Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    480s
  • max time network
    486s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/06/2024, 11:48 UTC

General

  • Target

    https://cdn.discordapp.com/attachments/1249802526723801153/1251236310543499324/IDA_6.8.rar?ex=666e80df&is=666d2f5f&hm=193b83b6917265bfe2b0468dc0c8334d625141195315d0bab48300afa46a22b2&

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 60 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1249802526723801153/1251236310543499324/IDA_6.8.rar?ex=666e80df&is=666d2f5f&hm=193b83b6917265bfe2b0468dc0c8334d625141195315d0bab48300afa46a22b2&
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaac6e46f8,0x7ffaac6e4708,0x7ffaac6e4718
      2⤵
        PID:3972
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
        2⤵
          PID:4356
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4236
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
          2⤵
            PID:4332
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
            2⤵
              PID:696
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              2⤵
                PID:4700
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
                2⤵
                  PID:4216
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2424
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
                  2⤵
                    PID:1088
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                    2⤵
                      PID:316
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
                      2⤵
                        PID:664
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
                        2⤵
                          PID:4276
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
                          2⤵
                            PID:4508
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5876 /prefetch:8
                            2⤵
                              PID:2540
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3820
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4664 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:920
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4960
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:5088

                              Network

                              • flag-us
                                DNS
                                cdn.discordapp.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                cdn.discordapp.com
                                IN A
                                Response
                                cdn.discordapp.com
                                IN A
                                162.159.135.233
                                cdn.discordapp.com
                                IN A
                                162.159.133.233
                                cdn.discordapp.com
                                IN A
                                162.159.129.233
                                cdn.discordapp.com
                                IN A
                                162.159.130.233
                                cdn.discordapp.com
                                IN A
                                162.159.134.233
                              • flag-us
                                GET
                                https://cdn.discordapp.com/attachments/1249802526723801153/1251236310543499324/IDA_6.8.rar?ex=666e80df&is=666d2f5f&hm=193b83b6917265bfe2b0468dc0c8334d625141195315d0bab48300afa46a22b2&
                                msedge.exe
                                Remote address:
                                162.159.135.233:443
                                Request
                                GET /attachments/1249802526723801153/1251236310543499324/IDA_6.8.rar?ex=666e80df&is=666d2f5f&hm=193b83b6917265bfe2b0468dc0c8334d625141195315d0bab48300afa46a22b2& HTTP/2.0
                                host: cdn.discordapp.com
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                sec-ch-ua-mobile: ?0
                                dnt: 1
                                upgrade-insecure-requests: 1
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                sec-fetch-site: none
                                sec-fetch-mode: navigate
                                sec-fetch-user: ?1
                                sec-fetch-dest: document
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                date: Sat, 15 Jun 2024 12:07:11 GMT
                                content-type: application/vnd.rar
                                content-length: 149676344
                                cf-ray: 894270371e3a94e1-LHR
                                cf-cache-status: HIT
                                accept-ranges: bytes, bytes
                                age: 979
                                cache-control: public, max-age=31536000
                                content-disposition: attachment; filename="IDA_6.8.rar"
                                etag: "f50255e4fc963721fc432ac1bb8ce1f1"
                                expires: Sun, 15 Jun 2025 12:07:11 GMT
                                last-modified: Fri, 14 Jun 2024 18:06:23 GMT
                                vary: Accept-Encoding
                                alt-svc: h3=":443"; ma=86400
                                x-goog-generation: 1718388383365336
                                x-goog-hash: crc32c=Befwsg==
                                x-goog-hash: md5=9QJV5PyWNyH8QyrBu4zh8Q==
                                x-goog-metageneration: 1
                                x-goog-storage-class: STANDARD
                                x-goog-stored-content-encoding: identity
                                x-goog-stored-content-length: 149676344
                                x-guploader-uploadid: ABPtcPrSIefpmFqUMtDZtXULW1MaXyJu1ZXPFvN2_ycPywGJBSXQN6CXMxTuyV_JJ-AbqFRrCoA
                                x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                set-cookie: __cf_bm=TZbKVCSykTtIph16nJdbDXeWMgpfNRGSVT1G47ehIMU-1718453231-1.0.1.1-beozRX14cVpUYReF3MFHD9OZ486H.59PdbehQWi29l3GFRE4.u2l4rymwLUgAwT.NpiBgakjhK4BIqd5O90GKg; path=/; expires=Sat, 15-Jun-24 12:37:11 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hLUtXkwsDgS9%2FR9f761Xx02txOVkGjmTFYRWOeMjSb%2BJI2x48qJlQ3gE91MKyaT%2B4tChZZqMNLtpio9bOxZU8CnoBfTyIFXmjNu0m9ivCkQzeutDmhbL4oOcZUsacpA5pV17TA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                set-cookie: _cfuvid=iPQzRfZkeTB.nhl8Lo3ja3t47Jx1hl_juIiBKQED8tU-1718453231255-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                                server: cloudflare
                              • flag-us
                                DNS
                                0.159.190.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                0.159.190.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                0.159.190.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                0.159.190.20.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                0.159.190.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                0.159.190.20.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                233.135.159.162.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                233.135.159.162.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                g.bing.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                g.bing.com
                                IN A
                                Response
                                g.bing.com
                                IN CNAME
                                g-bing-com.dual-a-0034.a-msedge.net
                                g-bing-com.dual-a-0034.a-msedge.net
                                IN CNAME
                                dual-a-0034.a-msedge.net
                                dual-a-0034.a-msedge.net
                                IN A
                                13.107.21.237
