Overview

overview

1

Static

static

1

a55cebaa40...8.html

windows7-x64

1

a55cebaa40...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 11:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a55cebaa40521e7c44301cbf7aee7cb5_JaffaCakes118.html

  • Size

    116KB

  • MD5

    a55cebaa40521e7c44301cbf7aee7cb5

  • SHA1

    5d96ea2abed64bd664530a8893f42e4519bbee1a

  • SHA256

    a3004bfb535c3c90f964f28446bd3daeae8ec49745ba771c069a6b01c849cdba

  • SHA512

    c0808956bd486b182ab2d51410213fd46847cca680e460e4763ab9773def3c4d02e83a21e761893a563eb85bdf5ab1c6b0f7a03e7510cff7346e45cbac0e3b29

  • SSDEEP

    1536:SPzH/ehAflyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTs:SPgAflyfkMY+BES09JXAnyrZalI+YQ

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a55cebaa40521e7c44301cbf7aee7cb5_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1892
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe103746f8,0x7ffe10374708,0x7ffe10374718
      2⤵
        PID:748
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,6601271943126238957,14583239932396612670,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
        2⤵
          PID:2060
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,6601271943126238957,14583239932396612670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3120
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,6601271943126238957,14583239932396612670,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
          2⤵
            PID:1092
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6601271943126238957,14583239932396612670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
            2⤵
              PID:2896
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6601271943126238957,14583239932396612670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
              2⤵
                PID:4432
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,6601271943126238957,14583239932396612670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8
                2⤵
                  PID:2224
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,6601271943126238957,14583239932396612670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4196
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6601271943126238957,14583239932396612670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
                  2⤵
                    PID:764
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6601271943126238957,14583239932396612670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
                    2⤵
                      PID:1256
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6601271943126238957,14583239932396612670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
                      2⤵
                        PID:1624
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,6601271943126238957,14583239932396612670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
                        2⤵
                          PID:4916
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,6601271943126238957,14583239932396612670,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4020
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2136
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4336

