abe31652e05a117c77704844a0348fc644560c4c7f5469f14ed01c33bb1f9449

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 02:14 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76adacdc10bab6bfcfe6a8241e378d3c_JaffaCakes118.html
Size

22KB
MD5

76adacdc10bab6bfcfe6a8241e378d3c
SHA1

e025c2fa2be7c3ef032c9ffec04fc1bca34b5ca2
SHA256

abe31652e05a117c77704844a0348fc644560c4c7f5469f14ed01c33bb1f9449
SHA512

c626bbb7f8da2f8cd8941da766d9a1085605722ee49c0b83b6bfa0529297c5032e97bc1e9a2049f64d42334d9af0c37c1f85e197031c432024c8228506919aa3
SSDEEP

192:WQ5yf/rcwKNAThUmQymomvSyZRVymRHymRjymRJymROymRdyGRQ2Tupr3oJrWEHh:WQ2LKBvxJLIr0orIXDu6Y

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4200	msedge.exe
4200	msedge.exe
2312	msedge.exe
2312	msedge.exe
2580	identity_helper.exe
2580	identity_helper.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2508	2312	msedge.exe	84
PID 2312 wrote to memory of 2508	2312	msedge.exe	84
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 1344	2312	msedge.exe	85
PID 2312 wrote to memory of 4200	2312	msedge.exe	86
PID 2312 wrote to memory of 4200	2312	msedge.exe	86
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87
PID 2312 wrote to memory of 2548	2312	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\76adacdc10bab6bfcfe6a8241e378d3c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb261046f8,0x7ffb26104708,0x7ffb26104718
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,2630125902635590904,18024283089763411736,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,2630125902635590904,18024283089763411736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,2630125902635590904,18024283089763411736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2630125902635590904,18024283089763411736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2630125902635590904,18024283089763411736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,2630125902635590904,18024283089763411736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,2630125902635590904,18024283089763411736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2630125902635590904,18024283089763411736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2630125902635590904,18024283089763411736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2630125902635590904,18024283089763411736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2630125902635590904,18024283089763411736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,2630125902635590904,18024283089763411736,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:216

Network

DNS

www.statcounter.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.statcounter.com

IN A

Response

www.statcounter.com

IN A

104.20.94.138

www.statcounter.com

IN A

104.20.95.138
DNS

www.paypalobjects.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.paypalobjects.com

IN A

Response

www.paypalobjects.com

IN CNAME

ppo.glb.paypal.com

ppo.glb.paypal.com

IN CNAME

cs1150.wpc.betacdn.net

cs1150.wpc.betacdn.net

IN A

192.229.221.25
DNS

www.paypal.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.paypal.com

IN A

Response

www.paypal.com

IN CNAME

www.glb.paypal.com

www.glb.paypal.com

IN CNAME

paypal-dynamic.map.fastly.net

paypal-dynamic.map.fastly.net

IN A

151.101.129.21

paypal-dynamic.map.fastly.net

IN A

151.101.1.21

paypal-dynamic.map.fastly.net

IN A

151.101.65.21

paypal-dynamic.map.fastly.net

IN A

151.101.193.21
GET

https://www.paypalobjects.com/en_US/i/logo/logo_ccVisa.gif

msedge.exe

Remote address:

192.229.221.25:443

Request

GET /en_US/i/logo/logo_ccVisa.gif HTTP/2.0
host: www.paypalobjects.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Tue, 30 Jul 2024 05:17:27 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "5d5637bd-20e"
expires: Tue, 30 Jul 2024 06:17:27 GMT
last-modified: Fri, 16 Aug 2019 04:57:33 GMT
paypal-debug-id: 6d8c80344905c
server: ECAcc (lhd/35CF)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000006d8c80344905c-3bba8a023a171335-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 526
GET

https://www.paypalobjects.com/en_US/i/logo/logo_ccMC.gif

msedge.exe

Remote address:

192.229.221.25:443

Request

GET /en_US/i/logo/logo_ccMC.gif HTTP/2.0
host: www.paypalobjects.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Tue, 30 Jul 2024 05:17:27 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "5d5637bd-1dd"
expires: Tue, 30 Jul 2024 06:17:27 GMT
last-modified: Fri, 16 Aug 2019 04:57:33 GMT
paypal-debug-id: 307c30bce0415
server: ECAcc (lhd/35A5)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000307c30bce0415-feb5aa046fa41b9d-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 477
GET

https://www.paypalobjects.com/en_US/i/logo/logo_ccAmex.gif

msedge.exe

Remote address:

192.229.221.25:443

Request

GET /en_US/i/logo/logo_ccAmex.gif HTTP/2.0
host: www.paypalobjects.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Tue, 30 Jul 2024 05:17:27 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "5d5637bd-26a"
expires: Tue, 30 Jul 2024 06:17:27 GMT
last-modified: Fri, 16 Aug 2019 04:57:33 GMT
paypal-debug-id: 33a9e4c88dd6d
server: ECAcc (lhd/35B8)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-000000000000000000033a9e4c88dd6d-906e5547dc42a1c2-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 618
GET

https://www.paypalobjects.com/en_US/i/logo/logo_ccDiscover.gif

msedge.exe

Remote address:

192.229.221.25:443

Request

GET /en_US/i/logo/logo_ccDiscover.gif HTTP/2.0
host: www.paypalobjects.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Tue, 30 Jul 2024 05:17:27 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "5d5637bd-21c"
expires: Tue, 30 Jul 2024 06:17:27 GMT
last-modified: Fri, 16 Aug 2019 04:57:33 GMT
paypal-debug-id: c62c01025eb04
server: ECAcc (lhd/35E6)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000c62c01025eb04-860a3a843f772186-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 540
GET

https://www.paypalobjects.com/en_US/i/logo/logo_ccEcheck.gif

msedge.exe

Remote address:

192.229.221.25:443

Request

GET /en_US/i/logo/logo_ccEcheck.gif HTTP/2.0
host: www.paypalobjects.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Tue, 30 Jul 2024 05:17:27 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "5d5637bd-329"
expires: Tue, 30 Jul 2024 06:17:27 GMT
last-modified: Fri, 16 Aug 2019 04:57:33 GMT
paypal-debug-id: 00061fcbd8237
server: ECAcc (lhd/370C)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-000000000000000000000061fcbd8237-7612d982145f4dd6-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 809
GET

https://www.paypalobjects.com/en_US/i/logo/PayPal_mark_37x23.gif

msedge.exe

Remote address:

192.229.221.25:443

Request

GET /en_US/i/logo/PayPal_mark_37x23.gif HTTP/2.0
host: www.paypalobjects.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Tue, 30 Jul 2024 05:17:27 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "5d5637bd-185"
expires: Tue, 30 Jul 2024 06:17:27 GMT
last-modified: Fri, 16 Aug 2019 04:57:33 GMT
paypal-debug-id: a811101bb2604
server: ECAcc (lhd/35E3)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000a811101bb2604-5d72e9da72d0758a-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 389
GET

https://www.paypalobjects.com/en_US/i/icon/verification_seal.gif

msedge.exe

Remote address:

192.229.221.25:443

Request

GET /en_US/i/icon/verification_seal.gif HTTP/2.0
host: www.paypalobjects.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Tue, 30 Jul 2024 05:17:27 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "5d5637bd-11f1"
expires: Tue, 30 Jul 2024 06:17:27 GMT
last-modified: Fri, 16 Aug 2019 04:57:33 GMT
paypal-debug-id: 649d111bcdc6f
server: ECAcc (lhd/35A2)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000649d111bcdc6f-9052df637b42c92c-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 4593
GET

http://www.paypal.com/en_US/i/icon/verification_seal.gif

msedge.exe

Remote address:

151.101.129.21:80

Request

GET /en_US/i/icon/verification_seal.gif HTTP/1.1
Host: www.paypal.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://www.paypal.com/en_US/i/icon/verification_seal.gif
Accept-Ranges: bytes
Date: Tue, 30 Jul 2024 05:17:27 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4244-LON
X-Cache: HIT
X-Cache-Hits: 0
Server-Timing: content-encoding;desc="",x-cdn;desc="fastly"
GET

http://www.statcounter.com/counter/counter.js

msedge.exe

Remote address:

104.20.94.138:80

Request

GET /counter/counter.js HTTP/1.1
Host: www.statcounter.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Tue, 30 Jul 2024 05:17:27 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 26 Jul 2024 13:21:56 GMT
ETag: W/"8c17-61e26653f2663"
Cache-Control: max-age=43200
Expires: Tue, 30 Jul 2024 14:20:19 GMT
P3P: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
User-Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 10628
Server: cloudflare
CF-RAY: 8ab2e1e45d5d63a8-LHR
GET

https://www.paypal.com/en_US/i/icon/verification_seal.gif

msedge.exe

Remote address:

151.101.129.21:443

Request

GET /en_US/i/icon/verification_seal.gif HTTP/2.0
host: www.paypal.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

accept-ch: Sec-CH-UA-Full
cache-control: max-age=0, no-cache, no-store, must-revalidate
location: https://www.paypalobjects.com/en_US/i/icon/verification_seal.gif
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f1613026b5401
set-cookie: ts=vreXpYrS%3D1816924647%26vteXpYrS%3D1722318447%26vr%3D02126c661910ad10e06a70adfd711089%26vt%3D02126c661910ad10e06a70adfd711088%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Fri, 30 Jul 2027 05:17:27 GMT; HttpOnly; Secure; SameSite=None
set-cookie: ts_c=vr%3D02126c661910ad10e06a70adfd711089%26vt%3D02126c661910ad10e06a70adfd711088; Path=/; Domain=paypal.com; Expires=Fri, 30 Jul 2027 05:17:27 GMT; Secure; SameSite=None
traceparent: 00-0000000000000000000f1613026b5401-64200fa8d5df28fa-01
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Tue, 30 Jul 2024 05:17:27 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-lhr-egll1980023-LHR, cache-lcy-eglc8600093-LCY, cache-lcy-eglc8600093-LCY
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-timer: S1722316647.454424,VS0,VE137
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
content-length: 0
DNS

c.statcounter.com

msedge.exe

Remote address:

8.8.8.8:53

Request

c.statcounter.com

IN A

Response

c.statcounter.com

IN A

104.20.94.138

c.statcounter.com

IN A

104.20.95.138
GET

https://c.statcounter.com/t.php?sc_project=662815&u1=AF95AFD7FB584F8CB5D99583F96EC676&java=1&security=8fbc6fa8&sc_snum=1&sess=99b877&sc_rum_e_s=739&sc_rum_e_e=758&sc_rum_f_s=0&sc_rum_f_e=622&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=720&camefrom=&u=file%3A///C%3A/Users/Admin/AppData/Local/Temp/76adacdc10bab6bfcfe6a8241e378d3c_JaffaCakes118.html&t=TDIRACING.COM&get_config=true

msedge.exe

Remote address:

104.20.94.138:443

Request

GET /t.php?sc_project=662815&u1=AF95AFD7FB584F8CB5D99583F96EC676&java=1&security=8fbc6fa8&sc_snum=1&sess=99b877&sc_rum_e_s=739&sc_rum_e_e=758&sc_rum_f_s=0&sc_rum_f_e=622&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=720&camefrom=&u=file%3A///C%3A/Users/Admin/AppData/Local/Temp/76adacdc10bab6bfcfe6a8241e378d3c_JaffaCakes118.html&t=TDIRACING.COM&get_config=true HTTP/2.0
host: c.statcounter.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Tue, 30 Jul 2024 05:17:27 GMT
content-type: application/json
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
expires: Mon, 26 Jul 1997 05:00:00 GMT
set-cookie: is_unique=sc662815.1722316647.0; SameSite=None; Secure; Expires=Saturday, 28-Jul-2029 22:17:27 PDT; Path=/; Domain=.statcounter.com
access-control-allow-origin: *
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8ab2e1e688468898-LHR
content-encoding: br
DNS

67.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.31.126.40.in-addr.arpa

IN PTR

Response
DNS

25.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.221.229.192.in-addr.arpa

IN PTR

Response
DNS

21.129.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.129.101.151.in-addr.arpa

IN PTR

Response
DNS

138.94.20.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.94.20.104.in-addr.arpa

