teslacrypt | 4dbd942433b4510cec4998e8447aef56c776753d6b23c3690e19fc6d573fc8af

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 06:59 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe
Size

251KB
MD5

8fa787e817cf01cfdb0b287de2ee39c9
SHA1

37f6f0b73983d7d61a5393ded3ffd3eec5f6f0b8
SHA256

4dbd942433b4510cec4998e8447aef56c776753d6b23c3690e19fc6d573fc8af
SHA512

5d6f734eb82254b303f81776dc161d4409597c986298ed0e95f0fe4752a16a0fb07d95823adeb6943fa7d11a801cbef53b1cf19168a3ce8af3cea86f12a3468e
SSDEEP

3072:iLhtgSlZAeKoNhb64VzKRJWpLXOe/TYUAk/M2lH0+6m6MU0N/nr+rtnd9mTRpcr:qsxWp9TYUzX6Zm6MU0N6gXcr

Score

10^/10

teslacrypt defense_evasion discovery execution impact persistence ransomware spyware stealer

Malware Config

Extracted

Path

C:\ebea8a0c5b7ebb8dc5b60da7\_ReCoVeRy_+jndgx.txt

Family

teslacrypt

Ransom Note

NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA4096 More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA4096 Key , both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So , there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1 - http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/9FEFE98BC0BFB9AA 2 - http://gfkuwflbhsjdabnu4nfukerfqwlfwr4rw.ringbalor.com/9FEFE98BC0BFB9AA 3 - http://oehknf74ohqlfnpq9rhfgcq93g.hateflux.com/9FEFE98BC0BFB9AA If for some reasons the addresses are not available, follow these steps: 1 - Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2 - After a successful installation, run the browser 3 - Type in the address bar: xlowfznrg4wf7dli.onion/9FEFE98BC0BFB9AA 4 - Follow the instructions on the site IMPORTANT INFORMATION Your personal pages http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/9FEFE98BC0BFB9AA http://gfkuwflbhsjdabnu4nfukerfqwlfwr4rw.ringbalor.com/9FEFE98BC0BFB9AA http://oehknf74ohqlfnpq9rhfgcq93g.hateflux.com/9FEFE98BC0BFB9AA Your personal page Tor-Browser xlowfznrg4wf7dli.ONION/9FEFE98BC0BFB9AA

URLs

http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/9FEFE98BC0BFB9AA

http://gfkuwflbhsjdabnu4nfukerfqwlfwr4rw.ringbalor.com/9FEFE98BC0BFB9AA

http://oehknf74ohqlfnpq9rhfgcq93g.hateflux.com/9FEFE98BC0BFB9AA

http://xlowfznrg4wf7dli.ONION/9FEFE98BC0BFB9AA

Signatures

TeslaCrypt, AlphaCrypt
Ransomware based on CryptoLocker. Shut down by the developers in 2016.
ransomware teslacrypt
Teslacrypt family
teslacrypt
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Renames multiple (887) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3446877943-4095308722-756223633-1000\Control Panel\International\Geo\Nation	2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3446877943-4095308722-756223633-1000\Control Panel\International\Geo\Nation	xdpxegnijily.exe

Drops startup file 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_ReCoVeRy_+jndgx.txt	xdpxegnijily.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+jndgx.png	xdpxegnijily.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+jndgx.txt	xdpxegnijily.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_ReCoVeRy_+jndgx.png	xdpxegnijily.exe

Executes dropped EXE 1 IoCs

pid	Process
3120	xdpxegnijily.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3446877943-4095308722-756223633-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pthbeil = "C:\\Windows\\system32\\CMD.EXE /c start C:\\Windows\\xdpxegnijily.exe"	xdpxegnijily.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\_ReCoVeRy_+jndgx.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_ReCoVeRy_+jndgx.txt	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_CatEye.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\AppxMetadata\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-200.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Outlook.scale-150.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarBadge.scale-200.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubStoreLogo.scale-200_contrast-black.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ko-KR\View3d\_ReCoVeRy_+jndgx.txt	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\font\_ReCoVeRy_+jndgx.txt	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-200_contrast-white.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsSplashLogo.scale-100.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-40.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_ReCoVeRy_+jndgx.txt	xdpxegnijily.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	xdpxegnijily.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\ja-JP\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-24_altform-unplated_contrast-black.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-150.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\animations\OneNoteFirstRunCarousel_Animation2.mp4	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleSmallTile.scale-100.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\_ReCoVeRy_+jndgx.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\as_IN\_ReCoVeRy_+jndgx.txt	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp9.scale-125.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-32_altform-unplated.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\kn-IN\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\StoreLogo\PaintApplist.scale-100.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteMedTile.scale-400.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-36.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-100_contrast-black.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-80_altform-unplated.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_gameDVR.targetsize-48.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreLogo.scale-100_contrast-white.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_ReCoVeRy_+jndgx.txt	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\_ReCoVeRy_+jndgx.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\OrientationControlOuterCircleHover.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	xdpxegnijily.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\_ReCoVeRy_+jndgx.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\HelpAndFeedback\VideoThumbnail.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-100_contrast-white.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	xdpxegnijily.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\_ReCoVeRy_+jndgx.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-200_contrast-black.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-24.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\FaceReco_Illustration_SM.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-300.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Program Files\edge_BITS_4700_1893608584\_ReCoVeRy_+jndgx.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\Internet Explorer\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-64_altform-lightunplated.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\fonts\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-24_altform-unplated_contrast-black.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\sticker17.png	xdpxegnijily.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\te-IN\_ReCoVeRy_+jndgx.html	xdpxegnijily.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\xdpxegnijily.exe	2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe
File created	C:\Windows\xdpxegnijily.exe	2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xdpxegnijily.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NOTEPAD.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133871004557996602"	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3446877943-4095308722-756223633-1000_Classes\Local Settings	xdpxegnijily.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3446877943-4095308722-756223633-1000\{F30A980C-B590-452A-A401-EF6B76173C35}	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4220	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe
3120	xdpxegnijily.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3268	2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe
Token: SeDebugPrivilege	3120	xdpxegnijily.exe
Token: SeIncreaseQuotaPrivilege	2892	WMIC.exe
Token: SeSecurityPrivilege	2892	WMIC.exe
Token: SeTakeOwnershipPrivilege	2892	WMIC.exe
Token: SeLoadDriverPrivilege	2892	WMIC.exe
Token: SeSystemProfilePrivilege	2892	WMIC.exe
Token: SeSystemtimePrivilege	2892	WMIC.exe
Token: SeProfSingleProcessPrivilege	2892	WMIC.exe
Token: SeIncBasePriorityPrivilege	2892	WMIC.exe
Token: SeCreatePagefilePrivilege	2892	WMIC.exe
Token: SeBackupPrivilege	2892	WMIC.exe
Token: SeRestorePrivilege	2892	WMIC.exe
Token: SeShutdownPrivilege	2892	WMIC.exe
Token: SeDebugPrivilege	2892	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2892	WMIC.exe
Token: SeRemoteShutdownPrivilege	2892	WMIC.exe
Token: SeUndockPrivilege	2892	WMIC.exe
Token: SeManageVolumePrivilege	2892	WMIC.exe
Token: 33	2892	WMIC.exe
Token: 34	2892	WMIC.exe
Token: 35	2892	WMIC.exe
Token: 36	2892	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2892	WMIC.exe
Token: SeSecurityPrivilege	2892	WMIC.exe
Token: SeTakeOwnershipPrivilege	2892	WMIC.exe
Token: SeLoadDriverPrivilege	2892	WMIC.exe
Token: SeSystemProfilePrivilege	2892	WMIC.exe
Token: SeSystemtimePrivilege	2892	WMIC.exe
Token: SeProfSingleProcessPrivilege	2892	WMIC.exe
Token: SeIncBasePriorityPrivilege	2892	WMIC.exe
Token: SeCreatePagefilePrivilege	2892	WMIC.exe
Token: SeBackupPrivilege	2892	WMIC.exe
Token: SeRestorePrivilege	2892	WMIC.exe
Token: SeShutdownPrivilege	2892	WMIC.exe
Token: SeDebugPrivilege	2892	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2892	WMIC.exe
Token: SeRemoteShutdownPrivilege	2892	WMIC.exe
Token: SeUndockPrivilege	2892	WMIC.exe
Token: SeManageVolumePrivilege	2892	WMIC.exe
Token: 33	2892	WMIC.exe
Token: 34	2892	WMIC.exe
Token: 35	2892	WMIC.exe
Token: 36	2892	WMIC.exe
Token: SeBackupPrivilege	4832	vssvc.exe
Token: SeRestorePrivilege	4832	vssvc.exe
Token: SeAuditPrivilege	4832	vssvc.exe
Token: SeIncreaseQuotaPrivilege	4392	WMIC.exe
Token: SeSecurityPrivilege	4392	WMIC.exe
Token: SeTakeOwnershipPrivilege	4392	WMIC.exe
Token: SeLoadDriverPrivilege	4392	WMIC.exe
Token: SeSystemProfilePrivilege	4392	WMIC.exe
Token: SeSystemtimePrivilege	4392	WMIC.exe
Token: SeProfSingleProcessPrivilege	4392	WMIC.exe
Token: SeIncBasePriorityPrivilege	4392	WMIC.exe
Token: SeCreatePagefilePrivilege	4392	WMIC.exe
Token: SeBackupPrivilege	4392	WMIC.exe
Token: SeRestorePrivilege	4392	WMIC.exe
Token: SeShutdownPrivilege	4392	WMIC.exe
Token: SeDebugPrivilege	4392	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4392	WMIC.exe
Token: SeRemoteShutdownPrivilege	4392	WMIC.exe
Token: SeUndockPrivilege	4392	WMIC.exe
Token: SeManageVolumePrivilege	4392	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3268 wrote to memory of 3120	3268	2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe	89
PID 3268 wrote to memory of 3120	3268	2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe	89
PID 3268 wrote to memory of 3120	3268	2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe	89
PID 3268 wrote to memory of 4220	3268	2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe	90
PID 3268 wrote to memory of 4220	3268	2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe	90
PID 3268 wrote to memory of 4220	3268	2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe	90
PID 3120 wrote to memory of 2892	3120	xdpxegnijily.exe	92
PID 3120 wrote to memory of 2892	3120	xdpxegnijily.exe	92
PID 3120 wrote to memory of 4220	3120	xdpxegnijily.exe	112
PID 3120 wrote to memory of 4220	3120	xdpxegnijily.exe	112
PID 3120 wrote to memory of 4220	3120	xdpxegnijily.exe	112
PID 3120 wrote to memory of 5044	3120	xdpxegnijily.exe	113
PID 3120 wrote to memory of 5044	3120	xdpxegnijily.exe	113
PID 5044 wrote to memory of 448	5044	msedge.exe	114
PID 5044 wrote to memory of 448	5044	msedge.exe	114
PID 3120 wrote to memory of 4392	3120	xdpxegnijily.exe	115
PID 3120 wrote to memory of 4392	3120	xdpxegnijily.exe	115
PID 5044 wrote to memory of 4416	5044	msedge.exe	117
PID 5044 wrote to memory of 4416	5044	msedge.exe	117
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 3880	5044	msedge.exe	119
PID 5044 wrote to memory of 3880	5044	msedge.exe	119
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118
PID 5044 wrote to memory of 224	5044	msedge.exe	118