                          Network

                          • flag-us
                            DNS
                            8.8.8.8.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            Response
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            dnsgoogle
                          • flag-us
                            DNS
                            75.159.190.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            75.159.190.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            88.210.23.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            88.210.23.2.in-addr.arpa
                            IN PTR
                            Response
                            88.210.23.2.in-addr.arpa
                            IN PTR
                            a2-23-210-88deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            g.bing.com
                            Remote address:
                            8.8.8.8:53
                            Request
                            g.bing.com
                            IN A
                            Response
                            g.bing.com
                            IN CNAME
                            g-bing-com.dual-a-0034.a-msedge.net
                            g-bing-com.dual-a-0034.a-msedge.net
                            IN CNAME
                            dual-a-0034.a-msedge.net
                            dual-a-0034.a-msedge.net
                            IN A
                            204.79.197.237
                            dual-a-0034.a-msedge.net
                            IN A
                            13.107.21.237
                          • flag-us
                            GET
                            https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De83CNWfwzU_re9L-5FTW-RLTVUCUx2iBfXvV8x3mx9f89QRR9yU9MlkWe6zszJfLodrvnDEVXFHommTigT5Ev6CLntrj1xn6oM7NjnkHMJ0bO2CpAs1-mXajJMwrGBM3DkQDgzSpJ4O5G2QLfB4kzbR1Mbo-n4AGzfSlT1VcKH67WUDtSM%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Da6c31b2ba2101b230a987d436c51e4a1&TIME=20240611T222329Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B
                            Remote address:
                            204.79.197.237:443
                            Request
                            GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De83CNWfwzU_re9L-5FTW-RLTVUCUx2iBfXvV8x3mx9f89QRR9yU9MlkWe6zszJfLodrvnDEVXFHommTigT5Ev6CLntrj1xn6oM7NjnkHMJ0bO2CpAs1-mXajJMwrGBM3DkQDgzSpJ4O5G2QLfB4kzbR1Mbo-n4AGzfSlT1VcKH67WUDtSM%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Da6c31b2ba2101b230a987d436c51e4a1&TIME=20240611T222329Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B HTTP/2.0
                            host: g.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            Response
                            HTTP/2.0 204
                            cache-control: no-cache, must-revalidate
                            pragma: no-cache
                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                            set-cookie: MUID=38A05BEA91C860C13BB14F77902861FF; domain=.bing.com; expires=Tue, 08-Jul-2025 11:45:14 GMT; path=/; SameSite=None; Secure; Priority=High;
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            access-control-allow-origin: *
                            x-cache: CONFIG_NOCACHE
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: B8D4F29767BA439BA0632ABCC8A1F98B Ref B: LON04EDGE1211 Ref C: 2024-06-13T11:45:14Z
                            date: Thu, 13 Jun 2024 11:45:14 GMT
                          • flag-us
                            GET
                            https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De83CNWfwzU_re9L-5FTW-RLTVUCUx2iBfXvV8x3mx9f89QRR9yU9MlkWe6zszJfLodrvnDEVXFHommTigT5Ev6CLntrj1xn6oM7NjnkHMJ0bO2CpAs1-mXajJMwrGBM3DkQDgzSpJ4O5G2QLfB4kzbR1Mbo-n4AGzfSlT1VcKH67WUDtSM%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Da6c31b2ba2101b230a987d436c51e4a1&TIME=20240611T222329Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B
                            Remote address:
                            204.79.197.237:443
                            Request
                            GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De83CNWfwzU_re9L-5FTW-RLTVUCUx2iBfXvV8x3mx9f89QRR9yU9MlkWe6zszJfLodrvnDEVXFHommTigT5Ev6CLntrj1xn6oM7NjnkHMJ0bO2CpAs1-mXajJMwrGBM3DkQDgzSpJ4O5G2QLfB4kzbR1Mbo-n4AGzfSlT1VcKH67WUDtSM%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Da6c31b2ba2101b230a987d436c51e4a1&TIME=20240611T222329Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B HTTP/2.0
                            host: g.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            cookie: MUID=38A05BEA91C860C13BB14F77902861FF; _EDGE_S=SID=140BB07BA70062D81705A4E6A6AA6341
                            Response
                            HTTP/2.0 204
                            cache-control: no-cache, must-revalidate
                            pragma: no-cache
                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                            set-cookie: MSPTC=futsSkIuIY6lGi1PMYYTlMCvHBDMkPrVP4nxmJaka9Y; domain=.bing.com; expires=Tue, 08-Jul-2025 11:45:15 GMT; path=/; Partitioned; secure; SameSite=None
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            access-control-allow-origin: *
                            x-cache: CONFIG_NOCACHE
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 203C1E6B3B714E3FA99A8542664FC731 Ref B: LON04EDGE1211 Ref C: 2024-06-13T11:45:15Z
                            date: Thu, 13 Jun 2024 11:45:14 GMT
                          • flag-nl
                            GET
                            https://www.bing.com/aes/c.gif?RG=2e5e0f8cc5d44fdbaf2648fd90eb1979&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T222329Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525
                            Remote address:
                            23.62.61.99:443
                            Request
                            GET /aes/c.gif?RG=2e5e0f8cc5d44fdbaf2648fd90eb1979&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T222329Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525 HTTP/2.0
                            host: www.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            cookie: MUID=38A05BEA91C860C13BB14F77902861FF
                            Response
                            HTTP/2.0 200
                            cache-control: private,no-store
                            pragma: no-cache
                            vary: Origin
                            p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 25E7FFE87F5548C68BF643CBF9D2C509 Ref B: DUS30EDGE0816 Ref C: 2024-06-13T11:45:14Z
                            content-length: 0
                            date: Thu, 13 Jun 2024 11:45:15 GMT
                            set-cookie: _EDGE_S=SID=140BB07BA70062D81705A4E6A6AA6341; path=/; httponly; domain=bing.com
                            set-cookie: MUIDB=38A05BEA91C860C13BB14F77902861FF; path=/; httponly; expires=Tue, 08-Jul-2025 11:45:15 GMT
                            alt-svc: h3=":443"; ma=93600
                            x-cdn-traceid: 0.5f3d3e17.1718279114.d935a16
                          • flag-nl
                            GET
                            https://www.bing.com/th?id=OADD2.10239368184744_14DPBWVU0KKOKDZ8E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90
                            Remote address:
                            23.62.61.99:443
                            Request
                            GET /th?id=OADD2.10239368184744_14DPBWVU0KKOKDZ8E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90 HTTP/2.0
                            host: www.bing.com
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-type: image/png
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            content-length: 5773
                            date: Thu, 13 Jun 2024 11:45:14 GMT
                            alt-svc: h3=":443"; ma=93600
                            x-cdn-traceid: 0.5f3d3e17.1718279114.d935a24
                          • flag-us
                            DNS
                            237.197.79.204.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            237.197.79.204.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            99.61.62.23.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            99.61.62.23.in-addr.arpa
                            IN PTR
                            Response
                            99.61.62.23.in-addr.arpa
                            IN PTR
                            a23-62-61-99deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            86.23.85.13.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            86.23.85.13.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            18.31.95.13.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            18.31.95.13.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            172.210.232.199.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            172.210.232.199.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            14.173.189.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            14.173.189.20.in-addr.arpa
                            IN PTR
                          • 204.79.197.237:443
                            https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De83CNWfwzU_re9L-5FTW-RLTVUCUx2iBfXvV8x3mx9f89QRR9yU9MlkWe6zszJfLodrvnDEVXFHommTigT5Ev6CLntrj1xn6oM7NjnkHMJ0bO2CpAs1-mXajJMwrGBM3DkQDgzSpJ4O5G2QLfB4kzbR1Mbo-n4AGzfSlT1VcKH67WUDtSM%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Da6c31b2ba2101b230a987d436c51e4a1&TIME=20240611T222329Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B
                            tls, http2
                            2.5kB
                             9.0kB
                             19
                            17

