Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

22/08/2024, 03:32 UTC

240822-d3lqkawflc 3

22/08/2024, 03:28 UTC

240822-d1lyjszdmp 3

22/08/2024, 03:23 UTC

240822-dxzp8swdlc 3

Analysis

  • max time kernel
    145s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/08/2024, 03:28 UTC

General

  • Target

    https://email.mail.sgv-solutions.com/c/eJxkkzuTujwchT-NdnHILySEwkJW8bYrst5wGyYkgEEuCgjqp3_H7p35n-I05ymfI263UKsx5cRWTEnEGI6RaVk2suNPRYJHiVTEtpOhGisiIiKH8RhbYAIQwObwMmYQGZyBFYFp0YhSwTEnNMYUK84Etod6DAaYBgdsMEoIGcVmImyCY2xYmFCqBqZRCJ2PmrRDTZU_Wl2VzUhWxTAfX9r21gzIZADuANy0gP4No0RzPkpUc40_1ADcWH7GySdO8fxJ7TKavQqjcwOyq_B7ndbN8it_nLvLxbfr_Kx-D33deckh9YqZ1twIjXcanoWYkY6rigXLGZBKAH81x_49Jxdj7S2eaZvmjUg299Tf6Tk9PPqZialzOK6P3DfjtKDPfejDSxROqJ1NOIm2DzLfn3lVYGZxuMKk4jfnm1bpYrpgxnewitI2yKKmKBMnO_HkMpu5-P7WkQNZkHveo4myX9p-vR6Q7mAxEf6Z-UKhvqp5fyNdq8l2-1dP_-YFljUsLkYTiutz6ZnZSxmP1bR3N3d07ILpeoXXyxO3_d0VfgljHuqv5ZfLuFsbrrU00CwsVhNI53nbtKU8-lWbOYdn75GgehGtWnBgl_skOq0me_L2s7aOAk8CXZ3mVvi13Gf2I7fC7eF8dbJJbXXBtzwYMlaBjeb7dGHhm1wFO5aLxIyo454sIbpfj4dVIfuQXo_LVvsLrDO4mj_7Sx2dfVZavg_r8gj358-Op-kyL5H9jKTkYnPf6IhtO4QmAzIdllWrEy3Fx5yP0BYTpmSYIiHBRmbCAQkrUYgwGSeRSDhWdHjLxSuuPzgIqUAIgjCNLWRanCFBuYUSMGMmKImFEsN6nD1yHQ9M419Pm7hUYauL_10Dht0Y_gsAAP__UgkR6Q

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://email.mail.sgv-solutions.com/c/eJxkkzuTujwchT-NdnHILySEwkJW8bYrst5wGyYkgEEuCgjqp3_H7p35n-I05ymfI263UKsx5cRWTEnEGI6RaVk2suNPRYJHiVTEtpOhGisiIiKH8RhbYAIQwObwMmYQGZyBFYFp0YhSwTEnNMYUK84Etod6DAaYBgdsMEoIGcVmImyCY2xYmFCqBqZRCJ2PmrRDTZU_Wl2VzUhWxTAfX9r21gzIZADuANy0gP4No0RzPkpUc40_1ADcWH7GySdO8fxJ7TKavQqjcwOyq_B7ndbN8it_nLvLxbfr_Kx-D33deckh9YqZ1twIjXcanoWYkY6rigXLGZBKAH81x_49Jxdj7S2eaZvmjUg299Tf6Tk9PPqZialzOK6P3DfjtKDPfejDSxROqJ1NOIm2DzLfn3lVYGZxuMKk4jfnm1bpYrpgxnewitI2yKKmKBMnO_HkMpu5-P7WkQNZkHveo4myX9p-vR6Q7mAxEf6Z-UKhvqp5fyNdq8l2-1dP_-YFljUsLkYTiutz6ZnZSxmP1bR3N3d07ILpeoXXyxO3_d0VfgljHuqv5ZfLuFsbrrU00CwsVhNI53nbtKU8-lWbOYdn75GgehGtWnBgl_skOq0me_L2s7aOAk8CXZ3mVvi13Gf2I7fC7eF8dbJJbXXBtzwYMlaBjeb7dGHhm1wFO5aLxIyo454sIbpfj4dVIfuQXo_LVvsLrDO4mj_7Sx2dfVZavg_r8gj358-Op-kyL5H9jKTkYnPf6IhtO4QmAzIdllWrEy3Fx5yP0BYTpmSYIiHBRmbCAQkrUYgwGSeRSDhWdHjLxSuuPzgIqUAIgjCNLWRanCFBuYUSMGMmKImFEsN6nD1yHQ9M419Pm7hUYauL_10Dht0Y_gsAAP__UgkR6Q
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5068
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd183e46f8,0x7ffd183e4708,0x7ffd183e4718
      2⤵
        PID:4540
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1472,18022105461141278524,9942609833032559054,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
        2⤵
          PID:960
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1472,18022105461141278524,9942609833032559054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4672
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1472,18022105461141278524,9942609833032559054,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
          2⤵
            PID:1108
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,18022105461141278524,9942609833032559054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
            2⤵
              PID:1016
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,18022105461141278524,9942609833032559054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
              2⤵
                PID:4716
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,18022105461141278524,9942609833032559054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
                2⤵
                  PID:4632
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1472,18022105461141278524,9942609833032559054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
                  2⤵
                    PID:4080
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1472,18022105461141278524,9942609833032559054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3236
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,18022105461141278524,9942609833032559054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
                    2⤵
                      PID:3496
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,18022105461141278524,9942609833032559054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
                      2⤵
                        PID:4652
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,18022105461141278524,9942609833032559054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
                        2⤵
                          PID:1340
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1472,18022105461141278524,9942609833032559054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
                          2⤵
                            PID:4168
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1472,18022105461141278524,9942609833032559054,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4432
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3968
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2188

