Analysis
-
max time kernel
144s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20250313-en -
resource tags
arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system -
submitted
22/03/2025, 06:59 UTC
Static task
static1
Behavioral task
behavioral1
Sample
2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe
Resource
win10v2004-20250313-en
General
-
Target
2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe
-
Size
251KB
-
MD5
8fa787e817cf01cfdb0b287de2ee39c9
-
SHA1
37f6f0b73983d7d61a5393ded3ffd3eec5f6f0b8
-
SHA256
4dbd942433b4510cec4998e8447aef56c776753d6b23c3690e19fc6d573fc8af
-
SHA512
5d6f734eb82254b303f81776dc161d4409597c986298ed0e95f0fe4752a16a0fb07d95823adeb6943fa7d11a801cbef53b1cf19168a3ce8af3cea86f12a3468e
-
SSDEEP
3072:iLhtgSlZAeKoNhb64VzKRJWpLXOe/TYUAk/M2lH0+6m6MU0N/nr+rtnd9mTRpcr:qsxWp9TYUzX6Zm6MU0N6gXcr
Malware Config
Extracted
C:\ebea8a0c5b7ebb8dc5b60da7\_ReCoVeRy_+jndgx.txt
teslacrypt
http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/9FEFE98BC0BFB9AA
http://gfkuwflbhsjdabnu4nfukerfqwlfwr4rw.ringbalor.com/9FEFE98BC0BFB9AA
http://oehknf74ohqlfnpq9rhfgcq93g.hateflux.com/9FEFE98BC0BFB9AA
http://xlowfznrg4wf7dli.ONION/9FEFE98BC0BFB9AA
Signatures
-
TeslaCrypt, AlphaCrypt
Ransomware based on CryptoLocker. Shut down by the developers in 2016.
-
Teslacrypt family
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (887) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3446877943-4095308722-756223633-1000\Control Panel\International\Geo\Nation 2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe Key value queried \REGISTRY\USER\S-1-5-21-3446877943-4095308722-756223633-1000\Control Panel\International\Geo\Nation xdpxegnijily.exe -
Drops startup file 6 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_ReCoVeRy_+jndgx.txt xdpxegnijily.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+jndgx.png xdpxegnijily.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+jndgx.txt xdpxegnijily.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_ReCoVeRy_+jndgx.png xdpxegnijily.exe -
Executes dropped EXE 1 IoCs
pid Process 3120 xdpxegnijily.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3446877943-4095308722-756223633-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pthbeil = "C:\\Windows\\system32\\CMD.EXE /c start C:\\Windows\\xdpxegnijily.exe" xdpxegnijily.exe -
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\_ReCoVeRy_+jndgx.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_ReCoVeRy_+jndgx.txt xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_CatEye.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\AppxMetadata\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-200.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Outlook.scale-150.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarBadge.scale-200.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubStoreLogo.scale-200_contrast-black.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ko-KR\View3d\_ReCoVeRy_+jndgx.txt xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\font\_ReCoVeRy_+jndgx.txt xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-200_contrast-white.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsSplashLogo.scale-100.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-40.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_ReCoVeRy_+jndgx.txt xdpxegnijily.exe File opened for modification C:\Program Files\7-Zip\Lang\ar.txt xdpxegnijily.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Program Files\Windows Photo Viewer\ja-JP\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-24_altform-unplated_contrast-black.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-150.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\animations\OneNoteFirstRunCarousel_Animation2.mp4 xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleSmallTile.scale-100.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\_ReCoVeRy_+jndgx.png xdpxegnijily.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\as_IN\_ReCoVeRy_+jndgx.txt xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp9.scale-125.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-32_altform-unplated.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\kn-IN\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\StoreLogo\PaintApplist.scale-100.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteMedTile.scale-400.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-36.png xdpxegnijily.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-100_contrast-black.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-80_altform-unplated.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_gameDVR.targetsize-48.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreLogo.scale-100_contrast-white.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_ReCoVeRy_+jndgx.txt xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\_ReCoVeRy_+jndgx.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\OrientationControlOuterCircleHover.png xdpxegnijily.exe File opened for modification C:\Program Files\7-Zip\Lang\ne.txt xdpxegnijily.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\lv-LV\_ReCoVeRy_+jndgx.png xdpxegnijily.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png xdpxegnijily.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\HelpAndFeedback\VideoThumbnail.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-100_contrast-white.png xdpxegnijily.exe File opened for modification C:\Program Files\7-Zip\Lang\br.txt xdpxegnijily.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\security\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\_ReCoVeRy_+jndgx.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-200_contrast-black.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-24.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\FaceReco_Illustration_SM.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-300.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Program Files\edge_BITS_4700_1893608584\_ReCoVeRy_+jndgx.png xdpxegnijily.exe File opened for modification C:\Program Files\Internet Explorer\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-64_altform-lightunplated.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\fonts\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-24_altform-unplated_contrast-black.png xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\sticker17.png xdpxegnijily.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hu-HU\_ReCoVeRy_+jndgx.html xdpxegnijily.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\te-IN\_ReCoVeRy_+jndgx.html xdpxegnijily.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\xdpxegnijily.exe 2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe File created C:\Windows\xdpxegnijily.exe 2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xdpxegnijily.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language NOTEPAD.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133871004557996602" msedge.exe -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3446877943-4095308722-756223633-1000_Classes\Local Settings xdpxegnijily.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3446877943-4095308722-756223633-1000\{F30A980C-B590-452A-A401-EF6B76173C35} msedge.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 4220 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe 3120 xdpxegnijily.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 3268 2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe Token: SeDebugPrivilege 3120 xdpxegnijily.exe Token: SeIncreaseQuotaPrivilege 2892 WMIC.exe Token: SeSecurityPrivilege 2892 WMIC.exe Token: SeTakeOwnershipPrivilege 2892 WMIC.exe Token: SeLoadDriverPrivilege 2892 WMIC.exe Token: SeSystemProfilePrivilege 2892 WMIC.exe Token: SeSystemtimePrivilege 2892 WMIC.exe Token: SeProfSingleProcessPrivilege 2892 WMIC.exe Token: SeIncBasePriorityPrivilege 2892 WMIC.exe Token: SeCreatePagefilePrivilege 2892 WMIC.exe Token: SeBackupPrivilege 2892 WMIC.exe Token: SeRestorePrivilege 2892 WMIC.exe Token: SeShutdownPrivilege 2892 WMIC.exe Token: SeDebugPrivilege 2892 WMIC.exe Token: SeSystemEnvironmentPrivilege 2892 WMIC.exe Token: SeRemoteShutdownPrivilege 2892 WMIC.exe Token: SeUndockPrivilege 2892 WMIC.exe Token: SeManageVolumePrivilege 2892 WMIC.exe Token: 33 2892 WMIC.exe Token: 34 2892 WMIC.exe Token: 35 2892 WMIC.exe Token: 36 2892 WMIC.exe Token: SeIncreaseQuotaPrivilege 2892 WMIC.exe Token: SeSecurityPrivilege 2892 WMIC.exe Token: SeTakeOwnershipPrivilege 2892 WMIC.exe Token: SeLoadDriverPrivilege 2892 WMIC.exe Token: SeSystemProfilePrivilege 2892 WMIC.exe Token: SeSystemtimePrivilege 2892 WMIC.exe Token: SeProfSingleProcessPrivilege 2892 WMIC.exe Token: SeIncBasePriorityPrivilege 2892 WMIC.exe Token: SeCreatePagefilePrivilege 2892 WMIC.exe Token: SeBackupPrivilege 2892 WMIC.exe Token: SeRestorePrivilege 2892 WMIC.exe Token: SeShutdownPrivilege 2892 WMIC.exe Token: SeDebugPrivilege 2892 WMIC.exe Token: SeSystemEnvironmentPrivilege 2892 WMIC.exe Token: SeRemoteShutdownPrivilege 2892 WMIC.exe Token: SeUndockPrivilege 2892 WMIC.exe Token: SeManageVolumePrivilege 2892 WMIC.exe Token: 33 2892 WMIC.exe Token: 34 2892 WMIC.exe Token: 35 2892 WMIC.exe Token: 36 2892 WMIC.exe Token: SeBackupPrivilege 4832 vssvc.exe Token: SeRestorePrivilege 4832 vssvc.exe Token: SeAuditPrivilege 4832 vssvc.exe Token: SeIncreaseQuotaPrivilege 4392 WMIC.exe Token: SeSecurityPrivilege 4392 WMIC.exe Token: SeTakeOwnershipPrivilege 4392 WMIC.exe Token: SeLoadDriverPrivilege 4392 WMIC.exe Token: SeSystemProfilePrivilege 4392 WMIC.exe Token: SeSystemtimePrivilege 4392 WMIC.exe Token: SeProfSingleProcessPrivilege 4392 WMIC.exe Token: SeIncBasePriorityPrivilege 4392 WMIC.exe Token: SeCreatePagefilePrivilege 4392 WMIC.exe Token: SeBackupPrivilege 4392 WMIC.exe Token: SeRestorePrivilege 4392 WMIC.exe Token: SeShutdownPrivilege 4392 WMIC.exe Token: SeDebugPrivilege 4392 WMIC.exe Token: SeSystemEnvironmentPrivilege 4392 WMIC.exe Token: SeRemoteShutdownPrivilege 4392 WMIC.exe Token: SeUndockPrivilege 4392 WMIC.exe Token: SeManageVolumePrivilege 4392 WMIC.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 5044 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3268 wrote to memory of 3120 3268 2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe 89 PID 3268 wrote to memory of 3120 3268 2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe 89 PID 3268 wrote to memory of 3120 3268 2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe 89 PID 3268 wrote to memory of 4220 3268 2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe 90 PID 3268 wrote to memory of 4220 3268 2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe 90 PID 3268 wrote to memory of 4220 3268 2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe 90 PID 3120 wrote to memory of 2892 3120 xdpxegnijily.exe 92 PID 3120 wrote to memory of 2892 3120 xdpxegnijily.exe 92 PID 3120 wrote to memory of 4220 3120 xdpxegnijily.exe 112 PID 3120 wrote to memory of 4220 3120 xdpxegnijily.exe 112 PID 3120 wrote to memory of 4220 3120 xdpxegnijily.exe 112 PID 3120 wrote to memory of 5044 3120 xdpxegnijily.exe 113 PID 3120 wrote to memory of 5044 3120 xdpxegnijily.exe 113 PID 5044 wrote to memory of 448 5044 msedge.exe 114 PID 5044 wrote to memory of 448 5044 msedge.exe 114 PID 3120 wrote to memory of 4392 3120 xdpxegnijily.exe 115 PID 3120 wrote to memory of 4392 3120 xdpxegnijily.exe 115 PID 5044 wrote to memory of 4416 5044 msedge.exe 117 PID 5044 wrote to memory of 4416 5044 msedge.exe 117 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 3880 5044 msedge.exe 119 PID 5044 wrote to memory of 3880 5044 msedge.exe 119 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 PID 5044 wrote to memory of 224 5044 msedge.exe 118 -
