Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

URLScan

urlscan

1

https://i.e-z.host/j...

windows10-2004-x64

4

Analysis

  • max time kernel
    199s
  • max time network
    203s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/06/2023, 18:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://i.e-z.host/jumgb43w.mp4

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 1 IoCs
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 30 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://i.e-z.host/jumgb43w.mp4
    1⤵
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1280
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1280 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1380
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1280 CREDAT:82952 /prefetch:2
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Modifies Internet Explorer settings
      PID:5068
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x300 0x420
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4428
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4016

Network

  • flag-us
    DNS
    i.e-z.host
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    i.e-z.host
    IN A
    Response
    i.e-z.host
    IN A
    104.21.10.11
    i.e-z.host
    IN A
    172.67.161.230
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://i.e-z.host/jumgb43w.mp4
    IEXPLORE.EXE
    Remote address:
    104.21.10.11:443
    Request
    GET /jumgb43w.mp4 HTTP/2.0
    host: i.e-z.host
    accept: text/html, application/xhtml+xml, image/jxr, */*
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    date: Tue, 06 Jun 2023 18:33:52 GMT
    content-type: text/html; charset=utf-8
    last-modified: Tue, 06 Jun 2023 18:15:46 GMT
    cache-control: max-age=1800
    cf-cache-status: HIT
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wwxKxOcOhfYgbU%2B5S6X4dulvqgVK8WlrB9xbZ%2FLl25RYXJIT5UgS8TwAP1N4sNOGIR2MIWCtpvleR0ZY2i%2F2nkdImOtOJsHuKdO%2FkQMbUJJoHLf0gCc8W6SmOsMU"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    vary: Accept-Encoding
    server: cloudflare
    cf-ray: 7d32bf03aca70b04-AMS
    content-encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://i.e-z.host/static/styles/main.css
    IEXPLORE.EXE
    Remote address:
    104.21.10.11:443
    Request
    GET /static/styles/main.css HTTP/2.0
    host: i.e-z.host
    accept: text/css, */*
    referer: https://i.e-z.host/jumgb43w.mp4
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    date: Tue, 06 Jun 2023 18:33:52 GMT
    content-type: text/css; charset=utf-8
    content-length: 4497
    content-encoding: gzip
    last-modified: Wed, 31 Aug 2022 16:52:13 GMT
    cache-control: max-age=1800
    cf-cache-status: HIT
    age: 5594
    accept-ranges: bytes
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y2YbBWKFnESls%2FhLnfoTBEJ9%2Fu4dslJeu8AOMXQN1GTWolDPda1Nt8wf1RS0I5g6pf3l2tIJAOOSgUEA%2FaBD%2FN80pVO9GzE4eXwgSIlZ%2BAN64%2BrkvtviD8vSjLJI"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    vary: Accept-Encoding
    server: cloudflare
    cf-ray: 7d32bf05f8eb0b04-AMS
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://i.e-z.host/favicon.ico
    IEXPLORE.EXE
    Remote address:
    104.21.10.11:443
    Request
    GET /favicon.ico HTTP/2.0
    host: i.e-z.host
    accept: */*
    accept-encoding: gzip, deflate
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Response
    HTTP/2.0 200
    date: Tue, 06 Jun 2023 18:33:55 GMT
    content-length: 0
    last-modified: Tue, 06 Jun 2023 16:17:18 GMT
    cache-control: max-age=1800
    cf-cache-status: HIT
    age: 4772
    accept-ranges: bytes
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yLdDyp%2BacqYzjLEu7a%2BYPuY6pQng%2FGBRb9CO34XXUrU5qgrhuavjiylRN7qVzwn8V%2FLJfasYkBlJIg4PaydZnnAH8rr%2BecZ%2FiOsbtTdSrJc%2BC29ZRXtw39kPDGTH"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    vary: Accept-Encoding
    server: cloudflare
    cf-ray: 7d32bf1b3ca30b04-AMS
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://i.e-z.host/static/styles/main.css
    IEXPLORE.EXE
    Remote address:
    104.21.10.11:443
    Request
    GET /static/styles/main.css HTTP/2.0
    host: i.e-z.host
    accept: */*
    accept-language: en-US
    accept-encoding: gzip, deflate
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    cache-control: no-cache