                            Network

                            • flag-us
                              DNS
                              email.mail.sgv-solutions.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              email.mail.sgv-solutions.com
                              IN A
                              Response
                              email.mail.sgv-solutions.com
                              IN CNAME
                              click.tr.onesignal.email
                              click.tr.onesignal.email
                              IN CNAME
                              mailgun.org
                              mailgun.org
                              IN A
                              34.102.239.211
                            • flag-us
                              GET
                              https://email.mail.sgv-solutions.com/c/eJxkkzuTujwchT-NdnHILySEwkJW8bYrst5wGyYkgEEuCgjqp3_H7p35n-I05ymfI263UKsx5cRWTEnEGI6RaVk2suNPRYJHiVTEtpOhGisiIiKH8RhbYAIQwObwMmYQGZyBFYFp0YhSwTEnNMYUK84Etod6DAaYBgdsMEoIGcVmImyCY2xYmFCqBqZRCJ2PmrRDTZU_Wl2VzUhWxTAfX9r21gzIZADuANy0gP4No0RzPkpUc40_1ADcWH7GySdO8fxJ7TKavQqjcwOyq_B7ndbN8it_nLvLxbfr_Kx-D33deckh9YqZ1twIjXcanoWYkY6rigXLGZBKAH81x_49Jxdj7S2eaZvmjUg299Tf6Tk9PPqZialzOK6P3DfjtKDPfejDSxROqJ1NOIm2DzLfn3lVYGZxuMKk4jfnm1bpYrpgxnewitI2yKKmKBMnO_HkMpu5-P7WkQNZkHveo4myX9p-vR6Q7mAxEf6Z-UKhvqp5fyNdq8l2-1dP_-YFljUsLkYTiutz6ZnZSxmP1bR3N3d07ILpeoXXyxO3_d0VfgljHuqv5ZfLuFsbrrU00CwsVhNI53nbtKU8-lWbOYdn75GgehGtWnBgl_skOq0me_L2s7aOAk8CXZ3mVvi13Gf2I7fC7eF8dbJJbXXBtzwYMlaBjeb7dGHhm1wFO5aLxIyo454sIbpfj4dVIfuQXo_LVvsLrDO4mj_7Sx2dfVZavg_r8gj358-Op-kyL5H9jKTkYnPf6IhtO4QmAzIdllWrEy3Fx5yP0BYTpmSYIiHBRmbCAQkrUYgwGSeRSDhWdHjLxSuuPzgIqUAIgjCNLWRanCFBuYUSMGMmKImFEsN6nD1yHQ9M419Pm7hUYauL_10Dht0Y_gsAAP__UgkR6Q
                              msedge.exe
                              Remote address:
                              34.102.239.211:443
                              Request
                              GET /c/eJxkkzuTujwchT-NdnHILySEwkJW8bYrst5wGyYkgEEuCgjqp3_H7p35n-I05ymfI263UKsx5cRWTEnEGI6RaVk2suNPRYJHiVTEtpOhGisiIiKH8RhbYAIQwObwMmYQGZyBFYFp0YhSwTEnNMYUK84Etod6DAaYBgdsMEoIGcVmImyCY2xYmFCqBqZRCJ2PmrRDTZU_Wl2VzUhWxTAfX9r21gzIZADuANy0gP4No0RzPkpUc40_1ADcWH7GySdO8fxJ7TKavQqjcwOyq_B7ndbN8it_nLvLxbfr_Kx-D33deckh9YqZ1twIjXcanoWYkY6rigXLGZBKAH81x_49Jxdj7S2eaZvmjUg299Tf6Tk9PPqZialzOK6P3DfjtKDPfejDSxROqJ1NOIm2DzLfn3lVYGZxuMKk4jfnm1bpYrpgxnewitI2yKKmKBMnO_HkMpu5-P7WkQNZkHveo4myX9p-vR6Q7mAxEf6Z-UKhvqp5fyNdq8l2-1dP_-YFljUsLkYTiutz6ZnZSxmP1bR3N3d07ILpeoXXyxO3_d0VfgljHuqv5ZfLuFsbrrU00CwsVhNI53nbtKU8-lWbOYdn75GgehGtWnBgl_skOq0me_L2s7aOAk8CXZ3mVvi13Gf2I7fC7eF8dbJJbXXBtzwYMlaBjeb7dGHhm1wFO5aLxIyo454sIbpfj4dVIfuQXo_LVvsLrDO4mj_7Sx2dfVZavg_r8gj358-Op-kyL5H9jKTkYnPf6IhtO4QmAzIdllWrEy3Fx5yP0BYTpmSYIiHBRmbCAQkrUYgwGSeRSDhWdHjLxSuuPzgIqUAIgjCNLWRanCFBuYUSMGMmKImFEsN6nD1yHQ9M419Pm7hUYauL_10Dht0Y_gsAAP__UgkR6Q HTTP/2.0
                              host: email.mail.sgv-solutions.com
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              sec-ch-ua-mobile: ?0
                              dnt: 1
                              upgrade-insecure-requests: 1
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                              sec-fetch-site: none
                              sec-fetch-mode: navigate
                              sec-fetch-user: ?1
                              sec-fetch-dest: document
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 302
                              access-control-allow-credentials: true
                              access-control-allow-origin: *
                              cache-control: no-store
                              content-type: text/html
                              date: Thu, 22 Aug 2024 03:28:42 GMT
                              location: https://gm2wz2.fi88.fdske.com/ec/gAAAAABmxMg9nbEym0vFX3So1zKgrsICluYvhhQ9rlYdRUwrvOfUgOmEii80_0zg_YaaE3v8do6XIE23oa28ysVwzG3h0KOHxgtglsafNqgQSiG5UuwE415BUVKV8Q4egm5xT_Q2yamB_iBN_AbPu3GTY8om16782k2Ao8pBL5ogHDH60LXJbgtXjbsmnfBjW8fhEEF1qzibB2jXlOOusbjR5tCyu2gS2HAaQY6Qad-wor8wp3vti3PPZrDZGm1cr2Hh0s_akxIO4jyd0uJDwFNq-VvXDKJ1KIW89QSk2R366O-wknCF68Fr0F7I0-E_mJA2gGltstncVQotjBUxwO3Xoy3idt2B2SlQ3bWJAT3zQjtrbXOc25JWG7_CITj9ul7_PUYkBjAr7vXLcU0cedX9-GTgH71pcJXS6laf4b5BFW7aavRO8_omcw_5kVItiQH1ij2k4MThrbYQ6n7QQ2KnV2qxMS8ggIln-9xbcc8aNqNib6Pv--A=
                              x-robots-tag: noindex
                              x-xss-protection: 1; mode=block
                              content-length: 1424
                            • flag-us
                              DNS
                              gm2wz2.fi88.fdske.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              gm2wz2.fi88.fdske.com
                              IN A
                              Response
                              gm2wz2.fi88.fdske.com
                              IN CNAME
                              djwxuafo2dd79.cloudfront.net
                              djwxuafo2dd79.cloudfront.net
                              IN A
                              18.165.227.57
                              djwxuafo2dd79.cloudfront.net
                              IN A
                              18.165.227.104
                              djwxuafo2dd79.cloudfront.net
                              IN A
                              18.165.227.122
                              djwxuafo2dd79.cloudfront.net
                              IN A
                              18.165.227.8
                            • flag-gb
                              GET
                              https://gm2wz2.fi88.fdske.com/ec/gAAAAABmxMg9nbEym0vFX3So1zKgrsICluYvhhQ9rlYdRUwrvOfUgOmEii80_0zg_YaaE3v8do6XIE23oa28ysVwzG3h0KOHxgtglsafNqgQSiG5UuwE415BUVKV8Q4egm5xT_Q2yamB_iBN_AbPu3GTY8om16782k2Ao8pBL5ogHDH60LXJbgtXjbsmnfBjW8fhEEF1qzibB2jXlOOusbjR5tCyu2gS2HAaQY6Qad-wor8wp3vti3PPZrDZGm1cr2Hh0s_akxIO4jyd0uJDwFNq-VvXDKJ1KIW89QSk2R366O-wknCF68Fr0F7I0-E_mJA2gGltstncVQotjBUxwO3Xoy3idt2B2SlQ3bWJAT3zQjtrbXOc25JWG7_CITj9ul7_PUYkBjAr7vXLcU0cedX9-GTgH71pcJXS6laf4b5BFW7aavRO8_omcw_5kVItiQH1ij2k4MThrbYQ6n7QQ2KnV2qxMS8ggIln-9xbcc8aNqNib6Pv--A=
                              msedge.exe
                              Remote address:
                              18.165.227.57:443
                              Request
                              GET /ec/gAAAAABmxMg9nbEym0vFX3So1zKgrsICluYvhhQ9rlYdRUwrvOfUgOmEii80_0zg_YaaE3v8do6XIE23oa28ysVwzG3h0KOHxgtglsafNqgQSiG5UuwE415BUVKV8Q4egm5xT_Q2yamB_iBN_AbPu3GTY8om16782k2Ao8pBL5ogHDH60LXJbgtXjbsmnfBjW8fhEEF1qzibB2jXlOOusbjR5tCyu2gS2HAaQY6Qad-wor8wp3vti3PPZrDZGm1cr2Hh0s_akxIO4jyd0uJDwFNq-VvXDKJ1KIW89QSk2R366O-wknCF68Fr0F7I0-E_mJA2gGltstncVQotjBUxwO3Xoy3idt2B2SlQ3bWJAT3zQjtrbXOc25JWG7_CITj9ul7_PUYkBjAr7vXLcU0cedX9-GTgH71pcJXS6laf4b5BFW7aavRO8_omcw_5kVItiQH1ij2k4MThrbYQ6n7QQ2KnV2qxMS8ggIln-9xbcc8aNqNib6Pv--A= HTTP/2.0