System policy modification 1 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System xdpxegnijily.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections = "1" xdpxegnijily.exe -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe"C:\Users\Admin\AppData\Local\Temp\2025-03-22_8fa787e817cf01cfdb0b287de2ee39c9_amadey_teslacrypt.exe"1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3268 -
C:\Windows\xdpxegnijily.exeC:\Windows\xdpxegnijily.exe2⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:3120 -
C:\Windows\System32\wbem\WMIC.exe"C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2892
-
-
C:\Windows\SysWOW64\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_ReCoVeRy_.TXT3⤵
- System Location Discovery: System Language Discovery
- Opens file in notepad (likely ransom note)
PID:4220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\_ReCoVeRy_.HTM3⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5044 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x338,0x7ffdece6f208,0x7ffdece6f214,0x7ffdece6f2204⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1720,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=2564 /prefetch:34⤵PID:4416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1580,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=2492 /prefetch:24⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1384,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=2572 /prefetch:84⤵PID:3880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3476,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:14⤵PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3484,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:14⤵PID:5260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5008,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:84⤵PID:5048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5004,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:84⤵PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4288,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5104 /prefetch:84⤵PID:5784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5676,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:84⤵PID:2252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5676,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:84⤵PID:4496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5892,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:84⤵PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6004,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:84⤵PID:2036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6152,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:84⤵PID:5544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6156,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:84⤵PID:928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5824,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:84⤵PID:5132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6268,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=6296 /prefetch:84⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6308,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=6196 /prefetch:84⤵PID:1048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5048,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:84⤵PID:1104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2340,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:84⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5640,i,13525470731441489335,9416220373873421158,262144 --variations-seed-version --mojo-platform-channel-handle=5104 /prefetch:84⤵PID:5224
-
-
-
C:\Windows\System32\wbem\WMIC.exe"C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /nointeractive3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4392
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c DEL C:\Windows\XDPXEG~1.EXE3⤵
- System Location Discovery: System Language Discovery
PID:1848
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\2025-0~1.EXE2⤵
- System Location Discovery: System Language Discovery
PID:4220
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4832
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:6104
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.ax-0001.ax-msedge.netg-bing-com.ax-0001.ax-msedge.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.27.10ax-0001.ax-msedge.netIN A150.171.28.10
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=Remote address:150.171.27.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1BDD843826D36FC1073D918F27F46E0F; domain=.bing.com; expires=Thu, 16-Apr-2026 07:00:00 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 94B09BD4D1CA4AD6BD07C931C762F5FF Ref B: LON04EDGE0609 Ref C: 2025-03-22T07:00:00Z
date: Sat, 22 Mar 2025 06:59:59 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=Remote address:150.171.27.10:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1BDD843826D36FC1073D918F27F46E0F
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=FFLYZYpnlAEWpP8tRZEYs9pXfQ8wMXc2EyK1P5GEhJo; domain=.bing.com; expires=Thu, 16-Apr-2026 07:00:00 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 90AE6211381D41D9A82A4E54BAC21F45 Ref B: LON04EDGE0609 Ref C: 2025-03-22T07:00:00Z
date: Sat, 22 Mar 2025 07:00:00 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=Remote address:150.171.27.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1BDD843826D36FC1073D918F27F46E0F; MSPTC=FFLYZYpnlAEWpP8tRZEYs9pXfQ8wMXc2EyK1P5GEhJo
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8D6B7B4B80DB44EAB7B605A94B847997 Ref B: LON04EDGE0609 Ref C: 2025-03-22T07:00:00Z
date: Sat, 22 Mar 2025 07:00:00 GMT
-
Remote address:8.8.8.8:53Requestconspec.usIN AResponseconspec.usIN A15.197.225.128conspec.usIN A3.33.251.168
-
POSThttp://conspec.us/wp-content/plugins/nextgen-galleryOLD/products/photocrati_nextgen/modules/i18n/wstr.phpxdpxegnijily.exeRemote address:15.197.225.128:80RequestPOST /wp-content/plugins/nextgen-galleryOLD/products/photocrati_nextgen/modules/i18n/wstr.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Host: conspec.us
Content-Length: 645
Cache-Control: no-cache
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 22 Mar 2025 07:00:00 GMT
Content-Length: 0
Connection: keep-alive
WAFRule: 0
-
POSThttp://conspec.us/wp-content/plugins/nextgen-galleryOLD/products/photocrati_nextgen/modules/i18n/wstr.phpxdpxegnijily.exeRemote address:15.197.225.128:80RequestPOST /wp-content/plugins/nextgen-galleryOLD/products/photocrati_nextgen/modules/i18n/wstr.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Host: conspec.us
Content-Length: 645
Cache-Control: no-cache
ResponseHTTP/1.1 405 Not Allowed
Date: Sat, 22 Mar 2025 07:00:54 GMT
Content-Length: 0
Connection: keep-alive
WAFRule: 0
-
Remote address:8.8.8.8:53Requesttmfilms.netIN AResponsetmfilms.netIN A103.224.182.215
-
Remote address:103.224.182.215:80RequestPOST /wp-content/plugins/binary.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Host: tmfilms.net
Content-Length: 645
Cache-Control: no-cache
ResponseHTTP/1.1 302 Found
server: Apache
set-cookie: __tad=1742626801.8235917; expires=Tue, 20-Mar-2035 07:00:01 GMT; Max-Age=315360000
location: http://ww25.tmfilms.net/wp-content/plugins/binary.php?subid1=20250322-1800-0119-881b-9170b7a8b1ae
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
-
Remote address:8.8.8.8:53Requestww25.tmfilms.netIN AResponseww25.tmfilms.netIN CNAME77026.bodis.com77026.bodis.comIN A199.59.243.228
-
GEThttp://ww25.tmfilms.net/wp-content/plugins/binary.php?subid1=20250322-1800-0119-881b-9170b7a8b1aexdpxegnijily.exeRemote address:199.59.243.228:80RequestGET /wp-content/plugins/binary.php?subid1=20250322-1800-0119-881b-9170b7a8b1ae HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Cache-Control: no-cache
Host: ww25.tmfilms.net
Connection: Keep-Alive
Cookie: __tad=1742626801.8235917
ResponseHTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-length: 1210
x-request-id: 8c36f730-9e0f-489c-a07e-8623d81102db
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_IBMbT3puqM1NZj4mGvuxFDocNNYDaf5z1LtcfUpRA1JMS18+PpCh0i8NdcAnLioVqZ5eDw1LmZBhpvi0lpvzZw==
set-cookie: parking_session=8c36f730-9e0f-489c-a07e-8623d81102db; expires=Sat, 22 Mar 2025 07:15:01 GMT; path=/
-
Remote address:8.8.8.8:53Requestiqinternal.comIN AResponse
-
Remote address:8.8.8.8:53Requestgoktugyeli.comIN AResponse
-
Remote address:8.8.8.8:53Requestsaludaonline.comIN AResponse
-
Remote address:8.8.8.8:53Requestnewculturemediablog.comIN AResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239356742545_1KNYU9T4JPR3SHFV1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239356742545_1KNYU9T4JPR3SHFV1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 664785
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DD5C87FB19704423A41583DE5135011D Ref B: LON04EDGE0918 Ref C: 2025-03-22T07:00:35Z
date: Sat, 22 Mar 2025 07:00:35 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 663266
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BAAA42A36D3E452A98CE8DFAE24E9FDF Ref B: LON04EDGE0918 Ref C: 2025-03-22T07:00:35Z
date: Sat, 22 Mar 2025 07:00:35 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360607351_1LWNG3EPOKCB0ST8C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360607351_1LWNG3EPOKCB0ST8C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 675918
