ebe70d20a74f5731465e21d6b1a5404fcd1c5efc8c111c5a1cb165fd8526fc90

Analysis

max time kernel
145s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 12:58 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

161660f8aec2922515358b0e23333bcd_JaffaCakes118.html
Size

9KB
MD5

161660f8aec2922515358b0e23333bcd
SHA1

186f7b1b9d0c85abe94ff2462665441bc6551a7e
SHA256

ebe70d20a74f5731465e21d6b1a5404fcd1c5efc8c111c5a1cb165fd8526fc90
SHA512

e9e14a2be402054f51bb1044416943488dd71579e19d05bdd3972714d094dd8f48e1431cc43811ffed17ea0cde48f795471964963495941de508dcc74cc6ee29
SSDEEP

96:uzVs+ux7S2fLLY1k9o84d12ef7CSTU3wGT/kPsofpUlVHcEZ7ru7f:csz7SWAYS/ugfxUPHb76f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
2652	msedge.exe
2652	msedge.exe
4044	identity_helper.exe
4044	identity_helper.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2256	2652	msedge.exe	82
PID 2652 wrote to memory of 2256	2652	msedge.exe	82
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1156	2652	msedge.exe	84
PID 2652 wrote to memory of 1156	2652	msedge.exe	84
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\161660f8aec2922515358b0e23333bcd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe808046f8,0x7ffe80804708,0x7ffe80804718
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

Network

DNS

counters.gigya.com

msedge.exe

Remote address:

8.8.8.8:53

Request

counters.gigya.com

IN A

Response
DNS

analytics.hosting24.com

msedge.exe

Remote address:

8.8.8.8:53

Request

analytics.hosting24.com

IN A

Response
DNS

fc01.deviantart.net

msedge.exe

Remote address:

8.8.8.8:53

Request

fc01.deviantart.net

IN A

Response

fc01.deviantart.net

IN A

44.235.69.23

fc01.deviantart.net

IN A

52.26.3.19

fc01.deviantart.net

IN A

52.43.243.186
GET

http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg

msedge.exe

Remote address:

44.235.69.23:80

Request

GET /fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg HTTP/1.1
Host: fc01.deviantart.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Date: Thu, 27 Jun 2024 12:58:14 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Server: nginx
Location: http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
DNS

orig01.deviantart.net

msedge.exe

Remote address:

8.8.8.8:53

Request

orig01.deviantart.net

IN A

Response

orig01.deviantart.net

IN A

34.218.68.46

orig01.deviantart.net

IN A

52.38.163.175

orig01.deviantart.net

IN A

35.164.103.241
GET

http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg

msedge.exe

Remote address:

34.218.68.46:80

Request

GET /2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg HTTP/1.1
Host: orig01.deviantart.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Date: Thu, 27 Jun 2024 12:58:14 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Server: da-redirector/0.5.2
DNS

183.142.211.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.142.211.20.in-addr.arpa

IN PTR

Response
DNS

17.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.160.190.20.in-addr.arpa

IN PTR

Response
DNS

23.69.235.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.69.235.44.in-addr.arpa

IN PTR

Response

23.69.235.44.in-addr.arpa

IN PTR

ec2-44-235-69-23 us-west-2compute amazonawscom
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

13.107.21.237

dual-a-0034.a-msedge.net

IN A

204.79.197.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Y_FSlBHvYvmU-bhMRqLT2TVUCUzFgcmElTlas6nkzbWnQqVoFFoHgb4OMfpMmFWEh4vcdoe9HkqRYWuskveGEf7FMSAcnCRIa5CaSTCv45ddvFVG8Icuh89sXz3yWPTs5nktv0_h-NbzNtsRLVYhxh3NKuhVNH7okxghdOJdTijGtiYk%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Dc658dc635b4f1cfe55d8ba0b8ced264b&TIME=20240611T230328Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Y_FSlBHvYvmU-bhMRqLT2TVUCUzFgcmElTlas6nkzbWnQqVoFFoHgb4OMfpMmFWEh4vcdoe9HkqRYWuskveGEf7FMSAcnCRIa5CaSTCv45ddvFVG8Icuh89sXz3yWPTs5nktv0_h-NbzNtsRLVYhxh3NKuhVNH7okxghdOJdTijGtiYk%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Dc658dc635b4f1cfe55d8ba0b8ced264b&TIME=20240611T230328Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=18ABA77E16CE6EAA29BEB3D517E96FB8; domain=.bing.com; expires=Tue, 22-Jul-2025 12:58:15 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 380C3E95C9374BC8952719553F2F6B82 Ref B: LON04EDGE0606 Ref C: 2024-06-27T12:58:15Z
date: Thu, 27 Jun 2024 12:58:14 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Y_FSlBHvYvmU-bhMRqLT2TVUCUzFgcmElTlas6nkzbWnQqVoFFoHgb4OMfpMmFWEh4vcdoe9HkqRYWuskveGEf7FMSAcnCRIa5CaSTCv45ddvFVG8Icuh89sXz3yWPTs5nktv0_h-NbzNtsRLVYhxh3NKuhVNH7okxghdOJdTijGtiYk%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Dc658dc635b4f1cfe55d8ba0b8ced264b&TIME=20240611T230328Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Y_FSlBHvYvmU-bhMRqLT2TVUCUzFgcmElTlas6nkzbWnQqVoFFoHgb4OMfpMmFWEh4vcdoe9HkqRYWuskveGEf7FMSAcnCRIa5CaSTCv45ddvFVG8Icuh89sXz3yWPTs5nktv0_h-NbzNtsRLVYhxh3NKuhVNH7okxghdOJdTijGtiYk%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Dc658dc635b4f1cfe55d8ba0b8ced264b&TIME=20240611T230328Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=18ABA77E16CE6EAA29BEB3D517E96FB8; _EDGE_S=SID=11D093800C1661840293872B0D10609C