    Response
    HTTP/2.0 200
    date: Tue, 06 Jun 2023 18:34:24 GMT
    content-type: text/css; charset=utf-8
    content-length: 4497
    content-encoding: gzip
    last-modified: Wed, 31 Aug 2022 16:52:13 GMT
    cache-control: max-age=1800
    cf-cache-status: HIT
    age: 5626
    accept-ranges: bytes
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KFWZIPutFfAfRCNqOQ%2BemdHghGKuiBQNx%2Fhf2k7Sq343hF9qBucJaI89gUTlxCyPVbQE8PprR9yq1mkXJXwRjH8vlUAR%2BPrS4Ol%2FFWUr1tOcox4PoSRmCo%2B5EDpG"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    vary: Accept-Encoding
    server: cloudflare
    cf-ray: 7d32bfcfadcc0b04-AMS
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://i.e-z.host/jumgb43w.mp4
    IEXPLORE.EXE
    Remote address:
    104.21.10.11:443
    Request
    GET /jumgb43w.mp4 HTTP/2.0
    host: i.e-z.host
    accept: */*
    accept-language: en-US
    accept-encoding: gzip, deflate
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    cache-control: no-cache
    Response
    HTTP/2.0 200
    date: Tue, 06 Jun 2023 18:34:24 GMT
    content-type: text/html; charset=utf-8
    last-modified: Tue, 06 Jun 2023 18:15:46 GMT
    cache-control: max-age=1800
    cf-cache-status: HIT
    age: 32
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=foCNgzGe1CP8IRz7V%2BliyPknCI5KfTkWeCOaCdyM4daSu2GORwSX14o94WphKcELq%2Bu2hWIS3dAlcDQ4zi4sYKdRKquAIbUJeDVPrRyE%2BUbtpYDY8PX62lDH48Xg"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    vary: Accept-Encoding
    server: cloudflare
    cf-ray: 7d32bfcfadcf0b04-AMS
    content-encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://i.e-z.host/jumgb43w.mp4
    IEXPLORE.EXE
    Remote address:
    104.21.10.11:443
    Request
    GET /jumgb43w.mp4 HTTP/2.0
    host: i.e-z.host
    accept: text/html, application/xhtml+xml, image/jxr, */*
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    if-modified-since: Tue, 06 Jun 2023 18:15:46 GMT
    Response
    HTTP/2.0 304
    date: Tue, 06 Jun 2023 18:35:17 GMT
    last-modified: Tue, 06 Jun 2023 18:15:46 GMT
    cache-control: max-age=1800
    cf-cache-status: HIT
    age: 85
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=odHrAKsPoEPCgCcQZJZ%2BID53qay5KCWzIylRLpCsQ2tOcPGXmSmuftEkVo%2Fjm2Y4ty4xQ7pwoRvF4icJbnXpfIBCYpvuCe0%2F5ZV2BuIG4D6UBY9npHa7jvEKM5ca"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    vary: Accept-Encoding
    server: cloudflare
    cf-ray: 7d32c1197a5e0b04-AMS
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://i.e-z.host/static/styles/main.css
    IEXPLORE.EXE
    Remote address:
    104.21.10.11:443
    Request
    GET /static/styles/main.css HTTP/2.0
    host: i.e-z.host
    accept: text/css, */*
    referer: https://i.e-z.host/jumgb43w.mp4
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    if-modified-since: Wed, 31 Aug 2022 16:52:13 GMT
    Response
    HTTP/2.0 304
    date: Tue, 06 Jun 2023 18:35:17 GMT
    last-modified: Wed, 31 Aug 2022 16:52:13 GMT
    cache-control: max-age=1800
    cf-cache-status: HIT
    age: 5679
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7H13AJksn2KW0o9VpUf3BK2zVn2bYxDnCpec0KzOLHSJ5LLVM8RbI555N1jw5mjJJUVuHMzvYlKIkEFMIQr4JH5bUUgeWuLa9oJJxyOY%2FW7J7En%2BQbRRs2t5SIiU"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    vary: Accept-Encoding
    server: cloudflare
    cf-ray: 7d32c11a1b490b04-AMS
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://i.e-z.host/favicon.ico
    IEXPLORE.EXE
    Remote address:
    104.21.10.11:443
    Request
    GET /favicon.ico HTTP/2.0
    host: i.e-z.host
    accept: */*
    accept-encoding: gzip, deflate
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Response
    HTTP/2.0 200
    date: Tue, 06 Jun 2023 18:35:17 GMT
    content-length: 0
    last-modified: Tue, 06 Jun 2023 16:17:18 GMT
    cache-control: max-age=1800
    cf-cache-status: HIT
    age: 4854
    accept-ranges: bytes
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pyl3VeuvWFn92caF9xoUErtWtLL3jlF%2BJVSAHmyEXjYxt%2FGB8KDaGLIuMQA1bMD17EcXJHpopaR3UcnIwtVjxcMcv0BvEkuPUyhPZszs4%2Bc8XjeVwXarNzDmy4xE"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    vary: Accept-Encoding
    server: cloudflare
    cf-ray: 7d32c11caf3c0b04-AMS
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    code.jquery.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    code.jquery.com
