3cc44643fa08e6a184472621a9df6596d8c8f91df5bacf02a0

  • SSDEEP

    96:xXEW5FDgYcESCWHcfbfnniXJIonicK9D/8+A3K2MpfqXXb/vG/Xq0PnkdldUKLf5:ZEI76KB/zOb/u/XVPng2wRZL6ouGgVVg

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\94987167f989eca4f8d7121d98090e6d_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1148
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dd7f46f8,0x7ff8dd7f4708,0x7ff8dd7f4718
      2⤵
        PID:2984
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
        2⤵
          PID:5016
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4760
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
          2⤵
            PID:1436
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
            2⤵
              PID:744
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
              2⤵
                PID:1044
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
                2⤵
                  PID:3384
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
                  2⤵
                    PID:2176
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
                    2⤵
                      PID:4720
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4904
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
                      2⤵
                        PID:4132
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
                        2⤵
                          PID:1824
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
                          2⤵
                            PID:3452
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
                            2⤵
                              PID:3228
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3156 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5852
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4988
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3904

                              Network

                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                Response
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                dnsgoogle
                              • flag-us
                                DNS
                                workwear-shop.ch
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                workwear-shop.ch
                                IN A
                                Response
                                workwear-shop.ch
                                IN A
                                185.117.169.232
                              • flag-ch
                                GET
                                http://workwear-shop.ch/counter.php
                                msedge.exe
                                Remote address:
                                185.117.169.232:80
                                Request
                                GET /counter.php HTTP/1.1
                                Host: workwear-shop.ch
                                Connection: keep-alive
                                Upgrade-Insecure-Requests: 1
                                DNT: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                Accept-Encoding: gzip, deflate
                                Accept-Language: en-US,en;q=0.9
                                Response
                                HTTP/1.1 301 Moved Permanently
                                Server: nginx
                                Date: Tue, 04 Jun 2024 11:04:41 GMT
                                Content-Type: text/html
                                Content-Length: 162
                                Connection: keep-alive
                                Location: https://workwear-shop.ch/counter.php
                              • flag-us
                                DNS
                                228.249.119.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                228.249.119.40.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                23.177.190.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                23.177.190.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                23.177.190.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                23.177.190.20.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                172.210.232.199.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                172.210.232.199.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                172.210.232.199.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                172.210.232.199.in-addr.arpa
                                IN PTR
                              • flag-ch
                                GET
                                https://workwear-shop.ch/counter.php
                                msedge.exe
                                Remote address:
                                185.117.169.232:443
                                Request
                                GET /counter.php HTTP/2.0
                                host: workwear-shop.ch
                                upgrade-insecure-requests: 1
                                dnt: 1
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                sec-fetch-site: cross-site
                                sec-fetch-mode: navigate
                                sec-fetch-dest: iframe
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                sec-ch-ua-mobile: ?0
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 404
                                server: nginx
                                date: Tue, 04 Jun 2024 11:04:41 GMT
                                content-type: text/html; charset=UTF-8
                                content-length: 16
                                x-content-type-options: nosniff
                                content-security-policy: frame-ancestors 'self'
                                strict-transport-security: max-age=31536000; includeSubDomains
                                referrer-policy: strict-origin-when-cross-origin
                                permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
                              • flag-us
                                DNS
                                232.169.117.185.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                232.169.117.185.in-addr.arpa
                                IN PTR
                                Response
                                232.169.117.185.in-addr.arpa
                                IN PTR
                                server202 hostfactorych
                              • flag-us
                                DNS
                                g.bing.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                g.bing.com
                                IN A
                                Response
                                g.bing.com
                                IN CNAME