                              host: gm2wz2.fi88.fdske.com
                              dnt: 1
                              upgrade-insecure-requests: 1
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                              sec-fetch-site: none
                              sec-fetch-mode: navigate
                              sec-fetch-user: ?1
                              sec-fetch-dest: document
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              sec-ch-ua-mobile: ?0
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 302
                              content-type: text/html; charset=utf-8
                              content-length: 115
                              location: https://jo8hu765678h07765esedfguiijjg65sfdezacsfb.s3.us-east-2.amazonaws.com/htgh6edgft.html
                              date: Thu, 22 Aug 2024 03:28:43 GMT
                              vary: Origin
                              x-cache: Miss from cloudfront
                              via: 1.1 57b0dc7306dda022079bc29562d534f2.cloudfront.net (CloudFront)
                              x-amz-cf-pop: LHR61-P5
                              x-amz-cf-id: QzxJTc36V1dIapL9pxsP_-D7zEir91XNhgM7oU3YMc6V-vZoY8XYiA==
                            • flag-us
                              DNS
                              211.239.102.34.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              211.239.102.34.in-addr.arpa
                              IN PTR
                              Response
                              211.239.102.34.in-addr.arpa
                              IN PTR
                              21123910234bcgoogleusercontentcom
                            • flag-us
                              DNS
                              22.160.190.20.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              22.160.190.20.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              196.249.167.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              196.249.167.52.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              95.221.229.192.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              95.221.229.192.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              57.227.165.18.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              57.227.165.18.in-addr.arpa
                              IN PTR
                              Response
                              57.227.165.18.in-addr.arpa
                              IN PTR
                              server-18-165-227-57lhr61r cloudfrontnet
                            • flag-us
                              DNS
                              jo8hu765678h07765esedfguiijjg65sfdezacsfb.s3.us-east-2.amazonaws.com
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              jo8hu765678h07765esedfguiijjg65sfdezacsfb.s3.us-east-2.amazonaws.com
                              IN A
                              Response
                              jo8hu765678h07765esedfguiijjg65sfdezacsfb.s3.us-east-2.amazonaws.com
                              IN CNAME
                              s3-r-w.us-east-2.amazonaws.com
                              s3-r-w.us-east-2.amazonaws.com
                              IN A
                              52.219.142.18
                              s3-r-w.us-east-2.amazonaws.com
                              IN A
                              3.5.131.163
                              s3-r-w.us-east-2.amazonaws.com
                              IN A
                              52.219.106.138
                              s3-r-w.us-east-2.amazonaws.com
                              IN A
                              3.5.130.162
                              s3-r-w.us-east-2.amazonaws.com
                              IN A
                              52.219.105.18
                              s3-r-w.us-east-2.amazonaws.com
                              IN A
                              52.219.106.242
                              s3-r-w.us-east-2.amazonaws.com
                              IN A
                              3.5.132.170
                              s3-r-w.us-east-2.amazonaws.com
                              IN A
                              3.5.133.189
                            • flag-us
                              GET
                              https://jo8hu765678h07765esedfguiijjg65sfdezacsfb.s3.us-east-2.amazonaws.com/htgh6edgft.html
                              msedge.exe
                              Remote address:
                              52.219.142.18:443
                              Request
                              GET /htgh6edgft.html HTTP/1.1
                              Host: jo8hu765678h07765esedfguiijjg65sfdezacsfb.s3.us-east-2.amazonaws.com
                              Connection: keep-alive
                              DNT: 1
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-User: ?1
                              Sec-Fetch-Dest: document
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              sec-ch-ua-mobile: ?0
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 200 OK
                              x-amz-id-2: ik4nYuGK2iZImcOjjqYCOOUdmv9MjoinzjYcXaXXgbJA/gbk3+CRFHAccqQmQFm1cd94kK9m99M=
                              x-amz-request-id: 28MJ82X2F4D6KBKV
                              Date: Thu, 22 Aug 2024 03:28:44 GMT
                              Last-Modified: Tue, 20 Aug 2024 16:42:13 GMT
                              ETag: "f247efcb7feee97ccf357ecc118ed513"
                              x-amz-server-side-encryption: AES256
                              Accept-Ranges: bytes
                              Content-Type: text/html
                              Server: AmazonS3
                              Content-Length: 14042
                            • flag-us
                              GET
                              https://jo8hu765678h07765esedfguiijjg65sfdezacsfb.s3.us-east-2.amazonaws.com/favicon.ico
                              msedge.exe
                              Remote address:
                              52.219.142.18:443
                              Request
                              GET /favicon.ico HTTP/1.1
                              Host: jo8hu765678h07765esedfguiijjg65sfdezacsfb.s3.us-east-2.amazonaws.com
                              Connection: keep-alive
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              DNT: 1
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: image
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 403 Forbidden
                              x-amz-request-id: 28MQWWRD428CP4RG
