Overview

overview

3

Static

static

1

2ff24f2e00...8.html

windows7-x64

3

2ff24f2e00...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/10/2024, 12:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ff24f2e00e7222b234e7dc0c042b675_JaffaCakes118.html

  • Size

    6KB

  • MD5

    2ff24f2e00e7222b234e7dc0c042b675

  • SHA1

    dca029b419d87368daea6023ca41e91be66bb512

  • SHA256

    98f50694dcca0fc3fde9ae859274874bdb9312f2056edb481a9a845f1cbd4dc5

  • SHA512

    21edeb6cd5c72fbdfd920afc2b5d30689ec92b9ba992c47a0d3bd3bbaab775d9a6b7deab68c43c2eb8da2cc920d8080ebedd040a0af2b6977a2136018804398e

  • SSDEEP

    192:ln8uqnGDSSW0nqvqvkYz/pDwlQAkaSxGy4jQsqVr8G/AX:ln8uqnGDnW0qvqvkYz/pDwlQAkaRjcs5

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2ff24f2e00e7222b234e7dc0c042b675_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1cde46f8,0x7ffc1cde4708,0x7ffc1cde4718
      2⤵
        PID:636
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16338650075796084707,7587199376393540989,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
        2⤵
          PID:4124
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,16338650075796084707,7587199376393540989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2416
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,16338650075796084707,7587199376393540989,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
          2⤵
            PID:3280
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16338650075796084707,7587199376393540989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
            2⤵
              PID:2176
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16338650075796084707,7587199376393540989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
              2⤵
                PID:3056
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16338650075796084707,7587199376393540989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
                2⤵
                  PID:1116
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16338650075796084707,7587199376393540989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
                  2⤵
                    PID:464
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16338650075796084707,7587199376393540989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3264
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16338650075796084707,7587199376393540989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
                    2⤵
                      PID:2640
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16338650075796084707,7587199376393540989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
                      2⤵
                        PID:2996
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16338650075796084707,7587199376393540989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
                        2⤵
                          PID:708
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16338650075796084707,7587199376393540989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
                          2⤵
                            PID:3292
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16338650075796084707,7587199376393540989,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5596 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4500
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4076
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3172

