Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
480s -
max time network
486s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
15/06/2024, 11:48 UTC
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1249802526723801153/1251236310543499324/IDA_6.8.rar?ex=666e80df&is=666d2f5f&hm=193b83b6917265bfe2b0468dc0c8334d625141195315d0bab48300afa46a22b2&
Resource
win10v2004-20240611-en
General
-
Target
https://cdn.discordapp.com/attachments/1249802526723801153/1251236310543499324/IDA_6.8.rar?ex=666e80df&is=666d2f5f&hm=193b83b6917265bfe2b0468dc0c8334d625141195315d0bab48300afa46a22b2&
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4236 msedge.exe 4236 msedge.exe 2372 msedge.exe 2372 msedge.exe 2424 identity_helper.exe 2424 identity_helper.exe 3820 msedge.exe 3820 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe -
Suspicious use of FindShellTrayWindow 60 IoCs
pid Process 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2372 wrote to memory of 3972 2372 msedge.exe 82 PID 2372 wrote to memory of 3972 2372 msedge.exe 82 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4236 2372 msedge.exe 84 PID 2372 wrote to memory of 4236 2372 msedge.exe 84 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1249802526723801153/1251236310543499324/IDA_6.8.rar?ex=666e80df&is=666d2f5f&hm=193b83b6917265bfe2b0468dc0c8334d625141195315d0bab48300afa46a22b2&1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2372 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaac6e46f8,0x7ffaac6e4708,0x7ffaac6e47182⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:82⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:82⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵PID:1088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:12⤵PID:316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵PID:664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:4276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5876 /prefetch:82⤵PID:2540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4664 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:920
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4960
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5088
Network
-
Remote address:8.8.8.8:53Requestcdn.discordapp.comIN AResponsecdn.discordapp.comIN A162.159.135.233cdn.discordapp.comIN A162.159.133.233cdn.discordapp.comIN A162.159.129.233cdn.discordapp.comIN A162.159.130.233cdn.discordapp.comIN A162.159.134.233
-
GEThttps://cdn.discordapp.com/attachments/1249802526723801153/1251236310543499324/IDA_6.8.rar?ex=666e80df&is=666d2f5f&hm=193b83b6917265bfe2b0468dc0c8334d625141195315d0bab48300afa46a22b2&msedge.exeRemote address:162.159.135.233:443RequestGET /attachments/1249802526723801153/1251236310543499324/IDA_6.8.rar?ex=666e80df&is=666d2f5f&hm=193b83b6917265bfe2b0468dc0c8334d625141195315d0bab48300afa46a22b2& HTTP/2.0
host: cdn.discordapp.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/vnd.rar
content-length: 149676344
cf-ray: 894270371e3a94e1-LHR
cf-cache-status: HIT
accept-ranges: bytes, bytes
age: 979
cache-control: public, max-age=31536000
content-disposition: attachment; filename="IDA_6.8.rar"
etag: "f50255e4fc963721fc432ac1bb8ce1f1"
expires: Sun, 15 Jun 2025 12:07:11 GMT
last-modified: Fri, 14 Jun 2024 18:06:23 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1718388383365336
x-goog-hash: crc32c=Befwsg==
x-goog-hash: md5=9QJV5PyWNyH8QyrBu4zh8Q==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 149676344
x-guploader-uploadid: ABPtcPrSIefpmFqUMtDZtXULW1MaXyJu1ZXPFvN2_ycPywGJBSXQN6CXMxTuyV_JJ-AbqFRrCoA
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
set-cookie: __cf_bm=TZbKVCSykTtIph16nJdbDXeWMgpfNRGSVT1G47ehIMU-1718453231-1.0.1.1-beozRX14cVpUYReF3MFHD9OZ486H.59PdbehQWi29l3GFRE4.u2l4rymwLUgAwT.NpiBgakjhK4BIqd5O90GKg; path=/; expires=Sat, 15-Jun-24 12:37:11 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hLUtXkwsDgS9%2FR9f761Xx02txOVkGjmTFYRWOeMjSb%2BJI2x48qJlQ3gE91MKyaT%2B4tChZZqMNLtpio9bOxZU8CnoBfTyIFXmjNu0m9ivCkQzeutDmhbL4oOcZUsacpA5pV17TA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=iPQzRfZkeTB.nhl8Lo3ja3t47Jx1hl_juIiBKQED8tU-1718453231255-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
-
Remote address:8.8.8.8:53Request0.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request0.159.190.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request0.159.190.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request233.135.159.162.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A13.107.21.237dual-a-0034.a-msedge.netIN A204.79.197.237
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2Remote address:13.107.21.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=34482327FC3E637D014D37B8FD19628B; domain=.bing.com; expires=Thu, 10-Jul-2025 12:07:20 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D306C599CA534EC697B02B81048DB962 Ref B: LON04EDGE0707 Ref C: 2024-06-15T12:07:20Z
date: Sat, 15 Jun 2024 12:07:20 GMT
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2Remote address:13.107.21.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=34482327FC3E637D014D37B8FD19628B; _EDGE_S=SID=06573BFBBBFD6A5C0D712F64BA846B2C
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=sdW3CgAtUqAFjqBkDKz9G8OrzQz33CFYw3GFcQQ0ids; domain=.bing.com; expires=Thu, 10-Jul-2025 12:07:20 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 669D4179E5534EB6B13B7EB564CD98D3 Ref B: LON04EDGE0707 Ref C: 2024-06-15T12:07:20Z