                              x-amz-id-2: vYoy5RAQCwVeT/AkoCTOgz0cGLH9PkpVWygw/9O9IvLIKFLUAS/5b5b278MMjf36CoK8ZULyA40=
                              Content-Type: application/xml
                              Transfer-Encoding: chunked
                              Date: Thu, 22 Aug 2024 03:28:43 GMT
                              Server: AmazonS3
                            • flag-us
                              DNS
                              61.39.156.108.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              61.39.156.108.in-addr.arpa
                              IN PTR
                              Response
                              61.39.156.108.in-addr.arpa
                              IN PTR
                              server-108-156-39-61lhr50r cloudfrontnet
                            • flag-us
                              DNS
                              18.142.219.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              18.142.219.52.in-addr.arpa
                              IN PTR
                              Response
                              18.142.219.52.in-addr.arpa
                              IN PTR
                              s3-r-w us-east-2 amazonawscom
                            • flag-us
                              DNS
                              228.249.119.40.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              228.249.119.40.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              50.23.12.20.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              50.23.12.20.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              15.164.165.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              15.164.165.52.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              92.12.20.2.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              92.12.20.2.in-addr.arpa
                              IN PTR
                              Response
                              92.12.20.2.in-addr.arpa
                              IN PTR
                              a2-20-12-92deploystaticakamaitechnologiescom
                            • flag-us
                              DNS
                              19.229.111.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              19.229.111.52.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              tse1.mm.bing.net
                              Remote address:
                              8.8.8.8:53
                              Request
                              tse1.mm.bing.net
                              IN A
                              Response
                              tse1.mm.bing.net
                              IN CNAME
                              mm-mm.bing.net.trafficmanager.net
                              mm-mm.bing.net.trafficmanager.net
                              IN CNAME
                              ax-0001.ax-msedge.net
                              ax-0001.ax-msedge.net
                              IN A
                              150.171.28.10
                              ax-0001.ax-msedge.net
                              IN A
                              150.171.27.10
                            • flag-us
                              GET
                              https://tse1.mm.bing.net/th?id=OADD2.10239339388096_1DBFGPPKZBTOVVSVU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                              Remote address:
                              150.171.28.10:443
                              Request
                              GET /th?id=OADD2.10239339388096_1DBFGPPKZBTOVVSVU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                              host: tse1.mm.bing.net
                              accept: */*
                              accept-encoding: gzip, deflate, br
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                              Response
                              HTTP/2.0 200
                              cache-control: public, max-age=2592000
                              content-length: 579336
                              content-type: image/jpeg
                              x-cache: TCP_HIT
                              access-control-allow-origin: *
                              access-control-allow-headers: *
                              access-control-allow-methods: GET, POST, OPTIONS
                              timing-allow-origin: *
                              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: 98EBD54C992A4553AA271F69422ABC3C Ref B: LON04EDGE0708 Ref C: 2024-08-22T03:30:23Z
                              date: Thu, 22 Aug 2024 03:30:22 GMT
                            • flag-us
                              GET
                              https://tse1.mm.bing.net/th?id=OADD2.10239360432411_13QPWJ00JGY7I4CI1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                              Remote address:
                              150.171.28.10:443
                              Request
                              GET /th?id=OADD2.10239360432411_13QPWJ00JGY7I4CI1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                              host: tse1.mm.bing.net
                              accept: */*
                              accept-encoding: gzip, deflate, br
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                              Response
                              HTTP/2.0 200
                              cache-control: public, max-age=2592000
                              content-length: 490098
                              content-type: image/jpeg
                              x-cache: TCP_HIT
                              access-control-allow-origin: *
                              access-control-allow-headers: *
                              access-control-allow-methods: GET, POST, OPTIONS
                              timing-allow-origin: *
                              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: 7DB8C2985B234333ACD7F7D55F3DFBAC Ref B: LON04EDGE0708 Ref C: 2024-08-22T03:30:23Z
                              date: Thu, 22 Aug 2024 03:30:22 GMT
                            • flag-us
                              GET
                              https://tse1.mm.bing.net/th?id=OADD2.10239340418609_1GWNOVIVAOEBFVIZK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                              Remote address:
                              150.171.28.10:443
                              Request
                              GET /th?id=OADD2.10239340418609_1GWNOVIVAOEBFVIZK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                              host: tse1.mm.bing.net
                              accept: */*