                            Network

                            • flag-us
                              DNS
                              party-nwvqdtumtz.now.sh
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              party-nwvqdtumtz.now.sh
                              IN A
                              Response
                              party-nwvqdtumtz.now.sh
                              IN A
                              76.76.21.123
                              party-nwvqdtumtz.now.sh
                              IN A
                              76.76.21.9
                            • flag-gb
                              GET
                              http://www.google-analytics.com/ga.js
                              msedge.exe
                              Remote address:
                              142.250.187.206:80
                              Request
                              GET /ga.js HTTP/1.1
                              Host: www.google-analytics.com
                              Connection: keep-alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              DNT: 1
                              Accept: */*
                              Accept-Encoding: gzip, deflate
                              Accept-Language: en-US,en;q=0.9
                              Response
                              HTTP/1.1 200 OK
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              X-Content-Type-Options: nosniff
                              Content-Encoding: gzip
                              Cross-Origin-Resource-Policy: cross-origin
                              Server: Golfe2
                              Content-Length: 17168
                              Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:215:0
                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
                              Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:215:0"}],}
                              Date: Thu, 10 Oct 2024 10:51:42 GMT
                              Expires: Thu, 10 Oct 2024 12:51:42 GMT
                              Cache-Control: public, max-age=7200
                              Age: 7165
                              Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
                              Content-Type: text/javascript
                              Vary: Accept-Encoding
                            • flag-us
                              GET
                              https://party-nwvqdtumtz.now.sh/client?party
                              msedge.exe
                              Remote address:
                              76.76.21.123:443
                              Request
                              GET /client?party HTTP/2.0
                              host: party-nwvqdtumtz.now.sh
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: */*
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: script
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 308
                              access-control-allow-credentials: true
                              access-control-allow-headers: *
                              access-control-allow-methods: *
                              access-control-allow-origin: *
                              access-control-expose-headers: Location
                              cache-control: public, max-age=0, must-revalidate
                              content-type: text/plain
                              date: Thu, 10 Oct 2024 12:51:07 GMT
                              location: https://party-nwvqdtumtz.vercel.app/client?party
                              refresh: 0;url=https://party-nwvqdtumtz.vercel.app/client?party
                              server: Vercel
                              strict-transport-security: max-age=63072000; includeSubDomains; preload
                              x-vercel-id: fra1::c52mp-1728564667487-9a1f0a879d45
                            • flag-us
                              DNS
                              party-nwvqdtumtz.vercel.app
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              party-nwvqdtumtz.vercel.app
                              IN A
                              Response
                              party-nwvqdtumtz.vercel.app
                              IN A
                              76.76.21.22
                              party-nwvqdtumtz.vercel.app
                              IN A
                              76.76.21.164
                            • flag-us
                              GET
                              https://party-nwvqdtumtz.vercel.app/client?party
                              msedge.exe
                              Remote address:
                              76.76.21.22:443
                              Request
                              GET /client?party HTTP/2.0
                              host: party-nwvqdtumtz.vercel.app
                              sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                              dnt: 1
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                              accept: */*
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: script
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 404
                              cache-control: public, max-age=0, must-revalidate
                              content-type: text/plain; charset=utf-8
                              date: Thu, 10 Oct 2024 12:51:07 GMT
                              server: Vercel
                              strict-transport-security: max-age=63072000; includeSubDomains; preload
                              x-vercel-error: DEPLOYMENT_NOT_FOUND
                              x-vercel-id: fra1::ttndh-1728564667641-b8cb36b36d48
                              content-length: 67
                            • flag-us
                              DNS
                              coinpot.co
                              msedge.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              coinpot.co
                              IN A
                              Response
                              coinpot.co
                              IN A
                              103.224.182.253
                            • flag-us
                              DNS
                              17.160.190.20.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              17.160.190.20.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              206.187.250.142.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              206.187.250.142.in-addr.arpa
                              IN PTR
                              Response
                              206.187.250.142.in-addr.arpa
                              IN PTR
                              lhr25s33-in-f141e100net
                            • flag-us
                              DNS
                              123.21.76.76.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              123.21.76.76.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              22.21.76.76.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              22.21.76.76.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              g.bing.com
                              Remote address:
                              8.8.8.8:53
                              Request
                              g.bing.com
                              IN A
                              Response
                              g.bing.com
                              IN CNAME
                              g-bing-com.ax-0001.ax-msedge.net
                              g-bing-com.ax-0001.ax-msedge.net
                              IN CNAME
                              ax-0001.ax-msedge.net
                              ax-0001.ax-msedge.net
                              IN A
                              150.171.27.10
                              ax-0001.ax-msedge.net
                              IN A
                              150.171.28.10
                            • flag-us
                              GET
                              https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5354d0f604b54048b166c3a3cadb9cec&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid=
                              Remote address:
                              150.171.27.10:443
                              Request
                              GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5354d0f604b54048b166c3a3cadb9cec&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid= HTTP/2.0
                              host: g.bing.com
                              accept-encoding: gzip, deflate
                              user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                              Response
                              HTTP/2.0 204
                              cache-control: no-cache, must-revalidate
                              pragma: no-cache
                              expires: Fri, 01 Jan 1990 00:00:00 GMT
                              set-cookie: MUID=3E1274C5ABF260C20F6A61D1AA6D6179; domain=.bing.com; expires=Tue, 04-Nov-2025 12:51:08 GMT; path=/; SameSite=None; Secure; Priority=High;
                              strict-transport-security: max-age=31536000; includeSubDomains; preload
                              access-control-allow-origin: *
                              x-cache: CONFIG_NOCACHE
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: 2C7DDB6851EC4D83B6667A1702DC229E Ref B: LON601060103023 Ref C: 2024-10-10T12:51:08Z
                              date: Thu, 10 Oct 2024 12:51:08 GMT
                            • flag-us
                              GET
                              https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5354d0f604b54048b166c3a3cadb9cec&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid=
                              Remote address:
                              150.171.27.10:443
                              Request
                              GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5354d0f604b54048b166c3a3cadb9cec&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid= HTTP/2.0
                              host: g.bing.com
                              accept-encoding: gzip, deflate
                              user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                              cookie: MUID=3E1274C5ABF260C20F6A61D1AA6D6179
                              Response
                              HTTP/2.0 204
                              cache-control: no-cache, must-revalidate
                              pragma: no-cache
                              expires: Fri, 01 Jan 1990 00:00:00 GMT
                              set-cookie: MSPTC=vajwqGTYgBBjuwXK0O3jjSqNpNXOIbTsF1bPXeq_4Xk; domain=.bing.com; expires=Tue, 04-Nov-2025 12:51:08 GMT; path=/; Partitioned; secure; SameSite=None
                              strict-transport-security: max-age=31536000; includeSubDomains; preload
                              access-control-allow-origin: *
                              x-cache: CONFIG_NOCACHE
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: 9A38E204168543389C42EF3D14450EF0 Ref B: LON601060103023 Ref C: 2024-10-10T12:51:08Z
                              date: Thu, 10 Oct 2024 12:51:08 GMT
                            • flag-us
                              GET
                              https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5354d0f604b54048b166c3a3cadb9cec&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid=
                              Remote address:
                              150.171.27.10:443
                              Request
                              GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5354d0f604b54048b166c3a3cadb9cec&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid= HTTP/2.0
                              host: g.bing.com
                              accept-encoding: gzip, deflate
                              user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                              cookie: MUID=3E1274C5ABF260C20F6A61D1AA6D6179; MSPTC=vajwqGTYgBBjuwXK0O3jjSqNpNXOIbTsF1bPXeq_4Xk
                              Response
                              HTTP/2.0 204
                              cache-control: no-cache, must-revalidate
                              pragma: no-cache
                              expires: Fri, 01 Jan 1990 00:00:00 GMT
                              strict-transport-security: max-age=31536000; includeSubDomains; preload
                              access-control-allow-origin: *
                              x-cache: CONFIG_NOCACHE
                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                              x-msedge-ref: Ref A: 2F552DB3B9054F99AB2A45E60FBD85BD Ref B: LON601060103023 Ref C: 2024-10-10T12:51:08Z
                              date: Thu, 10 Oct 2024 12:51:08 GMT
                            • flag-us
                              DNS
                              10.27.171.150.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              10.27.171.150.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              240.221.184.93.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              240.221.184.93.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              95.221.229.192.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              95.221.229.192.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              197.87.175.4.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              197.87.175.4.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              206.23.85.13.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              206.23.85.13.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              75.117.19.2.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              75.117.19.2.in-addr.arpa
                              IN PTR
                              Response
                              75.117.19.2.in-addr.arpa
                              IN PTR
                              a2-19-117-75deploystaticakamaitechnologiescom
                            • flag-us
                              DNS
                              13.227.111.52.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              13.227.111.52.in-addr.arpa
                              IN PTR
                              Response
                            • flag-us
                              DNS
                              105.193.132.51.in-addr.arpa
                              Remote address:
                              8.8.8.8:53
                              Request
                              105.193.132.51.in-addr.arpa
                              IN PTR
                              Response
                            • 142.250.187.206:80
                              http://www.google-analytics.com/ga.js
                              http
                              msedge.exe
                              908 B
                               18.8kB
                               13
                              19