                            HTTP Request

                            GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De83CNWfwzU_re9L-5FTW-RLTVUCUx2iBfXvV8x3mx9f89QRR9yU9MlkWe6zszJfLodrvnDEVXFHommTigT5Ev6CLntrj1xn6oM7NjnkHMJ0bO2CpAs1-mXajJMwrGBM3DkQDgzSpJ4O5G2QLfB4kzbR1Mbo-n4AGzfSlT1VcKH67WUDtSM%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Da6c31b2ba2101b230a987d436c51e4a1&TIME=20240611T222329Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

                            HTTP Response

                            204

                            HTTP Request

                            GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De83CNWfwzU_re9L-5FTW-RLTVUCUx2iBfXvV8x3mx9f89QRR9yU9MlkWe6zszJfLodrvnDEVXFHommTigT5Ev6CLntrj1xn6oM7NjnkHMJ0bO2CpAs1-mXajJMwrGBM3DkQDgzSpJ4O5G2QLfB4kzbR1Mbo-n4AGzfSlT1VcKH67WUDtSM%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Da6c31b2ba2101b230a987d436c51e4a1&TIME=20240611T222329Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

                            HTTP Response

                            204
                          • 23.62.61.99:443
                            https://www.bing.com/aes/c.gif?RG=2e5e0f8cc5d44fdbaf2648fd90eb1979&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T222329Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525
                            tls, http2
                            1.4kB
                             5.3kB
                             16
                            11

                            HTTP Request

                            GET https://www.bing.com/aes/c.gif?RG=2e5e0f8cc5d44fdbaf2648fd90eb1979&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T222329Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525

                            HTTP Response

                            200
                          • 23.62.61.99:443
                            https://www.bing.com/th?id=OADD2.10239368184744_14DPBWVU0KKOKDZ8E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90
                            tls, http2
                            1.6kB
                             11.1kB
                             20
                            15

                            HTTP Request

                            GET https://www.bing.com/th?id=OADD2.10239368184744_14DPBWVU0KKOKDZ8E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90