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 455DBD5873F3464394D5DE31F70F2DB0 Ref B: LON04EDGE0918 Ref C: 2025-03-22T07:00:35Z
date: Sat, 22 Mar 2025 07:00:35 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360607350_1DIIHMLKOJP4KM45O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360607350_1DIIHMLKOJP4KM45O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 248362
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8F507F5B5BAF47FF80E8E04AA4F9FD6F Ref B: LON04EDGE0918 Ref C: 2025-03-22T07:00:35Z
date: Sat, 22 Mar 2025 07:00:35 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239356744296_15VBZP2MRT6FYDL3E&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239356744296_15VBZP2MRT6FYDL3E&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 542449
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C26CE8E7687648B099A5FED0D009CFF9 Ref B: LON04EDGE0918 Ref C: 2025-03-22T07:00:35Z
date: Sat, 22 Mar 2025 07:00:35 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 383560
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 95A5D8F8329C4F9087A5CFD61FAB91F5 Ref B: LON04EDGE0918 Ref C: 2025-03-22T07:00:36Z
date: Sat, 22 Mar 2025 07:00:35 GMT
-
Remote address:103.224.182.215:80RequestPOST /wp-content/plugins/binary.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Host: tmfilms.net
Content-Length: 645
Cache-Control: no-cache
Cookie: __tad=1742626801.8235917
ResponseHTTP/1.1 302 Found
server: Apache
location: http://ww25.tmfilms.net/wp-content/plugins/binary.php?subid1=20250322-1800-54a4-93b8-db3432342c53
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
-
GEThttp://ww25.tmfilms.net/wp-content/plugins/binary.php?subid1=20250322-1800-54a4-93b8-db3432342c53xdpxegnijily.exeRemote address:199.59.243.228:80RequestGET /wp-content/plugins/binary.php?subid1=20250322-1800-54a4-93b8-db3432342c53 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Cache-Control: no-cache
Host: ww25.tmfilms.net
Connection: Keep-Alive
Cookie: __tad=1742626801.8235917; parking_session=8c36f730-9e0f-489c-a07e-8623d81102db
ResponseHTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-length: 1210
x-request-id: 07dd635d-042b-453c-b84f-e81fc2a69345
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_gKUu6Uxb92Ou8aEL8LgRr+Emxdpmz05t8mlsjbHQH2Uo7/hpmD6Iu7DUvCrB+EYYz2Tajyn5+C3Pj4o4Pnm4HA==
set-cookie: parking_session=8c36f730-9e0f-489c-a07e-8623d81102db; expires=Sat, 22 Mar 2025 07:15:54 GMT
-
Remote address:8.8.8.8:53Requestedge.microsoft.comIN AResponseedge.microsoft.comIN CNAMEedge-domain.trafficmanager.netedge-domain.trafficmanager.netIN CNAMEedge-microsoft-com.dual-a-0036.a-msedge.netedge-microsoft-com.dual-a-0036.a-msedge.netIN CNAMEdual-a-0036.a-msedge.netdual-a-0036.a-msedge.netIN A204.79.197.239dual-a-0036.a-msedge.netIN A13.107.21.239
-
Remote address:8.8.8.8:53Requestedge.microsoft.comIN UnknownResponseedge.microsoft.comIN CNAMEedge-domain.trafficmanager.netedge-domain.trafficmanager.netIN CNAMEedge-microsoft-com.dual-a-0036.a-msedge.net
-
Remote address:8.8.8.8:53Requestiqinternal.comIN AResponse
-
Remote address:8.8.8.8:53Requestedge.microsoft.comIN AResponseedge.microsoft.comIN CNAMEedge-domain.trafficmanager.netedge-domain.trafficmanager.netIN CNAMEedge-microsoft-com.ax-0002.ax-msedge.netedge-microsoft-com.ax-0002.ax-msedge.netIN CNAMEax-0002.ax-msedge.netax-0002.ax-msedge.netIN A150.171.28.11ax-0002.ax-msedge.netIN A150.171.27.11
-
Remote address:8.8.8.8:53Requestedge.microsoft.comIN UnknownResponseedge.microsoft.comIN CNAMEedge-domain.trafficmanager.netedge-domain.trafficmanager.netIN CNAMEedge-microsoft-com.ax-0002.ax-msedge.net
-
Remote address:8.8.8.8:53Requestupdate.googleapis.comIN AResponseupdate.googleapis.comIN A142.250.180.3
-
Remote address:8.8.8.8:53Requestupdate.googleapis.comIN UnknownResponse
-
GEThttp://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:T1x3UV-cdqA6yLwWwCTA7jH4iwoET_ljW8UyV2_sONs&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855msedge.exeRemote address:204.79.197.239:80RequestGET /browsernetworktime/time/1/current?cup2key=2:T1x3UV-cdqA6yLwWwCTA7jH4iwoET_ljW8UyV2_sONs&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
Host: edge.microsoft.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Sec-Mesh-Client-Edge-Version: 133.0.3065.69
Sec-Mesh-Client-Edge-Channel: stable
Sec-Mesh-Client-OS: Windows
Sec-Mesh-Client-OS-Version: 10.0.19041
Sec-Mesh-Client-Arch: x86_64
Sec-Mesh-Client-WebView: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
Accept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OK
Pragma: no-cache
Content-Length: 100
Content-Type: application/json
Content-Encoding: gzip
Expires: Mon, 01 Jan 1990 00:00:00 GMT
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
x-cup-server-proof: 304502206E553E7A3F58F20013309EB512E61918CBAF3F11157CC68DA516BDC0C6F3400C022100E74FB92B7D0A80D4D8040309AD0DE0C6963E75F9B56823F27F7EC01EB2B57FBE:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Content-Disposition: attachment; filename='json.txt'
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 543CF5C4DA864B19AAC509F4A04EDAE4 Ref B: LON04EDGE1018 Ref C: 2025-03-22T07:00:55Z
Date: Sat, 22 Mar 2025 07:00:54 GMT
-
GEThttps://edge.microsoft.com/extensionwebstorebase/v1/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff&x=id%3Djmjflgjpcpepeafmmgdpfkogkghcpiha%26v%3D0.0.0.0%26installsource%3Dreinstall%26installedby%3Dother%26uc%26ping%3Dr%253D9%2526e%253D0%2526dr%253D1024msedge.exeRemote address:150.171.28.11:443RequestGET /extensionwebstorebase/v1/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff&x=id%3Djmjflgjpcpepeafmmgdpfkogkghcpiha%26v%3D0.0.0.0%26installsource%3Dreinstall%26installedby%3Dother%26uc%26ping%3Dr%253D9%2526e%253D0%2526dr%253D1024 HTTP/2.0
host: edge.microsoft.com
edgefeatureflags: {"ExtensionUseNewStoreKeys":true,"UseHttpsForDownload":true}
update-interactivity: fg
ms-cv: 3DyH8Gn0cbqn8eidLr+5j2
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=1, i
ResponseHTTP/2.0 200
content-length: 1462
content-type: application/json; charset=utf-8
content-security-policy: base-uri 'self';block-all-mixed-content;default-src 'self';img-src 'self';object-src 'none';script-src 'none';style-src 'self';upgrade-insecure-requests;
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 9E7A68C80307439D8C16D64353A3ABC7 Ref B: LON04EDGE1122 Ref C: 2025-03-22T07:00:54Z
date: Sat, 22 Mar 2025 07:00:54 GMT
-
GEThttps://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19041&devicefamily=desktop&installdate=1741877482&clientversion=133.0.3065.69&experimentationmode=2&scpguard=0&scpfull=0&scpver=0msedge.exeRemote address:150.171.28.11:443RequestGET /serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19041&devicefamily=desktop&installdate=1741877482&clientversion=133.0.3065.69&experimentationmode=2&scpguard=0&scpfull=0&scpver=0 HTTP/2.0
host: edge.microsoft.com
pragma: no-cache
cache-control: no-cache
sec-mesh-client-edge-version: 133.0.3065.69
sec-mesh-client-edge-channel: stable
sec-mesh-client-os: Windows
sec-mesh-client-os-version: 10.0.19041
sec-mesh-client-arch: x86_64
sec-mesh-client-webview: 0
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiLTY5MjMwMjcxODcxMTMzNTIzODkiLCI2Ijoic3RhYmxlIiwiOSI6ImRlc2t0b3AifQ==
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
ResponseHTTP/2.0 200
content-length: 782
content-type: text/xml; charset=utf-8
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 573BBF0396814986821AC2621E14FF22 Ref B: LON04EDGE1122 Ref C: 2025-03-22T07:00:54Z
date: Sat, 22 Mar 2025 07:00:54 GMT
-
POSThttps://update.googleapis.com/service/update2/json?cup2key=14:3YnLXPVbScCzXDM0_ZWiGe24YKYrm793wkK62mVxtBs&cup2hreq=8be234a4bd81973c166516bc74996bb614d293f68921492e7345a59da91d3ca0msedge.exeRemote address:142.250.180.3:443RequestPOST /service/update2/json?cup2key=14:3YnLXPVbScCzXDM0_ZWiGe24YKYrm793wkK62mVxtBs&cup2hreq=8be234a4bd81973c166516bc74996bb614d293f68921492e7345a59da91d3ca0 HTTP/2.0
host: update.googleapis.com
content-length: 931
x-goog-update-appid: ghbmnnjooekpmoecnnnilnnbdlolhkhi
x-goog-update-interactivity: bg
x-goog-update-updater: chromiumcrx-133.0.3065.69
content-type: application/json
sec-mesh-client-edge-version: 133.0.3065.69
sec-mesh-client-edge-channel: stable
sec-mesh-client-os: Windows
sec-mesh-client-os-version: 10.0.19041
sec-mesh-client-arch: x86_64
sec-mesh-client-webview: 0
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
-
Remote address:8.8.8.8:53Requestgoktugyeli.comIN AResponse
-
Remote address:8.8.8.8:53Requestcopilot.microsoft.comIN AResponsecopilot.microsoft.comIN CNAMEcopilot-copilot-msft-com.trafficmanager.netcopilot-copilot-msft-com.trafficmanager.netIN CNAMEcopilot.microsoft.com.edgekey.netcopilot.microsoft.com.edgekey.netIN CNAMEe107108.dscx.akamaiedge.nete107108.dscx.akamaiedge.netIN A104.86.110.106e107108.dscx.akamaiedge.netIN A2.18.66.57
-
Remote address:8.8.8.8:53Requestcopilot.microsoft.comIN UnknownResponsecopilot.microsoft.comIN CNAMEcopilot-copilot-msft-com.trafficmanager.netcopilot-copilot-msft-com.trafficmanager.netIN CNAMEcopilot.microsoft.com.edgekey.netcopilot.microsoft.com.edgekey.netIN CNAMEe107108.dscx.akamaiedge.net
-
Remote address:8.8.8.8:53Requestapi.edgeoffer.microsoft.comIN AResponseapi.edgeoffer.microsoft.comIN CNAMEbingadsedgeextension-prod.trafficmanager.netbingadsedgeextension-prod.trafficmanager.netIN CNAMEbingadsedgeextension-prod-europe.azurewebsites.netbingadsedgeextension-prod-europe.azurewebsites.netIN CNAMEssl.bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netIN A94.245.104.56
-
Remote address:8.8.8.8:53Requestapi.edgeoffer.microsoft.comIN UnknownResponseapi.edgeoffer.microsoft.comIN CNAMEbingadsedgeextension-prod.trafficmanager.netbingadsedgeextension-prod.trafficmanager.netIN CNAMEbingadsedgeextension-prod-europe.azurewebsites.netbingadsedgeextension-prod-europe.azurewebsites.netIN CNAMEssl.bingadsedgeextension-prod-europe.azurewebsites.net
-
Remote address:8.8.8.8:53Requestsaludaonline.comIN AResponse
-
GEThttps://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=USmsedge.exeRemote address:94.245.104.56:443RequestGET /edgeoffer/pb/experiments?appId=edge-extensions&country=US HTTP/1.1
Host: api.edgeoffer.microsoft.com
Connection: keep-alive
Sec-Fetch-Site: none
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
Sec-Fetch-Storage-Access: active
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Content-Type: application/x-protobuf; charset=utf-8