                                g-bing-com.dual-a-0034.a-msedge.net
                                g-bing-com.dual-a-0034.a-msedge.net
                                IN CNAME
                                dual-a-0034.a-msedge.net
                                dual-a-0034.a-msedge.net
                                IN A
                                204.79.197.237
                                dual-a-0034.a-msedge.net
                                IN A
                                13.107.21.237
                              • flag-us
                                GET
                                https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XEmWtMK4qtf4LiMrmuwaqTVUCUwQfMJooFvWyLoJSr1bPvNsjdR3Z5h-aeer08-DeVn3bv3PiQB-CtTs6XYqTLjdPekyBCX2LLXjB5WGM7ZcnYTKiT6ft95WjucZaEENKnnvonGvEltFAA7itq3gGJW-XacyF1RsRops-j2sMMKd3cV8%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D7cbe7cf12f681b3af7f51aca740fa5b0&TIME=20240508T110126Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB
                                Remote address:
                                204.79.197.237:443
                                Request
                                GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XEmWtMK4qtf4LiMrmuwaqTVUCUwQfMJooFvWyLoJSr1bPvNsjdR3Z5h-aeer08-DeVn3bv3PiQB-CtTs6XYqTLjdPekyBCX2LLXjB5WGM7ZcnYTKiT6ft95WjucZaEENKnnvonGvEltFAA7itq3gGJW-XacyF1RsRops-j2sMMKd3cV8%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D7cbe7cf12f681b3af7f51aca740fa5b0&TIME=20240508T110126Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB HTTP/2.0
                                host: g.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                Response
                                HTTP/2.0 204
                                cache-control: no-cache, must-revalidate
                                pragma: no-cache
                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                set-cookie: MUID=3283E9F0469761902CF1FD64477760E6; domain=.bing.com; expires=Sun, 29-Jun-2025 11:04:42 GMT; path=/; SameSite=None; Secure; Priority=High;
                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                access-control-allow-origin: *
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: A8F6EC7FDA5C4788B5073E956559336F Ref B: LON04EDGE1222 Ref C: 2024-06-04T11:04:42Z
                                date: Tue, 04 Jun 2024 11:04:42 GMT
                              • flag-us
                                GET
                                https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XEmWtMK4qtf4LiMrmuwaqTVUCUwQfMJooFvWyLoJSr1bPvNsjdR3Z5h-aeer08-DeVn3bv3PiQB-CtTs6XYqTLjdPekyBCX2LLXjB5WGM7ZcnYTKiT6ft95WjucZaEENKnnvonGvEltFAA7itq3gGJW-XacyF1RsRops-j2sMMKd3cV8%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D7cbe7cf12f681b3af7f51aca740fa5b0&TIME=20240508T110126Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB
                                Remote address:
                                204.79.197.237:443
                                Request
                                GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XEmWtMK4qtf4LiMrmuwaqTVUCUwQfMJooFvWyLoJSr1bPvNsjdR3Z5h-aeer08-DeVn3bv3PiQB-CtTs6XYqTLjdPekyBCX2LLXjB5WGM7ZcnYTKiT6ft95WjucZaEENKnnvonGvEltFAA7itq3gGJW-XacyF1RsRops-j2sMMKd3cV8%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D7cbe7cf12f681b3af7f51aca740fa5b0&TIME=20240508T110126Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB HTTP/2.0
                                host: g.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                cookie: MUID=3283E9F0469761902CF1FD64477760E6; _EDGE_S=SID=22052619738E683B01CB328D72F76925
                                Response
                                HTTP/2.0 204
                                cache-control: no-cache, must-revalidate
                                pragma: no-cache
                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                set-cookie: MSPTC=K9xe48fLNdMVNOyXknsSqkFSNLLV6_xVXd59SAdcbH4; domain=.bing.com; expires=Sun, 29-Jun-2025 11:04:43 GMT; path=/; Partitioned; secure; SameSite=None
                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                access-control-allow-origin: *
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 051B45B028E040B3B83B4171796179E1 Ref B: LON04EDGE1222 Ref C: 2024-06-04T11:04:43Z
                                date: Tue, 04 Jun 2024 11:04:42 GMT
                              • flag-be
                                GET
                                https://www.bing.com/aes/c.gif?RG=0387016ed1e147f29bac31e7f50f0dd3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T110126Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981
                                Remote address:
                                88.221.83.233:443
                                Request
                                GET /aes/c.gif?RG=0387016ed1e147f29bac31e7f50f0dd3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T110126Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981 HTTP/2.0
                                host: www.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                cookie: MUID=3283E9F0469761902CF1FD64477760E6
                                Response
                                HTTP/2.0 200
                                cache-control: private,no-store
                                pragma: no-cache
                                vary: Origin
                                p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: B32407CA9489470F928A1C07316EEF3E Ref B: LON212050719029 Ref C: 2024-06-04T11:04:43Z
                                content-length: 0
                                date: Tue, 04 Jun 2024 11:04:43 GMT
                                set-cookie: _EDGE_S=SID=22052619738E683B01CB328D72F76925; path=/; httponly; domain=bing.com
                                set-cookie: MUIDB=3283E9F0469761902CF1FD64477760E6; path=/; httponly; expires=Sun, 29-Jun-2025 11:04:43 GMT
                                alt-svc: h3=":443"; ma=93600
                                x-cdn-traceid: 0.e553dd58.1717499083.38b19209
                              • flag-us
                                DNS
                                233.83.221.88.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                233.83.221.88.in-addr.arpa
                                IN PTR
                                Response
                                233.83.221.88.in-addr.arpa
                                IN PTR
                                a88-221-83-233deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                233.83.221.88.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                233.83.221.88.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                237.197.79.204.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                237.197.79.204.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                237.197.79.204.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                237.197.79.204.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                237.197.79.204.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                237.197.79.204.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                237.197.79.204.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                237.197.79.204.in-addr.arpa
