Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 13:55 UTC

General

  • Target

    $PLUGINSDIR/app/cmp.html

  • Size

    5KB

  • MD5

    d7b8b31b190e552677589cfd4cbb5d8e

  • SHA1

    09ffb3c63991d5c932c819393de489268bd3ab88

  • SHA256

    6c21e8c07ce28327dca05f873d73fe85d5473f9b22a751a4d3d28931f5d0c74f

  • SHA512

    32794507a4b9a12e52ceb583222cb93300e38c634a72ea3f51a0189127aba60cf476fb7918942355a4f826185d7071e876cb40348ba34cf5d1ca7e9546ccb310

  • SSDEEP

    48:t9rc0/GLAoShbEHaLKNGiNQtvmolOGR36tgtr/GTvJP8AscaV4LiMt7ByBZXGz+p:4VLjHa2NGiivmmpWsBVutFwAk5vSG

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\cmp.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4784
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9923746f8,0x7ff992374708,0x7ff992374718
      2⤵
        PID:2512
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17336010229709604829,17813236787402502456,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
        2⤵
          PID:3632
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,17336010229709604829,17813236787402502456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3108
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,17336010229709604829,17813236787402502456,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
          2⤵
            PID:4172
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17336010229709604829,17813236787402502456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
            2⤵
              PID:4608
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17336010229709604829,17813236787402502456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
              2⤵
                PID:3532
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17336010229709604829,17813236787402502456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
                2⤵
                  PID:4656
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17336010229709604829,17813236787402502456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4164
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17336010229709604829,17813236787402502456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
                  2⤵
                    PID:2040
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17336010229709604829,17813236787402502456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
                    2⤵
                      PID:2752
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17336010229709604829,17813236787402502456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
                      2⤵
                        PID:3604
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17336010229709604829,17813236787402502456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
                        2⤵
                          PID:3944
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17336010229709604829,17813236787402502456,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5680 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3152
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2332
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:436