    IN A
    Response
    code.jquery.com
    IN A
    69.16.175.42
    code.jquery.com
    IN A
    69.16.175.10
  • flag-us
    DNS
    11.10.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.10.21.104.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    11.10.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.10.21.104.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    11.10.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.10.21.104.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    11.10.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.10.21.104.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    11.10.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.10.21.104.in-addr.arpa
    IN PTR
  • flag-us
    GET
    https://code.jquery.com/jquery-3.6.0.min.js
    IEXPLORE.EXE
    Remote address:
    69.16.175.42:443
    Request
    GET /jquery-3.6.0.min.js HTTP/2.0
    host: code.jquery.com
    accept: application/javascript, */*;q=0.8
    referer: https://i.e-z.host/jumgb43w.mp4
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    date: Tue, 06 Jun 2023 18:33:53 GMT
    content-encoding: gzip
    content-length: 30875
    content-type: application/javascript; charset=utf-8
    last-modified: Fri, 18 Oct 1991 12:00:00 GMT
    accept-ranges: bytes
    server: nginx
    etag: W/"28feccc0-15d9d"
    cache-control: max-age=315360000
    cache-control: public
    access-control-allow-origin: *
    vary: Accept-Encoding
    x-hw: 1686076433.dop221.am5.t,1686076433.cds322.am5.hn,1686076433.cds004.am5.c
  • flag-us
    DNS
    42.175.16.69.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    42.175.16.69.in-addr.arpa
    IN PTR
    Response
    42.175.16.69.in-addr.arpa
    IN PTR
    hwcdnnet
    42.175.16.69.in-addr.arpa
    IN PTR
    tlb�7
  • flag-us
    DNS
    101.14.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    101.14.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    101.15.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    101.15.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    r2.e-z.host
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    r2.e-z.host
    IN A
    Response
    r2.e-z.host
    IN A
    172.67.161.230
    r2.e-z.host
    IN A
    104.21.10.11
  • flag-us
    GET
    https://r2.e-z.host/261e66e8-f7e0-4556-9e66-da7c4f073a2c/jumgb43w.mp4
    IEXPLORE.EXE
    Remote address:
    172.67.161.230:443
    Request
    GET /261e66e8-f7e0-4556-9e66-da7c4f073a2c/jumgb43w.mp4 HTTP/2.0
    host: r2.e-z.host
    range: bytes=0-
    accept: */*
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    referer: https://i.e-z.host/jumgb43w.mp4
    getcontentfeatures.dlna.org: 1
    accept-language: en-US
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 206
    date: Tue, 06 Jun 2023 18:33:55 GMT
    content-type: video/mp4
    content-length: 292992
    etag: "3707e97187b86c88e9b2f99f483a04e7"
    last-modified: Tue, 06 Jun 2023 18:15:35 GMT
    vary: Accept-Encoding
    cache-control: max-age=43200
    cf-cache-status: MISS
    content-range: bytes 0-292991/292992
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m0d1nbUzBd9l5wODN4P3pErr6A3ZNy19gTuqbTbhDnM8p2tPIjWNjA7iGDZg5auI5t0oKtJgRV%2FUXs5Gja8LHzNG4HWDRyE1dD3ZgmEJ066SHCxprNMq1atiA7k1ag%3D%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 7d32bf1a6c7306d6-AMS
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://r2.e-z.host/261e66e8-f7e0-4556-9e66-da7c4f073a2c/jumgb43w.mp4
    IEXPLORE.EXE
    Remote address:
    172.67.161.230:443
    Request
    GET /261e66e8-f7e0-4556-9e66-da7c4f073a2c/jumgb43w.mp4 HTTP/2.0
    host: r2.e-z.host
    if-unmodified-since: Tue, 06 Jun 2023 18:15:35 GMT
    if-match: "3707e97187b86c88e9b2f99f483a04e7"
    range: bytes=278528-292991
    accept: */*
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    referer: https://i.e-z.host/jumgb43w.mp4
    getcontentfeatures.dlna.org: 1
    accept-language: en-US
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 206
    date: Tue, 06 Jun 2023 18:33:56 GMT
    content-type: video/mp4
    content-length: 14464
    etag: "3707e97187b86c88e9b2f99f483a04e7"
    last-modified: Tue, 06 Jun 2023 18:15:35 GMT
    vary: Accept-Encoding
    cache-control: max-age=43200
    cf-cache-status: HIT