                                IN PTR
                              • flag-be
                                GET
                                https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                                Remote address:
                                88.221.83.233:443
                                Request
                                GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
                                host: www.bing.com
                                accept: */*
                                cookie: MUID=3283E9F0469761902CF1FD64477760E6; _EDGE_S=SID=22052619738E683B01CB328D72F76925; MSPTC=K9xe48fLNdMVNOyXknsSqkFSNLLV6_xVXd59SAdcbH4; MUIDB=3283E9F0469761902CF1FD64477760E6
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-type: image/png
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                content-length: 1107
                                date: Tue, 04 Jun 2024 11:04:58 GMT
                                alt-svc: h3=":443"; ma=93600
                                x-cdn-traceid: 0.e553dd58.1717499098.38b1d5dc
                              • flag-us
                                DNS
                                209.205.72.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                209.205.72.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                58.55.71.13.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                58.55.71.13.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                58.55.71.13.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                58.55.71.13.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                103.169.127.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                103.169.127.40.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                103.169.127.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                103.169.127.40.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                103.169.127.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                103.169.127.40.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                103.169.127.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                103.169.127.40.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                103.169.127.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                103.169.127.40.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                206.23.85.13.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                206.23.85.13.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                144.107.17.2.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                144.107.17.2.in-addr.arpa
                                IN PTR
                                Response
                                144.107.17.2.in-addr.arpa
                                IN PTR
                                a2-17-107-144deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                tse1.mm.bing.net
                                Remote address:
                                8.8.8.8:53
                                Request
                                tse1.mm.bing.net
                                IN A
                                Response
                                tse1.mm.bing.net
                                IN CNAME
                                mm-mm.bing.net.trafficmanager.net
                                mm-mm.bing.net.trafficmanager.net
                                IN CNAME
                                dual-a-0001.a-msedge.net
                                dual-a-0001.a-msedge.net
                                IN A
                                204.79.197.200
                                dual-a-0001.a-msedge.net
                                IN A
                                13.107.21.200
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 637660
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 48DF66F98E0F4FD78D03C09879D50D76 Ref B: LON04EDGE1114 Ref C: 2024-06-04T11:06:19Z
                                date: Tue, 04 Jun 2024 11:06:18 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 835660
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 06848E74083B44FE9EBD17E61FD3D650 Ref B: LON04EDGE1114 Ref C: 2024-06-04T11:06:19Z
                                date: Tue, 04 Jun 2024 11:06:18 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 634564
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: AF6D9B87217C4165B4B8338BE150DA11 Ref B: LON04EDGE1114 Ref C: 2024-06-04T11:06:19Z
                                date: Tue, 04 Jun 2024 11:06:18 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 682798
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: FFC8FE7BE2C04821B0C9DEF0817A2D69 Ref B: LON04EDGE1114 Ref C: 2024-06-04T11:06:19Z
                                date: Tue, 04 Jun 2024 11:06:18 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 770657
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 0EBC0AAA978A4DFC9B5CA87726CC9C45 Ref B: LON04EDGE1114 Ref C: 2024-06-04T11:06:19Z
                                date: Tue, 04 Jun 2024 11:06:18 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 664406
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 3BA2FD7933C44B589734BC057B157D5D Ref B: LON04EDGE1114 Ref C: 2024-06-04T11:06:20Z
                                date: Tue, 04 Jun 2024 11:06:19 GMT
                              • flag-us
                                DNS
                                200.197.79.204.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                200.197.79.204.in-addr.arpa
                                IN PTR
                                Response
                                200.197.79.204.in-addr.arpa
                                IN PTR
                                a-0001a-msedgenet
                              • flag-us
                                DNS
                                3.173.189.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                3.173.189.20.in-addr.arpa
                                IN PTR
                                Response
                              • 185.117.169.232:80
                                http://workwear-shop.ch/counter.php
                                http
                                msedge.exe
                                833 B
                                630 B
                                8
                                6