                                dual-a-0034.a-msedge.net
                                IN A
                                204.79.197.237
                              • flag-us
                                GET
                                https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
                                Remote address:
                                13.107.21.237:443
                                Request
                                GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
                                host: g.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                Response
                                HTTP/2.0 204
                                cache-control: no-cache, must-revalidate
                                pragma: no-cache
                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                set-cookie: MUID=34482327FC3E637D014D37B8FD19628B; domain=.bing.com; expires=Thu, 10-Jul-2025 12:07:20 GMT; path=/; SameSite=None; Secure; Priority=High;
                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                access-control-allow-origin: *
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: D306C599CA534EC697B02B81048DB962 Ref B: LON04EDGE0707 Ref C: 2024-06-15T12:07:20Z
                                date: Sat, 15 Jun 2024 12:07:20 GMT
                              • flag-us
                                GET
                                https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
                                Remote address:
                                13.107.21.237:443
                                Request
                                GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
                                host: g.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                cookie: MUID=34482327FC3E637D014D37B8FD19628B; _EDGE_S=SID=06573BFBBBFD6A5C0D712F64BA846B2C
                                Response
                                HTTP/2.0 204
                                cache-control: no-cache, must-revalidate
                                pragma: no-cache
                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                set-cookie: MSPTC=sdW3CgAtUqAFjqBkDKz9G8OrzQz33CFYw3GFcQQ0ids; domain=.bing.com; expires=Thu, 10-Jul-2025 12:07:20 GMT; path=/; Partitioned; secure; SameSite=None
                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                access-control-allow-origin: *
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 669D4179E5534EB6B13B7EB564CD98D3 Ref B: LON04EDGE0707 Ref C: 2024-06-15T12:07:20Z
                                date: Sat, 15 Jun 2024 12:07:20 GMT
                              • flag-us
                                DNS
                                237.21.107.13.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                237.21.107.13.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                172.214.232.199.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                172.214.232.199.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                172.214.232.199.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                172.214.232.199.in-addr.arpa
                                IN PTR
                              • flag-nl
                                GET
                                https://www.bing.com/aes/c.gif?RG=1aefeda892394909881c8881c0d58274&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194453Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373
                                Remote address:
                                23.62.61.97:443
                                Request
                                GET /aes/c.gif?RG=1aefeda892394909881c8881c0d58274&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194453Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373 HTTP/2.0
                                host: www.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                cookie: MUID=34482327FC3E637D014D37B8FD19628B
                                Response
                                HTTP/2.0 200
                                cache-control: private,no-store
                                pragma: no-cache
                                vary: Origin
                                p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 5963B6B28E614C40B5A4B79BF3D81944 Ref B: LON212050704017 Ref C: 2024-06-15T12:07:20Z
                                content-length: 0
                                date: Sat, 15 Jun 2024 12:07:20 GMT
                                set-cookie: _EDGE_S=SID=06573BFBBBFD6A5C0D712F64BA846B2C; path=/; httponly; domain=bing.com
                                set-cookie: MUIDB=34482327FC3E637D014D37B8FD19628B; path=/; httponly; expires=Thu, 10-Jul-2025 12:07:20 GMT
                                alt-svc: h3=":443"; ma=93600
                                x-cdn-traceid: 0.5d3d3e17.1718453240.158043b
                              • flag-us
                                DNS
                                97.61.62.23.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                97.61.62.23.in-addr.arpa
                                IN PTR
                                Response
                                97.61.62.23.in-addr.arpa
                                IN PTR
                                a23-62-61-97deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                157.123.68.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                157.123.68.40.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                56.126.166.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                56.126.166.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                57.15.31.184.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                57.15.31.184.in-addr.arpa
                                IN PTR
                                Response
                                57.15.31.184.in-addr.arpa
                                IN PTR
                                a184-31-15-57deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                0.205.248.87.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                0.205.248.87.in-addr.arpa
                                IN PTR
                                Response
                                0.205.248.87.in-addr.arpa
                                IN PTR
                                https-87-248-205-0lgwllnwnet
                              • flag-us
                                DNS
                                172.210.232.199.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                172.210.232.199.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                144.107.17.2.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                144.107.17.2.in-addr.arpa
                                IN PTR
                                Response
                                144.107.17.2.in-addr.arpa
                                IN PTR
                                a2-17-107-144deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                11.227.111.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                11.227.111.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                210.143.182.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                210.143.182.52.in-addr.arpa
                                IN PTR
                                Response
                              • 162.159.135.233:443
                                https://cdn.discordapp.com/attachments/1249802526723801153/1251236310543499324/IDA_6.8.rar?ex=666e80df&is=666d2f5f&hm=193b83b6917265bfe2b0468dc0c8334d625141195315d0bab48300afa46a22b2&
                                tls, http2
                                msedge.exe
                                6.3MB
                                160.8MB
                                100003
                                115380