System policy modification 1 TTPs 2 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	xdpxegnijily.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections = "1"	xdpxegnijily.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3268
- C:\Windows\xdpxegnijily.exe
  C:\Windows\xdpxegnijily.exe
  2⤵
  - Checks computer location settings
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:3120
- - C:\Windows\System32\wbem\WMIC.exe
    "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2892
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_ReCoVeRy_.TXT
    3⤵
    - System Location Discovery: System Language Discovery
    - Opens file in notepad (likely ransom note)
    PID:4220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\_ReCoVeRy_.HTM
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:5044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x338,0x7ffdece6f208,0x7ffdece6f214,0x7ffdece6f220
      4⤵
      PID:448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1720,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=2564 /prefetch:3
      4⤵
      PID:4416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1580,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=2492 /prefetch:2
      4⤵
      PID:224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1384,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=2572 /prefetch:8
      4⤵
      PID:3880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3476,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
      4⤵
      PID:2808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3484,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
      4⤵
      PID:5260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5008,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:8
      4⤵
      PID:5048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5004,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:8
      4⤵
      PID:3660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4288,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5104 /prefetch:8
      4⤵
      PID:5784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5676,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:8
      4⤵
      PID:2252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5676,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:8
      4⤵
      PID:4496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5892,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:8
      4⤵
      PID:4560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6004,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:8
      4⤵
      PID:2036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6152,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:8
      4⤵
      PID:5544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6156,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:8
      4⤵
      PID:928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5824,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:8
      4⤵
      PID:5132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6268,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=6296 /prefetch:8
      4⤵
      PID:2056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6308,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=6196 /prefetch:8
      4⤵
      PID:1048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5048,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:8
      4⤵
      PID:1104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2340,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:8
      4⤵
      PID:1896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5640,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5104 /prefetch:8
      4⤵
      PID:5224
- - C:\Windows\System32\wbem\WMIC.exe
    "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4392
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\XDPXEG~1.EXE
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1848
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\2025-0~1.EXE
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4220

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:6104

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.ax-0001.ax-msedge.net

g-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1BDD843826D36FC1073D918F27F46E0F; domain=.bing.com; expires=Thu, 16-Apr-2026 07:00:00 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 94B09BD4D1CA4AD6BD07C931C762F5FF Ref B: LON04EDGE0609 Ref C: 2025-03-22T07:00:00Z
date: Sat, 22 Mar 2025 06:59:59 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1BDD843826D36FC1073D918F27F46E0F

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=FFLYZYpnlAEWpP8tRZEYs9pXfQ8wMXc2EyK1P5GEhJo; domain=.bing.com; expires=Thu, 16-Apr-2026 07:00:00 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 90AE6211381D41D9A82A4E54BAC21F45 Ref B: LON04EDGE0609 Ref C: 2025-03-22T07:00:00Z
date: Sat, 22 Mar 2025 07:00:00 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1BDD843826D36FC1073D918F27F46E0F; MSPTC=FFLYZYpnlAEWpP8tRZEYs9pXfQ8wMXc2EyK1P5GEhJo

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8D6B7B4B80DB44EAB7B605A94B847997 Ref B: LON04EDGE0609 Ref C: 2025-03-22T07:00:00Z
date: Sat, 22 Mar 2025 07:00:00 GMT
DNS

conspec.us

xdpxegnijily.exe

Remote address:

8.8.8.8:53

Request

conspec.us

IN A

Response

conspec.us

IN A

15.197.225.128

conspec.us

IN A

3.33.251.168
POST

http://conspec.us/wp-content/plugins/nextgen-galleryOLD/products/photocrati_nextgen/modules/i18n/wstr.php

xdpxegnijily.exe

Remote address:

15.197.225.128:80

Request

POST /wp-content/plugins/nextgen-galleryOLD/products/photocrati_nextgen/modules/i18n/wstr.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Host: conspec.us
Content-Length: 645
Cache-Control: no-cache

Response

HTTP/1.1 405 Not Allowed

Server: awselb/2.0
Date: Sat, 22 Mar 2025 07:00:00 GMT
Content-Length: 0
Connection: keep-alive
WAFRule: 0
POST

http://conspec.us/wp-content/plugins/nextgen-galleryOLD/products/photocrati_nextgen/modules/i18n/wstr.php

xdpxegnijily.exe

Remote address:

15.197.225.128:80

Request

POST /wp-content/plugins/nextgen-galleryOLD/products/photocrati_nextgen/modules/i18n/wstr.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Host: conspec.us
Content-Length: 645
Cache-Control: no-cache

Response

HTTP/1.1 405 Not Allowed

Server: awselb/2.0
Date: Sat, 22 Mar 2025 07:00:54 GMT
Content-Length: 0
Connection: keep-alive
WAFRule: 0
DNS

tmfilms.net

xdpxegnijily.exe

Remote address:

8.8.8.8:53

Request

tmfilms.net

IN A

Response

tmfilms.net

IN A

103.224.182.215
POST

http://tmfilms.net/wp-content/plugins/binary.php

xdpxegnijily.exe

Remote address:

103.224.182.215:80

Request

POST /wp-content/plugins/binary.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Host: tmfilms.net
Content-Length: 645
Cache-Control: no-cache

Response

HTTP/1.1 302 Found

date: Sat, 22 Mar 2025 07:00:01 GMT
server: Apache
set-cookie: __tad=1742626801.8235917; expires=Tue, 20-Mar-2035 07:00:01 GMT; Max-Age=315360000
location: http://ww25.tmfilms.net/wp-content/plugins/binary.php?subid1=20250322-1800-0119-881b-9170b7a8b1ae
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
DNS

ww25.tmfilms.net

xdpxegnijily.exe

Remote address:

8.8.8.8:53

Request

ww25.tmfilms.net

IN A

Response

ww25.tmfilms.net

IN CNAME

77026.bodis.com

77026.bodis.com

IN A

199.59.243.228
GET

http://ww25.tmfilms.net/wp-content/plugins/binary.php?subid1=20250322-1800-0119-881b-9170b7a8b1ae

xdpxegnijily.exe

Remote address:

199.59.243.228:80

Request

GET /wp-content/plugins/binary.php?subid1=20250322-1800-0119-881b-9170b7a8b1ae HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Cache-Control: no-cache
Host: ww25.tmfilms.net
Connection: Keep-Alive
Cookie: __tad=1742626801.8235917

Response

HTTP/1.1 200 OK

date: Sat, 22 Mar 2025 07:00:00 GMT
content-type: text/html; charset=utf-8
content-length: 1210
x-request-id: 8c36f730-9e0f-489c-a07e-8623d81102db
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_IBMbT3puqM1NZj4mGvuxFDocNNYDaf5z1LtcfUpRA1JMS18+PpCh0i8NdcAnLioVqZ5eDw1LmZBhpvi0lpvzZw==
set-cookie: parking_session=8c36f730-9e0f-489c-a07e-8623d81102db; expires=Sat, 22 Mar 2025 07:15:01 GMT; path=/
DNS

iqinternal.com

xdpxegnijily.exe

Remote address:

8.8.8.8:53

Request

iqinternal.com

IN A

Response
DNS

goktugyeli.com

xdpxegnijily.exe

Remote address:

8.8.8.8:53

Request

goktugyeli.com

IN A

Response
DNS

saludaonline.com

xdpxegnijily.exe

Remote address:

8.8.8.8:53

Request

saludaonline.com

IN A

Response
DNS

newculturemediablog.com

xdpxegnijily.exe

Remote address:

8.8.8.8:53

Request

newculturemediablog.com

IN A

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239356742545_1KNYU9T4JPR3SHFV1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239356742545_1KNYU9T4JPR3SHFV1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 664785
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DD5C87FB19704423A41583DE5135011D Ref B: LON04EDGE0918 Ref C: 2025-03-22T07:00:35Z
date: Sat, 22 Mar 2025 07:00:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 663266
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BAAA42A36D3E452A98CE8DFAE24E9FDF Ref B: LON04EDGE0918 Ref C: 2025-03-22T07:00:35Z
date: Sat, 22 Mar 2025 07:00:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360607351_1LWNG3EPOKCB0ST8C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360607351_1LWNG3EPOKCB0ST8C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 675918
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 455DBD5873F3464394D5DE31F70F2DB0 Ref B: LON04EDGE0918 Ref C: 2025-03-22T07:00:35Z
date: Sat, 22 Mar 2025 07:00:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360607350_1DIIHMLKOJP4KM45O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360607350_1DIIHMLKOJP4KM45O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 248362
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8F507F5B5BAF47FF80E8E04AA4F9FD6F Ref B: LON04EDGE0918 Ref C: 2025-03-22T07:00:35Z
date: Sat, 22 Mar 2025 07:00:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239356744296_15VBZP2MRT6FYDL3E&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239356744296_15VBZP2MRT6FYDL3E&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 542449
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C26CE8E7687648B099A5FED0D009CFF9 Ref B: LON04EDGE0918 Ref C: 2025-03-22T07:00:35Z
date: Sat, 22 Mar 2025 07:00:35 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 383560
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 95A5D8F8329C4F9087A5CFD61FAB91F5 Ref B: LON04EDGE0918 Ref C: 2025-03-22T07:00:36Z
date: Sat, 22 Mar 2025 07:00:35 GMT
POST

http://tmfilms.net/wp-content/plugins/binary.php

xdpxegnijily.exe

Remote address:

103.224.182.215:80

Request

POST /wp-content/plugins/binary.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Host: tmfilms.net
Content-Length: 645
Cache-Control: no-cache
Cookie: __tad=1742626801.8235917

Response

HTTP/1.1 302 Found

date: Sat, 22 Mar 2025 07:00:54 GMT
server: Apache
location: http://ww25.tmfilms.net/wp-content/plugins/binary.php?subid1=20250322-1800-54a4-93b8-db3432342c53
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
GET

http://ww25.tmfilms.net/wp-content/plugins/binary.php?subid1=20250322-1800-54a4-93b8-db3432342c53

xdpxegnijily.exe

Remote address:

199.59.243.228:80

Request

GET /wp-content/plugins/binary.php?subid1=20250322-1800-54a4-93b8-db3432342c53 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Cache-Control: no-cache
Host: ww25.tmfilms.net
Connection: Keep-Alive
Cookie: __tad=1742626801.8235917; parking_session=8c36f730-9e0f-489c-a07e-8623d81102db

Response

HTTP/1.1 200 OK

date: Sat, 22 Mar 2025 07:00:54 GMT
content-type: text/html; charset=utf-8
content-length: 1210
x-request-id: 07dd635d-042b-453c-b84f-e81fc2a69345
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_gKUu6Uxb92Ou8aEL8LgRr+Emxdpmz05t8mlsjbHQH2Uo7/hpmD6Iu7DUvCrB+EYYz2Tajyn5+C3Pj4o4Pnm4HA==
set-cookie: parking_session=8c36f730-9e0f-489c-a07e-8623d81102db; expires=Sat, 22 Mar 2025 07:15:54 GMT
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN A

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.dual-a-0036.a-msedge.net

edge-microsoft-com.dual-a-0036.a-msedge.net

IN CNAME

dual-a-0036.a-msedge.net

dual-a-0036.a-msedge.net

IN A

204.79.197.239

dual-a-0036.a-msedge.net

IN A

13.107.21.239
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN Unknown

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.dual-a-0036.a-msedge.net
DNS

iqinternal.com

xdpxegnijily.exe

Remote address:

8.8.8.8:53

Request

iqinternal.com

IN A

Response
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN A

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net

ax-0002.ax-msedge.net

IN A

150.171.28.11

ax-0002.ax-msedge.net

IN A

150.171.27.11
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN Unknown

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net
DNS

update.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

update.googleapis.com

IN A

Response

update.googleapis.com

IN A

142.250.180.3
DNS

update.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

update.googleapis.com

IN Unknown

Response
GET

http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:T1x3UV-cdqA6yLwWwCTA7jH4iwoET_ljW8UyV2_sONs&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

msedge.exe

Remote address:

204.79.197.239:80

Request

GET /browsernetworktime/time/1/current?cup2key=2:T1x3UV-cdqA6yLwWwCTA7jH4iwoET_ljW8UyV2_sONs&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
Host: edge.microsoft.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Sec-Mesh-Client-Edge-Version: 133.0.3065.69
Sec-Mesh-Client-Edge-Channel: stable
Sec-Mesh-Client-OS: Windows
Sec-Mesh-Client-OS-Version: 10.0.19041
Sec-Mesh-Client-Arch: x86_64
Sec-Mesh-Client-WebView: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Cache-Control: no-store, must-revalidate, no-cache, max-age=0
Pragma: no-cache
Content-Length: 100
Content-Type: application/json
Content-Encoding: gzip
Expires: Mon, 01 Jan 1990 00:00:00 GMT
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
x-cup-server-proof: 304502206E553E7A3F58F20013309EB512E61918CBAF3F11157CC68DA516BDC0C6F3400C022100E74FB92B7D0A80D4D8040309AD0DE0C6963E75F9B56823F27F7EC01EB2B57FBE:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Content-Disposition: attachment; filename='json.txt'
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 543CF5C4DA864B19AAC509F4A04EDAE4 Ref B: LON04EDGE1018 Ref C: 2025-03-22T07:00:55Z
Date: Sat, 22 Mar 2025 07:00:54 GMT
GET

https://edge.microsoft.com/extensionwebstorebase/v1/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff&x=id%3Djmjflgjpcpepeafmmgdpfkogkghcpiha%26v%3D0.0.0.0%26installsource%3Dreinstall%26installedby%3Dother%26uc%26ping%3Dr%253D9%2526e%253D0%2526dr%253D1024

msedge.exe

Remote address:

150.171.28.11:443

Request

GET /extensionwebstorebase/v1/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff&x=id%3Djmjflgjpcpepeafmmgdpfkogkghcpiha%26v%3D0.0.0.0%26installsource%3Dreinstall%26installedby%3Dother%26uc%26ping%3Dr%253D9%2526e%253D0%2526dr%253D1024 HTTP/2.0
host: edge.microsoft.com
edgefeatureflags: {"ExtensionUseNewStoreKeys":true,"UseHttpsForDownload":true}
update-interactivity: fg
ms-cv: 3DyH8Gn0cbqn8eidLr+5j2
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=1, i

Response

HTTP/2.0 200

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 1462
content-type: application/json; charset=utf-8
content-security-policy: base-uri 'self';block-all-mixed-content;default-src 'self';img-src 'self';object-src 'none';script-src 'none';style-src 'self';upgrade-insecure-requests;
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 9E7A68C80307439D8C16D64353A3ABC7 Ref B: LON04EDGE1122 Ref C: 2025-03-22T07:00:54Z
date: Sat, 22 Mar 2025 07:00:54 GMT
GET

https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19041&devicefamily=desktop&installdate=1741877482&clientversion=133.0.3065.69&experimentationmode=2&scpguard=0&scpfull=0&scpver=0

msedge.exe

Remote address:

150.171.28.11:443

Request

GET /serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19041&devicefamily=desktop&installdate=1741877482&clientversion=133.0.3065.69&experimentationmode=2&scpguard=0&scpfull=0&scpver=0 HTTP/2.0
host: edge.microsoft.com
pragma: no-cache
cache-control: no-cache
sec-mesh-client-edge-version: 133.0.3065.69
sec-mesh-client-edge-channel: stable
sec-mesh-client-os: Windows
sec-mesh-client-os-version: 10.0.19041
sec-mesh-client-arch: x86_64
sec-mesh-client-webview: 0
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiLTY5MjMwMjcxODcxMTMzNTIzODkiLCI2Ijoic3RhYmxlIiwiOSI6ImRlc2t0b3AifQ==
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 782
content-type: text/xml; charset=utf-8
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 573BBF0396814986821AC2621E14FF22 Ref B: LON04EDGE1122 Ref C: 2025-03-22T07:00:54Z
date: Sat, 22 Mar 2025 07:00:54 GMT
POST

https://update.googleapis.com/service/update2/json?cup2key=14:3YnLXPVbScCzXDM0_ZWiGe24YKYrm793wkK62mVxtBs&cup2hreq=8be234a4bd81973c166516bc74996bb614d293f68921492e7345a59da91d3ca0

msedge.exe

Remote address:

142.250.180.3:443

Request

POST /service/update2/json?cup2key=14:3YnLXPVbScCzXDM0_ZWiGe24YKYrm793wkK62mVxtBs&cup2hreq=8be234a4bd81973c166516bc74996bb614d293f68921492e7345a59da91d3ca0 HTTP/2.0
host: update.googleapis.com
content-length: 931
x-goog-update-appid: ghbmnnjooekpmoecnnnilnnbdlolhkhi
x-goog-update-interactivity: bg
x-goog-update-updater: chromiumcrx-133.0.3065.69
content-type: application/json
sec-mesh-client-edge-version: 133.0.3065.69
sec-mesh-client-edge-channel: stable
sec-mesh-client-os: Windows
sec-mesh-client-os-version: 10.0.19041
sec-mesh-client-arch: x86_64
sec-mesh-client-webview: 0
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
DNS

goktugyeli.com

xdpxegnijily.exe

Remote address:

8.8.8.8:53

Request

goktugyeli.com

IN A

Response
DNS

copilot.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

copilot.microsoft.com

IN A

Response

copilot.microsoft.com

IN CNAME

copilot-copilot-msft-com.trafficmanager.net

copilot-copilot-msft-com.trafficmanager.net

IN CNAME

copilot.microsoft.com.edgekey.net

copilot.microsoft.com.edgekey.net

IN CNAME

e107108.dscx.akamaiedge.net

e107108.dscx.akamaiedge.net

IN A

104.86.110.106

e107108.dscx.akamaiedge.net

IN A

2.18.66.57
DNS

copilot.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

copilot.microsoft.com

IN Unknown

Response

copilot.microsoft.com

IN CNAME

copilot-copilot-msft-com.trafficmanager.net

copilot-copilot-msft-com.trafficmanager.net

IN CNAME

copilot.microsoft.com.edgekey.net

copilot.microsoft.com.edgekey.net

IN CNAME

e107108.dscx.akamaiedge.net
DNS

api.edgeoffer.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.edgeoffer.microsoft.com

IN A

Response

api.edgeoffer.microsoft.com

IN CNAME

bingadsedgeextension-prod.trafficmanager.net

bingadsedgeextension-prod.trafficmanager.net

IN CNAME

bingadsedgeextension-prod-europe.azurewebsites.net

bingadsedgeextension-prod-europe.azurewebsites.net

IN CNAME

ssl.bingadsedgeextension-prod-europe.azurewebsites.net

ssl.bingadsedgeextension-prod-europe.azurewebsites.net

IN A

94.245.104.56
DNS

api.edgeoffer.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.edgeoffer.microsoft.com

IN Unknown

Response

api.edgeoffer.microsoft.com

IN CNAME

bingadsedgeextension-prod.trafficmanager.net

bingadsedgeextension-prod.trafficmanager.net

IN CNAME

bingadsedgeextension-prod-europe.azurewebsites.net

bingadsedgeextension-prod-europe.azurewebsites.net

IN CNAME

ssl.bingadsedgeextension-prod-europe.azurewebsites.net
DNS

saludaonline.com

xdpxegnijily.exe

Remote address:

8.8.8.8:53

Request

saludaonline.com

IN A

Response
GET

https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US

msedge.exe

Remote address:

94.245.104.56:443

Request

GET /edgeoffer/pb/experiments?appId=edge-extensions&country=US HTTP/1.1
Host: api.edgeoffer.microsoft.com
Connection: keep-alive
Sec-Fetch-Site: none
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
Sec-Fetch-Storage-Access: active
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 0
Content-Type: application/x-protobuf; charset=utf-8
Date: Sat, 22 Mar 2025 07:00:54 GMT
Server: Microsoft-IIS/10.0
Set-Cookie: ARRAffinity=2facc78c6123c667617ce21b30d0d14a237b3ab3f15825bb2e1896f7deb8e455;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com
Set-Cookie: ARRAffinitySameSite=2facc78c6123c667617ce21b30d0d14a237b3ab3f15825bb2e1896f7deb8e455;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com
Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9
X-Powered-By: ASP.NET
GET

https://copilot.microsoft.com/c/api/user/eligibility

msedge.exe

Remote address:

104.86.110.106:443

Request

GET /c/api/user/eligibility HTTP/2.0
host: copilot.microsoft.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
sec-fetch-storage-access: active
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

x-ceto-ref: 67de6027d0854a22b7ee66bd987c5684|AFD:67de6027d0854a22b7ee66bd987c5684|2025-03-22T07:00:55.075Z
content-length: 0
date: Sat, 22 Mar 2025 07:00:55 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.35421202.1742626855.129162e5
DNS

newculturemediablog.com

xdpxegnijily.exe

Remote address:

8.8.8.8:53

Request

newculturemediablog.com

IN A

Response
DNS

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN A

Response

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-ssl-tlu-net.trafficmanager.net

cdp-f-ssl-tlu-net.trafficmanager.net

IN CNAME

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

IN CNAME

a2033.dscd.akamai.net

a2033.dscd.akamai.net

IN A

2.18.190.174

a2033.dscd.akamai.net

IN A

2.18.190.170
DNS

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN Unknown

Response

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-ssl-tlu-net.trafficmanager.net

cdp-f-ssl-tlu-net.trafficmanager.net

IN CNAME

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

IN CNAME

a2033.dscd.akamai.net
GET

https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1743231655&P2=404&P3=2&P4=fUlQ%2bValn%2bOH3zUvmvUFZlkoDz9NUHN4UeOepIUV%2bUrEjypSk7QqvBqczUr9QfSCdF2TI%2bwMftamHa3i6kwOtw%3d%3d

msedge.exe

Remote address:

2.18.190.174:443

Request

GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1743231655&P2=404&P3=2&P4=fUlQ%2bValn%2bOH3zUvmvUFZlkoDz9NUHN4UeOepIUV%2bUrEjypSk7QqvBqczUr9QfSCdF2TI%2bwMftamHa3i6kwOtw%3d%3d HTTP/2.0
host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
ms-cv: 3DyH8Gn0cbqn8eidLr+5j2
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=1, i

Response

HTTP/2.0 200

content-type: application/x-chrome-extension
last-modified: Wed, 24 Jan 2024 00:25:37 GMT
accept-ranges: bytes
etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
server: Microsoft-IIS/10.0
x-aspnetmvc-version: 5.3
ms-correlationid: b28df9f1-dc3f-4ef4-9bdf-444e35c0efed
ms-requestid: bf267a2c-d093-4aea-80c7-cab035dc081a
ms-cv: vO+ovkxXWZJL+cB1R1PavD.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by: ARR/3.0
x-powered-by: ASP.NET
content-length: 11185
cache-control: public, max-age=86400
date: Sat, 22 Mar 2025 07:00:55 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,quic=":443"; ma=93600; v="43"
akamai-request-bc: [a=2.18.181.170,b=3722952119,c=g,n=GB_EN_LONDON,o=20940],[c=c,n=GB_EN_LONDON,o=20940]
msregion:
x-ccc:
x-cid: 3
akamai-grn: 0.aab51202.1742626855.dde7bdb7
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-expose-headers: Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC
access-control-allow-headers: origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
GET

https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=domains_config_gz&version=3.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362

msedge.exe

Remote address:

150.171.28.11:443

Request

GET /entityextractiontemplates/api/v1/assets/find-assets?name=domains_config_gz&version=3.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362 HTTP/2.0
host: edge.microsoft.com
edge-asset-group: EntityExtractionDomainsConfig
sec-mesh-client-edge-version: 133.0.3065.69
sec-mesh-client-edge-channel: stable
sec-mesh-client-os: Windows
sec-mesh-client-os-version: 10.0.19041
sec-mesh-client-arch: x86_64
sec-mesh-client-webview: 0
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

cache-control: public, max-age=3600
content-length: 266
content-type: application/json; charset=utf-8
x-cache: TCP_HIT
x-frame-options: sameorigin
x-msedge-ref: Ref A: FA4E272131B64A8CAF746104DB795B7C Ref B: LON04EDGE0710 Ref C: 2025-03-22T07:00:56Z
date: Sat, 22 Mar 2025 07:00:56 GMT
GET

https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=24.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362

msedge.exe

Remote address:

150.171.28.11:443

Request

GET /entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=24.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362 HTTP/2.0
host: edge.microsoft.com
edge-asset-group: ArbitrationService
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

cache-control: public, max-age=3600
content-length: 271
content-type: application/json; charset=utf-8
x-cache: TCP_HIT
x-frame-options: sameorigin
x-msedge-ref: Ref A: E19DB1CBB0D94DB7881E3C9126255179 Ref B: LON04EDGE0710 Ref C: 2025-03-22T07:00:56Z
date: Sat, 22 Mar 2025 07:00:56 GMT
GET

https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest_gz&version=4.11.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362

msedge.exe

Remote address:

150.171.28.11:443

Request

GET /entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest_gz&version=4.11.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362 HTTP/2.0
host: edge.microsoft.com
edge-asset-group: Shoreline
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

cache-control: public, max-age=3600
content-length: 265
content-type: application/json; charset=utf-8
x-cache: TCP_HIT
x-frame-options: sameorigin
x-msedge-ref: Ref A: 1FC0F2ABFA324DD5881C7F58BF9F1199 Ref B: LON04EDGE0710 Ref C: 2025-03-22T07:00:56Z
date: Sat, 22 Mar 2025 07:00:56 GMT
GET

https://www.bing.com/api/shopping/v1/user/shoppingsettings?EnabledServiceFeaturesv2=edgeServerUX.shopping.aablockth,edgeServerUX.shopping.block99,edgeServerUX.shopping.disableCashbackOnCouponCopy,edgeServerUX.shopping.enableColdStartCohort,edgeServerUX.shopping.highttaablocksrth,edgeServerUX.shopping.highttaablockth,edgeServerUX.shopping.migrateClippingToOmnibox,edgeServerUX.shopping.msEdgeShoppingCashbackDismissTimeout2s,edgeServerUX.shopping.nrtLogging,edgeServerUX.shopping.snDataFromOS,edgeServerUX.shopping.useExpSNData

msedge.exe

Remote address:

2.18.66.48:443

Request

GET /api/shopping/v1/user/shoppingsettings?EnabledServiceFeaturesv2=edgeServerUX.shopping.aablockth,edgeServerUX.shopping.block99,edgeServerUX.shopping.disableCashbackOnCouponCopy,edgeServerUX.shopping.enableColdStartCohort,edgeServerUX.shopping.highttaablocksrth,edgeServerUX.shopping.highttaablockth,edgeServerUX.shopping.migrateClippingToOmnibox,edgeServerUX.shopping.msEdgeShoppingCashbackDismissTimeout2s,edgeServerUX.shopping.nrtLogging,edgeServerUX.shopping.snDataFromOS,edgeServerUX.shopping.useExpSNData HTTP/2.0
host: www.bing.com
cookie: ANON=
cookie: MUID=
cookie: _RwBf=
cookie:
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiLTY5MjMwMjcxODcxMTMzNTIzODkiLCI2Ijoic3RhYmxlIiwiOSI6ImRlc2t0b3AifQ==
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
sec-fetch-storage-access: active
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zsdch, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: application/json; charset=utf-8
content-encoding: br
vary: Accept-Encoding
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BDC0F4ADD78842C1BDC1B2914691E367 Ref B: LON04EDGE1221 Ref C: 2025-03-22T07:00:56Z
date: Sat, 22 Mar 2025 07:00:57 GMT
content-length: 425
set-cookie: _EDGE_S=F=1&SID=3629B3C8ACBA60522BF2A67FAD5A61CA; path=/; httponly; domain=bing.com
set-cookie: _EDGE_V=1; path=/; httponly; expires=Thu, 16-Apr-2026 07:00:56 GMT; domain=bing.com
set-cookie: MUID=03548DB2C7F969DB1C5C9805C61968B4; samesite=none; path=/; secure; expires=Thu, 16-Apr-2026 07:00:56 GMT; domain=bing.com
set-cookie: MUIDB=03548DB2C7F969DB1C5C9805C61968B4; path=/; httponly; expires=Thu, 16-Apr-2026 07:00:56 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.5d6e5668.1742626856.13b15db2
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN A

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.dual-a-0036.a-msedge.net

edge-microsoft-com.dual-a-0036.a-msedge.net

IN CNAME

dual-a-0036.a-msedge.net

dual-a-0036.a-msedge.net

IN A

204.79.197.239

dual-a-0036.a-msedge.net

IN A

13.107.21.239
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN Unknown

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net
GET

https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist

msedge.exe

Remote address:

204.79.197.239:443

Request

GET /abusiveadblocking/api/v1/blocklist HTTP/2.0
host: edge.microsoft.com
if-none-match: "5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B"
sec-mesh-client-edge-version: 133.0.3065.69
sec-mesh-client-edge-channel: stable
sec-mesh-client-os: Windows
sec-mesh-client-os-version: 10.0.19041
sec-mesh-client-arch: x86_64
sec-mesh-client-webview: 0
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
sec-fetch-storage-access: active
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i

Response

HTTP/2.0 304

cache-control: public, max-age=43200
content-type: application/json; charset=utf-8
content-encoding: gzip
etag: "5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B"
vary: Accept-Encoding
x-cache: TCP_HIT
x-mesh-client-ttl: 72
strict-transport-security: max-age=0
x-msedge-ref: Ref A: 30539E9AC75F45A3BBE0C79C0B4D20FC Ref B: LON04EDGE1014 Ref C: 2025-03-22T07:00:57Z
date: Sat, 22 Mar 2025 07:00:56 GMT
DNS

edgeassetservice.azureedge.net

msedge.exe

Remote address:

8.8.8.8:53

Request

edgeassetservice.azureedge.net

IN A

Response

edgeassetservice.azureedge.net

IN CNAME

edgeassetservice.afd.azureedge.net

edgeassetservice.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0037.t-0009.t-msedge.net

shed.dual-low.s-part-0037.t-0009.t-msedge.net

IN CNAME

s-part-0037.t-0009.t-msedge.net

s-part-0037.t-0009.t-msedge.net

IN A

13.107.246.65
DNS

edgeassetservice.azureedge.net

msedge.exe

Remote address:

8.8.8.8:53

Request

edgeassetservice.azureedge.net

IN Unknown

Response

edgeassetservice.azureedge.net

IN CNAME

edgeassetservice.afd.azureedge.net

edgeassetservice.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
GET

https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/24.0.4/asset?assetgroup=ArbitrationService

msedge.exe

Remote address:

13.107.246.65:443

Request

GET /assets/arbitration_priority_list/24.0.4/asset?assetgroup=ArbitrationService HTTP/2.0
host: edgeassetservice.azureedge.net
edge-asset-group: ArbitrationService
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

date: Sat, 22 Mar 2025 07:00:57 GMT
content-type: application/octet-stream
content-length: 20242
last-modified: Thu, 20 Mar 2025 17:16:21 GMT
etag: 0x8DD67D2EF6CF554
x-ms-request-id: 2594a8c7-701e-002c-74a1-9aea3a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20250322T070057Z-157d97d486cpwqn4hC1LONeh0c00000000z000000000dakp
cache-control: public, max-age=604800
x-fd-int-roxy-purgeid: 69316365
x-cache: TCP_HIT
accept-ranges: bytes
GET

https://edge.microsoft.com/extensionwebstorebase/v1/logextensionreliability?success=true&cv=3DyH8Gn0cbqn8eidLr+5j2&errorString=&crxId=jmjflgjpcpepeafmmgdpfkogkghcpiha&os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff

msedge.exe

Remote address:

204.79.197.239:443

Request

GET /extensionwebstorebase/v1/logextensionreliability?success=true&cv=3DyH8Gn0cbqn8eidLr+5j2&errorString=&crxId=jmjflgjpcpepeafmmgdpfkogkghcpiha&os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff HTTP/2.0
host: edge.microsoft.com
scenario: Update
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i

Response

HTTP/2.0 200

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: text/plain; charset=utf-8
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: E6EE838194AA48E3B55020A1B29EAA90 Ref B: LON04EDGE0812 Ref C: 2025-03-22T07:00:57Z
date: Sat, 22 Mar 2025 07:00:56 GMT
POST

https://edge.microsoft.com/componentupdater/api/v1/update?cup2key=7:EhOjQpzbcvpe2-3H1yU_hbzHGmYY1K-nTpTEaiz4o-I&cup2hreq=f1a79c963c0de4c1e087ed16717a0279dcadc165faf4389c6a89e21651749aa9

msedge.exe

Remote address:

204.79.197.239:443

Request

POST /componentupdater/api/v1/update?cup2key=7:EhOjQpzbcvpe2-3H1yU_hbzHGmYY1K-nTpTEaiz4o-I&cup2hreq=f1a79c963c0de4c1e087ed16717a0279dcadc165faf4389c6a89e21651749aa9 HTTP/2.0
host: edge.microsoft.com
content-length: 11808
x-microsoft-update-appid: hjaimielcgmceiphgjjfddlgjklfpdei,llmidpclgepbgbgoecnhcmgfhmfplfao,jbfaflocpnkhbgcijpkiafdpbjkedane,hajigopbbjhghbfimgkfmpenfkclmohk,gllimckfbolmioaaihpppacjccghejen,mpicjakjneaggahlnmbojhjpnileolnb,omnckhpgfmaoelhddliebabpgblmmnjp,ndikpojcjlepofdkaaldkinkjbeeebkl,plbmmhnabegcabfbcejohgjpkamkddhn,alpjnmnfbgfkmmpcfpejmmoebdndedno,lfmeghnikdkbonehgjihjebgioakijgn,kmkacjgmmfchkbeglfbjjeidfckbnkca,ahmaebgpfccdhgidjaidaoojjcijckba,jcmcegpcehdchljeldgmmfbgcpnmgedo,kpfehajjjbbcifeehjgfgnabifknmdad,cllppcmmlnkggcmljjfigkcigaajjmid,oankkpibpaokgecfckkdkgaoafllipag,lkkdlcloifjinapabfonaibjijloebfb,fgbafbciocncjfbbonhocjaohoknlaco,mkcgfaeepibomfapiapjaceihcojnphg,eeobbhfgfagbclfofmgbdfoicabjdbkn,ojblfafjmiikbkepnnolpgbbhejhlcim,pbdgbpmpeenomngainidcjmopnklimmf,fppmbhmldokgmleojlplaaodlkibgikh,ohckeflnhegojcjlcpbfpciadgikcohk,pdfjdcjjjegpclfiilihfkmdfndkneei
x-microsoft-update-interactivity: bg
x-microsoft-update-service-cohort: 4967
x-microsoft-update-updater: msedge-133.0.3065.69
content-type: application/json
sec-mesh-client-edge-version: 133.0.3065.69
sec-mesh-client-edge-channel: stable
sec-mesh-client-os: Windows
sec-mesh-client-os-version: 10.0.19041
sec-mesh-client-arch: x86_64
sec-mesh-client-webview: 0
x-client-data: COXnygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i

Response

HTTP/2.0 200

cache-control: no-store, must-revalidate, no-cache, max-age=0
pragma: no-cache
content-length: 4644
content-type: application/json
content-encoding: gzip
expires: Mon, 01 Jan 1990 00:00:00 GMT
etag: 3046022100A50181A59B13CC78390BFA31FD5998826FF71B80492AA74813FD9FDBDA43D926022100CCDC7746149EBCA3EE226896544D3F5B87C4A039F3C5B058D88FE6F48671490E:f1a79c963c0de4c1e087ed16717a0279dcadc165faf4389c6a89e21651749aa9
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-cup-server-proof: 3046022100A50181A59B13CC78390BFA31FD5998826FF71B80492AA74813FD9FDBDA43D926022100CCDC7746149EBCA3EE226896544D3F5B87C4A039F3C5B058D88FE6F48671490E:f1a79c963c0de4c1e087ed16717a0279dcadc165faf4389c6a89e21651749aa9
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: BE0E9A3A38C6407EACA817B94C3F5613 Ref B: LON04EDGE0812 Ref C: 2025-03-22T07:01:54Z
date: Sat, 22 Mar 2025 07:01:54 GMT
POST

https://edge.microsoft.com/componentupdater/api/v1/update

msedge.exe

Remote address:

204.79.197.239:443

Request

POST /componentupdater/api/v1/update HTTP/2.0
host: edge.microsoft.com
content-length: 1460
x-microsoft-update-service-cohort: 4967
content-type: application/json
sec-mesh-client-edge-version: 133.0.3065.69
sec-mesh-client-edge-channel: stable
sec-mesh-client-os: Windows
sec-mesh-client-os-version: 10.0.19041
sec-mesh-client-arch: x86_64
sec-mesh-client-webview: 0
x-client-data: COXnygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i

Response

HTTP/2.0 200

cache-control: no-store, must-revalidate, no-cache, max-age=0
pragma: no-cache
content-length: 177
content-type: application/json
content-encoding: gzip
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 7089918F4A6D4E89BDD86213B79003FA Ref B: LON04EDGE0812 Ref C: 2025-03-22T07:02:06Z
date: Sat, 22 Mar 2025 07:02:06 GMT
POST

https://edge.microsoft.com/componentupdater/api/v1/update

msedge.exe

Remote address:

204.79.197.239:443

Request

POST /componentupdater/api/v1/update HTTP/2.0
host: edge.microsoft.com
content-length: 1453
x-microsoft-update-service-cohort: 4967
content-type: application/json
sec-mesh-client-edge-version: 133.0.3065.69
sec-mesh-client-edge-channel: stable
sec-mesh-client-os: Windows
sec-mesh-client-os-version: 10.0.19041
sec-mesh-client-arch: x86_64
sec-mesh-client-webview: 0
x-client-data: COXnygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i

Response

HTTP/2.0 200

cache-control: no-store, must-revalidate, no-cache, max-age=0
pragma: no-cache
content-length: 179
content-type: application/json
content-encoding: gzip
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 014A1242FE664C62884C6A9305187B1C Ref B: LON04EDGE0812 Ref C: 2025-03-22T07:02:23Z
date: Sat, 22 Mar 2025 07:02:23 GMT
DNS

c.pki.goog

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.180.3
GET

http://c.pki.goog/r/r1.crl

Remote address:

142.250.180.3:80

Request

GET /r/r1.crl HTTP/1.1
Cache-Control: max-age = 3000
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog

Response

HTTP/1.1 304 Not Modified

Date: Sat, 22 Mar 2025 06:22:22 GMT
Expires: Sat, 22 Mar 2025 07:12:22 GMT
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Cache-Control: public, max-age=3000
Vary: Accept-Encoding
Age: 2318
DNS

edge-consumer-static.azureedge.net

msedge.exe

Remote address:

8.8.8.8:53

Request

edge-consumer-static.azureedge.net

IN A

Response

edge-consumer-static.azureedge.net

IN CNAME

edge-consumer-static.afd.azureedge.net

edge-consumer-static.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

edge-consumer-static.azureedge.net

msedge.exe

Remote address:

8.8.8.8:53

Request

edge-consumer-static.azureedge.net

IN Unknown

Response

edge-consumer-static.azureedge.net

IN CNAME

edge-consumer-static.afd.azureedge.net

edge-consumer-static.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
GET

https://edge-consumer-static.azureedge.net/mouse-gesture/config.json

msedge.exe

Remote address:

13.107.246.64:443

Request

GET /mouse-gesture/config.json HTTP/2.0
host: edge-consumer-static.azureedge.net
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
sec-fetch-storage-access: active
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i

Response

HTTP/2.0 200

date: Sat, 22 Mar 2025 07:01:24 GMT
content-type: application/json
content-length: 101
last-modified: Tue, 24 Oct 2023 08:27:00 GMT
etag: 0x8DBD46AFE482320
x-ms-request-id: cf69c985-401e-001c-3d59-94e017000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20250322T070124Z-157d97d486c7zvgxhC1LONrzsg0000000mkg000000006r7q
x-fd-int-roxy-purgeid: 83582889
x-cache: TCP_HIT
cache-control: public, max-age=432000
accept-ranges: bytes
DNS

static.edge.microsoftapp.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.edge.microsoftapp.net

IN A

Response

static.edge.microsoftapp.net

IN CNAME

edge-cloud-resource-static.azureedge.net

edge-cloud-resource-static.azureedge.net

IN CNAME

edge-cloud-resource-static.afd.azureedge.net

edge-cloud-resource-static.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

static.edge.microsoftapp.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.edge.microsoftapp.net

IN Unknown

Response

static.edge.microsoftapp.net

IN CNAME

edge-cloud-resource-static.azureedge.net

edge-cloud-resource-static.azureedge.net

IN CNAME

edge-cloud-resource-static.afd.azureedge.net

edge-cloud-resource-static.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
HEAD

https://static.edge.microsoftapp.net/default/cloud_config_observers.json

msedge.exe

Remote address:

13.107.246.64:443

Request

HEAD /default/cloud_config_observers.json HTTP/2.0
host: static.edge.microsoftapp.net
pragma: no-cache
cache-control: no-cache
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i

Response

HTTP/2.0 200

date: Sat, 22 Mar 2025 07:01:54 GMT
content-type: application/json
content-length: 493
content-md5: GGsaCyXCYnduY1fUnwywjA==
last-modified: Thu, 20 Mar 2025 10:04:25 GMT
etag: 0x8DD67969883BED8
x-ms-request-id: e1fe3aef-501e-006b-2f7f-99e9e2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20250322T070154Z-157d97d486ctt5hnhC1LONuk2w0000000an000000000bvph
x-fd-int-roxy-purgeid: 83582889
x-cache: TCP_HIT
accept-ranges: bytes
GET

https://static.edge.microsoftapp.net/default/cloud_config_observers.json

msedge.exe

Remote address:

13.107.246.64:443

Request

GET /default/cloud_config_observers.json HTTP/2.0
host: static.edge.microsoftapp.net
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i

Response

HTTP/2.0 200

date: Sat, 22 Mar 2025 07:01:54 GMT
content-type: application/json
content-length: 493
last-modified: Thu, 20 Mar 2025 10:04:25 GMT
etag: 0x8DD67969883BED8
x-ms-request-id: 2e9a347f-101e-0008-1385-997419000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20250322T070154Z-157d97d486ctt5hnhC1LONuk2w0000000an000000000bvpp
x-fd-int-roxy-purgeid: 83582889
x-cache: TCP_HIT
accept-ranges: bytes
DNS

edge-mobile-static.azureedge.net

msedge.exe

Remote address:

8.8.8.8:53

Request

edge-mobile-static.azureedge.net

IN A

Response

edge-mobile-static.azureedge.net

IN CNAME

edge-mobile-static.afd.azureedge.net

edge-mobile-static.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

edge-mobile-static.azureedge.net

msedge.exe

Remote address:

8.8.8.8:53

Request

edge-mobile-static.azureedge.net

IN Unknown

Response

edge-mobile-static.azureedge.net

IN CNAME

edge-mobile-static.afd.azureedge.net

edge-mobile-static.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net
DNS

edge-cloud-resource-static.azureedge.net

msedge.exe

Remote address:

8.8.8.8:53

Request

edge-cloud-resource-static.azureedge.net

IN A

Response

edge-cloud-resource-static.azureedge.net

IN CNAME

edge-cloud-resource-static.afd.azureedge.net

edge-cloud-resource-static.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

edge-cloud-resource-static.azureedge.net

msedge.exe

Remote address:

8.8.8.8:53

Request

edge-cloud-resource-static.azureedge.net

IN Unknown

Response

edge-cloud-resource-static.azureedge.net

IN CNAME

edge-cloud-resource-static.afd.azureedge.net

edge-cloud-resource-static.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
GET

https://edge-cloud-resource-static.azureedge.net/default/operation_config/default.json

msedge.exe

Remote address:

13.107.246.64:443

Request

GET /default/operation_config/default.json HTTP/2.0
host: edge-cloud-resource-static.azureedge.net
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i

Response

HTTP/2.0 200

date: Sat, 22 Mar 2025 07:01:54 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 20 Mar 2025 10:04:30 GMT
x-ms-request-id: eb62cf0e-a01e-001d-3085-9963aa000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20250322T070154Z-157d97d486cq99lqhC1LONfbzg0000000mx000000000egcs
x-fd-int-roxy-purgeid: 83582889
x-cache: TCP_HIT
content-encoding: br
GET

https://edge-mobile-static.azureedge.net/eccp/get?settenant=edge-config&setplatform=win&setmkt=en-US&setchannel=stable

msedge.exe

Remote address:

13.107.246.64:443

Request

GET /eccp/get?settenant=edge-config&setplatform=win&setmkt=en-US&setchannel=stable HTTP/2.0
host: edge-mobile-static.azureedge.net
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i

Response

HTTP/2.0 200

date: Sat, 22 Mar 2025 07:01:54 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 20 Mar 2025 10:42:43 GMT
x-ms-request-id: 1a2d3612-b01e-006e-5fef-9917b5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20250322T070154Z-157d97d486c5tn77hC1LONq3uw0000000h10000000009avd
x-fd-int-roxy-purgeid: 83582889
x-cache: TCP_HIT
content-encoding: br
DNS

msedge.b.tlu.dl.delivery.mp.microsoft.com

Remote address:

8.8.8.8:53

Request

msedge.b.tlu.dl.delivery.mp.microsoft.com

IN A

Response

msedge.b.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-tlu-net.trafficmanager.net

cdp-f-tlu-net.trafficmanager.net

IN CNAME

fg.microsoft.map.fastly.net

fg.microsoft.map.fastly.net

IN A

199.232.210.172

fg.microsoft.map.fastly.net

IN A

199.232.214.172
HEAD

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3d

Remote address:

199.232.210.172:80

Request

HEAD /filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 6252
Cache-Control: public, max-age=17280000
Content-Type: application/x-chrome-extension
ETag: "3AWVl34DSMJKHl2C217ukEQM0Mw="
Last-Modified: Mon, 11 Nov 2024 00:17:54 GMT
MS-CorrelationId: a51b7417-6a19-42fa-9ac5-9728cd844a69
MS-CV: Uhws1dIzmUy9z6OD.0
MS-RequestId: cb9f760f-388b-496e-9f43-47f385abd2dc
Accept-Ranges: bytes
Date: Sat, 22 Mar 2025 07:01:59 GMT
Via: 1.1 varnish
Age: 4562597
X-Served-By: cache-lcy-eglc8600038-LCY
X-Cache: HIT
X-Cache-Hits: 17852582
X-Timer: S1742626919.042717,VS0,VE0
X-CID: 3
X-CCC: GB
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 11 Nov 2024 00:17:54 GMT
Range: bytes=0-1119
User-Agent: Microsoft BITS/7.8
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 1120
Cache-Control: public, max-age=17280000
Content-Type: application/x-chrome-extension
ETag: "3AWVl34DSMJKHl2C217ukEQM0Mw="
Last-Modified: Mon, 11 Nov 2024 00:17:54 GMT
MS-CorrelationId: a51b7417-6a19-42fa-9ac5-9728cd844a69
MS-CV: Uhws1dIzmUy9z6OD.0
MS-RequestId: cb9f760f-388b-496e-9f43-47f385abd2dc
Accept-Ranges: bytes
Date: Sat, 22 Mar 2025 07:01:59 GMT
Via: 1.1 varnish
Age: 4562597
X-Served-By: cache-lcy-eglc8600038-LCY
X-Cache: HIT
X-Cache-Hits: 17852585
X-Timer: S1742626919.109756,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 0-1119/6252
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 11 Nov 2024 00:17:54 GMT
Range: bytes=1120-2793
User-Agent: Microsoft BITS/7.8
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 1674
Cache-Control: public, max-age=17280000
Content-Type: application/x-chrome-extension
ETag: "3AWVl34DSMJKHl2C217ukEQM0Mw="
Last-Modified: Mon, 11 Nov 2024 00:17:54 GMT
MS-CorrelationId: a51b7417-6a19-42fa-9ac5-9728cd844a69
MS-CV: Uhws1dIzmUy9z6OD.0
MS-RequestId: cb9f760f-388b-496e-9f43-47f385abd2dc
Accept-Ranges: bytes
Date: Sat, 22 Mar 2025 07:02:02 GMT
Via: 1.1 varnish
Age: 4562600
X-Served-By: cache-lcy-eglc8600038-LCY
X-Cache: HIT
X-Cache-Hits: 17852598
X-Timer: S1742626922.233320,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 1120-2793/6252
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 11 Nov 2024 00:17:54 GMT
Range: bytes=2794-6251
User-Agent: Microsoft BITS/7.8
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 206 Partial Content