                          Network

                          • flag-us
                            DNS
                            28.118.140.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            28.118.140.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            content.overwolf.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            content.overwolf.com
                            IN A
                            Response
                            content.overwolf.com
                            IN CNAME
                            d2t3tkftmx1fe5.cloudfront.net
                            d2t3tkftmx1fe5.cloudfront.net
                            IN A
                            18.245.218.99
                            d2t3tkftmx1fe5.cloudfront.net
                            IN A
                            18.245.218.13
                            d2t3tkftmx1fe5.cloudfront.net
                            IN A
                            18.245.218.113
                            d2t3tkftmx1fe5.cloudfront.net
                            IN A
                            18.245.218.63
                          • flag-gb
                            GET
                            https://content.overwolf.com/cmp/v3/vendor-list.json
                            msedge.exe
                            Remote address:
                            18.245.218.99:443
                            Request
                            GET /cmp/v3/vendor-list.json HTTP/1.1
                            Host: content.overwolf.com
                            Connection: keep-alive
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            DNT: 1
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            Accept: */*
                            Origin: null
                            Sec-Fetch-Site: cross-site
                            Sec-Fetch-Mode: cors
                            Sec-Fetch-Dest: empty
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Content-Type: application/json
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Date: Fri, 19 Jul 2024 11:50:26 GMT
                            Access-Control-Allow-Origin: *
                            Access-Control-Allow-Methods: GET, HEAD
                            Access-Control-Max-Age: 3000
                            Last-Modified: Fri, 19 Jul 2024 01:00:22 GMT
                            ETag: W/"11b769f2870bd19ec8ced31c1f14dbad"
                            x-amz-server-side-encryption: AES256
                            Server: AmazonS3
                            Content-Encoding: gzip
                            Vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
                            X-Cache: Hit from cloudfront
                            Via: 1.1 0c0251cd4a7521c34adca921995c712a.cloudfront.net (CloudFront)
                            X-Amz-Cf-Pop: LHR5-P4
                            X-Amz-Cf-Id: anRajVlWsJqcokrnX33425-aGqC4DcJUg_uGmedhlk2W3Zk07WNbQA==
                            Age: 7502
                            Cache-Control: max-age=86400
                          • flag-gb
                            GET
                            https://content.overwolf.com/cmp/v3/gac/gac.json
                            msedge.exe
                            Remote address:
                            18.245.218.99:443
                            Request
                            GET /cmp/v3/gac/gac.json HTTP/1.1
                            Host: content.overwolf.com
                            Connection: keep-alive
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            DNT: 1
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            Accept: */*
                            Origin: null
                            Sec-Fetch-Site: cross-site
                            Sec-Fetch-Mode: cors
                            Sec-Fetch-Dest: empty
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Content-Type: application/json
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Date: Fri, 19 Jul 2024 11:50:26 GMT
                            Access-Control-Allow-Origin: *
                            Access-Control-Allow-Methods: GET, HEAD
                            Access-Control-Max-Age: 3000
                            Last-Modified: Sun, 10 Dec 2023 20:45:57 GMT
                            ETag: W/"fdbf7e5d798f1e9e2ea447ac8c3e8b08"
                            x-amz-server-side-encryption: AES256
                            x-amz-meta-cb-modifiedtime: Wed, 06 Dec 2023 08:36:12 GMT
                            Server: AmazonS3
                            Content-Encoding: gzip
                            Vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
                            X-Cache: Hit from cloudfront
                            Via: 1.1 36750b5c731d372e5819e3595447c446.cloudfront.net (CloudFront)
                            X-Amz-Cf-Pop: LHR5-P4
                            X-Amz-Cf-Id: BdSXwIWYh7ozAQ4euoKFj6_pnbEK0K_PSgKbHnFgieXCEIh7G-vE6A==
                            Age: 7502
                            Cache-Control: max-age=86400
                          • flag-us
                            DNS
                            81.144.22.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            81.144.22.2.in-addr.arpa
                            IN PTR
                            Response
                            81.144.22.2.in-addr.arpa
                            IN PTR
                            a2-22-144-81deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            99.218.245.18.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            99.218.245.18.in-addr.arpa
                            IN PTR
                            Response
                            99.218.245.18.in-addr.arpa
                            IN PTR
                            server-18-245-218-99lhr5r cloudfrontnet
                          • flag-us
                            DNS
                            234.75.250.142.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            234.75.250.142.in-addr.arpa
                            IN PTR
                            Response
                            234.75.250.142.in-addr.arpa
                            IN PTR
                            par10s41-in-f101e100net
                          • flag-us
                            DNS
                            163.214.58.216.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            163.214.58.216.in-addr.arpa
                            IN PTR
                            Response
                            163.214.58.216.in-addr.arpa
                            IN PTR
                            par10s42-in-f31e100net
                            163.214.58.216.in-addr.arpa
                            IN PTR
                            mad01s26-in-f3�H
                            163.214.58.216.in-addr.arpa
                            IN PTR
                            mad01s26-in-f163�H
                          • flag-us
                            DNS
                            6.39.156.108.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            6.39.156.108.in-addr.arpa
                            IN PTR
                            Response
                            6.39.156.108.in-addr.arpa
                            IN PTR
                            server-108-156-39-6lhr50r cloudfrontnet
                          • flag-us
                            DNS
                            2.181.190.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            2.181.190.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            154.239.44.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            154.239.44.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            88.156.103.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            88.156.103.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            183.59.114.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            183.59.114.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            198.187.3.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            198.187.3.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            192.142.123.92.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            192.142.123.92.in-addr.arpa
                            IN PTR
                            Response
                            192.142.123.92.in-addr.arpa
                            IN PTR
                            a92-123-142-192deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            172.214.232.199.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            172.214.232.199.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            172.214.232.199.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            172.214.232.199.in-addr.arpa
                            IN PTR
                          • flag-us
                            DNS
                            tse1.mm.bing.net
                            Remote address:
                            8.8.8.8:53
                            Request
                            tse1.mm.bing.net
                            IN A
                            Response
                            tse1.mm.bing.net
                            IN CNAME
                            mm-mm.bing.net.trafficmanager.net
                            mm-mm.bing.net.trafficmanager.net
                            IN CNAME
                            ax-0001.ax-msedge.net
                            ax-0001.ax-msedge.net
                            IN A
                            150.171.27.10
                            ax-0001.ax-msedge.net
                            IN A
                            150.171.28.10
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239339388096_1DBFGPPKZBTOVVSVU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                            Remote address:
                            150.171.27.10:443
                            Request
                            GET /th?id=OADD2.10239339388096_1DBFGPPKZBTOVVSVU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 370008
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: FC8538F991AB4A45AB054EDCDA17C4EB Ref B: LON04EDGE1108 Ref C: 2024-07-19T13:57:11Z
                            date: Fri, 19 Jul 2024 13:57:11 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239340418569_13408TD3CSPQQLS8W&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                            Remote address:
                            150.171.27.10:443
                            Request
                            GET /th?id=OADD2.10239340418569_13408TD3CSPQQLS8W&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 320336
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: F42B2F9ABD4C40FABE4F793B70675BE2 Ref B: LON04EDGE1108 Ref C: 2024-07-19T13:57:11Z
                            date: Fri, 19 Jul 2024 13:57:11 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239340418570_1AILBHE008ZL9RHPC&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                            Remote address:
                            150.171.27.10:443
                            Request
                            GET /th?id=OADD2.10239340418570_1AILBHE008ZL9RHPC&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 815230
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 40AA4B7603BB4B699A124C7DA4DAD7B2 Ref B: LON04EDGE1108 Ref C: 2024-07-19T13:57:11Z
                            date: Fri, 19 Jul 2024 13:57:11 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239339388095_1V0S9Y27HKQEJAFN6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                            Remote address:
                            150.171.27.10:443
                            Request
                            GET /th?id=OADD2.10239339388095_1V0S9Y27HKQEJAFN6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 712130
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 021102FFA78A4C9E8CC24E049543F17C Ref B: LON04EDGE1108 Ref C: 2024-07-19T13:57:11Z
                            date: Fri, 19 Jul 2024 13:57:11 GMT
                          • flag-us
                            DNS
                            10.27.171.150.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            10.27.171.150.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            10.27.171.150.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            10.27.171.150.in-addr.arpa
                            IN PTR
                          • flag-us
                            DNS
                            10.27.171.150.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            10.27.171.150.in-addr.arpa
                            IN PTR
                          • flag-us
                            DNS
                            10.27.171.150.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            10.27.171.150.in-addr.arpa
                            IN PTR
                          • flag-us
                            DNS
                            10.27.171.150.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            10.27.171.150.in-addr.arpa
                            IN PTR
                          • 18.245.218.99:443
                            https://content.overwolf.com/cmp/v3/vendor-list.json
                            tls, http
                            msedge.exe
                            3.0kB
                            87.8kB
                            41
                            71