Date: Sat, 22 Mar 2025 07:00:54 GMT
Server: Microsoft-IIS/10.0
Set-Cookie: ARRAffinity=2facc78c6123c667617ce21b30d0d14a237b3ab3f15825bb2e1896f7deb8e455;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com
Set-Cookie: ARRAffinitySameSite=2facc78c6123c667617ce21b30d0d14a237b3ab3f15825bb2e1896f7deb8e455;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com
Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9
X-Powered-By: ASP.NET
-
Remote address:104.86.110.106:443RequestGET /c/api/user/eligibility HTTP/2.0
host: copilot.microsoft.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
sec-fetch-storage-access: active
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
ResponseHTTP/2.0 200
content-length: 0
date: Sat, 22 Mar 2025 07:00:55 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.35421202.1742626855.129162e5
-
Remote address:8.8.8.8:53Requestnewculturemediablog.comIN AResponse
-
Remote address:8.8.8.8:53Requestmsedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comIN AResponsemsedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comIN CNAMEstar.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comstar.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comIN CNAMEcdp-f-ssl-tlu-net.trafficmanager.netcdp-f-ssl-tlu-net.trafficmanager.netIN CNAMEstar.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.netstar.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.netIN CNAMEa2033.dscd.akamai.neta2033.dscd.akamai.netIN A2.18.190.174a2033.dscd.akamai.netIN A2.18.190.170
-
Remote address:8.8.8.8:53Requestmsedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comIN UnknownResponsemsedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comIN CNAMEstar.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comstar.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comIN CNAMEcdp-f-ssl-tlu-net.trafficmanager.netcdp-f-ssl-tlu-net.trafficmanager.netIN CNAMEstar.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.netstar.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.netIN CNAMEa2033.dscd.akamai.net
-
GEThttps://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1743231655&P2=404&P3=2&P4=fUlQ%2bValn%2bOH3zUvmvUFZlkoDz9NUHN4UeOepIUV%2bUrEjypSk7QqvBqczUr9QfSCdF2TI%2bwMftamHa3i6kwOtw%3d%3dmsedge.exeRemote address:2.18.190.174:443RequestGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1743231655&P2=404&P3=2&P4=fUlQ%2bValn%2bOH3zUvmvUFZlkoDz9NUHN4UeOepIUV%2bUrEjypSk7QqvBqczUr9QfSCdF2TI%2bwMftamHa3i6kwOtw%3d%3d HTTP/2.0
host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
ms-cv: 3DyH8Gn0cbqn8eidLr+5j2
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=1, i
ResponseHTTP/2.0 200
last-modified: Wed, 24 Jan 2024 00:25:37 GMT
accept-ranges: bytes
etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
server: Microsoft-IIS/10.0
x-aspnetmvc-version: 5.3
ms-correlationid: b28df9f1-dc3f-4ef4-9bdf-444e35c0efed
ms-requestid: bf267a2c-d093-4aea-80c7-cab035dc081a
ms-cv: vO+ovkxXWZJL+cB1R1PavD.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by: ARR/3.0
x-powered-by: ASP.NET
content-length: 11185
cache-control: public, max-age=86400
date: Sat, 22 Mar 2025 07:00:55 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,quic=":443"; ma=93600; v="43"
akamai-request-bc: [a=2.18.181.170,b=3722952119,c=g,n=GB_EN_LONDON,o=20940],[c=c,n=GB_EN_LONDON,o=20940]
msregion:
x-ccc:
x-cid: 3
akamai-grn: 0.aab51202.1742626855.dde7bdb7
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-expose-headers: Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC
access-control-allow-headers: origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
-
GEThttps://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=domains_config_gz&version=3.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362msedge.exeRemote address:150.171.28.11:443RequestGET /entityextractiontemplates/api/v1/assets/find-assets?name=domains_config_gz&version=3.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362 HTTP/2.0
host: edge.microsoft.com
edge-asset-group: EntityExtractionDomainsConfig
sec-mesh-client-edge-version: 133.0.3065.69
sec-mesh-client-edge-channel: stable
sec-mesh-client-os: Windows
sec-mesh-client-os-version: 10.0.19041
sec-mesh-client-arch: x86_64
sec-mesh-client-webview: 0
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
ResponseHTTP/2.0 200
content-length: 266
content-type: application/json; charset=utf-8
x-cache: TCP_HIT
x-frame-options: sameorigin
x-msedge-ref: Ref A: FA4E272131B64A8CAF746104DB795B7C Ref B: LON04EDGE0710 Ref C: 2025-03-22T07:00:56Z
date: Sat, 22 Mar 2025 07:00:56 GMT
-
GEThttps://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=24.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362msedge.exeRemote address:150.171.28.11:443RequestGET /entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=24.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362 HTTP/2.0
host: edge.microsoft.com
edge-asset-group: ArbitrationService
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
ResponseHTTP/2.0 200
content-length: 271
content-type: application/json; charset=utf-8
x-cache: TCP_HIT
x-frame-options: sameorigin
x-msedge-ref: Ref A: E19DB1CBB0D94DB7881E3C9126255179 Ref B: LON04EDGE0710 Ref C: 2025-03-22T07:00:56Z
date: Sat, 22 Mar 2025 07:00:56 GMT
-
GEThttps://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest_gz&version=4.11.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362msedge.exeRemote address:150.171.28.11:443RequestGET /entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest_gz&version=4.11.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362 HTTP/2.0
host: edge.microsoft.com
edge-asset-group: Shoreline
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
ResponseHTTP/2.0 200
content-length: 265
content-type: application/json; charset=utf-8
x-cache: TCP_HIT
x-frame-options: sameorigin
x-msedge-ref: Ref A: 1FC0F2ABFA324DD5881C7F58BF9F1199 Ref B: LON04EDGE0710 Ref C: 2025-03-22T07:00:56Z
date: Sat, 22 Mar 2025 07:00:56 GMT
-
GEThttps://www.bing.com/api/shopping/v1/user/shoppingsettings?EnabledServiceFeaturesv2=edgeServerUX.shopping.aablockth,edgeServerUX.shopping.block99,edgeServerUX.shopping.disableCashbackOnCouponCopy,edgeServerUX.shopping.enableColdStartCohort,edgeServerUX.shopping.highttaablocksrth,edgeServerUX.shopping.highttaablockth,edgeServerUX.shopping.migrateClippingToOmnibox,edgeServerUX.shopping.msEdgeShoppingCashbackDismissTimeout2s,edgeServerUX.shopping.nrtLogging,edgeServerUX.shopping.snDataFromOS,edgeServerUX.shopping.useExpSNDatamsedge.exeRemote address:2.18.66.48:443RequestGET /api/shopping/v1/user/shoppingsettings?EnabledServiceFeaturesv2=edgeServerUX.shopping.aablockth,edgeServerUX.shopping.block99,edgeServerUX.shopping.disableCashbackOnCouponCopy,edgeServerUX.shopping.enableColdStartCohort,edgeServerUX.shopping.highttaablocksrth,edgeServerUX.shopping.highttaablockth,edgeServerUX.shopping.migrateClippingToOmnibox,edgeServerUX.shopping.msEdgeShoppingCashbackDismissTimeout2s,edgeServerUX.shopping.nrtLogging,edgeServerUX.shopping.snDataFromOS,edgeServerUX.shopping.useExpSNData HTTP/2.0
host: www.bing.com
cookie: ANON=
cookie: MUID=
cookie: _RwBf=
cookie:
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiLTY5MjMwMjcxODcxMTMzNTIzODkiLCI2Ijoic3RhYmxlIiwiOSI6ImRlc2t0b3AifQ==
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
sec-fetch-storage-access: active
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zsdch, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
ResponseHTTP/2.0 200
content-type: application/json; charset=utf-8
content-encoding: br
vary: Accept-Encoding
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BDC0F4ADD78842C1BDC1B2914691E367 Ref B: LON04EDGE1221 Ref C: 2025-03-22T07:00:56Z
date: Sat, 22 Mar 2025 07:00:57 GMT
content-length: 425
set-cookie: _EDGE_S=F=1&SID=3629B3C8ACBA60522BF2A67FAD5A61CA; path=/; httponly; domain=bing.com
set-cookie: _EDGE_V=1; path=/; httponly; expires=Thu, 16-Apr-2026 07:00:56 GMT; domain=bing.com
set-cookie: MUID=03548DB2C7F969DB1C5C9805C61968B4; samesite=none; path=/; secure; expires=Thu, 16-Apr-2026 07:00:56 GMT; domain=bing.com
set-cookie: MUIDB=03548DB2C7F969DB1C5C9805C61968B4; path=/; httponly; expires=Thu, 16-Apr-2026 07:00:56 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.5d6e5668.1742626856.13b15db2
-
Remote address:8.8.8.8:53Requestedge.microsoft.comIN AResponseedge.microsoft.comIN CNAMEedge-domain.trafficmanager.netedge-domain.trafficmanager.netIN CNAMEedge-microsoft-com.dual-a-0036.a-msedge.netedge-microsoft-com.dual-a-0036.a-msedge.netIN CNAMEdual-a-0036.a-msedge.netdual-a-0036.a-msedge.netIN A204.79.197.239dual-a-0036.a-msedge.netIN A13.107.21.239
-
Remote address:8.8.8.8:53Requestedge.microsoft.comIN UnknownResponseedge.microsoft.comIN CNAMEedge-domain.trafficmanager.netedge-domain.trafficmanager.netIN CNAMEedge-microsoft-com.ax-0002.ax-msedge.net
-
Remote address:204.79.197.239:443RequestGET /abusiveadblocking/api/v1/blocklist HTTP/2.0
host: edge.microsoft.com
if-none-match: "5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B"
sec-mesh-client-edge-version: 133.0.3065.69
sec-mesh-client-edge-channel: stable
sec-mesh-client-os: Windows
sec-mesh-client-os-version: 10.0.19041
sec-mesh-client-arch: x86_64
sec-mesh-client-webview: 0
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
sec-fetch-storage-access: active
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i
ResponseHTTP/2.0 304
content-type: application/json; charset=utf-8
content-encoding: gzip
etag: "5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B"
vary: Accept-Encoding
x-cache: TCP_HIT
x-mesh-client-ttl: 72
strict-transport-security: max-age=0
x-msedge-ref: Ref A: 30539E9AC75F45A3BBE0C79C0B4D20FC Ref B: LON04EDGE1014 Ref C: 2025-03-22T07:00:57Z
date: Sat, 22 Mar 2025 07:00:56 GMT
-
Remote address:8.8.8.8:53Requestedgeassetservice.azureedge.netIN AResponseedgeassetservice.azureedge.netIN CNAMEedgeassetservice.afd.azureedge.netedgeassetservice.afd.azureedge.netIN CNAMEazureedge-t-prod.trafficmanager.netazureedge-t-prod.trafficmanager.netIN CNAMEshed.dual-low.s-part-0037.t-0009.t-msedge.netshed.dual-low.s-part-0037.t-0009.t-msedge.netIN CNAMEs-part-0037.t-0009.t-msedge.nets-part-0037.t-0009.t-msedge.netIN A13.107.246.65
-
Remote address:8.8.8.8:53Requestedgeassetservice.azureedge.netIN UnknownResponseedgeassetservice.azureedge.netIN CNAMEedgeassetservice.afd.azureedge.netedgeassetservice.afd.azureedge.netIN CNAMEazureedge-t-prod.trafficmanager.netazureedge-t-prod.trafficmanager.netIN CNAMEshed.dual-low.s-part-0036.t-0009.t-msedge.netshed.dual-low.s-part-0036.t-0009.t-msedge.netIN CNAMEs-part-0036.t-0009.t-msedge.net