Connection: keep-alive
Content-Length: 3458
Cache-Control: public, max-age=17280000
Content-Type: application/x-chrome-extension
ETag: "3AWVl34DSMJKHl2C217ukEQM0Mw="
Last-Modified: Mon, 11 Nov 2024 00:17:54 GMT
MS-CorrelationId: a51b7417-6a19-42fa-9ac5-9728cd844a69
MS-CV: Uhws1dIzmUy9z6OD.0
MS-RequestId: cb9f760f-388b-496e-9f43-47f385abd2dc
Accept-Ranges: bytes
Date: Sat, 22 Mar 2025 07:02:03 GMT
Via: 1.1 varnish
Age: 4562601
X-Served-By: cache-lcy-eglc8600038-LCY
X-Cache: HIT
X-Cache-Hits: 17852605
X-Timer: S1742626923.437414,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 2794-6251/6252
HEAD

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cd4e6fbf-c0e9-4dc2-9e3d-7f538bc7435a?P1=1743202846&P2=404&P3=2&P4=Wwrrd9ycY1hYAi6KRSKZa%2bRBs1K9l7GpmCRt0crXxFsfrV7SSL%2fbBaVYOCb3qFbCH2VCiAbAPdYtPBqsC3Gp3g%3d%3d

Remote address:

199.232.210.172:80

Request

HEAD /filestreamingservice/files/cd4e6fbf-c0e9-4dc2-9e3d-7f538bc7435a?P1=1743202846&P2=404&P3=2&P4=Wwrrd9ycY1hYAi6KRSKZa%2bRBs1K9l7GpmCRt0crXxFsfrV7SSL%2fbBaVYOCb3qFbCH2VCiAbAPdYtPBqsC3Gp3g%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 7867
Cache-Control: public, max-age=17280000
Content-Type: application/x-chrome-extension
Last-Modified: Fri, 21 Mar 2025 22:19:58 GMT
ETag: "9iK7xPzAv8q985Zbm4Con5JxafU="
MS-CorrelationId: 4164b8f0-e804-4235-ab4d-7a3e79220109
MS-RequestId: 50f1d66c-fc5d-4668-b591-40eca375990c
MS-CV: uZQngVX3/U2gB55V.0
Accept-Ranges: bytes
Date: Sat, 22 Mar 2025 07:02:19 GMT
Via: 1.1 varnish
Age: 30638
X-Served-By: cache-lcy-eglc8600038-LCY
X-Cache: HIT
X-Cache-Hits: 204347
X-Timer: S1742626939.318749,VS0,VE0
X-CID: 3
X-CCC: GB
GET

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cd4e6fbf-c0e9-4dc2-9e3d-7f538bc7435a?P1=1743202846&P2=404&P3=2&P4=Wwrrd9ycY1hYAi6KRSKZa%2bRBs1K9l7GpmCRt0crXxFsfrV7SSL%2fbBaVYOCb3qFbCH2VCiAbAPdYtPBqsC3Gp3g%3d%3d

Remote address:

199.232.210.172:80

Request

GET /filestreamingservice/files/cd4e6fbf-c0e9-4dc2-9e3d-7f538bc7435a?P1=1743202846&P2=404&P3=2&P4=Wwrrd9ycY1hYAi6KRSKZa%2bRBs1K9l7GpmCRt0crXxFsfrV7SSL%2fbBaVYOCb3qFbCH2VCiAbAPdYtPBqsC3Gp3g%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 21 Mar 2025 22:19:58 GMT
User-Agent: Microsoft BITS/7.8
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 7867
Cache-Control: public, max-age=17280000
Content-Type: application/x-chrome-extension
Last-Modified: Fri, 21 Mar 2025 22:19:58 GMT
ETag: "9iK7xPzAv8q985Zbm4Con5JxafU="
MS-CorrelationId: 4164b8f0-e804-4235-ab4d-7a3e79220109
MS-RequestId: 50f1d66c-fc5d-4668-b591-40eca375990c
MS-CV: uZQngVX3/U2gB55V.0
Accept-Ranges: bytes
Date: Sat, 22 Mar 2025 07:02:19 GMT
Via: 1.1 varnish
Age: 30638
X-Served-By: cache-lcy-eglc8600038-LCY
X-Cache: HIT
X-Cache-Hits: 204350
X-Timer: S1742626939.438749,VS0,VE0
X-CID: 3
X-CCC: GB
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN A

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net

ax-0002.ax-msedge.net

IN A

150.171.27.11

ax-0002.ax-msedge.net

IN A

150.171.28.11
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN Unknown

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net
DNS

msedge.b.tlu.dl.delivery.mp.microsoft.com

Remote address:

8.8.8.8:53

Request

msedge.b.tlu.dl.delivery.mp.microsoft.com

IN A

Response

msedge.b.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-tlu-net.trafficmanager.net

cdp-f-tlu-net.trafficmanager.net

IN CNAME

fg.microsoft.map.fastly.net

fg.microsoft.map.fastly.net

IN A

199.232.214.172

fg.microsoft.map.fastly.net

IN A

199.232.210.172

150.171.27.10:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

tls, http2

2.0kB
9.4kB
22
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=

HTTP Response

204
15.197.225.128:80

http://conspec.us/wp-content/plugins/nextgen-galleryOLD/products/photocrati_nextgen/modules/i18n/wstr.php

http

xdpxegnijily.exe

2.2kB
452 B
7
4

HTTP Request

POST http://conspec.us/wp-content/plugins/nextgen-galleryOLD/products/photocrati_nextgen/modules/i18n/wstr.php

HTTP Response

405

HTTP Request

POST http://conspec.us/wp-content/plugins/nextgen-galleryOLD/products/photocrati_nextgen/modules/i18n/wstr.php

HTTP Response

405
103.224.182.215:80

http://tmfilms.net/wp-content/plugins/binary.php

http

xdpxegnijily.exe

1.2kB
532 B
6
4

HTTP Request

POST http://tmfilms.net/wp-content/plugins/binary.php

HTTP Response

302
199.59.243.228:80

http://ww25.tmfilms.net/wp-content/plugins/binary.php?subid1=20250322-1800-0119-881b-9170b7a8b1ae

http

xdpxegnijily.exe

655 B
2.1kB
8
4

HTTP Request

GET http://ww25.tmfilms.net/wp-content/plugins/binary.php?subid1=20250322-1800-0119-881b-9170b7a8b1ae

HTTP Response

200
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

115.7kB
3.3MB
2398
2388

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239356742545_1KNYU9T4JPR3SHFV1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360607351_1LWNG3EPOKCB0ST8C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360607350_1DIIHMLKOJP4KM45O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239356744296_15VBZP2MRT6FYDL3E&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
103.224.182.215:80

http://tmfilms.net/wp-content/plugins/binary.php

http

xdpxegnijily.exe

1.2kB
436 B
6
4

HTTP Request

POST http://tmfilms.net/wp-content/plugins/binary.php

HTTP Response

302
199.59.243.228:80

http://ww25.tmfilms.net/wp-content/plugins/binary.php?subid1=20250322-1800-54a4-93b8-db3432342c53

http

xdpxegnijily.exe

761 B
2.8kB
9
6

HTTP Request

GET http://ww25.tmfilms.net/wp-content/plugins/binary.php?subid1=20250322-1800-54a4-93b8-db3432342c53

HTTP Response

200
204.79.197.239:80

http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:T1x3UV-cdqA6yLwWwCTA7jH4iwoET_ljW8UyV2_sONs&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

http

msedge.exe

1.6kB
1.1kB
6
5

HTTP Request

GET http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:T1x3UV-cdqA6yLwWwCTA7jH4iwoET_ljW8UyV2_sONs&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Response

200
150.171.28.11:443

https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19041&devicefamily=desktop&installdate=1741877482&clientversion=133.0.3065.69&experimentationmode=2&scpguard=0&scpfull=0&scpver=0

tls, http2

msedge.exe

4.0kB
10.2kB
18
21

HTTP Request

GET https://edge.microsoft.com/extensionwebstorebase/v1/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff&x=id%3Djmjflgjpcpepeafmmgdpfkogkghcpiha%26v%3D0.0.0.0%26installsource%3Dreinstall%26installedby%3Dother%26uc%26ping%3Dr%253D9%2526e%253D0%2526dr%253D1024

HTTP Request

GET https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19041&devicefamily=desktop&installdate=1741877482&clientversion=133.0.3065.69&experimentationmode=2&scpguard=0&scpfull=0&scpver=0

HTTP Response

200

HTTP Response

200
150.171.28.11:443

edge.microsoft.com

tls, http2

msedge.exe

2.4kB
6.9kB
10
12
142.250.180.3:443

https://update.googleapis.com/service/update2/json?cup2key=14:3YnLXPVbScCzXDM0_ZWiGe24YKYrm793wkK62mVxtBs&cup2hreq=8be234a4bd81973c166516bc74996bb614d293f68921492e7345a59da91d3ca0

tls, http2

msedge.exe

4.4kB
8.5kB
16
18

HTTP Request

POST https://update.googleapis.com/service/update2/json?cup2key=14:3YnLXPVbScCzXDM0_ZWiGe24YKYrm793wkK62mVxtBs&cup2hreq=8be234a4bd81973c166516bc74996bb614d293f68921492e7345a59da91d3ca0
94.245.104.56:443

https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US

tls, http

msedge.exe

3.5kB
7.4kB
12
13

HTTP Request

GET https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US

HTTP Response

200
104.86.110.106:443

https://copilot.microsoft.com/c/api/user/eligibility

tls, http2

msedge.exe

2.9kB
5.5kB
15
17

HTTP Request

GET https://copilot.microsoft.com/c/api/user/eligibility

HTTP Response

200
2.18.190.174:443

https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1743231655&P2=404&P3=2&P4=fUlQ%2bValn%2bOH3zUvmvUFZlkoDz9NUHN4UeOepIUV%2bUrEjypSk7QqvBqczUr9QfSCdF2TI%2bwMftamHa3i6kwOtw%3d%3d

tls, http2

msedge.exe

3.3kB
20.2kB
21
28

HTTP Request

GET https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1743231655&P2=404&P3=2&P4=fUlQ%2bValn%2bOH3zUvmvUFZlkoDz9NUHN4UeOepIUV%2bUrEjypSk7QqvBqczUr9QfSCdF2TI%2bwMftamHa3i6kwOtw%3d%3d

HTTP Response

200
2.18.66.48:443

www.bing.com

tls

msedge.exe

2.2kB
4.4kB
10
7
150.171.28.11:443

edge.microsoft.com

msedge.exe

98 B
52 B
2
1
150.171.28.11:443

https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest_gz&version=4.11.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362

tls, http2

msedge.exe

4.1kB
8.8kB
19
23

HTTP Request

GET https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=domains_config_gz&version=3.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362

HTTP Request

GET https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=24.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362

HTTP Request

GET https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest_gz&version=4.11.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362

HTTP Response

200

HTTP Response

200

HTTP Response

200
2.18.66.48:443

https://www.bing.com/api/shopping/v1/user/shoppingsettings?EnabledServiceFeaturesv2=edgeServerUX.shopping.aablockth,edgeServerUX.shopping.block99,edgeServerUX.shopping.disableCashbackOnCouponCopy,edgeServerUX.shopping.enableColdStartCohort,edgeServerUX.shopping.highttaablocksrth,edgeServerUX.shopping.highttaablockth,edgeServerUX.shopping.migrateClippingToOmnibox,edgeServerUX.shopping.msEdgeShoppingCashbackDismissTimeout2s,edgeServerUX.shopping.nrtLogging,edgeServerUX.shopping.snDataFromOS,edgeServerUX.shopping.useExpSNData

tls, http2

msedge.exe

3.4kB
6.6kB
16
16

HTTP Request

GET https://www.bing.com/api/shopping/v1/user/shoppingsettings?EnabledServiceFeaturesv2=edgeServerUX.shopping.aablockth,edgeServerUX.shopping.block99,edgeServerUX.shopping.disableCashbackOnCouponCopy,edgeServerUX.shopping.enableColdStartCohort,edgeServerUX.shopping.highttaablocksrth,edgeServerUX.shopping.highttaablockth,edgeServerUX.shopping.migrateClippingToOmnibox,edgeServerUX.shopping.msEdgeShoppingCashbackDismissTimeout2s,edgeServerUX.shopping.nrtLogging,edgeServerUX.shopping.snDataFromOS,edgeServerUX.shopping.useExpSNData