                              accept-encoding: gzip, deflate, br
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                              Response
                              HTTP/2.0 200
                              cache-control: public, max-age=2592000
                              content-length: 370008
                              content-type: image/jpeg
                              x-cache: TCP_HIT
                              access-control-allow-origin: *
                              access-control-allow-headers: *
                              access-control-allow-methods: GET, POST, OPTIONS
                              timing-allow-origin: *
                              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: A4B144E1D60F473D8597A120ACE2A59F Ref B: LON04EDGE0708 Ref C: 2024-08-22T03:30:23Z
                              date: Thu, 22 Aug 2024 03:30:22 GMT
                            • flag-us
                              GET
                              https://tse1.mm.bing.net/th?id=OADD2.10239360432410_1ZT9L3WG863INPZDE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                              Remote address:
                              150.171.28.10:443
                              Request
                              GET /th?id=OADD2.10239360432410_1ZT9L3WG863INPZDE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                              host: tse1.mm.bing.net
                              accept: */*
                              accept-encoding: gzip, deflate, br
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                              Response
                              HTTP/2.0 200
                              cache-control: public, max-age=2592000
                              content-length: 435187
                              content-type: image/jpeg
                              x-cache: TCP_HIT
                              access-control-allow-origin: *
                              access-control-allow-headers: *
                              access-control-allow-methods: GET, POST, OPTIONS
                              timing-allow-origin: *
                              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: 35E57DC0C85045E7A1C78FB55F14BB61 Ref B: LON04EDGE0708 Ref C: 2024-08-22T03:30:23Z
                              date: Thu, 22 Aug 2024 03:30:22 GMT
                            • flag-us
                              GET
                              https://tse1.mm.bing.net/th?id=OADD2.10239339388095_1V0S9Y27HKQEJAFN6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                              Remote address:
                              150.171.28.10:443
                              Request
                              GET /th?id=OADD2.10239339388095_1V0S9Y27HKQEJAFN6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                              host: tse1.mm.bing.net
                              accept: */*
                              accept-encoding: gzip, deflate, br
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                              Response
                              HTTP/2.0 200
                              cache-control: public, max-age=2592000
                              content-length: 320336
                              content-type: image/jpeg
                              x-cache: TCP_HIT
                              access-control-allow-origin: *
                              access-control-allow-headers: *
                              access-control-allow-methods: GET, POST, OPTIONS
                              timing-allow-origin: *
                              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: 2A8DB1A968CE48B192795777315E8191 Ref B: LON04EDGE0708 Ref C: 2024-08-22T03:30:23Z
                              date: Thu, 22 Aug 2024 03:30:22 GMT
                            • flag-us
                              GET
                              https://tse1.mm.bing.net/th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                              Remote address:
                              150.171.28.10:443
                              Request
                              GET /th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                              host: tse1.mm.bing.net
                              accept: */*
                              accept-encoding: gzip, deflate, br
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                              Response
                              HTTP/2.0 200
                              cache-control: public, max-age=2592000
                              content-length: 673255
                              content-type: image/jpeg
                              x-cache: TCP_HIT
                              access-control-allow-origin: *
                              access-control-allow-headers: *
                              access-control-allow-methods: GET, POST, OPTIONS
                              timing-allow-origin: *
                              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: D5DE94EDF2014C798C1348CDFB9E6A85 Ref B: LON04EDGE0708 Ref C: 2024-08-22T03:30:24Z
                              date: Thu, 22 Aug 2024 03:30:23 GMT
                            • flag-us
                              DNS
                              10.28.171.150.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              10.28.171.150.in-addr.arpa
                              IN PTR
                              Response
                            • 34.102.239.211:443
                              https://email.mail.sgv-solutions.com/c/eJxkkzuTujwchT-NdnHILySEwkJW8bYrst5wGyYkgEEuCgjqp3_H7p35n-I05ymfI263UKsx5cRWTEnEGI6RaVk2suNPRYJHiVTEtpOhGisiIiKH8RhbYAIQwObwMmYQGZyBFYFp0YhSwTEnNMYUK84Etod6DAaYBgdsMEoIGcVmImyCY2xYmFCqBqZRCJ2PmrRDTZU_Wl2VzUhWxTAfX9r21gzIZADuANy0gP4No0RzPkpUc40_1ADcWH7GySdO8fxJ7TKavQqjcwOyq_B7ndbN8it_nLvLxbfr_Kx-D33deckh9YqZ1twIjXcanoWYkY6rigXLGZBKAH81x_49Jxdj7S2eaZvmjUg299Tf6Tk9PPqZialzOK6P3DfjtKDPfejDSxROqJ1NOIm2DzLfn3lVYGZxuMKk4jfnm1bpYrpgxnewitI2yKKmKBMnO_HkMpu5-P7WkQNZkHveo4myX9p-vR6Q7mAxEf6Z-UKhvqp5fyNdq8l2-1dP_-YFljUsLkYTiutz6ZnZSxmP1bR3N3d07ILpeoXXyxO3_d0VfgljHuqv5ZfLuFsbrrU00CwsVhNI53nbtKU8-lWbOYdn75GgehGtWnBgl_skOq0me_L2s7aOAk8CXZ3mVvi13Gf2I7fC7eF8dbJJbXXBtzwYMlaBjeb7dGHhm1wFO5aLxIyo454sIbpfj4dVIfuQXo_LVvsLrDO4mj_7Sx2dfVZavg_r8gj358-Op-kyL5H9jKTkYnPf6IhtO4QmAzIdllWrEy3Fx5yP0BYTpmSYIiHBRmbCAQkrUYgwGSeRSDhWdHjLxSuuPzgIqUAIgjCNLWRanCFBuYUSMGMmKImFEsN6nD1yHQ9M419Pm7hUYauL_10Dht0Y_gsAAP__UgkR6Q
                              tls, http2
                              msedge.exe
                              2.5kB
                              5.5kB
                              14
                              16