IN PTR

Response
DNS

snoreflash.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

snoreflash.ru

IN A

Response
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418574_15LZ4V0VK97RULTEQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239340418574_15LZ4V0VK97RULTEQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 688331
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6F0E65E4828F4BB3A51BFA3123235AEA Ref B: LON04EDGE1009 Ref C: 2024-07-30T05:18:36Z
date: Tue, 30 Jul 2024 05:18:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388121_1PVG3IWOLFGR4FW9F&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239339388121_1PVG3IWOLFGR4FW9F&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 525731
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1CC340CA83E24E5AB1906E846962C88B Ref B: LON04EDGE1009 Ref C: 2024-07-30T05:18:36Z
date: Tue, 30 Jul 2024 05:18:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 663065
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 19EECEAB3F0C485DB0FD1C856EDD265C Ref B: LON04EDGE1009 Ref C: 2024-07-30T05:18:36Z
date: Tue, 30 Jul 2024 05:18:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418573_1OCPZP6XQOXA94H84&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239340418573_1OCPZP6XQOXA94H84&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 442929
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 464567A50E894DE7A1C3951425D05B35 Ref B: LON04EDGE1009 Ref C: 2024-07-30T05:18:36Z
date: Tue, 30 Jul 2024 05:18:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388122_1UI0S3FKTR1B3YGS8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239339388122_1UI0S3FKTR1B3YGS8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 512695
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F256B09286834E23A9F4EA720892449B Ref B: LON04EDGE1009 Ref C: 2024-07-30T05:18:36Z
date: Tue, 30 Jul 2024 05:18:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 594481
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3CD3F486745646459DAFAC0115F3D626 Ref B: LON04EDGE1009 Ref C: 2024-07-30T05:18:36Z
date: Tue, 30 Jul 2024 05:18:36 GMT
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

49.192.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.192.11.51.in-addr.arpa

IN PTR

Response

192.229.221.25:443

https://www.paypalobjects.com/en_US/i/icon/verification_seal.gif

tls, http2

msedge.exe

3.3kB
19.4kB
27
30

HTTP Request

GET https://www.paypalobjects.com/en_US/i/logo/logo_ccVisa.gif

HTTP Request

GET https://www.paypalobjects.com/en_US/i/logo/logo_ccMC.gif

HTTP Request

GET https://www.paypalobjects.com/en_US/i/logo/logo_ccAmex.gif

HTTP Request

GET https://www.paypalobjects.com/en_US/i/logo/logo_ccDiscover.gif

HTTP Request

GET https://www.paypalobjects.com/en_US/i/logo/logo_ccEcheck.gif

HTTP Request

GET https://www.paypalobjects.com/en_US/i/logo/PayPal_mark_37x23.gif

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/en_US/i/icon/verification_seal.gif

HTTP Response

200
192.229.221.25:443

www.paypalobjects.com

tls, http2

msedge.exe

1.7kB
9.1kB
14
14
192.229.221.25:443

www.paypalobjects.com

tls, http2

msedge.exe

1.7kB
9.1kB
14
14
192.229.221.25:443

www.paypalobjects.com

tls, http2

msedge.exe

1.7kB
9.1kB
14
14
192.229.221.25:443

www.paypalobjects.com

tls, http2

msedge.exe

1.7kB
9.1kB
14
14
192.229.221.25:443

www.paypalobjects.com

tls, http2

msedge.exe

1.7kB
9.1kB
14
14
151.101.129.21:80

http://www.paypal.com/en_US/i/icon/verification_seal.gif

http

msedge.exe

609 B
587 B
5
5

HTTP Request

GET http://www.paypal.com/en_US/i/icon/verification_seal.gif

HTTP Response

301
104.20.94.138:80

http://www.statcounter.com/counter/counter.js

http

msedge.exe

870 B
14.2kB
12
15

HTTP Request

GET http://www.statcounter.com/counter/counter.js

HTTP Response

200
151.101.129.21:443

https://www.paypal.com/en_US/i/icon/verification_seal.gif

tls, http2

msedge.exe

1.6kB
7.7kB
14
16

HTTP Request

GET https://www.paypal.com/en_US/i/icon/verification_seal.gif

HTTP Response

301
104.20.94.138:443

https://c.statcounter.com/t.php?sc_project=662815&u1=AF95AFD7FB584F8CB5D99583F96EC676&java=1&security=8fbc6fa8&sc_snum=1&sess=99b877&sc_rum_e_s=739&sc_rum_e_e=758&sc_rum_f_s=0&sc_rum_f_e=622&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=720&camefrom=&u=file%3A///C%3A/Users/Admin/AppData/Local/Temp/76adacdc10bab6bfcfe6a8241e378d3c_JaffaCakes118.html&t=TDIRACING.COM&get_config=true

tls, http2

msedge.exe

2.0kB
6.5kB
15
16

HTTP Request

GET https://c.statcounter.com/t.php?sc_project=662815&u1=AF95AFD7FB584F8CB5D99583F96EC676&java=1&security=8fbc6fa8&sc_snum=1&sess=99b877&sc_rum_e_s=739&sc_rum_e_e=758&sc_rum_f_s=0&sc_rum_f_e=622&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=720&camefrom=&u=file%3A///C%3A/Users/Admin/AppData/Local/Temp/76adacdc10bab6bfcfe6a8241e378d3c_JaffaCakes118.html&t=TDIRACING.COM&get_config=true