HTTP Response

200
204.79.197.239:443

https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist

tls, http2

msedge.exe

3.1kB
7.4kB
13
17

HTTP Request

GET https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist

HTTP Response

304
13.107.246.65:443

https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/24.0.4/asset?assetgroup=ArbitrationService

tls, http2

msedge.exe

4.4kB
30.0kB
33
35

HTTP Request

GET https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/24.0.4/asset?assetgroup=ArbitrationService

HTTP Response

200
204.79.197.239:443

https://edge.microsoft.com/componentupdater/api/v1/update

tls, http2

msedge.exe

20.6kB
15.0kB
40
49

HTTP Request

GET https://edge.microsoft.com/extensionwebstorebase/v1/logextensionreliability?success=true&cv=3DyH8Gn0cbqn8eidLr+5j2&errorString=&crxId=jmjflgjpcpepeafmmgdpfkogkghcpiha&os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff

HTTP Response

200

HTTP Request

POST https://edge.microsoft.com/componentupdater/api/v1/update?cup2key=7:EhOjQpzbcvpe2-3H1yU_hbzHGmYY1K-nTpTEaiz4o-I&cup2hreq=f1a79c963c0de4c1e087ed16717a0279dcadc165faf4389c6a89e21651749aa9

HTTP Response

200

HTTP Request

POST https://edge.microsoft.com/componentupdater/api/v1/update

HTTP Response

200

HTTP Request

POST https://edge.microsoft.com/componentupdater/api/v1/update

HTTP Response

200
142.250.180.3:80

http://c.pki.goog/r/r1.crl

http

476 B
395 B
6
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

304
13.107.246.64:443

https://edge-consumer-static.azureedge.net/mouse-gesture/config.json

tls, http2

msedge.exe

3.6kB
9.0kB
15
16

HTTP Request

GET https://edge-consumer-static.azureedge.net/mouse-gesture/config.json

HTTP Response

200
13.107.246.64:443

https://static.edge.microsoftapp.net/default/cloud_config_observers.json

tls, http2

msedge.exe

3.7kB
9.7kB
16
18

HTTP Request

HEAD https://static.edge.microsoftapp.net/default/cloud_config_observers.json

HTTP Response

200

HTTP Request

GET https://static.edge.microsoftapp.net/default/cloud_config_observers.json

HTTP Response

200
13.107.246.64:443

https://edge-cloud-resource-static.azureedge.net/default/operation_config/default.json

tls, http2

msedge.exe

3.4kB
9.6kB
14
16

HTTP Request

GET https://edge-cloud-resource-static.azureedge.net/default/operation_config/default.json

HTTP Response

200
13.107.246.64:443

https://edge-mobile-static.azureedge.net/eccp/get?settenant=edge-config&setplatform=win&setmkt=en-US&setchannel=stable

tls, http2

msedge.exe

3.6kB
12.8kB
16
20

HTTP Request

GET https://edge-mobile-static.azureedge.net/eccp/get?settenant=edge-config&setplatform=win&setmkt=en-US&setchannel=stable

HTTP Response

200
199.232.210.172:80

http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cd4e6fbf-c0e9-4dc2-9e3d-7f538bc7435a?P1=1743202846&P2=404&P3=2&P4=Wwrrd9ycY1hYAi6KRSKZa%2bRBs1K9l7GpmCRt0crXxFsfrV7SSL%2fbBaVYOCb3qFbCH2VCiAbAPdYtPBqsC3Gp3g%3d%3d

http

3.2kB
18.8kB
17
24

HTTP Request

HEAD http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3d

HTTP Response

200

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3d

HTTP Response

206

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3d

HTTP Response

206

HTTP Request

HEAD http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cd4e6fbf-c0e9-4dc2-9e3d-7f538bc7435a?P1=1743202846&P2=404&P3=2&P4=Wwrrd9ycY1hYAi6KRSKZa%2bRBs1K9l7GpmCRt0crXxFsfrV7SSL%2fbBaVYOCb3qFbCH2VCiAbAPdYtPBqsC3Gp3g%3d%3d

HTTP Response

200

HTTP Request

GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cd4e6fbf-c0e9-4dc2-9e3d-7f538bc7435a?P1=1743202846&P2=404&P3=2&P4=Wwrrd9ycY1hYAi6KRSKZa%2bRBs1K9l7GpmCRt0crXxFsfrV7SSL%2fbBaVYOCb3qFbCH2VCiAbAPdYtPBqsC3Gp3g%3d%3d

HTTP Response

200

8.8.8.8:53

g.bing.com

dns

56 B
148 B
1
1

DNS Request

g.bing.com

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

conspec.us

dns

xdpxegnijily.exe

56 B
88 B
1
1

DNS Request

conspec.us

DNS Response

15.197.225.128

3.33.251.168
8.8.8.8:53

tmfilms.net

dns

xdpxegnijily.exe

57 B
73 B
1
1

DNS Request

tmfilms.net

DNS Response

103.224.182.215
8.8.8.8:53

ww25.tmfilms.net

dns

xdpxegnijily.exe

62 B
107 B
1
1

DNS Request

ww25.tmfilms.net

DNS Response

199.59.243.228
8.8.8.8:53

iqinternal.com

dns

xdpxegnijily.exe

60 B
133 B
1
1

DNS Request

iqinternal.com
8.8.8.8:53

goktugyeli.com

dns

xdpxegnijily.exe

60 B
133 B
1
1

DNS Request

goktugyeli.com
8.8.8.8:53

saludaonline.com

dns

xdpxegnijily.exe

62 B
135 B
1
1

DNS Request

saludaonline.com
8.8.8.8:53

newculturemediablog.com

dns

xdpxegnijily.exe

69 B
142 B
1
1

DNS Request

newculturemediablog.com
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
208 B
1
1

DNS Request

edge.microsoft.com

DNS Response

204.79.197.239

13.107.21.239
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
209 B
1
1

DNS Request

edge.microsoft.com
8.8.8.8:53

iqinternal.com

dns

xdpxegnijily.exe

60 B
133 B
1
1

DNS Request

iqinternal.com
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
205 B
1
1

DNS Request

edge.microsoft.com

DNS Response

150.171.28.11

150.171.27.11
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
206 B
1
1

DNS Request

edge.microsoft.com
8.8.8.8:53

update.googleapis.com

dns

msedge.exe

67 B
83 B
1
1

DNS Request

update.googleapis.com

DNS Response

142.250.180.3
8.8.8.8:53

update.googleapis.com

dns

msedge.exe

67 B
124 B
1
1

DNS Request

update.googleapis.com
8.8.8.8:53

goktugyeli.com

dns

xdpxegnijily.exe

60 B
133 B
1
1

DNS Request

goktugyeli.com
8.8.8.8:53

copilot.microsoft.com

dns

msedge.exe

67 B
238 B
1
1

DNS Request

copilot.microsoft.com

DNS Response

104.86.110.106

2.18.66.57
8.8.8.8:53

copilot.microsoft.com

dns

msedge.exe

67 B
267 B
1
1

DNS Request

copilot.microsoft.com
8.8.8.8:53

api.edgeoffer.microsoft.com

dns

msedge.exe

73 B
226 B
1
1

DNS Request

api.edgeoffer.microsoft.com

DNS Response

94.245.104.56
8.8.8.8:53

api.edgeoffer.microsoft.com

dns

msedge.exe

73 B
271 B
1
1

DNS Request

api.edgeoffer.microsoft.com
8.8.8.8:53

saludaonline.com

dns

xdpxegnijily.exe

62 B
135 B
1
1

DNS Request

saludaonline.com
8.8.8.8:53

newculturemediablog.com

dns

xdpxegnijily.exe

69 B
142 B
1
1

DNS Request

newculturemediablog.com
8.8.8.8:53

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

dns

msedge.exe

98 B
341 B
1
1

DNS Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

DNS Response

2.18.190.174

2.18.190.170
8.8.8.8:53

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

dns

msedge.exe

98 B
370 B
1
1

DNS Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
208 B
1
1

DNS Request

edge.microsoft.com

DNS Response

204.79.197.239

13.107.21.239
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
206 B
1
1

DNS Request

edge.microsoft.com
224.0.0.251:5353

msedge.exe

204 B
3
8.8.8.8:53

edgeassetservice.azureedge.net

dns

msedge.exe

76 B
243 B
1
1

DNS Request

edgeassetservice.azureedge.net

DNS Response

13.107.246.65
8.8.8.8:53

edgeassetservice.azureedge.net

dns

msedge.exe

76 B
287 B
1
1

DNS Request

edgeassetservice.azureedge.net
2.18.66.48:443

www.bing.com

https

msedge.exe

3.1kB
6.8kB
10
14
8.8.8.8:53

c.pki.goog

dns

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.180.3
8.8.8.8:53

edge-consumer-static.azureedge.net

dns

msedge.exe

80 B
251 B
1
1

DNS Request

edge-consumer-static.azureedge.net

DNS Response

13.107.246.64
8.8.8.8:53

edge-consumer-static.azureedge.net

dns

msedge.exe

80 B
295 B
1
1

DNS Request

edge-consumer-static.azureedge.net
8.8.8.8:53

static.edge.microsoftapp.net

dns

msedge.exe

74 B
302 B
1
1

DNS Request

static.edge.microsoftapp.net

DNS Response

13.107.246.64
8.8.8.8:53

static.edge.microsoftapp.net

dns

msedge.exe

74 B
346 B
1
1

DNS Request

static.edge.microsoftapp.net
8.8.8.8:53

edge-mobile-static.azureedge.net

dns

msedge.exe

78 B
247 B
1
1

DNS Request

edge-mobile-static.azureedge.net

DNS Response

13.107.246.64
8.8.8.8:53

edge-mobile-static.azureedge.net

dns

msedge.exe

78 B
277 B
1
1

DNS Request

edge-mobile-static.azureedge.net
8.8.8.8:53

edge-cloud-resource-static.azureedge.net

dns

msedge.exe

86 B
263 B
1
1

DNS Request

edge-cloud-resource-static.azureedge.net

DNS Response

13.107.246.64
8.8.8.8:53

edge-cloud-resource-static.azureedge.net

dns

msedge.exe

86 B
307 B
1
1

DNS Request

edge-cloud-resource-static.azureedge.net
8.8.8.8:53

msedge.b.tlu.dl.delivery.mp.microsoft.com

dns

87 B
266 B
1
1

DNS Request

msedge.b.tlu.dl.delivery.mp.microsoft.com

DNS Response

199.232.210.172

199.232.214.172
2.18.66.65:443

www.bing.com

https

msedge.exe

3.0kB
3.6kB
7
10
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
205 B
1
1

DNS Request

edge.microsoft.com

DNS Response

150.171.27.11

150.171.28.11
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
220 B
1
1

DNS Request

edge.microsoft.com
8.8.8.8:53

msedge.b.tlu.dl.delivery.mp.microsoft.com

dns

87 B
266 B
1
1

DNS Request

msedge.b.tlu.dl.delivery.mp.microsoft.com

DNS Response

199.232.214.172

199.232.210.172

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
560B

MD5
ba04f6a58daf12657c546a47f995b7a6

SHA1
ef9a1e050e848202214d71795d8c9f2d8dd48384

SHA256
f21ce90e98bcf437c94775800bc5bb97b95305fe93a3b5f3b560813820fe17f8

SHA512
2d68178b7e2dc9f9bb05722e3ca7913a9c8684099e8852a43d627a500a80f2a5fff0cf2d417a49976da9e15982f3f85476c9ccb493c90caf29a6a873f344d702