                            HTTP Response

                            200
                          • 8.8.8.8:53
                            8.8.8.8.in-addr.arpa
                            dns
                            66 B
                             90 B
                             1
                            1

                            DNS Request

                            8.8.8.8.in-addr.arpa

                          • 8.8.8.8:53
                            75.159.190.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            75.159.190.20.in-addr.arpa

                          • 8.8.8.8:53
                            88.210.23.2.in-addr.arpa
                            dns
                            70 B
                             133 B
                             1
                            1

                            DNS Request

                            88.210.23.2.in-addr.arpa

                          • 8.8.8.8:53
                            g.bing.com
                            dns
                            56 B
                             151 B
                             1
                            1

                            DNS Request

                            g.bing.com

                            DNS Response

                            204.79.197.237
                            13.107.21.237

                          • 8.8.8.8:53
                            237.197.79.204.in-addr.arpa
                            dns
                            73 B
                             143 B
                             1
                            1

                            DNS Request

                            237.197.79.204.in-addr.arpa

                          • 224.0.0.251:5353
                            588 B
                             9
                          • 8.8.8.8:53
                            99.61.62.23.in-addr.arpa
                            dns
                            70 B
                             133 B
                             1
                            1

                            DNS Request

                            99.61.62.23.in-addr.arpa

                          • 8.8.8.8:53
                            86.23.85.13.in-addr.arpa
                            dns
                            70 B
                             144 B
                             1
                            1

                            DNS Request

                            86.23.85.13.in-addr.arpa

                          • 8.8.8.8:53
                            18.31.95.13.in-addr.arpa
                            dns
                            70 B
                             144 B
                             1
                            1

                            DNS Request

                            18.31.95.13.in-addr.arpa

                          • 8.8.8.8:53
                            172.210.232.199.in-addr.arpa
                            dns
                            74 B
                             128 B
                             1
                            1

                            DNS Request

                            172.210.232.199.in-addr.arpa

                          • 8.8.8.8:53
                            14.173.189.20.in-addr.arpa
                            dns
                            72 B
                             1

                            DNS Request

                            14.173.189.20.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            477462b6ad8eaaf8d38f5e3a4daf17b0

                            SHA1

                            86174e670c44767c08a39cc2a53c09c318326201

                            SHA256

                            e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

                            SHA512

                            a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            b704c9ca0493bd4548ac9c69dc4a4f27

                            SHA1

                            a3e5e54e630dabe55ca18a798d9f5681e0620ba7

                            SHA256

                            2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

                            SHA512

                            69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            9a6340e989233868d1ff94b2504fd0c8

                            SHA1

                            74aded3e680acaca46ab434264cf2b2e5a68cd91

                            SHA256

                            21281b24f8a282f16ec6a841e275eede8f1fde6b5bbf7a842a3aa5465f400e93

                            SHA512

                            bfaad12622674a6be4d05cdba3c967469f5bb1cccd4ba150b88e1a9b638a26c8053f03d25a5bc5c884af772b3c3795cf7f9bd53a5a4d5e60335bc06644e2a2c4

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            c5194e08ff6305709adcbc71cc11cdd8

                            SHA1

                            3268039c4d50cd989a9924f3caeec25e53a1c802

                            SHA256

                            f96282d15ea2a3a73979d10526e6fe935734151c72a953d54cca893720f54130

                            SHA512

                            7cabc6711cde7e031b620689937fc7047a1a46f36199fee2fa7b18ed667f20bcf57f4ff36544fb663304867dd8c934b9f3fbaea79910912b221e1ba1a8b6334a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            a2a3cfe0be9c615a48030044960d9c47

                            SHA1

                            2544722a174bb1b5320089bfa67a42e077e8c80d

                            SHA256

                            ea6fbbf061bc901af24d1dcbace9771d99e102c54966ac1f6cc4b4e90c628e7d

                            SHA512

                            f4c5991b2849e9fdff5db4a36262a20f863682832b97d204f2e4419166d73ac4ce148262fa3665c4e019c419c0b555480c53b3b81cd5684233fa256958365160

                            Download Submit

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.