-
GEThttps://edgeassetservice.azureedge.net/assets/arbitration_priority_list/24.0.4/asset?assetgroup=ArbitrationServicemsedge.exeRemote address:13.107.246.65:443RequestGET /assets/arbitration_priority_list/24.0.4/asset?assetgroup=ArbitrationService HTTP/2.0
host: edgeassetservice.azureedge.net
edge-asset-group: ArbitrationService
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
ResponseHTTP/2.0 200
content-type: application/octet-stream
content-length: 20242
last-modified: Thu, 20 Mar 2025 17:16:21 GMT
etag: 0x8DD67D2EF6CF554
x-ms-request-id: 2594a8c7-701e-002c-74a1-9aea3a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20250322T070057Z-157d97d486cpwqn4hC1LONeh0c00000000z000000000dakp
cache-control: public, max-age=604800
x-fd-int-roxy-purgeid: 69316365
x-cache: TCP_HIT
accept-ranges: bytes
-
GEThttps://edge.microsoft.com/extensionwebstorebase/v1/logextensionreliability?success=true&cv=3DyH8Gn0cbqn8eidLr+5j2&errorString=&crxId=jmjflgjpcpepeafmmgdpfkogkghcpiha&os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puffmsedge.exeRemote address:204.79.197.239:443RequestGET /extensionwebstorebase/v1/logextensionreliability?success=true&cv=3DyH8Gn0cbqn8eidLr+5j2&errorString=&crxId=jmjflgjpcpepeafmmgdpfkogkghcpiha&os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff HTTP/2.0
host: edge.microsoft.com
scenario: Update
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i
ResponseHTTP/2.0 200
content-type: text/plain; charset=utf-8
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: E6EE838194AA48E3B55020A1B29EAA90 Ref B: LON04EDGE0812 Ref C: 2025-03-22T07:00:57Z
date: Sat, 22 Mar 2025 07:00:56 GMT
-
POSThttps://edge.microsoft.com/componentupdater/api/v1/update?cup2key=7:EhOjQpzbcvpe2-3H1yU_hbzHGmYY1K-nTpTEaiz4o-I&cup2hreq=f1a79c963c0de4c1e087ed16717a0279dcadc165faf4389c6a89e21651749aa9msedge.exeRemote address:204.79.197.239:443RequestPOST /componentupdater/api/v1/update?cup2key=7:EhOjQpzbcvpe2-3H1yU_hbzHGmYY1K-nTpTEaiz4o-I&cup2hreq=f1a79c963c0de4c1e087ed16717a0279dcadc165faf4389c6a89e21651749aa9 HTTP/2.0
host: edge.microsoft.com
content-length: 11808
x-microsoft-update-appid: hjaimielcgmceiphgjjfddlgjklfpdei,llmidpclgepbgbgoecnhcmgfhmfplfao,jbfaflocpnkhbgcijpkiafdpbjkedane,hajigopbbjhghbfimgkfmpenfkclmohk,gllimckfbolmioaaihpppacjccghejen,mpicjakjneaggahlnmbojhjpnileolnb,omnckhpgfmaoelhddliebabpgblmmnjp,ndikpojcjlepofdkaaldkinkjbeeebkl,plbmmhnabegcabfbcejohgjpkamkddhn,alpjnmnfbgfkmmpcfpejmmoebdndedno,lfmeghnikdkbonehgjihjebgioakijgn,kmkacjgmmfchkbeglfbjjeidfckbnkca,ahmaebgpfccdhgidjaidaoojjcijckba,jcmcegpcehdchljeldgmmfbgcpnmgedo,kpfehajjjbbcifeehjgfgnabifknmdad,cllppcmmlnkggcmljjfigkcigaajjmid,oankkpibpaokgecfckkdkgaoafllipag,lkkdlcloifjinapabfonaibjijloebfb,fgbafbciocncjfbbonhocjaohoknlaco,mkcgfaeepibomfapiapjaceihcojnphg,eeobbhfgfagbclfofmgbdfoicabjdbkn,ojblfafjmiikbkepnnolpgbbhejhlcim,pbdgbpmpeenomngainidcjmopnklimmf,fppmbhmldokgmleojlplaaodlkibgikh,ohckeflnhegojcjlcpbfpciadgikcohk,pdfjdcjjjegpclfiilihfkmdfndkneei
x-microsoft-update-interactivity: bg
x-microsoft-update-service-cohort: 4967
x-microsoft-update-updater: msedge-133.0.3065.69
content-type: application/json
sec-mesh-client-edge-version: 133.0.3065.69
sec-mesh-client-edge-channel: stable
sec-mesh-client-os: Windows
sec-mesh-client-os-version: 10.0.19041
sec-mesh-client-arch: x86_64
sec-mesh-client-webview: 0
x-client-data: COXnygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i
ResponseHTTP/2.0 200
pragma: no-cache
content-length: 4644
content-type: application/json
content-encoding: gzip
expires: Mon, 01 Jan 1990 00:00:00 GMT
etag: 3046022100A50181A59B13CC78390BFA31FD5998826FF71B80492AA74813FD9FDBDA43D926022100CCDC7746149EBCA3EE226896544D3F5B87C4A039F3C5B058D88FE6F48671490E:f1a79c963c0de4c1e087ed16717a0279dcadc165faf4389c6a89e21651749aa9
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-cup-server-proof: 3046022100A50181A59B13CC78390BFA31FD5998826FF71B80492AA74813FD9FDBDA43D926022100CCDC7746149EBCA3EE226896544D3F5B87C4A039F3C5B058D88FE6F48671490E:f1a79c963c0de4c1e087ed16717a0279dcadc165faf4389c6a89e21651749aa9
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: BE0E9A3A38C6407EACA817B94C3F5613 Ref B: LON04EDGE0812 Ref C: 2025-03-22T07:01:54Z
date: Sat, 22 Mar 2025 07:01:54 GMT
-
Remote address:204.79.197.239:443RequestPOST /componentupdater/api/v1/update HTTP/2.0
host: edge.microsoft.com
content-length: 1460
x-microsoft-update-service-cohort: 4967
content-type: application/json
sec-mesh-client-edge-version: 133.0.3065.69
sec-mesh-client-edge-channel: stable
sec-mesh-client-os: Windows
sec-mesh-client-os-version: 10.0.19041
sec-mesh-client-arch: x86_64
sec-mesh-client-webview: 0
x-client-data: COXnygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i
ResponseHTTP/2.0 200
pragma: no-cache
content-length: 177
content-type: application/json
content-encoding: gzip
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 7089918F4A6D4E89BDD86213B79003FA Ref B: LON04EDGE0812 Ref C: 2025-03-22T07:02:06Z
date: Sat, 22 Mar 2025 07:02:06 GMT
-
Remote address:204.79.197.239:443RequestPOST /componentupdater/api/v1/update HTTP/2.0
host: edge.microsoft.com
content-length: 1453
x-microsoft-update-service-cohort: 4967
content-type: application/json
sec-mesh-client-edge-version: 133.0.3065.69
sec-mesh-client-edge-channel: stable
sec-mesh-client-os: Windows
sec-mesh-client-os-version: 10.0.19041
sec-mesh-client-arch: x86_64
sec-mesh-client-webview: 0
x-client-data: COXnygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i
ResponseHTTP/2.0 200
pragma: no-cache
content-length: 179
content-type: application/json
content-encoding: gzip
expires: Mon, 01 Jan 1990 00:00:00 GMT
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 014A1242FE664C62884C6A9305187B1C Ref B: LON04EDGE0812 Ref C: 2025-03-22T07:02:23Z
date: Sat, 22 Mar 2025 07:02:23 GMT
-
Remote address:8.8.8.8:53Requestc.pki.googIN AResponsec.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A142.250.180.3
-
Remote address:142.250.180.3:80RequestGET /r/r1.crl HTTP/1.1
Cache-Control: max-age = 3000
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog
ResponseHTTP/1.1 304 Not Modified
Expires: Sat, 22 Mar 2025 07:12:22 GMT
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Cache-Control: public, max-age=3000
Vary: Accept-Encoding
Age: 2318
-
Remote address:8.8.8.8:53Requestedge-consumer-static.azureedge.netIN AResponseedge-consumer-static.azureedge.netIN CNAMEedge-consumer-static.afd.azureedge.netedge-consumer-static.afd.azureedge.netIN CNAMEazureedge-t-prod.trafficmanager.netazureedge-t-prod.trafficmanager.netIN CNAMEshed.dual-low.s-part-0036.t-0009.t-msedge.netshed.dual-low.s-part-0036.t-0009.t-msedge.netIN CNAMEs-part-0036.t-0009.t-msedge.nets-part-0036.t-0009.t-msedge.netIN A13.107.246.64
-
Remote address:8.8.8.8:53Requestedge-consumer-static.azureedge.netIN UnknownResponseedge-consumer-static.azureedge.netIN CNAMEedge-consumer-static.afd.azureedge.netedge-consumer-static.afd.azureedge.netIN CNAMEazureedge-t-prod.trafficmanager.netazureedge-t-prod.trafficmanager.netIN CNAMEshed.dual-low.s-part-0036.t-0009.t-msedge.netshed.dual-low.s-part-0036.t-0009.t-msedge.netIN CNAMEs-part-0036.t-0009.t-msedge.net
-
Remote address:13.107.246.64:443RequestGET /mouse-gesture/config.json HTTP/2.0
host: edge-consumer-static.azureedge.net
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
sec-fetch-storage-access: active
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i
ResponseHTTP/2.0 200
content-type: application/json
content-length: 101
last-modified: Tue, 24 Oct 2023 08:27:00 GMT
etag: 0x8DBD46AFE482320
x-ms-request-id: cf69c985-401e-001c-3d59-94e017000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20250322T070124Z-157d97d486c7zvgxhC1LONrzsg0000000mkg000000006r7q
x-fd-int-roxy-purgeid: 83582889
x-cache: TCP_HIT
cache-control: public, max-age=432000
accept-ranges: bytes
-
Remote address:8.8.8.8:53Requeststatic.edge.microsoftapp.netIN AResponsestatic.edge.microsoftapp.netIN CNAMEedge-cloud-resource-static.azureedge.netedge-cloud-resource-static.azureedge.netIN CNAMEedge-cloud-resource-static.afd.azureedge.netedge-cloud-resource-static.afd.azureedge.netIN CNAMEazureedge-t-prod.trafficmanager.netazureedge-t-prod.trafficmanager.netIN CNAMEshed.dual-low.s-part-0036.t-0009.t-msedge.netshed.dual-low.s-part-0036.t-0009.t-msedge.netIN CNAMEs-part-0036.t-0009.t-msedge.nets-part-0036.t-0009.t-msedge.netIN A13.107.246.64
-
Remote address:8.8.8.8:53Requeststatic.edge.microsoftapp.netIN UnknownResponsestatic.edge.microsoftapp.netIN CNAMEedge-cloud-resource-static.azureedge.netedge-cloud-resource-static.azureedge.netIN CNAMEedge-cloud-resource-static.afd.azureedge.netedge-cloud-resource-static.afd.azureedge.netIN CNAMEazureedge-t-prod.trafficmanager.netazureedge-t-prod.trafficmanager.netIN CNAMEshed.dual-low.s-part-0036.t-0009.t-msedge.netshed.dual-low.s-part-0036.t-0009.t-msedge.netIN CNAMEs-part-0036.t-0009.t-msedge.net
-
Remote address:13.107.246.64:443RequestHEAD /default/cloud_config_observers.json HTTP/2.0
host: static.edge.microsoftapp.net
pragma: no-cache
cache-control: no-cache
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i
ResponseHTTP/2.0 200
content-type: application/json
content-length: 493
content-md5: GGsaCyXCYnduY1fUnwywjA==
last-modified: Thu, 20 Mar 2025 10:04:25 GMT
etag: 0x8DD67969883BED8
x-ms-request-id: e1fe3aef-501e-006b-2f7f-99e9e2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20250322T070154Z-157d97d486ctt5hnhC1LONuk2w0000000an000000000bvph
x-fd-int-roxy-purgeid: 83582889
x-cache: TCP_HIT
accept-ranges: bytes
-
Remote address:13.107.246.64:443RequestGET /default/cloud_config_observers.json HTTP/2.0
host: static.edge.microsoftapp.net
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i
ResponseHTTP/2.0 200
content-type: application/json
content-length: 493
last-modified: Thu, 20 Mar 2025 10:04:25 GMT
etag: 0x8DD67969883BED8
x-ms-request-id: 2e9a347f-101e-0008-1385-997419000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20250322T070154Z-157d97d486ctt5hnhC1LONuk2w0000000an000000000bvpp
x-fd-int-roxy-purgeid: 83582889
x-cache: TCP_HIT
accept-ranges: bytes
-