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
560B

MD5
fd36078e3f6acbc17d8709484d0e6f71

SHA1
e257a85478071e9c133f5bd93d5da4c30675d4d8

SHA256
1a632930df005ea62b36a26996bfa3334c1b38ce45edea0f5521bbc590e98f47

SHA512
46065f265ae01646a8ba2c81a54830a635e43f678d2f12ade23473df0ffb5c98c3f9bebb2f5e014fa57b0d5bab0af8ad4a165bec498c60d945716f42df0724ba

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
416B

MD5
ceff33dab7961322d2574fe8c7916409

SHA1
a97c18f55e8e9292d46c85cdcca44d9ebec1f03d

SHA256
6915460220bd0f1d63a9736cf2f878705347eb0647088ad2a6b12eb8d3557f67

SHA512
010304b9bc8313d49af77ddd9e3b784c4b0fa39b4df06ebd3f69357c01431fcdb41664b038617ec73e67cb07126f12c42bfdf85fa50d100964fa69b9c8e5a312

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5044_1981931487\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5044_1981931487\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7b0736a36bad51260e5db322736df2e9

SHA1
30af14ed09d3f769230d67f51e0adb955833673e

SHA256
0d2adfd06d505b9020c292d30597083d808bfd90ddc0fe173def5db96832a087

SHA512
caabdc6a8601b93f3c082e6506b3c9efe2242b90e92e86306dc0bd4857d33343ba395325fabb21f5db562d3e3932f52f77de547f379072d0154efd5f1b1cdeb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js.mp3

Filesize
9KB

MD5
941274668b5d8385c4e20adfe22a9a29

SHA1
49d9dd755c61fe520169b8b0b2d75e3ecdba4ce0

SHA256
c0a57b3ec8656b0ed0f9afecf3b36156b3aa34143146e49e553590553cb94215

SHA512
03b35633c5d0b4259431b0fe3462c06c91449d7074b0c2f85741e3e118ea4a680a678362fd97204825a443e4406a05de416719705ae740e0fd49ffdc8f72909d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content_new.js.mp3

Filesize
10KB

MD5
4105b435c3261de2995e14468f484dda

SHA1
488fb2f68fa0d92e87de62ca5490139675d58b90

SHA256
c5077412c26001813aa435c0752b17189104fd5da6a3a39a47fa07acba4816e8

SHA512
dc736f5ad1349a50fcadf7fecf56d13ef76ed2802770ec4350bb9f3ed077139efda01a607fb11f82f987e2b8c34d50d05c274a744eb1fd559083d103d578b5af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_1\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
248c9d8c1746b07573d48e77a12c93b2

SHA1
67adc1cf2feba00743d6250e2ec048f4184aee8e

SHA256
ee98f4debe0f122745c5de1fcf0cf08284ba870e63b916f6096773f8adb23ce7

SHA512
bee4e225c91ee47aa8bd7ab0474ad6766921a005bfb69d87fd9f2920c06782fb262e2b545ad3cf2de0f44c5f787f8efed291d965242001e8fc076dda0fa31e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
8b8cb48fbc8db08fae31b3be319f19b9

SHA1
6ab6f40b7b043ebf427f17f7b875b0d9ffb8e42f

SHA256
66fb60bb8b46da24854b1601fcc1170988edc9de79615a16ed7f548e8c4d2e7e

SHA512
ad4823b80c3858e879e25eb596df44115a82f45ede0707dd2e82911d01ff9ba25037d1818acff36ec1098ab7a4a6a531861dd2e0e5ccdefea9ab29bbe59d6d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
963e35629fdebf78e33f4f8956a362ad

SHA1
f8b7f3df1229e1955c3d605135bc91ed1565740e

SHA256
186bf6443ad12e01974517be17dbaca401c74630d955953716507b24eb3b2713

SHA512
16409149eff1bbeb0c511f0c731154aca956602d76b3eb5d4e54f7e995332c35324b8b8d1cf81f4c203773b9979a7947cd81855dbebead7ad98a93db08a87d8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
3693a1e89f0b4ac50b153a898aab7b1e

SHA1
f616919fcf215f4f1d0779476a41b7a52cf9dd52

SHA256
7ca2d287f20ca94fedae1007d9869a2f7639b90c9720359709e2d2bc9e137c41

SHA512
95fb60b6eed8c015b80b8a9572642faad54814275190cd2fd3b5ad7b376aa8abba5362d50b4de80a8bd3cb26cdb81b61d7f5e689207522f94bd20dbffc260808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
465B

MD5
b8791c732f17171a1612538615bbeb69

SHA1
e68cb7e737b5098024d6649629cd8679c87cb5fe

SHA256
760aaa9bcc92622179af0e90b32d1d939042a3ef83cc7251c47d54328b652c8c

SHA512
50e99b0195b004d35cb3e64209ba4affbde2dfaf7ec358ffe170dcbc345207561fbea0042276a9720ace6874d18ee029c92e99378347313c7a3df4c2d5e676ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
22KB

MD5
a69b1a499a194b3fc246697bfefbd407

SHA1
ff04142d328401c59af16639d30f3240a1bd9dfa

SHA256
2acca1899c0421bfa89a1a2565c41d1dfe669bdc080ec567c548eb4329a07d48

SHA512
d3c9b55414194efdf75a8b60796b2076431d1b645a23fa3f315b82c308dfa6eb50b52470e0fbf5438838217ef4514afbd6a83f33428276e83aeabed5a0e67cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
896B

MD5
3150567f9a516def1ce9302ae31e824e

SHA1
b41b34441db45b8799b3136725ad6f24d41e6b95

SHA256
c54dad7a7831e3f7c2d65909a1592f3c8e875c10efde3387fc0b9a79f9894636

SHA512
a1adc28768428b77ab1799f611c89a73c94cf080cfb208680396fcadf70ada3af349fe29070d147968f10bfa5456588eef96e9fc4703a545729e190335a4fef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Notifications\0.0.0.46\arbitration_metadata.txt.mp3

Filesize
344KB

MD5
d6c5bf7914ee4cfbe9270e9051c43695

SHA1
a8f2fc0cdaa900c3cd5c5f92412e150eb17723f4

SHA256
eab557af653aaf78819dc9a7a3028de0403ef8d3619c4541b6fca16dab9011ea

SHA512
bed8e85828a6c8d1134792634a4aa5e561380561638fa1d4d528eae2181bb37cbc777cbf0a0e9e82465edad8542e79f745b18dba510f3d2959b1ba56b924f083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
19491c926beb5441d78c93d9c9d8f6b3

SHA1
e6e4128d1585f9dc34c1f710da1cfb61481fbcc1

SHA256
0ca2566a2487a382ee912a80e994652b5948a98db2010bbc0ae3572f46f93fbe

SHA512
d39592c68099e5fe45b6ed2b2a381bab7a283eb54f4f55e9bfdc0f6b509c241d0ab688ef2a3b7cf980df58d20712390d825ec8e072599b0186c801cf99b9442e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
49b84c0a2ed655cca522532e325e1714

SHA1
09c6aa949f541c4a618b8a8df90f7b791355cbd8

SHA256
21d04f5138fad28b6032db278bc1f839f2889707a3d7e86a9d1c81575f0dab1a

SHA512
0357b65f8e63c1df0c8acfbae38ef7f9d2315166bcbe09c411bc00b06a481f75624aa352bc7e4463a0b62ca85af0ff99fe662a3b75c08ce23d1955573fad88a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
0bc9fa9f72bdcbaf4a1bbf5bfc2db8f6

SHA1
3b2fd54288f26b596cac2d6fdadd917761645bad

SHA256
675ab2b19db5871cc35d0680b872f14274a9cccbf95db4fb705bc39ba8045e17

SHA512
918622a5b564561ec38177cdbd045091aed623d98a58fd3d5c4f001b6c3ec32f2becdbe6e0916d3055f682d97d6f46a6ac43e3554c72f453a0d8b7b75b7288ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
cf78fe01d11783c695f401ed28eb7470

SHA1
c6ce269b8a059e33e4741564e1f0dc04f1aaab8b

SHA256
3eb155e588f530abefb46a9c9fc3f7ae793fdfdcd24b55a3909864cbc767c709

SHA512
d1022f616109524235943c19f65a119bf17061fa0e417c76abddd9779416c316da038d1b00b9ef73174f4e116bf6d1202d901ace9339eaa8a6a427ee57672e56

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133863512399351925.txt

Filesize
77KB

MD5
2834027f9e20e3bd2880fffcb6646970

SHA1
845ef84dc355140fdff8e88493ce5a22baf5ae0e

SHA256
550ec350daf5b2f4287e73267dfb9009058569d3995f968d3963ce4c9d2eb606

SHA512
82dbdcbb5d3f5c75f897460e30c24165f7c91a7bceaf13715a6e8fe4e87e5dcc1b3e4e98767d6ffa4e27357b5224694c81dadf9c9bf1c0568d5187736a132b6f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133863553978119774.txt

Filesize
87KB

MD5
0192cf8af64ef836cace24a0cbb8bdd0

SHA1
0e87064c3a46fc4c969bea60a38bd4a9d3bd99ca

SHA256
3355a37b31fe46dc4a3563b3e5877b1d78ac975e2f861cf1d20e73b91d5edfc2

SHA512
75bae6747b9fdb9f59708e31c7038008b95324e157d2b0ff581220108921409b4f33eddaa9f9c4a383a443608ee4e617d3be1db00c26f6347dd6f608fcd42e3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5044_1555314158\98869cde-cfcd-4d94-b4f2-9428f6c9d355.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Windows\xdpxegnijily.exe

Filesize
251KB

MD5
8fa787e817cf01cfdb0b287de2ee39c9

SHA1
37f6f0b73983d7d61a5393ded3ffd3eec5f6f0b8

SHA256
4dbd942433b4510cec4998e8447aef56c776753d6b23c3690e19fc6d573fc8af

SHA512
5d6f734eb82254b303f81776dc161d4409597c986298ed0e95f0fe4752a16a0fb07d95823adeb6943fa7d11a801cbef53b1cf19168a3ce8af3cea86f12a3468e

Download Submit
C:\ebea8a0c5b7ebb8dc5b60da7\_ReCoVeRy_+jndgx.html

Filesize
11KB

MD5
4bfc3cc669548e0a87e56921083ccab6

SHA1
1dd8e0a37256ea43de944554e19f41734fe1e342

SHA256
baddb9a7445f64f9f1ca7588d811d70c69295a73228e5341b66ee3410c57f3d8

SHA512
d87ddf88033efeaf6d36b38c88196fc656a4ea733ffeb566329a8f2432f7e187689fa4dda20a7cc18a00adec6f0991bf9a597f9edc28cfb11e4d8406bec9446d

Download Submit
C:\ebea8a0c5b7ebb8dc5b60da7\_ReCoVeRy_+jndgx.png

Filesize
64KB

MD5
2a82aad25229334e5e38a210759f49e6

SHA1
1cb83c4d24dc1ddb1585cfc3939d02f3d5f4616e

SHA256
3cf57a82c9c27927b5b789515c0a27b8c06dc3a5ccb62c1e49ab9b3cbdb51343

SHA512
a23d9bc71c9116c24ce3e172bf2e583d4428210a062e74474fb2be94c8a9c1a68ce30864406f2bed772e4b362875197d97b8524e8b129738ee292f2b987d7a58

Download Submit
C:\ebea8a0c5b7ebb8dc5b60da7\_ReCoVeRy_+jndgx.txt

Filesize
1KB

MD5
a5eb95e83a23dfaf1b759a7e4580ebf4

SHA1
ea1824c3516ad31c3becae379aaa07037a03b4b9

SHA256
6c2fc3ac718aaa53603111968322535139165624e4cf73f6fa513f2cc000f7a2

SHA512
cf71af3412c7e651854a6b68acacc8e033101f9c6837ebd1ba4b67f4fa81d0c6376b8c2211fa06563d5a6e33b5e1c069057d4c17631f11e6b8c1fd5b9fb075f4

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request