                            HTTP Request

                            GET https://content.overwolf.com/cmp/v3/vendor-list.json

                            HTTP Response

                            200
                          • 18.245.218.99:443
                            https://content.overwolf.com/cmp/v3/gac/gac.json
                            tls, http
                            msedge.exe
                            2.2kB
                            42.0kB
                            24
                            38

                            HTTP Request

                            GET https://content.overwolf.com/cmp/v3/gac/gac.json

                            HTTP Response

                            200
                          • 150.171.27.10:443
                            https://tse1.mm.bing.net/th?id=OADD2.10239339388095_1V0S9Y27HKQEJAFN6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                            tls, http2
                            80.7kB
                            2.3MB
                            1689
                            1681

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239339388096_1DBFGPPKZBTOVVSVU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239340418569_13408TD3CSPQQLS8W&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239340418570_1AILBHE008ZL9RHPC&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239339388095_1V0S9Y27HKQEJAFN6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200
                          • 150.171.27.10:443
                            tse1.mm.bing.net
                            tls, http2
                            1.3kB
                            6.8kB
                            14
                            10
                          • 150.171.27.10:443
                            tse1.mm.bing.net
                            tls, http2
                            1.3kB
                            6.8kB
                            14
                            10
                          • 150.171.27.10:443
                            tse1.mm.bing.net
                            tls, http2
                            1.1kB
                            6.8kB
                            13
                            11
                          • 8.8.8.8:53
                            28.118.140.52.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            28.118.140.52.in-addr.arpa

                          • 8.8.8.8:53
                            content.overwolf.com
                            dns
                            msedge.exe
                            66 B
                            173 B
                            1
                            1

                            DNS Request

                            content.overwolf.com

                            DNS Response

                            18.245.218.99
                            18.245.218.13
                            18.245.218.113
                            18.245.218.63

                          • 8.8.8.8:53
                            81.144.22.2.in-addr.arpa
                            dns
                            70 B
                            133 B
                            1
                            1

                            DNS Request

                            81.144.22.2.in-addr.arpa

                          • 8.8.8.8:53
                            99.218.245.18.in-addr.arpa
                            dns
                            72 B
                            128 B
                            1
                            1

                            DNS Request

                            99.218.245.18.in-addr.arpa

                          • 8.8.8.8:53
                            234.75.250.142.in-addr.arpa
                            dns
                            73 B
                            112 B
                            1
                            1

                            DNS Request

                            234.75.250.142.in-addr.arpa

                          • 8.8.8.8:53
                            163.214.58.216.in-addr.arpa
                            dns
                            73 B
                            171 B
                            1
                            1

                            DNS Request

                            163.214.58.216.in-addr.arpa

                          • 8.8.8.8:53
                            6.39.156.108.in-addr.arpa
                            dns
                            71 B
                            127 B
                            1
                            1

                            DNS Request

                            6.39.156.108.in-addr.arpa

                          • 8.8.8.8:53
                            2.181.190.20.in-addr.arpa
                            dns
                            71 B
                            157 B
                            1
                            1