                              HTTP Request

                              GET https://email.mail.sgv-solutions.com/c/eJxkkzuTujwchT-NdnHILySEwkJW8bYrst5wGyYkgEEuCgjqp3_H7p35n-I05ymfI263UKsx5cRWTEnEGI6RaVk2suNPRYJHiVTEtpOhGisiIiKH8RhbYAIQwObwMmYQGZyBFYFp0YhSwTEnNMYUK84Etod6DAaYBgdsMEoIGcVmImyCY2xYmFCqBqZRCJ2PmrRDTZU_Wl2VzUhWxTAfX9r21gzIZADuANy0gP4No0RzPkpUc40_1ADcWH7GySdO8fxJ7TKavQqjcwOyq_B7ndbN8it_nLvLxbfr_Kx-D33deckh9YqZ1twIjXcanoWYkY6rigXLGZBKAH81x_49Jxdj7S2eaZvmjUg299Tf6Tk9PPqZialzOK6P3DfjtKDPfejDSxROqJ1NOIm2DzLfn3lVYGZxuMKk4jfnm1bpYrpgxnewitI2yKKmKBMnO_HkMpu5-P7WkQNZkHveo4myX9p-vR6Q7mAxEf6Z-UKhvqp5fyNdq8l2-1dP_-YFljUsLkYTiutz6ZnZSxmP1bR3N3d07ILpeoXXyxO3_d0VfgljHuqv5ZfLuFsbrrU00CwsVhNI53nbtKU8-lWbOYdn75GgehGtWnBgl_skOq0me_L2s7aOAk8CXZ3mVvi13Gf2I7fC7eF8dbJJbXXBtzwYMlaBjeb7dGHhm1wFO5aLxIyo454sIbpfj4dVIfuQXo_LVvsLrDO4mj_7Sx2dfVZavg_r8gj358-Op-kyL5H9jKTkYnPf6IhtO4QmAzIdllWrEy3Fx5yP0BYTpmSYIiHBRmbCAQkrUYgwGSeRSDhWdHjLxSuuPzgIqUAIgjCNLWRanCFBuYUSMGMmKImFEsN6nD1yHQ9M419Pm7hUYauL_10Dht0Y_gsAAP__UgkR6Q