                                HTTP Request

                                GET https://cdn.discordapp.com/attachments/1249802526723801153/1251236310543499324/IDA_6.8.rar?ex=666e80df&is=666d2f5f&hm=193b83b6917265bfe2b0468dc0c8334d625141195315d0bab48300afa46a22b2&

                                HTTP Response

                                200
                              • 13.107.21.237:443
                                https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
                                tls, http2
                                2.6kB
                                10.4kB
                                20
                                18

                                HTTP Request

                                GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

                                HTTP Response

                                204

                                HTTP Request

                                GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De86XTHXaoRpWx0fzUpycodcTVUCUyADdupqReLJ5xSD-TP27LMG-8w6glhkK25DPrhZRPo6onhoSFVe1BQ3vvFn-GfslE8nIGEMao9ree8JziKAlYDzQKjoMXyWcMP1737RG0bjNkBNEGRdC_GZrlCAoUpjX_Fz2sDhy-VXFLyT2YUiOX0%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3D44df85cb09d918cecee0e3a3a0cf4b2a&TIME=20240611T194453Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

                                HTTP Response

                                204
                              • 23.62.61.97:443
                                https://www.bing.com/aes/c.gif?RG=1aefeda892394909881c8881c0d58274&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194453Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373
                                tls, http2
                                1.5kB
                                5.4kB
                                17
                                12

                                HTTP Request

                                GET https://www.bing.com/aes/c.gif?RG=1aefeda892394909881c8881c0d58274&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T194453Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373

                                HTTP Response

                                200
                              • 8.8.8.8:53
                                cdn.discordapp.com
                                dns
                                msedge.exe
                                64 B
                                144 B
                                1
                                1

                                DNS Request

                                cdn.discordapp.com

                                DNS Response

                                162.159.135.233
                                162.159.133.233
                                162.159.129.233
                                162.159.130.233
                                162.159.134.233

                              • 224.0.0.251:5353
                                586 B
                                9
                              • 8.8.8.8:53
                                0.159.190.20.in-addr.arpa
                                dns
                                213 B
                                157 B
                                3
                                1

                                DNS Request

                                0.159.190.20.in-addr.arpa

                                DNS Request

                                0.159.190.20.in-addr.arpa

                                DNS Request

                                0.159.190.20.in-addr.arpa

                              • 8.8.8.8:53
                                233.135.159.162.in-addr.arpa
                                dns
                                74 B
                                136 B
                                1
                                1

                                DNS Request

                                233.135.159.162.in-addr.arpa

                              • 8.8.8.8:53
                                g.bing.com
                                dns
                                56 B
                                151 B
                                1
                                1