date: Sat, 15 Jun 2024 12:07:20 GMT
-
Remote address:8.8.8.8:53Request237.21.107.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTR
-
GEThttps://www.bing.com/aes/c.gif?RG=1aefeda892394909881c8881c0d58274&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194453Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373Remote address:23.62.61.97:443RequestGET /aes/c.gif?RG=1aefeda892394909881c8881c0d58274&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194453Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=34482327FC3E637D014D37B8FD19628B
ResponseHTTP/2.0 200
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5963B6B28E614C40B5A4B79BF3D81944 Ref B: LON212050704017 Ref C: 2024-06-15T12:07:20Z
content-length: 0
date: Sat, 15 Jun 2024 12:07:20 GMT
set-cookie: _EDGE_S=SID=06573BFBBBFD6A5C0D712F64BA846B2C; path=/; httponly; domain=bing.com
set-cookie: MUIDB=34482327FC3E637D014D37B8FD19628B; path=/; httponly; expires=Thu, 10-Jul-2025 12:07:20 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.5d3d3e17.1718453240.158043b
-
Remote address:8.8.8.8:53Request97.61.62.23.in-addr.arpaIN PTRResponse97.61.62.23.in-addr.arpaIN PTRa23-62-61-97deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request157.123.68.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request56.126.166.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request57.15.31.184.in-addr.arpaIN PTRResponse57.15.31.184.in-addr.arpaIN PTRa184-31-15-57deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request0.205.248.87.in-addr.arpaIN PTRResponse0.205.248.87.in-addr.arpaIN PTRhttps-87-248-205-0lgwllnwnet
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request144.107.17.2.in-addr.arpaIN PTRResponse144.107.17.2.in-addr.arpaIN PTRa2-17-107-144deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request11.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request210.143.182.52.in-addr.arpaIN PTRResponse
-
162.159.135.233:443https://cdn.discordapp.com/attachments/1249802526723801153/1251236310543499324/IDA_6.8.rar?ex=666e80df&is=666d2f5f&hm=193b83b6917265bfe2b0468dc0c8334d625141195315d0bab48300afa46a22b2&tls, http2msedge.exe6.3MB 160.8MB 100003 115380
HTTP Request
GET https://cdn.discordapp.com/attachments/1249802526723801153/1251236310543499324/IDA_6.8.rar?ex=666e80df&is=666d2f5f&hm=193b83b6917265bfe2b0468dc0c8334d625141195315d0bab48300afa46a22b2&HTTP Response
200 -
13.107.21.237:443https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2tls, http22.6kB 10.4kB 20 18
HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2HTTP Response
204 -
23.62.61.97:443https://www.bing.com/aes/c.gif?RG=1aefeda892394909881c8881c0d58274&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194453Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373tls, http21.5kB 5.4kB 17 12
HTTP Request
GET https://www.bing.com/aes/c.gif?RG=1aefeda892394909881c8881c0d58274&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194453Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373HTTP Response
200
-
64 B 144 B 1 1
DNS Request
cdn.discordapp.com
DNS Response
162.159.135.233162.159.133.233162.159.129.233162.159.130.233162.159.134.233
-
586 B 9
-
213 B 157 B 3 1
DNS Request
0.159.190.20.in-addr.arpa
DNS Request
0.159.190.20.in-addr.arpa
DNS Request
0.159.190.20.in-addr.arpa
-
74 B 136 B 1 1
DNS Request
233.135.159.162.in-addr.arpa
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
13.107.21.237204.79.197.237
-
72 B 158 B 1 1
DNS Request
237.21.107.13.in-addr.arpa
-
148 B 128 B 2 1
DNS Request
172.214.232.199.in-addr.arpa
DNS Request
172.214.232.199.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
97.61.62.23.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
157.123.68.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
56.126.166.20.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
57.15.31.184.in-addr.arpa
-
71 B 116 B 1 1
DNS Request
0.205.248.87.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
144.107.17.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
11.227.111.52.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
210.143.182.52.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
Filesize
186B
MD5094ab275342c45551894b7940ae9ad0d
SHA12e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e
SHA256ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3
SHA51219d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d
-
Filesize
6KB
MD53347a05ced18a0dfdc35a569ff6ecb93
SHA1407316ad05e877598a5be7e2636c509f8e82f92b
SHA2562b01fd5c0dfd960c0bde7249eef9929f202231de784dabd2e4402f715b34f217
SHA512eb68d67750dac9068bd4800c54030fc9c8758811944f72bdd7cda876b51cb78467dc86736dc7099361772914b67db85283afe91e2774afdb2a0b0781bdc2cd0e
-
Filesize
6KB
MD52b03eb53c9028f012943efe637264f84
SHA1cccad416add4952797803188b858a1868fef74bd
SHA256dce90cb15c86f2c585f56205075444dcc28e7356cf7e385de50e98c87b9c239b
SHA512842d594fbcbc95f78ed4da6fbfa47b0dddf9be52dabd0fe631ffcd97e465573aa505b57e87b80879fcf924f1ec708fe0c10f336c94e172d5b94e785283d99079
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD591491d874e54d0cf629f8b0f6a8943b1
SHA1bad69a47cdf6fec4ae503ff1747d16aecb8ac025
SHA25634d6af68f4139601c4814bd59738b9f76b2fee19faecc69596d57ca367d6880d
SHA512bd5cc959f4b0748f495d297d089f8627c00a87f577670e8c99b88c4bf2ae9a46d0b858ef652ac687741671951ed88128f5feb866f4ef931cb74d00609cb0a04e