                              HTTP Response

                              302
                            • 18.165.227.57:443
                              https://gm2wz2.fi88.fdske.com/ec/gAAAAABmxMg9nbEym0vFX3So1zKgrsICluYvhhQ9rlYdRUwrvOfUgOmEii80_0zg_YaaE3v8do6XIE23oa28ysVwzG3h0KOHxgtglsafNqgQSiG5UuwE415BUVKV8Q4egm5xT_Q2yamB_iBN_AbPu3GTY8om16782k2Ao8pBL5ogHDH60LXJbgtXjbsmnfBjW8fhEEF1qzibB2jXlOOusbjR5tCyu2gS2HAaQY6Qad-wor8wp3vti3PPZrDZGm1cr2Hh0s_akxIO4jyd0uJDwFNq-VvXDKJ1KIW89QSk2R366O-wknCF68Fr0F7I0-E_mJA2gGltstncVQotjBUxwO3Xoy3idt2B2SlQ3bWJAT3zQjtrbXOc25JWG7_CITj9ul7_PUYkBjAr7vXLcU0cedX9-GTgH71pcJXS6laf4b5BFW7aavRO8_omcw_5kVItiQH1ij2k4MThrbYQ6n7QQ2KnV2qxMS8ggIln-9xbcc8aNqNib6Pv--A=
                              tls, http2
                              msedge.exe
                              2.2kB
                              9.2kB
                              15
                              18

                              HTTP Request

                              GET https://gm2wz2.fi88.fdske.com/ec/gAAAAABmxMg9nbEym0vFX3So1zKgrsICluYvhhQ9rlYdRUwrvOfUgOmEii80_0zg_YaaE3v8do6XIE23oa28ysVwzG3h0KOHxgtglsafNqgQSiG5UuwE415BUVKV8Q4egm5xT_Q2yamB_iBN_AbPu3GTY8om16782k2Ao8pBL5ogHDH60LXJbgtXjbsmnfBjW8fhEEF1qzibB2jXlOOusbjR5tCyu2gS2HAaQY6Qad-wor8wp3vti3PPZrDZGm1cr2Hh0s_akxIO4jyd0uJDwFNq-VvXDKJ1KIW89QSk2R366O-wknCF68Fr0F7I0-E_mJA2gGltstncVQotjBUxwO3Xoy3idt2B2SlQ3bWJAT3zQjtrbXOc25JWG7_CITj9ul7_PUYkBjAr7vXLcU0cedX9-GTgH71pcJXS6laf4b5BFW7aavRO8_omcw_5kVItiQH1ij2k4MThrbYQ6n7QQ2KnV2qxMS8ggIln-9xbcc8aNqNib6Pv--A=

                              HTTP Response

                              302
                            • 52.219.142.18:443
                              https://jo8hu765678h07765esedfguiijjg65sfdezacsfb.s3.us-east-2.amazonaws.com/favicon.ico
                              tls, http
                              msedge.exe
                              4.1kB
                              23.0kB
                              25
                              36

                              HTTP Request

                              GET https://jo8hu765678h07765esedfguiijjg65sfdezacsfb.s3.us-east-2.amazonaws.com/htgh6edgft.html

                              HTTP Response

                              200

                              HTTP Request

                              GET https://jo8hu765678h07765esedfguiijjg65sfdezacsfb.s3.us-east-2.amazonaws.com/favicon.ico

                              HTTP Response

                              403
                            • 150.171.28.10:443
                              tse1.mm.bing.net
                              tls, http2
                              1.2kB
                              6.9kB
                              15
                              13
                            • 150.171.28.10:443
                              tse1.mm.bing.net
                              tls, http2
                              1.2kB
                              6.9kB
                              15
                              13
                            • 150.171.28.10:443
                              tse1.mm.bing.net
                              tls, http2
                              1.2kB
                              6.9kB
                              15
                              13
                            • 150.171.28.10:443
                              https://tse1.mm.bing.net/th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                              tls, http2
                              120.4kB
                              3.0MB
                              2187
                              2181

                              HTTP Request

                              GET https://tse1.mm.bing.net/th?id=OADD2.10239339388096_1DBFGPPKZBTOVVSVU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                              HTTP Request

                              GET https://tse1.mm.bing.net/th?id=OADD2.10239360432411_13QPWJ00JGY7I4CI1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                              HTTP Request

                              GET https://tse1.mm.bing.net/th?id=OADD2.10239340418609_1GWNOVIVAOEBFVIZK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                              HTTP Request

                              GET https://tse1.mm.bing.net/th?id=OADD2.10239360432410_1ZT9L3WG863INPZDE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                              HTTP Request

                              GET https://tse1.mm.bing.net/th?id=OADD2.10239339388095_1V0S9Y27HKQEJAFN6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Response

                              200

                              HTTP Request

                              GET https://tse1.mm.bing.net/th?id=OADD2.10239340418610_1CWE7N9O9P5V6VACF&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                              HTTP Response

                              200
                            • 150.171.28.10:443
                              tse1.mm.bing.net
                              tls, http2
                              1.2kB
                              6.9kB
                              15
                              13
                            • 8.8.8.8:53
                              email.mail.sgv-solutions.com
                              dns
                              msedge.exe
                              74 B
                              153 B
                              1
                              1

                              DNS Request

                              email.mail.sgv-solutions.com

                              DNS Response

                              34.102.239.211

                            • 8.8.8.8:53
                              gm2wz2.fi88.fdske.com
                              dns
                              msedge.exe
                              67 B
                              173 B
                              1
                              1

                              DNS Request

                              gm2wz2.fi88.fdske.com

                              DNS Response

                              18.165.227.57
                              18.165.227.104
                              18.165.227.122
                              18.165.227.8

                            • 8.8.8.8:53
                              211.239.102.34.in-addr.arpa
                              dns
                              73 B
                              126 B
                              1
                              1

                              DNS Request

                              211.239.102.34.in-addr.arpa

                            • 8.8.8.8:53
                              22.160.190.20.in-addr.arpa
                              dns
                              72 B
                              158 B
                              1
                              1

                              DNS Request

                              22.160.190.20.in-addr.arpa

                            • 8.8.8.8:53
                              196.249.167.52.in-addr.arpa
                              dns
                              73 B
                              147 B
                              1
                              1