                                DNS Request

                                g.bing.com

                                DNS Response

                                13.107.21.237
                                204.79.197.237

                              • 8.8.8.8:53
                                237.21.107.13.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                237.21.107.13.in-addr.arpa

                              • 8.8.8.8:53
                                172.214.232.199.in-addr.arpa
                                dns
                                148 B
                                128 B
                                2
                                1

                                DNS Request

                                172.214.232.199.in-addr.arpa

                                DNS Request

                                172.214.232.199.in-addr.arpa

                              • 8.8.8.8:53
                                97.61.62.23.in-addr.arpa
                                dns
                                70 B
                                133 B
                                1
                                1

                                DNS Request

                                97.61.62.23.in-addr.arpa

                              • 8.8.8.8:53
                                157.123.68.40.in-addr.arpa
                                dns
                                72 B
                                146 B
                                1
                                1

                                DNS Request

                                157.123.68.40.in-addr.arpa

                              • 8.8.8.8:53
                                56.126.166.20.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                56.126.166.20.in-addr.arpa

                              • 8.8.8.8:53
                                57.15.31.184.in-addr.arpa
                                dns
                                71 B
                                135 B
                                1
                                1

                                DNS Request

                                57.15.31.184.in-addr.arpa

                              • 8.8.8.8:53
                                0.205.248.87.in-addr.arpa
                                dns
                                71 B
                                116 B
                                1
                                1

                                DNS Request

                                0.205.248.87.in-addr.arpa

                              • 8.8.8.8:53
                                172.210.232.199.in-addr.arpa
                                dns
                                74 B
                                128 B
                                1
                                1

                                DNS Request

                                172.210.232.199.in-addr.arpa

                              • 8.8.8.8:53
                                144.107.17.2.in-addr.arpa
                                dns
                                71 B
                                135 B
                                1
                                1

                                DNS Request

                                144.107.17.2.in-addr.arpa

                              • 8.8.8.8:53
                                11.227.111.52.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                11.227.111.52.in-addr.arpa

                              • 8.8.8.8:53
                                210.143.182.52.in-addr.arpa
                                dns
                                73 B
                                147 B
                                1
                                1

                                DNS Request

                                210.143.182.52.in-addr.arpa

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                81e892ca5c5683efdf9135fe0f2adb15

                                SHA1

                                39159b30226d98a465ece1da28dc87088b20ecad

                                SHA256

                                830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

                                SHA512

                                c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                56067634f68231081c4bd5bdbfcc202f

                                SHA1

                                5582776da6ffc75bb0973840fc3d15598bc09eb1

                                SHA256

                                8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

                                SHA512

                                c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                186B

                                MD5

                                094ab275342c45551894b7940ae9ad0d

                                SHA1

                                2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

                                SHA256

                                ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

                                SHA512

                                19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                3347a05ced18a0dfdc35a569ff6ecb93

                                SHA1

                                407316ad05e877598a5be7e2636c509f8e82f92b

                                SHA256

                                2b01fd5c0dfd960c0bde7249eef9929f202231de784dabd2e4402f715b34f217

                                SHA512

                                eb68d67750dac9068bd4800c54030fc9c8758811944f72bdd7cda876b51cb78467dc86736dc7099361772914b67db85283afe91e2774afdb2a0b0781bdc2cd0e

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                2b03eb53c9028f012943efe637264f84

                                SHA1

                                cccad416add4952797803188b858a1868fef74bd

                                SHA256

                                dce90cb15c86f2c585f56205075444dcc28e7356cf7e385de50e98c87b9c239b

                                SHA512

                                842d594fbcbc95f78ed4da6fbfa47b0dddf9be52dabd0fe631ffcd97e465573aa505b57e87b80879fcf924f1ec708fe0c10f336c94e172d5b94e785283d99079

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                Filesize

                                11KB

                                MD5

                                91491d874e54d0cf629f8b0f6a8943b1

                                SHA1

                                bad69a47cdf6fec4ae503ff1747d16aecb8ac025

                                SHA256

                                34d6af68f4139601c4814bd59738b9f76b2fee19faecc69596d57ca367d6880d

                                SHA512

                                bd5cc959f4b0748f495d297d089f8627c00a87f577670e8c99b88c4bf2ae9a46d0b858ef652ac687741671951ed88128f5feb866f4ef931cb74d00609cb0a04e

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.