                              HTTP Request

                              GET http://www.google-analytics.com/ga.js

                              HTTP Response

                              200
                            • 76.76.21.123:443
                              https://party-nwvqdtumtz.now.sh/client?party
                              tls, http2
                              msedge.exe
                              1.7kB
                               5.0kB
                               14
                              15

                              HTTP Request

                              GET https://party-nwvqdtumtz.now.sh/client?party

                              HTTP Response

                              308
                            • 76.76.21.22:443
                              https://party-nwvqdtumtz.vercel.app/client?party
                              tls, http2
                              msedge.exe
                              1.7kB
                               4.8kB
                               14
                              14

                              HTTP Request

                              GET https://party-nwvqdtumtz.vercel.app/client?party

                              HTTP Response

                              404
                            • 150.171.27.10:443
                              https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5354d0f604b54048b166c3a3cadb9cec&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid=
                              tls, http2
                              2.0kB
                               9.4kB
                               21
                              19

                              HTTP Request

                              GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5354d0f604b54048b166c3a3cadb9cec&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid=

                              HTTP Response

                              204

                              HTTP Request

                              GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=5354d0f604b54048b166c3a3cadb9cec&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid=

                              HTTP Response

                              204

                              HTTP Request

                              GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=5354d0f604b54048b166c3a3cadb9cec&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid=

                              HTTP Response

                              204
                            • 8.8.8.8:53
                              party-nwvqdtumtz.now.sh
                              dns
                              msedge.exe
                              69 B
                               101 B
                               1
                              1

                              DNS Request

                              party-nwvqdtumtz.now.sh

                              DNS Response

                              76.76.21.123
                              76.76.21.9

                            • 8.8.8.8:53
                              party-nwvqdtumtz.vercel.app
                              dns
                              msedge.exe
                              73 B
                               105 B
                               1
                              1

                              DNS Request

                              party-nwvqdtumtz.vercel.app

                              DNS Response

                              76.76.21.22
                              76.76.21.164

                            • 8.8.8.8:53
                              coinpot.co
                              dns
                              msedge.exe
                              56 B
                               72 B
                               1
                              1

                              DNS Request

                              coinpot.co

                              DNS Response

                              103.224.182.253

                            • 8.8.8.8:53
                              17.160.190.20.in-addr.arpa
                              dns
                              72 B
                               158 B
                               1
                              1

                              DNS Request

                              17.160.190.20.in-addr.arpa

                            • 8.8.8.8:53
                              206.187.250.142.in-addr.arpa
                              dns
                              74 B
                               113 B
                               1
                              1

                              DNS Request

                              206.187.250.142.in-addr.arpa

                            • 8.8.8.8:53
                              123.21.76.76.in-addr.arpa
                              dns
                              71 B
                               125 B
                               1
                              1

                              DNS Request

                              123.21.76.76.in-addr.arpa

                            • 8.8.8.8:53
                              22.21.76.76.in-addr.arpa
                              dns
                              70 B
                               124 B
                               1
                              1