                              DNS Request

                              196.249.167.52.in-addr.arpa

                            • 8.8.8.8:53
                              95.221.229.192.in-addr.arpa
                              dns
                              73 B
                              144 B
                              1
                              1

                              DNS Request

                              95.221.229.192.in-addr.arpa

                            • 8.8.8.8:53
                              57.227.165.18.in-addr.arpa
                              dns
                              72 B
                              129 B
                              1
                              1

                              DNS Request

                              57.227.165.18.in-addr.arpa

                            • 8.8.8.8:53
                              jo8hu765678h07765esedfguiijjg65sfdezacsfb.s3.us-east-2.amazonaws.com
                              dns
                              msedge.exe
                              114 B
                              263 B
                              1
                              1

                              DNS Request

                              jo8hu765678h07765esedfguiijjg65sfdezacsfb.s3.us-east-2.amazonaws.com

                              DNS Response

                              52.219.142.18
                              3.5.131.163
                              52.219.106.138
                              3.5.130.162
                              52.219.105.18
                              52.219.106.242
                              3.5.132.170
                              3.5.133.189

                            • 8.8.8.8:53
                              61.39.156.108.in-addr.arpa
                              dns
                              72 B
                              129 B
                              1
                              1

                              DNS Request

                              61.39.156.108.in-addr.arpa

                            • 8.8.8.8:53
                              18.142.219.52.in-addr.arpa
                              dns
                              72 B
                              116 B
                              1
                              1

                              DNS Request

                              18.142.219.52.in-addr.arpa

                            • 224.0.0.251:5353
                              455 B
                              7
                            • 8.8.8.8:53
                              228.249.119.40.in-addr.arpa
                              dns
                              73 B
                              159 B
                              1
                              1

                              DNS Request

                              228.249.119.40.in-addr.arpa

                            • 8.8.8.8:53
                              50.23.12.20.in-addr.arpa
                              dns
                              70 B
                              156 B
                              1
                              1

                              DNS Request

                              50.23.12.20.in-addr.arpa

                            • 8.8.8.8:53
                              15.164.165.52.in-addr.arpa
                              dns
                              72 B
                              146 B
                              1
                              1

                              DNS Request

                              15.164.165.52.in-addr.arpa

                            • 8.8.8.8:53
                              92.12.20.2.in-addr.arpa
                              dns
                              69 B
                              131 B
                              1
                              1

                              DNS Request

                              92.12.20.2.in-addr.arpa

                            • 8.8.8.8:53
                              19.229.111.52.in-addr.arpa
                              dns
                              72 B
                              158 B
                              1
                              1

                              DNS Request

                              19.229.111.52.in-addr.arpa

                            • 8.8.8.8:53
                              tse1.mm.bing.net
                              dns
                              62 B
                              170 B
                              1
                              1

                              DNS Request

                              tse1.mm.bing.net

                              DNS Response

                              150.171.28.10
                              150.171.27.10

                            • 8.8.8.8:53
                              10.28.171.150.in-addr.arpa
                              dns
                              72 B
                              158 B
                              1
                              1

                              DNS Request

                              10.28.171.150.in-addr.arpa

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              ff63763eedb406987ced076e36ec9acf

                              SHA1

                              16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

                              SHA256

                              8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

                              SHA512

                              ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              2783c40400a8912a79cfd383da731086

                              SHA1

                              001a131fe399c30973089e18358818090ca81789

                              SHA256

                              331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

                              SHA512

                              b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                              Filesize

                              275B

                              MD5

                              c3f466551f0c61d2c1c9352dd2dd2dda

                              SHA1

                              f45fa66ee9c3e8251f44062ae1d1a39f9481af83

                              SHA256

                              30a8f9b36413a828cfeefa9a59136d26dd1970b30d1c9a2b05aa5ba612544432

                              SHA512

                              ea47061cc13d9cd8dd6b98cd200438b869951bc14de810cd64f498f07bc3cb844f241b3b487a9293bf8afaa7e274734e8a4195ab1cab6f28c7313fd408ea48bd

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              5KB

                              MD5

                              856d6e7507de8251d96eebb93af0cbc2

                              SHA1

                              a9c2c10abd7c486f0133fc55eca5a730b15fb497

                              SHA256

                              313c88c113e530aebe313d7000f436134037aa00742768c81730ccd3a11e254f

                              SHA512

                              1fff0a9844716b5a0ae060597d9688c987278693c7240607e44029e5e46d11c087c9cd2afe612dc68419acab6b96bc921123a57664eb5a5699e428ee65bb9c02

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              c2eb0520f762cfc2ad8ad77513443cb1

                              SHA1

                              be9f6d3bd4d528300eea833405b2af2c61c776b7

                              SHA256

                              8357dd831ec319b1f794ba9de2d24ce168249c0c82d3a06d9f2bb0d387bb3def

                              SHA512

                              c10bcb58bb8cf6aaa92df7b68b1a199d0532b367f4f7ab0f9dafb174a0af4b99aa071ec295739373e734efb9b7eccd34a32ebe381454adf7db65aa158babf1d1

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                              Filesize

                              11KB

                              MD5

                              9a0cdd34fb926cebf38dc6d1cd8a8a31

                              SHA1

                              6aece5fb0cd79982a704ac2831236d5ce65367df

                              SHA256

                              66eab81f003a7f5be9a53ea4041bf0f389996976eb6729df44494566ad8ad012

                              SHA512

                              1d8a72ca8c08f638c08862d5aa1134c8f830643d034526bc3cb673461f2d6b464f698162ff48b91234a9d53ee08976d16881eff5dcc3664076b12e1980c05758

                            We care about your privacy.

                            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.