Remote address:8.8.8.8:53Requestedge-mobile-static.azureedge.netIN AResponseedge-mobile-static.azureedge.netIN CNAMEedge-mobile-static.afd.azureedge.netedge-mobile-static.afd.azureedge.netIN CNAMEazureedge-t-prod.trafficmanager.netazureedge-t-prod.trafficmanager.netIN CNAMEshed.dual-low.s-part-0036.t-0009.t-msedge.netshed.dual-low.s-part-0036.t-0009.t-msedge.netIN CNAMEs-part-0036.t-0009.t-msedge.nets-part-0036.t-0009.t-msedge.netIN A13.107.246.64
-
Remote address:8.8.8.8:53Requestedge-mobile-static.azureedge.netIN UnknownResponseedge-mobile-static.azureedge.netIN CNAMEedge-mobile-static.afd.azureedge.netedge-mobile-static.afd.azureedge.netIN CNAMEazureedge-t-prod.trafficmanager.netazureedge-t-prod.trafficmanager.netIN CNAMEshed.dual-low.s-part-0036.t-0009.t-msedge.net
-
Remote address:8.8.8.8:53Requestedge-cloud-resource-static.azureedge.netIN AResponseedge-cloud-resource-static.azureedge.netIN CNAMEedge-cloud-resource-static.afd.azureedge.netedge-cloud-resource-static.afd.azureedge.netIN CNAMEazureedge-t-prod.trafficmanager.netazureedge-t-prod.trafficmanager.netIN CNAMEshed.dual-low.s-part-0036.t-0009.t-msedge.netshed.dual-low.s-part-0036.t-0009.t-msedge.netIN CNAMEs-part-0036.t-0009.t-msedge.nets-part-0036.t-0009.t-msedge.netIN A13.107.246.64
-
Remote address:8.8.8.8:53Requestedge-cloud-resource-static.azureedge.netIN UnknownResponseedge-cloud-resource-static.azureedge.netIN CNAMEedge-cloud-resource-static.afd.azureedge.netedge-cloud-resource-static.afd.azureedge.netIN CNAMEazureedge-t-prod.trafficmanager.netazureedge-t-prod.trafficmanager.netIN CNAMEshed.dual-low.s-part-0036.t-0009.t-msedge.netshed.dual-low.s-part-0036.t-0009.t-msedge.netIN CNAMEs-part-0036.t-0009.t-msedge.net
-
GEThttps://edge-cloud-resource-static.azureedge.net/default/operation_config/default.jsonmsedge.exeRemote address:13.107.246.64:443RequestGET /default/operation_config/default.json HTTP/2.0
host: edge-cloud-resource-static.azureedge.net
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i
ResponseHTTP/2.0 200
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 20 Mar 2025 10:04:30 GMT
x-ms-request-id: eb62cf0e-a01e-001d-3085-9963aa000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20250322T070154Z-157d97d486cq99lqhC1LONfbzg0000000mx000000000egcs
x-fd-int-roxy-purgeid: 83582889
x-cache: TCP_HIT
content-encoding: br
-
GEThttps://edge-mobile-static.azureedge.net/eccp/get?settenant=edge-config&setplatform=win&setmkt=en-US&setchannel=stablemsedge.exeRemote address:13.107.246.64:443RequestGET /eccp/get?settenant=edge-config&setplatform=win&setmkt=en-US&setchannel=stable HTTP/2.0
host: edge-mobile-static.azureedge.net
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
priority: u=4, i
ResponseHTTP/2.0 200
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 20 Mar 2025 10:42:43 GMT
x-ms-request-id: 1a2d3612-b01e-006e-5fef-9917b5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20250322T070154Z-157d97d486c5tn77hC1LONq3uw0000000h10000000009avd
x-fd-int-roxy-purgeid: 83582889
x-cache: TCP_HIT
content-encoding: br
-
Remote address:8.8.8.8:53Requestmsedge.b.tlu.dl.delivery.mp.microsoft.comIN AResponsemsedge.b.tlu.dl.delivery.mp.microsoft.comIN CNAMEstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comIN CNAMEcdp-f-tlu-net.trafficmanager.netcdp-f-tlu-net.trafficmanager.netIN CNAMEfg.microsoft.map.fastly.netfg.microsoft.map.fastly.netIN A199.232.210.172fg.microsoft.map.fastly.netIN A199.232.214.172
-
HEADhttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3dRemote address:199.232.210.172:80RequestHEAD /filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 6252
Cache-Control: public, max-age=17280000
Content-Type: application/x-chrome-extension
ETag: "3AWVl34DSMJKHl2C217ukEQM0Mw="
Last-Modified: Mon, 11 Nov 2024 00:17:54 GMT
MS-CorrelationId: a51b7417-6a19-42fa-9ac5-9728cd844a69
MS-CV: Uhws1dIzmUy9z6OD.0
MS-RequestId: cb9f760f-388b-496e-9f43-47f385abd2dc
Accept-Ranges: bytes
Date: Sat, 22 Mar 2025 07:01:59 GMT
Via: 1.1 varnish
Age: 4562597
X-Served-By: cache-lcy-eglc8600038-LCY
X-Cache: HIT
X-Cache-Hits: 17852582
X-Timer: S1742626919.042717,VS0,VE0
X-CID: 3
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3dRemote address:199.232.210.172:80RequestGET /filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 11 Nov 2024 00:17:54 GMT
Range: bytes=0-1119
User-Agent: Microsoft BITS/7.8
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Content-Length: 1120
Cache-Control: public, max-age=17280000
Content-Type: application/x-chrome-extension
ETag: "3AWVl34DSMJKHl2C217ukEQM0Mw="
Last-Modified: Mon, 11 Nov 2024 00:17:54 GMT
MS-CorrelationId: a51b7417-6a19-42fa-9ac5-9728cd844a69
MS-CV: Uhws1dIzmUy9z6OD.0
MS-RequestId: cb9f760f-388b-496e-9f43-47f385abd2dc
Accept-Ranges: bytes
Date: Sat, 22 Mar 2025 07:01:59 GMT
Via: 1.1 varnish
Age: 4562597
X-Served-By: cache-lcy-eglc8600038-LCY
X-Cache: HIT
X-Cache-Hits: 17852585
X-Timer: S1742626919.109756,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 0-1119/6252
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3dRemote address:199.232.210.172:80RequestGET /filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 11 Nov 2024 00:17:54 GMT
Range: bytes=1120-2793
User-Agent: Microsoft BITS/7.8
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Content-Length: 1674
Cache-Control: public, max-age=17280000
Content-Type: application/x-chrome-extension
ETag: "3AWVl34DSMJKHl2C217ukEQM0Mw="
Last-Modified: Mon, 11 Nov 2024 00:17:54 GMT
MS-CorrelationId: a51b7417-6a19-42fa-9ac5-9728cd844a69
MS-CV: Uhws1dIzmUy9z6OD.0
MS-RequestId: cb9f760f-388b-496e-9f43-47f385abd2dc
Accept-Ranges: bytes
Date: Sat, 22 Mar 2025 07:02:02 GMT
Via: 1.1 varnish
Age: 4562600
X-Served-By: cache-lcy-eglc8600038-LCY
X-Cache: HIT
X-Cache-Hits: 17852598
X-Timer: S1742626922.233320,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 1120-2793/6252
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3dRemote address:199.232.210.172:80RequestGET /filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 11 Nov 2024 00:17:54 GMT
Range: bytes=2794-6251
User-Agent: Microsoft BITS/7.8
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 206 Partial Content
Content-Length: 3458
Cache-Control: public, max-age=17280000
Content-Type: application/x-chrome-extension
ETag: "3AWVl34DSMJKHl2C217ukEQM0Mw="
Last-Modified: Mon, 11 Nov 2024 00:17:54 GMT
MS-CorrelationId: a51b7417-6a19-42fa-9ac5-9728cd844a69
MS-CV: Uhws1dIzmUy9z6OD.0
MS-RequestId: cb9f760f-388b-496e-9f43-47f385abd2dc
Accept-Ranges: bytes
Date: Sat, 22 Mar 2025 07:02:03 GMT
Via: 1.1 varnish
Age: 4562601
X-Served-By: cache-lcy-eglc8600038-LCY
X-Cache: HIT
X-Cache-Hits: 17852605
X-Timer: S1742626923.437414,VS0,VE0
X-CID: 3
X-CCC: GB
Content-Range: bytes 2794-6251/6252
-
HEADhttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cd4e6fbf-c0e9-4dc2-9e3d-7f538bc7435a?P1=1743202846&P2=404&P3=2&P4=Wwrrd9ycY1hYAi6KRSKZa%2bRBs1K9l7GpmCRt0crXxFsfrV7SSL%2fbBaVYOCb3qFbCH2VCiAbAPdYtPBqsC3Gp3g%3d%3dRemote address:199.232.210.172:80RequestHEAD /filestreamingservice/files/cd4e6fbf-c0e9-4dc2-9e3d-7f538bc7435a?P1=1743202846&P2=404&P3=2&P4=Wwrrd9ycY1hYAi6KRSKZa%2bRBs1K9l7GpmCRt0crXxFsfrV7SSL%2fbBaVYOCb3qFbCH2VCiAbAPdYtPBqsC3Gp3g%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 7867
Cache-Control: public, max-age=17280000
Content-Type: application/x-chrome-extension
Last-Modified: Fri, 21 Mar 2025 22:19:58 GMT
ETag: "9iK7xPzAv8q985Zbm4Con5JxafU="
MS-CorrelationId: 4164b8f0-e804-4235-ab4d-7a3e79220109
MS-RequestId: 50f1d66c-fc5d-4668-b591-40eca375990c
MS-CV: uZQngVX3/U2gB55V.0
Accept-Ranges: bytes
Date: Sat, 22 Mar 2025 07:02:19 GMT
Via: 1.1 varnish
Age: 30638
X-Served-By: cache-lcy-eglc8600038-LCY
X-Cache: HIT
X-Cache-Hits: 204347
X-Timer: S1742626939.318749,VS0,VE0
X-CID: 3
X-CCC: GB
-
GEThttp://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cd4e6fbf-c0e9-4dc2-9e3d-7f538bc7435a?P1=1743202846&P2=404&P3=2&P4=Wwrrd9ycY1hYAi6KRSKZa%2bRBs1K9l7GpmCRt0crXxFsfrV7SSL%2fbBaVYOCb3qFbCH2VCiAbAPdYtPBqsC3Gp3g%3d%3dRemote address:199.232.210.172:80RequestGET /filestreamingservice/files/cd4e6fbf-c0e9-4dc2-9e3d-7f538bc7435a?P1=1743202846&P2=404&P3=2&P4=Wwrrd9ycY1hYAi6KRSKZa%2bRBs1K9l7GpmCRt0crXxFsfrV7SSL%2fbBaVYOCb3qFbCH2VCiAbAPdYtPBqsC3Gp3g%3d%3d HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 21 Mar 2025 22:19:58 GMT
User-Agent: Microsoft BITS/7.8
Host: msedge.b.tlu.dl.delivery.mp.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 7867
Cache-Control: public, max-age=17280000
Content-Type: application/x-chrome-extension
Last-Modified: Fri, 21 Mar 2025 22:19:58 GMT
ETag: "9iK7xPzAv8q985Zbm4Con5JxafU="
MS-CorrelationId: 4164b8f0-e804-4235-ab4d-7a3e79220109
MS-RequestId: 50f1d66c-fc5d-4668-b591-40eca375990c
MS-CV: uZQngVX3/U2gB55V.0
Accept-Ranges: bytes
Date: Sat, 22 Mar 2025 07:02:19 GMT
Via: 1.1 varnish
Age: 30638
X-Served-By: cache-lcy-eglc8600038-LCY
X-Cache: HIT
X-Cache-Hits: 204350
X-Timer: S1742626939.438749,VS0,VE0
X-CID: 3
X-CCC: GB
-
Remote address:8.8.8.8:53Requestedge.microsoft.comIN AResponseedge.microsoft.comIN CNAMEedge-domain.trafficmanager.netedge-domain.trafficmanager.netIN CNAMEedge-microsoft-com.ax-0002.ax-msedge.netedge-microsoft-com.ax-0002.ax-msedge.netIN CNAMEax-0002.ax-msedge.netax-0002.ax-msedge.netIN A150.171.27.11ax-0002.ax-msedge.netIN A150.171.28.11
-
Remote address:8.8.8.8:53Requestedge.microsoft.comIN UnknownResponseedge.microsoft.comIN CNAMEedge-domain.trafficmanager.netedge-domain.trafficmanager.netIN CNAMEedge-microsoft-com.ax-0002.ax-msedge.netedge-microsoft-com.ax-0002.ax-msedge.netIN CNAMEax-0002.ax-msedge.net
-
Remote address:8.8.8.8:53Requestmsedge.b.tlu.dl.delivery.mp.microsoft.comIN AResponsemsedge.b.tlu.dl.delivery.mp.microsoft.comIN CNAMEstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comstar.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.comIN CNAMEcdp-f-tlu-net.trafficmanager.netcdp-f-tlu-net.trafficmanager.netIN CNAMEfg.microsoft.map.fastly.netfg.microsoft.map.fastly.netIN A199.232.214.172fg.microsoft.map.fastly.netIN A199.232.210.172
-
150.171.27.10:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=tls, http22.0kB 9.4kB 22 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=14807ccca04d4a68b42c21ec8bb4289e&localId=w:BDEEEA66-9FF9-032D-B4CB-199BE88F3227&deviceId=6896216899373042&anid=HTTP Response
204 -
15.197.225.128:80http://conspec.us/wp-content/plugins/nextgen-galleryOLD/products/photocrati_nextgen/modules/i18n/wstr.phphttpxdpxegnijily.exe2.2kB 452 B 7 4
HTTP Request
POST http://conspec.us/wp-content/plugins/nextgen-galleryOLD/products/photocrati_nextgen/modules/i18n/wstr.phpHTTP Response
405HTTP Request
POST http://conspec.us/wp-content/plugins/nextgen-galleryOLD/products/photocrati_nextgen/modules/i18n/wstr.phpHTTP Response