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=Sxu9AAuauIJYB8ivfdNEdu5zgJ-ZoS8qi2r3WrDlNWA; domain=.bing.com; expires=Tue, 22-Jul-2025 12:58:15 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7846BE520E9A4E049B9CBF87A6B1C8D2 Ref B: LON04EDGE0606 Ref C: 2024-06-27T12:58:15Z
date: Thu, 27 Jun 2024 12:58:14 GMT
GET

https://www.bing.com/aes/c.gif?RG=27abc59cd3254d9e8848716f54dcaeb2&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T230328Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525

Remote address:

88.221.83.209:443

Request

GET /aes/c.gif?RG=27abc59cd3254d9e8848716f54dcaeb2&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T230328Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=18ABA77E16CE6EAA29BEB3D517E96FB8

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FA09BF4F5323424482612E8F5F62BCFA Ref B: LON212050701039 Ref C: 2024-06-27T12:58:15Z
content-length: 0
date: Thu, 27 Jun 2024 12:58:15 GMT
set-cookie: _EDGE_S=SID=11D093800C1661840293872B0D10609C; path=/; httponly; domain=bing.com
set-cookie: MUIDB=18ABA77E16CE6EAA29BEB3D517E96FB8; path=/; httponly; expires=Tue, 22-Jul-2025 12:58:15 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.cd53dd58.1719493095.4185bb6
DNS

74.90.14.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.90.14.23.in-addr.arpa

IN PTR

Response

74.90.14.23.in-addr.arpa

IN PTR

a23-14-90-74deploystaticakamaitechnologiescom
DNS

46.68.218.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.68.218.34.in-addr.arpa

IN PTR

Response

46.68.218.34.in-addr.arpa

IN PTR

ec2-34-218-68-46 us-west-2compute amazonawscom
DNS

237.21.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.21.107.13.in-addr.arpa

IN PTR

Response
DNS

209.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.83.221.88.in-addr.arpa

IN PTR

Response

209.83.221.88.in-addr.arpa

IN PTR

a88-221-83-209deploystaticakamaitechnologiescom
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

35.15.31.184.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.15.31.184.in-addr.arpa

IN PTR

Response

35.15.31.184.in-addr.arpa

IN PTR

a184-31-15-35deploystaticakamaitechnologiescom
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

21.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 634564
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6C8BE02122BB4B6E8CCC4D1E4CC7ED09 Ref B: LON04EDGE1014 Ref C: 2024-06-27T12:59:54Z
date: Thu, 27 Jun 2024 12:59:54 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 637660
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D9C310F071154AB0A931FF43F88E46C2 Ref B: LON04EDGE1014 Ref C: 2024-06-27T12:59:54Z
date: Thu, 27 Jun 2024 12:59:54 GMT
DNS

10.27.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.27.171.150.in-addr.arpa

IN PTR

Response

44.235.69.23:80

http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg

http

msedge.exe

735 B
702 B
7
6

HTTP Request

GET http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg

HTTP Response

301
34.218.68.46:80

http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg

http

msedge.exe

737 B
439 B
7
6

HTTP Request

GET http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg

HTTP Response

404
13.107.21.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Y_FSlBHvYvmU-bhMRqLT2TVUCUzFgcmElTlas6nkzbWnQqVoFFoHgb4OMfpMmFWEh4vcdoe9HkqRYWuskveGEf7FMSAcnCRIa5CaSTCv45ddvFVG8Icuh89sXz3yWPTs5nktv0_h-NbzNtsRLVYhxh3NKuhVNH7okxghdOJdTijGtiYk%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Dc658dc635b4f1cfe55d8ba0b8ced264b&TIME=20240611T230328Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