                                HTTP Request

                                GET http://workwear-shop.ch/counter.php

                                HTTP Response

                                301
                              • 185.117.169.232:80
                                workwear-shop.ch
                                msedge.exe
                                288 B
                                184 B
                                6
                                4
                              • 185.117.169.232:443
                                https://workwear-shop.ch/counter.php
                                tls, http2
                                msedge.exe
                                1.8kB
                                4.9kB
                                14
                                15

                                HTTP Request

                                GET https://workwear-shop.ch/counter.php

                                HTTP Response

                                404
                              • 204.79.197.237:443
                                https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XEmWtMK4qtf4LiMrmuwaqTVUCUwQfMJooFvWyLoJSr1bPvNsjdR3Z5h-aeer08-DeVn3bv3PiQB-CtTs6XYqTLjdPekyBCX2LLXjB5WGM7ZcnYTKiT6ft95WjucZaEENKnnvonGvEltFAA7itq3gGJW-XacyF1RsRops-j2sMMKd3cV8%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D7cbe7cf12f681b3af7f51aca740fa5b0&TIME=20240508T110126Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB
                                tls, http2
                                2.5kB
                                9.0kB
                                20
                                17

                                HTTP Request

                                GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XEmWtMK4qtf4LiMrmuwaqTVUCUwQfMJooFvWyLoJSr1bPvNsjdR3Z5h-aeer08-DeVn3bv3PiQB-CtTs6XYqTLjdPekyBCX2LLXjB5WGM7ZcnYTKiT6ft95WjucZaEENKnnvonGvEltFAA7itq3gGJW-XacyF1RsRops-j2sMMKd3cV8%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D7cbe7cf12f681b3af7f51aca740fa5b0&TIME=20240508T110126Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB

                                HTTP Response

                                204

                                HTTP Request

                                GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XEmWtMK4qtf4LiMrmuwaqTVUCUwQfMJooFvWyLoJSr1bPvNsjdR3Z5h-aeer08-DeVn3bv3PiQB-CtTs6XYqTLjdPekyBCX2LLXjB5WGM7ZcnYTKiT6ft95WjucZaEENKnnvonGvEltFAA7itq3gGJW-XacyF1RsRops-j2sMMKd3cV8%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D7cbe7cf12f681b3af7f51aca740fa5b0&TIME=20240508T110126Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB

                                HTTP Response

                                204
                              • 88.221.83.233:443
                                https://www.bing.com/aes/c.gif?RG=0387016ed1e147f29bac31e7f50f0dd3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T110126Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981
                                tls, http2
                                1.6kB
                                8.1kB
                                19
                                14

                                HTTP Request

                                GET https://www.bing.com/aes/c.gif?RG=0387016ed1e147f29bac31e7f50f0dd3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T110126Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981