405 -
1.2kB 532 B 6 4
HTTP Request
POST http://tmfilms.net/wp-content/plugins/binary.phpHTTP Response
302 -
199.59.243.228:80http://ww25.tmfilms.net/wp-content/plugins/binary.php?subid1=20250322-1800-0119-881b-9170b7a8b1aehttpxdpxegnijily.exe655 B 2.1kB 8 4
HTTP Request
GET http://ww25.tmfilms.net/wp-content/plugins/binary.php?subid1=20250322-1800-0119-881b-9170b7a8b1aeHTTP Response
200 -
1.2kB 6.9kB 15 13
-
150.171.28.10:443https://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http2115.7kB 3.3MB 2398 2388
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239356742545_1KNYU9T4JPR3SHFV1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418535_1J3FI1BHYFKNLDX7C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360607351_1LWNG3EPOKCB0ST8C&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360607350_1DIIHMLKOJP4KM45O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239356744296_15VBZP2MRT6FYDL3E&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418536_1RXQC5FWNJZBHVB3M&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
1.2kB 436 B 6 4
HTTP Request
POST http://tmfilms.net/wp-content/plugins/binary.phpHTTP Response
302 -
199.59.243.228:80http://ww25.tmfilms.net/wp-content/plugins/binary.php?subid1=20250322-1800-54a4-93b8-db3432342c53httpxdpxegnijily.exe761 B 2.8kB 9 6
HTTP Request
GET http://ww25.tmfilms.net/wp-content/plugins/binary.php?subid1=20250322-1800-54a4-93b8-db3432342c53HTTP Response
200 -
204.79.197.239:80http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:T1x3UV-cdqA6yLwWwCTA7jH4iwoET_ljW8UyV2_sONs&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855httpmsedge.exe1.6kB 1.1kB 6 5
HTTP Request
GET http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:T1x3UV-cdqA6yLwWwCTA7jH4iwoET_ljW8UyV2_sONs&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855HTTP Response
200 -
150.171.28.11:443https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19041&devicefamily=desktop&installdate=1741877482&clientversion=133.0.3065.69&experimentationmode=2&scpguard=0&scpfull=0&scpver=0tls, http2msedge.exe4.0kB 10.2kB 18 21
HTTP Request
GET https://edge.microsoft.com/extensionwebstorebase/v1/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff&x=id%3Djmjflgjpcpepeafmmgdpfkogkghcpiha%26v%3D0.0.0.0%26installsource%3Dreinstall%26installedby%3Dother%26uc%26ping%3Dr%253D9%2526e%253D0%2526dr%253D1024HTTP Request
GET https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19041&devicefamily=desktop&installdate=1741877482&clientversion=133.0.3065.69&experimentationmode=2&scpguard=0&scpfull=0&scpver=0HTTP Response
200HTTP Response
200 -
2.4kB 6.9kB 10 12
-
142.250.180.3:443https://update.googleapis.com/service/update2/json?cup2key=14:3YnLXPVbScCzXDM0_ZWiGe24YKYrm793wkK62mVxtBs&cup2hreq=8be234a4bd81973c166516bc74996bb614d293f68921492e7345a59da91d3ca0tls, http2msedge.exe4.4kB 8.5kB 16 18
HTTP Request
POST https://update.googleapis.com/service/update2/json?cup2key=14:3YnLXPVbScCzXDM0_ZWiGe24YKYrm793wkK62mVxtBs&cup2hreq=8be234a4bd81973c166516bc74996bb614d293f68921492e7345a59da91d3ca0 -
94.245.104.56:443https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=UStls, httpmsedge.exe3.5kB 7.4kB 12 13
HTTP Request
GET https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=USHTTP Response
200 -
2.9kB 5.5kB 15 17
HTTP Request
GET https://copilot.microsoft.com/c/api/user/eligibilityHTTP Response
200 -
2.18.190.174:443https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1743231655&P2=404&P3=2&P4=fUlQ%2bValn%2bOH3zUvmvUFZlkoDz9NUHN4UeOepIUV%2bUrEjypSk7QqvBqczUr9QfSCdF2TI%2bwMftamHa3i6kwOtw%3d%3dtls, http2msedge.exe3.3kB 20.2kB 21 28
HTTP Request
GET https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1743231655&P2=404&P3=2&P4=fUlQ%2bValn%2bOH3zUvmvUFZlkoDz9NUHN4UeOepIUV%2bUrEjypSk7QqvBqczUr9QfSCdF2TI%2bwMftamHa3i6kwOtw%3d%3dHTTP Response
200 -
2.2kB 4.4kB 10 7
-
98 B 52 B 2 1
-
150.171.28.11:443https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest_gz&version=4.11.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362tls, http2msedge.exe4.1kB 8.8kB 19 23
HTTP Request
GET https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=domains_config_gz&version=3.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362HTTP Request
GET https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=24.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362HTTP Request
GET https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest_gz&version=4.11.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362HTTP Response
200HTTP Response
200HTTP Response
200 -
2.18.66.48:443https://www.bing.com/api/shopping/v1/user/shoppingsettings?EnabledServiceFeaturesv2=edgeServerUX.shopping.aablockth,edgeServerUX.shopping.block99,edgeServerUX.shopping.disableCashbackOnCouponCopy,edgeServerUX.shopping.enableColdStartCohort,edgeServerUX.shopping.highttaablocksrth,edgeServerUX.shopping.highttaablockth,edgeServerUX.shopping.migrateClippingToOmnibox,edgeServerUX.shopping.msEdgeShoppingCashbackDismissTimeout2s,edgeServerUX.shopping.nrtLogging,edgeServerUX.shopping.snDataFromOS,edgeServerUX.shopping.useExpSNDatatls, http2msedge.exe3.4kB 6.6kB 16 16
HTTP Request
GET https://www.bing.com/api/shopping/v1/user/shoppingsettings?EnabledServiceFeaturesv2=edgeServerUX.shopping.aablockth,edgeServerUX.shopping.block99,edgeServerUX.shopping.disableCashbackOnCouponCopy,edgeServerUX.shopping.enableColdStartCohort,edgeServerUX.shopping.highttaablocksrth,edgeServerUX.shopping.highttaablockth,edgeServerUX.shopping.migrateClippingToOmnibox,edgeServerUX.shopping.msEdgeShoppingCashbackDismissTimeout2s,edgeServerUX.shopping.nrtLogging,edgeServerUX.shopping.snDataFromOS,edgeServerUX.shopping.useExpSNDataHTTP Response
200 -
204.79.197.239:443https://edge.microsoft.com/abusiveadblocking/api/v1/blocklisttls, http2msedge.exe3.1kB 7.4kB 13 17
HTTP Request
GET https://edge.microsoft.com/abusiveadblocking/api/v1/blocklistHTTP Response
304 -
13.107.246.65:443https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/24.0.4/asset?assetgroup=ArbitrationServicetls, http2msedge.exe4.4kB 30.0kB 33 35
HTTP Request
GET https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/24.0.4/asset?assetgroup=ArbitrationServiceHTTP Response
200 -
20.6kB 15.0kB 40 49
HTTP Request
GET https://edge.microsoft.com/extensionwebstorebase/v1/logextensionreliability?success=true&cv=3DyH8Gn0cbqn8eidLr+5j2&errorString=&crxId=jmjflgjpcpepeafmmgdpfkogkghcpiha&os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puffHTTP Response
200HTTP Request
POST https://edge.microsoft.com/componentupdater/api/v1/update?cup2key=7:EhOjQpzbcvpe2-3H1yU_hbzHGmYY1K-nTpTEaiz4o-I&cup2hreq=f1a79c963c0de4c1e087ed16717a0279dcadc165faf4389c6a89e21651749aa9HTTP Response
200HTTP Request
POST https://edge.microsoft.com/componentupdater/api/v1/updateHTTP Response
200HTTP Request
POST https://edge.microsoft.com/componentupdater/api/v1/updateHTTP Response
200 -
476 B 395 B 6 4
HTTP Request
GET http://c.pki.goog/r/r1.crlHTTP Response
304 -
13.107.246.64:443https://edge-consumer-static.azureedge.net/mouse-gesture/config.jsontls, http2msedge.exe3.6kB 9.0kB 15 16
HTTP Request
GET https://edge-consumer-static.azureedge.net/mouse-gesture/config.jsonHTTP Response
200 -
13.107.246.64:443https://static.edge.microsoftapp.net/default/cloud_config_observers.jsontls, http2msedge.exe3.7kB 9.7kB 16 18
HTTP Request
HEAD https://static.edge.microsoftapp.net/default/cloud_config_observers.jsonHTTP Response
200HTTP Request
GET https://static.edge.microsoftapp.net/default/cloud_config_observers.jsonHTTP Response
200 -
13.107.246.64:443https://edge-cloud-resource-static.azureedge.net/default/operation_config/default.jsontls, http2msedge.exe3.4kB 9.6kB 14 16
HTTP Request
GET https://edge-cloud-resource-static.azureedge.net/default/operation_config/default.jsonHTTP Response
200 -
13.107.246.64:443https://edge-mobile-static.azureedge.net/eccp/get?settenant=edge-config&setplatform=win&setmkt=en-US&setchannel=stabletls, http2msedge.exe3.6kB 12.8kB 16 20
HTTP Request
GET https://edge-mobile-static.azureedge.net/eccp/get?settenant=edge-config&setplatform=win&setmkt=en-US&setchannel=stableHTTP Response
200 -
199.232.210.172:80http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cd4e6fbf-c0e9-4dc2-9e3d-7f538bc7435a?P1=1743202846&P2=404&P3=2&P4=Wwrrd9ycY1hYAi6KRSKZa%2bRBs1K9l7GpmCRt0crXxFsfrV7SSL%2fbBaVYOCb3qFbCH2VCiAbAPdYtPBqsC3Gp3g%3d%3dhttp3.2kB 18.8kB 17 24
HTTP Request
HEAD http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3dHTTP Response
200HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3dHTTP Response
206HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2a0d597c-a09c-4400-be86-87596dd2e696?P1=1743011308&P2=404&P3=2&P4=hM9jDcQP%2f%2fUCZ6uGA7CXkDZvSGppghOGeWKnx%2bISDqQZb4Ic2ugwpaGHODvHFo1Y%2f6p%2fYWVcZPBD0Vxr%2b7j8TA%3d%3dHTTP Response
206HTTP Request
HEAD http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cd4e6fbf-c0e9-4dc2-9e3d-7f538bc7435a?P1=1743202846&P2=404&P3=2&P4=Wwrrd9ycY1hYAi6KRSKZa%2bRBs1K9l7GpmCRt0crXxFsfrV7SSL%2fbBaVYOCb3qFbCH2VCiAbAPdYtPBqsC3Gp3g%3d%3dHTTP Response
200HTTP Request
GET http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cd4e6fbf-c0e9-4dc2-9e3d-7f538bc7435a?P1=1743202846&P2=404&P3=2&P4=Wwrrd9ycY1hYAi6KRSKZa%2bRBs1K9l7GpmCRt0crXxFsfrV7SSL%2fbBaVYOCb3qFbCH2VCiAbAPdYtPBqsC3Gp3g%3d%3dHTTP Response
200
-
56 B 148 B 1 1
DNS Request
g.bing.com
DNS Response
150.171.27.10150.171.28.10
-
56 B 88 B 1 1
DNS Request
conspec.us
DNS Response
15.197.225.1283.33.251.168
-
57 B 73 B 1 1
DNS Request
tmfilms.net
DNS Response
103.224.182.215
-
62 B 107 B 1 1
DNS Request
ww25.tmfilms.net
DNS Response
199.59.243.228
-
60 B 133 B 1 1
DNS Request
iqinternal.com
-
60 B 133 B 1 1
DNS Request
goktugyeli.com
-
62 B 135 B 1 1
DNS Request
saludaonline.com
-
69 B 142 B 1 1
DNS Request
newculturemediablog.com
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.28.10150.171.27.10
-
64 B 208 B 1 1
DNS Request
edge.microsoft.com
DNS Response
204.79.197.23913.107.21.239
-
64 B 209 B 1 1
DNS Request
edge.microsoft.com
-
60 B 133 B 1 1
DNS Request
iqinternal.com
-
64 B 205 B 1 1
DNS Request
edge.microsoft.com
DNS Response
150.171.28.11150.171.27.11
-
64 B 206 B 1 1
DNS Request
edge.microsoft.com
-
67 B 83 B 1 1
DNS Request
update.googleapis.com
DNS Response
142.250.180.3
-
67 B 124 B 1 1
DNS Request
update.googleapis.com
-
60 B 133 B 1 1
DNS Request
goktugyeli.com
-
67 B 238 B 1 1
DNS Request
copilot.microsoft.com
DNS Response
104.86.110.1062.18.66.57
-
67 B 267 B 1 1
DNS Request