HTTP Response

200
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

121.0kB
3.5MB
2575
2571

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418574_15LZ4V0VK97RULTEQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388121_1PVG3IWOLFGR4FW9F&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418573_1OCPZP6XQOXA94H84&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388122_1UI0S3FKTR1B3YGS8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13

8.8.8.8:53

www.statcounter.com

dns

msedge.exe

65 B
97 B
1
1

DNS Request

www.statcounter.com

DNS Response

104.20.94.138

104.20.95.138
8.8.8.8:53

www.paypalobjects.com

dns

msedge.exe

67 B
148 B
1
1

DNS Request

www.paypalobjects.com

DNS Response

192.229.221.25
8.8.8.8:53

www.paypal.com

dns

msedge.exe

60 B
189 B
1
1

DNS Request

www.paypal.com

DNS Response

151.101.129.21

151.101.1.21

151.101.65.21

151.101.193.21
8.8.8.8:53

c.statcounter.com

dns

msedge.exe

63 B
95 B
1
1

DNS Request

c.statcounter.com

DNS Response

104.20.94.138

104.20.95.138
8.8.8.8:53

67.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

67.31.126.40.in-addr.arpa
8.8.8.8:53

25.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

25.221.229.192.in-addr.arpa
8.8.8.8:53

21.129.101.151.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

21.129.101.151.in-addr.arpa
8.8.8.8:53

138.94.20.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

138.94.20.104.in-addr.arpa
8.8.8.8:53

snoreflash.ru

dns

msedge.exe

59 B
120 B
1
1

DNS Request

snoreflash.ru
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
224.0.0.251:5353

588 B
9
8.8.8.8:53

205.47.74.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

205.47.74.20.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

49.192.11.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

49.192.11.51.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
336B

MD5
28b153da795c41d08e3a63964c503665

SHA1
66f7c9d2679b40016fb13df01bef3c746afa751f

SHA256
12f757921fb638b4f02b7cfe9ca8e6a8fa7a4b5176746a6962fca94212559ca2

SHA512
3b156c8ddc783ad4e8dce1539b7b9cc065e10aeca7b93182ef0fb0415f042b9015b9ee78666df5ac85079037ed938f9dfde7d743b232f07395e3817c801a4bfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
03d66387983c099d22421f0ad57270e2

SHA1
5519938d66723e8b30286992a7a99816fec813c6

SHA256
4b3a338162f1d9536413d40e1b767ed29d002356ca25a16bdd951e54196acb70

SHA512
5a97056d1c1d1288aa4b12532f212854b14f7188a8c5bb0d64437ba3a72284f164cedb6253d9d62d40578d62f43136eee2fac32abe85c5c07b681e8f0cc89858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ada33b76e32138abc2a006dfdcd714e4

SHA1
358c07eaee33d6ad72aeb35902de3b22dcb2c185

SHA256
1f493d8d46fd3e7a73554d1b8ea04fde30778bc9b84d70eaa746cedc7cab1c22

SHA512
7be4fe8de99587c61243c3ab55cde8fc22e424e3e66ea3e5678434ac0a2e50f668ba711f3d663a0a67d8e5a11f588414881a6f68a71dd9f53d2178a99bdc4f3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b82bcea2bd7d4638802387556014c2a4

SHA1
a2ffa5c361212e79aeb2632c7fb853d61f31edd7

SHA256
dd9525277d49028821e21be729b0f236b0c5c56e0df6660b81a8aa9a67f61708

SHA512
2d52eacf36c3692665ed36954a462c5fc491ac5ed963e80dfd0c7944bdc9475a6160a25b20c5cc5a04563533cc25917d5ac7dfad14afac4b9a1ed87c28cffbd1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.