                                HTTP Response

                                200
                              • 88.221.83.233:443
                                https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                                tls, http2
                                1.7kB
                                6.4kB
                                18
                                12

                                HTTP Request

                                GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

                                HTTP Response

                                200
                              • 204.79.197.200:443
                                tse1.mm.bing.net
                                tls, http2
                                1.2kB
                                8.1kB
                                16
                                14
                              • 204.79.197.200:443
                                tse1.mm.bing.net
                                tls, http2
                                1.2kB
                                8.1kB
                                16
                                14
                              • 204.79.197.200:443
                                tse1.mm.bing.net
                                tls, http2
                                1.2kB
                                8.1kB
                                16
                                14
                              • 204.79.197.200:443
                                https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                tls, http2
                                148.8kB
                                4.4MB
                                3176
                                3170

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                HTTP Response

                                200
                              • 204.79.197.200:443
                                tse1.mm.bing.net
                                tls, http2
                                1.2kB
                                8.1kB
                                16
                                14
                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                66 B
                                90 B
                                1
                                1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                workwear-shop.ch
                                dns
                                msedge.exe
                                62 B
                                78 B
                                1
                                1

                                DNS Request

                                workwear-shop.ch

                                DNS Response

                                185.117.169.232

                              • 8.8.8.8:53
                                228.249.119.40.in-addr.arpa
                                dns
                                73 B
                                159 B
                                1
                                1

                                DNS Request

                                228.249.119.40.in-addr.arpa

                              • 8.8.8.8:53
                                23.177.190.20.in-addr.arpa
                                dns
                                144 B
                                158 B
                                2
                                1

                                DNS Request

                                23.177.190.20.in-addr.arpa

                                DNS Request

                                23.177.190.20.in-addr.arpa

                              • 8.8.8.8:53
                                172.210.232.199.in-addr.arpa
                                dns
                                148 B
                                128 B
                                2
                                1

                                DNS Request

                                172.210.232.199.in-addr.arpa

                                DNS Request

                                172.210.232.199.in-addr.arpa

                              • 8.8.8.8:53
                                232.169.117.185.in-addr.arpa
                                dns
                                74 B
                                112 B
                                1
                                1

                                DNS Request

                                232.169.117.185.in-addr.arpa

                              • 8.8.8.8:53
                                g.bing.com
                                dns
                                56 B
                                151 B
                                1
                                1

                                DNS Request

                                g.bing.com

                                DNS Response

                                204.79.197.237
                                13.107.21.237

                              • 224.0.0.251:5353
                                522 B
                                8
                              • 8.8.8.8:53
                                233.83.221.88.in-addr.arpa
                                dns
                                144 B
                                137 B
                                2
                                1

                                DNS Request

                                233.83.221.88.in-addr.arpa

                                DNS Request

                                233.83.221.88.in-addr.arpa

                              • 8.8.8.8:53
                                237.197.79.204.in-addr.arpa
                                dns
                                292 B
                                143 B
                                4
                                1

                                DNS Request

                                237.197.79.204.in-addr.arpa

                                DNS Request

                                237.197.79.204.in-addr.arpa

                                DNS Request

                                237.197.79.204.in-addr.arpa

                                DNS Request

                                237.197.79.204.in-addr.arpa

                              • 8.8.8.8:53
                                209.205.72.20.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                209.205.72.20.in-addr.arpa

                              • 8.8.8.8:53
                                58.55.71.13.in-addr.arpa
                                dns
                                140 B
                                144 B
                                2
                                1

                                DNS Request

                                58.55.71.13.in-addr.arpa

                                DNS Request

                                58.55.71.13.in-addr.arpa

                              • 8.8.8.8:53
                                103.169.127.40.in-addr.arpa
                                dns
                                365 B
                                147 B
                                5
                                1