copilot.microsoft.com
-
73 B 226 B 1 1
DNS Request
api.edgeoffer.microsoft.com
DNS Response
94.245.104.56
-
73 B 271 B 1 1
DNS Request
api.edgeoffer.microsoft.com
-
62 B 135 B 1 1
DNS Request
saludaonline.com
-
69 B 142 B 1 1
DNS Request
newculturemediablog.com
-
98 B 341 B 1 1
DNS Request
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
DNS Response
2.18.190.1742.18.190.170
-
98 B 370 B 1 1
DNS Request
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
-
64 B 208 B 1 1
DNS Request
edge.microsoft.com
DNS Response
204.79.197.23913.107.21.239
-
64 B 206 B 1 1
DNS Request
edge.microsoft.com
-
204 B 3
-
76 B 243 B 1 1
DNS Request
edgeassetservice.azureedge.net
DNS Response
13.107.246.65
-
76 B 287 B 1 1
DNS Request
edgeassetservice.azureedge.net
-
3.1kB 6.8kB 10 14
-
56 B 107 B 1 1
DNS Request
c.pki.goog
DNS Response
142.250.180.3
-
80 B 251 B 1 1
DNS Request
edge-consumer-static.azureedge.net
DNS Response
13.107.246.64
-
80 B 295 B 1 1
DNS Request
edge-consumer-static.azureedge.net
-
74 B 302 B 1 1
DNS Request
static.edge.microsoftapp.net
DNS Response
13.107.246.64
-
74 B 346 B 1 1
DNS Request
static.edge.microsoftapp.net
-
78 B 247 B 1 1
DNS Request
edge-mobile-static.azureedge.net
DNS Response
13.107.246.64
-
78 B 277 B 1 1
DNS Request
edge-mobile-static.azureedge.net
-
86 B 263 B 1 1
DNS Request
edge-cloud-resource-static.azureedge.net
DNS Response
13.107.246.64
-
86 B 307 B 1 1
DNS Request
edge-cloud-resource-static.azureedge.net
-
87 B 266 B 1 1
DNS Request
msedge.b.tlu.dl.delivery.mp.microsoft.com
DNS Response
199.232.210.172199.232.214.172
-
3.0kB 3.6kB 7 10
-
64 B 205 B 1 1
DNS Request
edge.microsoft.com
DNS Response
150.171.27.11150.171.28.11
-
64 B 220 B 1 1
DNS Request
edge.microsoft.com
-
87 B 266 B 1 1
DNS Request
msedge.b.tlu.dl.delivery.mp.microsoft.com
DNS Response
199.232.214.172199.232.210.172
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
560B
MD5ba04f6a58daf12657c546a47f995b7a6
SHA1ef9a1e050e848202214d71795d8c9f2d8dd48384
SHA256f21ce90e98bcf437c94775800bc5bb97b95305fe93a3b5f3b560813820fe17f8
SHA5122d68178b7e2dc9f9bb05722e3ca7913a9c8684099e8852a43d627a500a80f2a5fff0cf2d417a49976da9e15982f3f85476c9ccb493c90caf29a6a873f344d702
-
Filesize
560B
MD5fd36078e3f6acbc17d8709484d0e6f71
SHA1e257a85478071e9c133f5bd93d5da4c30675d4d8
SHA2561a632930df005ea62b36a26996bfa3334c1b38ce45edea0f5521bbc590e98f47
SHA51246065f265ae01646a8ba2c81a54830a635e43f678d2f12ade23473df0ffb5c98c3f9bebb2f5e014fa57b0d5bab0af8ad4a165bec498c60d945716f42df0724ba
-
Filesize
416B
MD5ceff33dab7961322d2574fe8c7916409
SHA1a97c18f55e8e9292d46c85cdcca44d9ebec1f03d
SHA2566915460220bd0f1d63a9736cf2f878705347eb0647088ad2a6b12eb8d3557f67
SHA512010304b9bc8313d49af77ddd9e3b784c4b0fa39b4df06ebd3f69357c01431fcdb41664b038617ec73e67cb07126f12c42bfdf85fa50d100964fa69b9c8e5a312
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
79B
MD57f4b594a35d631af0e37fea02df71e72
SHA1f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57
SHA256530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1
SHA512bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360
-
Filesize
280B
MD57b0736a36bad51260e5db322736df2e9
SHA130af14ed09d3f769230d67f51e0adb955833673e
SHA2560d2adfd06d505b9020c292d30597083d808bfd90ddc0fe173def5db96832a087
SHA512caabdc6a8601b93f3c082e6506b3c9efe2242b90e92e86306dc0bd4857d33343ba395325fabb21f5db562d3e3932f52f77de547f379072d0154efd5f1b1cdeb3
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js.mp3
Filesize9KB
MD5941274668b5d8385c4e20adfe22a9a29
SHA149d9dd755c61fe520169b8b0b2d75e3ecdba4ce0
SHA256c0a57b3ec8656b0ed0f9afecf3b36156b3aa34143146e49e553590553cb94215
SHA51203b35633c5d0b4259431b0fe3462c06c91449d7074b0c2f85741e3e118ea4a680a678362fd97204825a443e4406a05de416719705ae740e0fd49ffdc8f72909d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content_new.js.mp3
Filesize10KB
MD54105b435c3261de2995e14468f484dda
SHA1488fb2f68fa0d92e87de62ca5490139675d58b90
SHA256c5077412c26001813aa435c0752b17189104fd5da6a3a39a47fa07acba4816e8
SHA512dc736f5ad1349a50fcadf7fecf56d13ef76ed2802770ec4350bb9f3ed077139efda01a607fb11f82f987e2b8c34d50d05c274a744eb1fd559083d103d578b5af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_1\content.js
Filesize9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
2KB
MD5248c9d8c1746b07573d48e77a12c93b2
SHA167adc1cf2feba00743d6250e2ec048f4184aee8e
SHA256ee98f4debe0f122745c5de1fcf0cf08284ba870e63b916f6096773f8adb23ce7
SHA512bee4e225c91ee47aa8bd7ab0474ad6766921a005bfb69d87fd9f2920c06782fb262e2b545ad3cf2de0f44c5f787f8efed291d965242001e8fc076dda0fa31e11
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
17KB
MD58b8cb48fbc8db08fae31b3be319f19b9
SHA16ab6f40b7b043ebf427f17f7b875b0d9ffb8e42f
SHA25666fb60bb8b46da24854b1601fcc1170988edc9de79615a16ed7f548e8c4d2e7e
SHA512ad4823b80c3858e879e25eb596df44115a82f45ede0707dd2e82911d01ff9ba25037d1818acff36ec1098ab7a4a6a531861dd2e0e5ccdefea9ab29bbe59d6d19
-
Filesize
36KB
MD5963e35629fdebf78e33f4f8956a362ad
SHA1f8b7f3df1229e1955c3d605135bc91ed1565740e
SHA256186bf6443ad12e01974517be17dbaca401c74630d955953716507b24eb3b2713
SHA51216409149eff1bbeb0c511f0c731154aca956602d76b3eb5d4e54f7e995332c35324b8b8d1cf81f4c203773b9979a7947cd81855dbebead7ad98a93db08a87d8b
-
Filesize
22KB
MD53693a1e89f0b4ac50b153a898aab7b1e
SHA1f616919fcf215f4f1d0779476a41b7a52cf9dd52
SHA2567ca2d287f20ca94fedae1007d9869a2f7639b90c9720359709e2d2bc9e137c41
SHA51295fb60b6eed8c015b80b8a9572642faad54814275190cd2fd3b5ad7b376aa8abba5362d50b4de80a8bd3cb26cdb81b61d7f5e689207522f94bd20dbffc260808
-
Filesize
465B
MD5b8791c732f17171a1612538615bbeb69
SHA1e68cb7e737b5098024d6649629cd8679c87cb5fe
SHA256760aaa9bcc92622179af0e90b32d1d939042a3ef83cc7251c47d54328b652c8c
SHA51250e99b0195b004d35cb3e64209ba4affbde2dfaf7ec358ffe170dcbc345207561fbea0042276a9720ace6874d18ee029c92e99378347313c7a3df4c2d5e676ac
-
Filesize
22KB
MD5a69b1a499a194b3fc246697bfefbd407
SHA1ff04142d328401c59af16639d30f3240a1bd9dfa
SHA2562acca1899c0421bfa89a1a2565c41d1dfe669bdc080ec567c548eb4329a07d48
SHA512d3c9b55414194efdf75a8b60796b2076431d1b645a23fa3f315b82c308dfa6eb50b52470e0fbf5438838217ef4514afbd6a83f33428276e83aeabed5a0e67cab
-
Filesize
896B
MD53150567f9a516def1ce9302ae31e824e
SHA1b41b34441db45b8799b3136725ad6f24d41e6b95
SHA256c54dad7a7831e3f7c2d65909a1592f3c8e875c10efde3387fc0b9a79f9894636
SHA512a1adc28768428b77ab1799f611c89a73c94cf080cfb208680396fcadf70ada3af349fe29070d147968f10bfa5456588eef96e9fc4703a545729e190335a4fef9
-
Filesize
19KB
MD541c1930548d8b99ff1dbb64ba7fecb3d
SHA1d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA25616cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Notifications\0.0.0.46\arbitration_metadata.txt.mp3
Filesize344KB
MD5d6c5bf7914ee4cfbe9270e9051c43695
SHA1a8f2fc0cdaa900c3cd5c5f92412e150eb17723f4
SHA256eab557af653aaf78819dc9a7a3028de0403ef8d3619c4541b6fca16dab9011ea
SHA512bed8e85828a6c8d1134792634a4aa5e561380561638fa1d4d528eae2181bb37cbc777cbf0a0e9e82465edad8542e79f745b18dba510f3d2959b1ba56b924f083
-
Filesize
49KB
MD519491c926beb5441d78c93d9c9d8f6b3
SHA1e6e4128d1585f9dc34c1f710da1cfb61481fbcc1
SHA2560ca2566a2487a382ee912a80e994652b5948a98db2010bbc0ae3572f46f93fbe
SHA512d39592c68099e5fe45b6ed2b2a381bab7a283eb54f4f55e9bfdc0f6b509c241d0ab688ef2a3b7cf980df58d20712390d825ec8e072599b0186c801cf99b9442e
-
Filesize
49KB
MD549b84c0a2ed655cca522532e325e1714
SHA109c6aa949f541c4a618b8a8df90f7b791355cbd8
SHA25621d04f5138fad28b6032db278bc1f839f2889707a3d7e86a9d1c81575f0dab1a
SHA5120357b65f8e63c1df0c8acfbae38ef7f9d2315166bcbe09c411bc00b06a481f75624aa352bc7e4463a0b62ca85af0ff99fe662a3b75c08ce23d1955573fad88a2
-
Filesize
40KB
MD50bc9fa9f72bdcbaf4a1bbf5bfc2db8f6
SHA13b2fd54288f26b596cac2d6fdadd917761645bad
SHA256675ab2b19db5871cc35d0680b872f14274a9cccbf95db4fb705bc39ba8045e17
SHA512918622a5b564561ec38177cdbd045091aed623d98a58fd3d5c4f001b6c3ec32f2becdbe6e0916d3055f682d97d6f46a6ac43e3554c72f453a0d8b7b75b7288ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json
Filesize6KB
MD5bef4f9f856321c6dccb47a61f605e823
SHA18e60af5b17ed70db0505d7e1647a8bc9f7612939
SHA256fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5
SHA512bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD5cf78fe01d11783c695f401ed28eb7470
SHA1c6ce269b8a059e33e4741564e1f0dc04f1aaab8b
SHA2563eb155e588f530abefb46a9c9fc3f7ae793fdfdcd24b55a3909864cbc767c709
SHA512d1022f616109524235943c19f65a119bf17061fa0e417c76abddd9779416c316da038d1b00b9ef73174f4e116bf6d1202d901ace9339eaa8a6a427ee57672e56
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133863512399351925.txt
Filesize77KB
MD52834027f9e20e3bd2880fffcb6646970
SHA1845ef84dc355140fdff8e88493ce5a22baf5ae0e
SHA256550ec350daf5b2f4287e73267dfb9009058569d3995f968d3963ce4c9d2eb606
SHA51282dbdcbb5d3f5c75f897460e30c24165f7c91a7bceaf13715a6e8fe4e87e5dcc1b3e4e98767d6ffa4e27357b5224694c81dadf9c9bf1c0568d5187736a132b6f
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133863553978119774.txt
Filesize87KB
MD50192cf8af64ef836cace24a0cbb8bdd0
SHA10e87064c3a46fc4c969bea60a38bd4a9d3bd99ca
SHA2563355a37b31fe46dc4a3563b3e5877b1d78ac975e2f861cf1d20e73b91d5edfc2
SHA51275bae6747b9fdb9f59708e31c7038008b95324e157d2b0ff581220108921409b4f33eddaa9f9c4a383a443608ee4e617d3be1db00c26f6347dd6f608fcd42e3e
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir5044_1555314158\98869cde-cfcd-4d94-b4f2-9428f6c9d355.tmp
Filesize10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
251KB
MD58fa787e817cf01cfdb0b287de2ee39c9
SHA137f6f0b73983d7d61a5393ded3ffd3eec5f6f0b8
SHA2564dbd942433b4510cec4998e8447aef56c776753d6b23c3690e19fc6d573fc8af
SHA5125d6f734eb82254b303f81776dc161d4409597c986298ed0e95f0fe4752a16a0fb07d95823adeb6943fa7d11a801cbef53b1cf19168a3ce8af3cea86f12a3468e
-
Filesize
11KB
MD54bfc3cc669548e0a87e56921083ccab6
SHA11dd8e0a37256ea43de944554e19f41734fe1e342
SHA256baddb9a7445f64f9f1ca7588d811d70c69295a73228e5341b66ee3410c57f3d8
SHA512d87ddf88033efeaf6d36b38c88196fc656a4ea733ffeb566329a8f2432f7e187689fa4dda20a7cc18a00adec6f0991bf9a597f9edc28cfb11e4d8406bec9446d
-
Filesize
64KB
MD52a82aad25229334e5e38a210759f49e6
SHA11cb83c4d24dc1ddb1585cfc3939d02f3d5f4616e
SHA2563cf57a82c9c27927b5b789515c0a27b8c06dc3a5ccb62c1e49ab9b3cbdb51343
SHA512a23d9bc71c9116c24ce3e172bf2e583d4428210a062e74474fb2be94c8a9c1a68ce30864406f2bed772e4b362875197d97b8524e8b129738ee292f2b987d7a58
-
Filesize
1KB
MD5a5eb95e83a23dfaf1b759a7e4580ebf4
SHA1ea1824c3516ad31c3becae379aaa07037a03b4b9
SHA2566c2fc3ac718aaa53603111968322535139165624e4cf73f6fa513f2cc000f7a2
SHA512cf71af3412c7e651854a6b68acacc8e033101f9c6837ebd1ba4b67f4fa81d0c6376b8c2211fa06563d5a6e33b5e1c069057d4c17631f11e6b8c1fd5b9fb075f4