    age: 1
    content-range: bytes 278528-292991/292992
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NC5IW6w9x0kwZWFchDg1eGKo9dhf7%2FCw4ZyOC7k1ClBbsCXkWcuqfT07BSvU39zakt6fiYZzom9PlIV7TtRVd0v6DnT9ESapURZ2zLJVt7S%2BqZbQgBN%2FVbjjb3zC%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 7d32bf1d088606d6-AMS
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://r2.e-z.host/261e66e8-f7e0-4556-9e66-da7c4f073a2c/jumgb43w.mp4
    IEXPLORE.EXE
    Remote address:
    172.67.161.230:443
    Request
    GET /261e66e8-f7e0-4556-9e66-da7c4f073a2c/jumgb43w.mp4 HTTP/2.0
    host: r2.e-z.host
    if-unmodified-since: Tue, 06 Jun 2023 18:15:35 GMT
    if-match: "3707e97187b86c88e9b2f99f483a04e7"
    range: bytes=196608-278527
    accept: */*
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    referer: https://i.e-z.host/jumgb43w.mp4
    getcontentfeatures.dlna.org: 1
    accept-language: en-US
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 206
    date: Tue, 06 Jun 2023 18:33:56 GMT
    content-type: video/mp4
    content-length: 81920
    etag: "3707e97187b86c88e9b2f99f483a04e7"
    last-modified: Tue, 06 Jun 2023 18:15:35 GMT
    vary: Accept-Encoding
    cache-control: max-age=43200
    cf-cache-status: HIT
    age: 1
    content-range: bytes 196608-278527/292992
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=grGnRRs49dp87sPV%2B%2Fmd0%2FtwaoS%2BblHtRRycogSMYH4%2B6EJ34Dtx6lphYZzHOYHg1QncL9qr7LCUYmLHd1laT2BcbDpBYFLUFZgOwmuP2UgIh4mTfsnOeZv4Qt73Ug%3D%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 7d32bf21ae7206d6-AMS
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    230.161.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    230.161.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    69.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    69.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.232.18.117.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.232.18.117.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    161.19.199.152.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    161.19.199.152.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    64.13.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    64.13.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    GET
    https://code.jquery.com/jquery-3.6.0.min.js
    IEXPLORE.EXE
    Remote address:
    69.16.175.42:443
    Request
    GET /jquery-3.6.0.min.js HTTP/2.0
    host: code.jquery.com
    accept: application/javascript, */*;q=0.8
    referer: https://i.e-z.host/jumgb43w.mp4
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    if-modified-since: Fri, 18 Oct 1991 12:00:00 GMT
    if-none-match: W/"28feccc0-15d9d"
    Response
    HTTP/2.0 304
    date: Tue, 06 Jun 2023 18:35:17 GMT
    accept-ranges: bytes
    etag: W/"28feccc0-15d9d"
    cache-control: max-age=315360000
    cache-control: public
    access-control-allow-origin: *
    vary: Accept-Encoding
    x-hw: 1686076517.dop004.am5.t,1686076517.cds324.am5.hn,1686076517.cds004.am5.c
  • flag-us
    GET
    https://r2.e-z.host/261e66e8-f7e0-4556-9e66-da7c4f073a2c/jumgb43w.mp4
    IEXPLORE.EXE
    Remote address:
    172.67.161.230:443
    Request
    GET /261e66e8-f7e0-4556-9e66-da7c4f073a2c/jumgb43w.mp4 HTTP/2.0
    host: r2.e-z.host
    if-modified-since: Tue, 06 Jun 2023 18:15:35 GMT
    if-none-match: "3707e97187b86c88e9b2f99f483a04e7"
    accept: */*
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    referer: https://i.e-z.host/jumgb43w.mp4
    getcontentfeatures.dlna.org: 1
    accept-language: en-US
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 304
    date: Tue, 06 Jun 2023 18:35:18 GMT
    etag: "3707e97187b86c88e9b2f99f483a04e7"
    last-modified: Tue, 06 Jun 2023 18:15:35 GMT
    vary: Accept-Encoding
    cache-control: max-age=43200
    cf-cache-status: MISS
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bk0ZFhGG5weSZYaupQudlR%2Frz5bBplNT9XFGt%2F%2FaXoHlcDn1pcmv4k7BsWYxQUucwoLT3zpBTLurOjVodLpb5yHufhNMdTlZV0rS2NUPVhc4zh0Pt9TW2czS3g6M7g%3D%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 7d32c11debf9b98e-AMS
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • 209.197.3.8:80
    260 B
     5
  • 104.21.10.11:443
    https://i.e-z.host/favicon.ico
    tls, http2
    IEXPLORE.EXE
    2.7kB
     19.8kB
     37
    36