                                DNS Request

                                103.169.127.40.in-addr.arpa

                                DNS Request

                                103.169.127.40.in-addr.arpa

                                DNS Request

                                103.169.127.40.in-addr.arpa

                                DNS Request

                                103.169.127.40.in-addr.arpa

                                DNS Request

                                103.169.127.40.in-addr.arpa

                              • 8.8.8.8:53
                                206.23.85.13.in-addr.arpa
                                dns
                                71 B
                                145 B
                                1
                                1

                                DNS Request

                                206.23.85.13.in-addr.arpa

                              • 8.8.8.8:53
                                144.107.17.2.in-addr.arpa
                                dns
                                71 B
                                135 B
                                1
                                1

                                DNS Request

                                144.107.17.2.in-addr.arpa

                              • 8.8.8.8:53
                                tse1.mm.bing.net
                                dns
                                62 B
                                173 B
                                1
                                1

                                DNS Request

                                tse1.mm.bing.net

                                DNS Response

                                204.79.197.200
                                13.107.21.200

                              • 8.8.8.8:53
                                200.197.79.204.in-addr.arpa
                                dns
                                73 B
                                106 B
                                1
                                1

                                DNS Request

                                200.197.79.204.in-addr.arpa

                              • 8.8.8.8:53
                                3.173.189.20.in-addr.arpa
                                dns
                                71 B
                                157 B
                                1
                                1

                                DNS Request

                                3.173.189.20.in-addr.arpa

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                f61fa5143fe872d1d8f1e9f8dc6544f9

                                SHA1

                                df44bab94d7388fb38c63085ec4db80cfc5eb009

                                SHA256

                                284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

                                SHA512

                                971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                87f7abeb82600e1e640b843ad50fe0a1

                                SHA1

                                045bbada3f23fc59941bf7d0210fb160cb78ae87

                                SHA256

                                b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

                                SHA512

                                ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                184B

                                MD5

                                7d2c9ae18b0172d6634e0e1cbe142c1f

                                SHA1

                                233d2d0b041e89322451831b888d70daefb0b0c6

                                SHA256

                                9f5d5dfeb6f4b3987cd7329248f26da6f63cbd6450705667c30a7ac263738437

                                SHA512

                                d2814b24afb23d515ddc3e9a5a72535980b6289bd38fa390387988e85490e8b7812f0b834a0834ea4805cfe4d561f03146d83d1f00ae110e88aca6de0b36d10f

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                75fbe7ff25d611d1eae2ca0c3bfc78f6

                                SHA1

                                e3380c1a0685bd44990ad29227b6dad98cdb7e9b

                                SHA256

                                6874fbf9a122b847057ca56ad6014dff415479aee1c47745ad4a51e0807b562a

                                SHA512

                                e7edd3141091793e80c804673d69f50e2ff9711143ac6e560f1c8ea9be273b1ef03c691d821e56413610d56d26d391fc19255c6cc9fdddfe38b92f6f0c2c2c4b

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                a94390da6847fd0503246b64208e9a02

                                SHA1

                                3c5814a34e305851cd0702b8724fb771d54754c7

                                SHA256

                                57a3c8c2853116cc8f5688931243dcd0c6a17e47b3d4317d6cc15dc7e2f12f56

                                SHA512

                                219e87ab602b0f2fc2584f5e61b001bf6b2b48213e91bf7e5b27405130e64f325b671098d2955beb74f1bd918b727b95b6ad60091d67ab86e0cea470e7c3eb0b

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                206702161f94c5cd39fadd03f4014d98

                                SHA1

                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                SHA256

                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                SHA512

                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                46295cac801e5d4857d09837238a6394

                                SHA1

                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                SHA256

                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                SHA512

                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                Filesize

                                11KB

                                MD5

                                1f75f2af1c2846c87bb8548f3363b2fb

                                SHA1

                                4cb861bf6a87d3b4daf743d5b1e57f57814b976c

                                SHA256

                                7f541e615f2f0f4b2783ba6f5d108c3cd5d05320e8a305732285cb810c79d5b2

                                SHA512

                                79a11a11b9bf94df2e3d074b67d756b1b1b31da62fc2654baf5a5aaf427176762856d77ac84b5757d58ae6c908bd6e2f3729a56d7472b77e7046732888f55475

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.