tls, http2

2.5kB
9.1kB
19
17

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Y_FSlBHvYvmU-bhMRqLT2TVUCUzFgcmElTlas6nkzbWnQqVoFFoHgb4OMfpMmFWEh4vcdoe9HkqRYWuskveGEf7FMSAcnCRIa5CaSTCv45ddvFVG8Icuh89sXz3yWPTs5nktv0_h-NbzNtsRLVYhxh3NKuhVNH7okxghdOJdTijGtiYk%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Dc658dc635b4f1cfe55d8ba0b8ced264b&TIME=20240611T230328Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Y_FSlBHvYvmU-bhMRqLT2TVUCUzFgcmElTlas6nkzbWnQqVoFFoHgb4OMfpMmFWEh4vcdoe9HkqRYWuskveGEf7FMSAcnCRIa5CaSTCv45ddvFVG8Icuh89sXz3yWPTs5nktv0_h-NbzNtsRLVYhxh3NKuhVNH7okxghdOJdTijGtiYk%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZmZyZWUtb2ZmaWNlLW9ubGluZS1mb3ItdGhlLXdlYiUzZm9jaWQlM2RjbW01enF4NmxxMA%26rlid%3Dc658dc635b4f1cfe55d8ba0b8ced264b&TIME=20240611T230328Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525&muid=12D800F85EB4CAF16CA7FE64B9B0CF8B

HTTP Response

204
88.221.83.209:443

https://www.bing.com/aes/c.gif?RG=27abc59cd3254d9e8848716f54dcaeb2&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T230328Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525

tls, http2

1.4kB
5.4kB
16
14

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=27abc59cd3254d9e8848716f54dcaeb2&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T230328Z&adUnitId=11730597&localId=w:12D800F8-5EB4-CAF1-6CA7-FE64B9B0CF8B&deviceId=6825835407611525

HTTP Response

200
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

45.0kB
1.3MB
960
956

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.8kB
15
12

8.8.8.8:53

counters.gigya.com

dns

msedge.exe

64 B
129 B
1
1

DNS Request

counters.gigya.com
8.8.8.8:53

analytics.hosting24.com

dns

msedge.exe

69 B
124 B
1
1

DNS Request

analytics.hosting24.com
8.8.8.8:53

fc01.deviantart.net

dns

msedge.exe

65 B
113 B
1
1

DNS Request

fc01.deviantart.net

DNS Response

44.235.69.23

52.26.3.19

52.43.243.186
8.8.8.8:53

orig01.deviantart.net

dns

msedge.exe

67 B
115 B
1
1

DNS Request

orig01.deviantart.net

DNS Response

34.218.68.46

52.38.163.175

35.164.103.241
8.8.8.8:53

183.142.211.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

183.142.211.20.in-addr.arpa
8.8.8.8:53

17.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

17.160.190.20.in-addr.arpa
8.8.8.8:53

23.69.235.44.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

23.69.235.44.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

13.107.21.237

204.79.197.237
8.8.8.8:53

74.90.14.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

74.90.14.23.in-addr.arpa
8.8.8.8:53

46.68.218.34.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

46.68.218.34.in-addr.arpa
8.8.8.8:53

237.21.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

237.21.107.13.in-addr.arpa
8.8.8.8:53

209.83.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

209.83.221.88.in-addr.arpa
224.0.0.251:5353

389 B
6
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

35.15.31.184.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

35.15.31.184.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

21.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

21.236.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

10.27.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.27.171.150.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
035f7a7caa9322b01390316f523f5fa0

SHA1
dea93c05d4da0d22fdf2e737d27f9e1cf070efb4

SHA256
e7505e2034627a23c3f64438d36b21ed4e101b00a5c1803171a54c8199719494

SHA512
cb61835c0b7c5e11633b36114874cee7c068822ce0a59ef5c8ddb9fff48cff7f5c252d956ce1b875c15dce8ea5d169f48e7fb082219e7eef14ba332a8341bb7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
17cf81c8ac1a6a58293fe7191d8586ff

SHA1
5265c034857de6163eda57d36ec42a18ad190d4d

SHA256
91bce7efe88287001352f34a5dba5b7cb5614b94ae31cf5fa5cc53cadd31b13c

SHA512
3ecf85c9ad3457d73e528e98869eda455491a792eee1367a012d75e62cd912e92449345e2c1f8caca5bf06519b75faec67f37bbfb239fef70c72291b0b2b51e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
83ac9bacba2d9dc90ba61fb351cb5604

SHA1
e7f9b7d91940f502c1baa1ebe9506f53a86e538f

SHA256
9fc7566abb4a36521954b42aebd08d13929dadd3eb6a0bae0be56b2f3ebd89fe

SHA512
5246125569b1d5510780eabe24e8e9967860c05e353e5e6d03badea2b5965f7541ef8fec73c030e424c2088199aa84ab3ed500a52d2d804e592dbe6af933f33b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.