                            DNS Request

                            2.181.190.20.in-addr.arpa

                          • 8.8.8.8:53
                            154.239.44.20.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            154.239.44.20.in-addr.arpa

                          • 8.8.8.8:53
                            88.156.103.20.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            88.156.103.20.in-addr.arpa

                          • 224.0.0.251:5353
                            522 B
                            8
                          • 8.8.8.8:53
                            183.59.114.20.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            183.59.114.20.in-addr.arpa

                          • 8.8.8.8:53
                            198.187.3.20.in-addr.arpa
                            dns
                            71 B
                            157 B
                            1
                            1

                            DNS Request

                            198.187.3.20.in-addr.arpa

                          • 8.8.8.8:53
                            192.142.123.92.in-addr.arpa
                            dns
                            73 B
                            139 B
                            1
                            1

                            DNS Request

                            192.142.123.92.in-addr.arpa

                          • 8.8.8.8:53
                            172.214.232.199.in-addr.arpa
                            dns
                            148 B
                            128 B
                            2
                            1

                            DNS Request

                            172.214.232.199.in-addr.arpa

                            DNS Request

                            172.214.232.199.in-addr.arpa

                          • 8.8.8.8:53
                            tse1.mm.bing.net
                            dns
                            62 B
                            170 B
                            1
                            1

                            DNS Request

                            tse1.mm.bing.net

                            DNS Response

                            150.171.27.10
                            150.171.28.10

                          • 8.8.8.8:53
                            10.27.171.150.in-addr.arpa
                            dns
                            360 B
                            158 B
                            5
                            1

                            DNS Request

                            10.27.171.150.in-addr.arpa

                            DNS Request

                            10.27.171.150.in-addr.arpa

                            DNS Request

                            10.27.171.150.in-addr.arpa

                            DNS Request

                            10.27.171.150.in-addr.arpa

                            DNS Request

                            10.27.171.150.in-addr.arpa

                          • 8.8.8.8:53

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            584971c8ba88c824fd51a05dddb45a98

                            SHA1

                            b7c9489b4427652a9cdd754d1c1b6ac4034be421

                            SHA256

                            e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

                            SHA512

                            5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            b28ef7d9f6d74f055cc49876767c886c

                            SHA1

                            d6b3267f36c340979f8fc3e012fdd02c468740bf

                            SHA256

                            fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

                            SHA512

                            491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8b9d464a-53d8-4b0a-954f-40e24815ae56.tmp

                            Filesize

                            5KB

                            MD5

                            23d61e215351c4542b3536e688b37d03

                            SHA1

                            35ef29fcf7c4696495c0781b4b35db36df05d4fb

                            SHA256

                            4ddadf7da16df851b5fa73f11abad799744640a8242835dd54e8b42f4ccbc2cf

                            SHA512

                            aad80f12987fb5873566fcf2985e0cf73d4a1fe32edde86ac64fc625800164cb242ae5ec1ab6fd0cd0c8dca1038d1522052d3669607db6c1780c30971690f683

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                            Filesize

                            309B

                            MD5

                            6a7dfe2a40ff3f55cf8889eabf4c30ca

                            SHA1

                            507775492cdd9c2347bd5ff6294314613b73bbdb

                            SHA256

                            c416780193f7f84191b94d6667543e888af5af598471e3af2049742c4d0d2c86

                            SHA512

                            1f643c1256e3d9c5115029c663180eac42dad38318dc3b9ddf796f8923a644f6ded07cedd96a52fcb27c52d000eb270fe941307564fb15fa24e690a75cc38cd7

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            96c825447011c8db06881e6a62adf0f4

                            SHA1

                            b7f88d165215a001c16178743efc2235b02939b1

                            SHA256

                            9cd5e3688e6b5ce86ce03482ed00e94442f2916c56063a784d246a7f2d6fe8e5

                            SHA512

                            5d3f91ab2376e6038b2d6688f13037e92f230f13862b198d1862dbb1255dc1585131408ee29b79ab6a31635214d71f358679ef1a23646875837fa9e4bcc4431b

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            206702161f94c5cd39fadd03f4014d98

                            SHA1

                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                            SHA256

                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                            SHA512

                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                            Filesize

                            11KB

                            MD5

                            e7607d8e57b1c234e22fdc6ad5f6b711

                            SHA1

                            2543d7324f75398cd40dfdc477ae541dc3961229

                            SHA256

                            e6604e943b350ceb6cae406e3d72341f4c32ffbbbc3397cd48735799c3402446

                            SHA512

                            96633edbc6d82b8e4f1877028f58f9a5772a63c491be143a2b54cc647f953057621c9719fa31d4c7c614e0ee3009850198b93e89d35c45358578330fefe58aae

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.