                              DNS Request

                              22.21.76.76.in-addr.arpa

                            • 8.8.8.8:53
                              g.bing.com
                              dns
                              56 B
                               148 B
                               1
                              1

                              DNS Request

                              g.bing.com

                              DNS Response

                              150.171.27.10
                              150.171.28.10

                            • 8.8.8.8:53
                              10.27.171.150.in-addr.arpa
                              dns
                              72 B
                               158 B
                               1
                              1

                              DNS Request

                              10.27.171.150.in-addr.arpa

                            • 8.8.8.8:53
                              240.221.184.93.in-addr.arpa
                              dns
                              73 B
                               144 B
                               1
                              1

                              DNS Request

                              240.221.184.93.in-addr.arpa

                            • 8.8.8.8:53
                              95.221.229.192.in-addr.arpa
                              dns
                              73 B
                               144 B
                               1
                              1

                              DNS Request

                              95.221.229.192.in-addr.arpa

                            • 224.0.0.251:5353
                              529 B
                               8
                            • 8.8.8.8:53
                              197.87.175.4.in-addr.arpa
                              dns
                              71 B
                               157 B
                               1
                              1

                              DNS Request

                              197.87.175.4.in-addr.arpa

                            • 8.8.8.8:53
                              206.23.85.13.in-addr.arpa
                              dns
                              71 B
                               145 B
                               1
                              1

                              DNS Request

                              206.23.85.13.in-addr.arpa

                            • 8.8.8.8:53
                              75.117.19.2.in-addr.arpa
                              dns
                              70 B
                               133 B
                               1
                              1

                              DNS Request

                              75.117.19.2.in-addr.arpa

                            • 8.8.8.8:53
                              13.227.111.52.in-addr.arpa
                              dns
                              72 B
                               158 B
                               1
                              1

                              DNS Request

                              13.227.111.52.in-addr.arpa

                            • 8.8.8.8:53
                              105.193.132.51.in-addr.arpa
                              dns
                              73 B
                               159 B
                               1
                              1

                              DNS Request

                              105.193.132.51.in-addr.arpa

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              56a4f78e21616a6e19da57228569489b

                              SHA1

                              21bfabbfc294d5f2aa1da825c5590d760483bc76

                              SHA256

                              d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

                              SHA512

                              c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              e443ee4336fcf13c698b8ab5f3c173d0

                              SHA1

                              9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

                              SHA256

                              79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

                              SHA512

                              cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7f51359a-9d65-4f6a-bac8-98dda171ca2c.tmp
                              Filesize

                              6KB

                              MD5

                              efac57b124f32a33c237c530bd5e633a

                              SHA1

                              db0311a104484a0f0092e61cf0773aa40189500c

                              SHA256

                              4d32a849068dab82284a93c89a25abf272464b998f70e6f46a36acbd39546b5f

                              SHA512

                              fc55f88249ee72a737bbcca4d858878b3c9c39695b3d23b1a645e8abf957b2c35d8aecd9f12d7c541812263943f71ea7d8d140066f7da2e63f50c9ef05d99129

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              276B

                              MD5

                              63e94862b42530f86676ad4d8dad984d

                              SHA1

                              3fd2230f79711e641c7d8bc1fc8f6d671319aec8

                              SHA256

                              02bd271fbf1d8f8cfeb229ec24d7bfb1c261116853c2e66a3f5d0b3536f59a25

                              SHA512

                              8f57ba1d96f3a97a7867f7eb43efd22baea3a78766fd88e87affcbc1e2e1699de833cbe9d78d22fa784ebf9602bd2006ee315ea13aebbcb79b56ec137c7a5aff

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              bf3bc2767b9fecaf99713df12ddd4a38

                              SHA1

                              f7eb1febc9058e242da15e23900a4ea449751b65

                              SHA256

                              4fecf5de6b0841f6948ee50d32bf60e26e73bf409bb8e570c0faed4182b16df0

                              SHA512

                              49b7e264481459e17f5fa4076d254781f16ad91e83e1af6b1f325b81432bf810e13ea21abebc7ed5a83c634c2611a03423241079159f9b766dd0d6c4b284449e

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              10KB

                              MD5

                              62d9f991abdf86519dc3f280dac5c5cb

                              SHA1

                              9ff4b90cb8a0fe82e3f803a8a6abb7e083a2d5fe

                              SHA256

                              5185139a05458a4229a3430fec2211e16bc213915445f20dce731ac8946268fc

                              SHA512

                              eebe3090b1e0892d04e1485ec9ad7642388758554f06e91e9f9657b4c1347665eb79efff34df31a90df1e0cc82236c8ff318c24e59f95943aaeeec370e15cf9c

                              Download Submit

                            We care about your privacy.

                            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.