    HTTP Request

    GET https://i.e-z.host/jumgb43w.mp4

    HTTP Response

    200

    HTTP Request

    GET https://i.e-z.host/static/styles/main.css

    HTTP Response

    200

    HTTP Request

    GET https://i.e-z.host/favicon.ico

    HTTP Response

    200

    HTTP Request

    GET https://i.e-z.host/static/styles/main.css

    HTTP Request

    GET https://i.e-z.host/jumgb43w.mp4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://i.e-z.host/jumgb43w.mp4

    HTTP Response

    304

    HTTP Request

    GET https://i.e-z.host/static/styles/main.css

    HTTP Response

    304

    HTTP Request

    GET https://i.e-z.host/favicon.ico

    HTTP Response

    200
  • 104.21.10.11:443
    i.e-z.host
    tls, http2
    IEXPLORE.EXE
    1.0kB
     3.6kB
     14
    10
  • 209.197.3.8:80
    260 B
     5
  • 69.16.175.42:443
    https://code.jquery.com/jquery-3.6.0.min.js
    tls, http2
    IEXPLORE.EXE
    2.7kB
     44.9kB
     46
    47

    HTTP Request

    GET https://code.jquery.com/jquery-3.6.0.min.js

    HTTP Response

    200
  • 69.16.175.42:443
    code.jquery.com
    tls, http2
    IEXPLORE.EXE
    1.4kB
     12.5kB
     21
    22
  • 172.67.161.230:443
    r2.e-z.host
    tls, http2
    IEXPLORE.EXE
    1.0kB
     3.6kB
     14
    10
  • 172.67.161.230:443
    https://r2.e-z.host/261e66e8-f7e0-4556-9e66-da7c4f073a2c/jumgb43w.mp4
    tls, http2
    IEXPLORE.EXE
    12.5kB
     409.0kB
     256
    304

    HTTP Request

    GET https://r2.e-z.host/261e66e8-f7e0-4556-9e66-da7c4f073a2c/jumgb43w.mp4

    HTTP Response

    206

    HTTP Request

    GET https://r2.e-z.host/261e66e8-f7e0-4556-9e66-da7c4f073a2c/jumgb43w.mp4

    HTTP Response

    206

    HTTP Request

    GET https://r2.e-z.host/261e66e8-f7e0-4556-9e66-da7c4f073a2c/jumgb43w.mp4

    HTTP Response

    206
  • 93.184.220.29:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 52.242.101.226:443
    260 B
     5
  • 13.89.179.9:443
    322 B
     7
  • 52.242.101.226:443
    260 B
     5
  • 209.197.3.8:80
    322 B
     7
  • 173.223.113.164:443
    322 B
     7
  • 173.223.113.131:80
    322 B
     7
  • 204.79.197.203:80
    api.msn.com
    322 B
     7
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls, http2
    iexplore.exe
    886 B
     8.1kB
     9
    15
  • 52.242.101.226:443
    260 B
     5
  • 69.16.175.42:443
    https://code.jquery.com/jquery-3.6.0.min.js
    tls, http2
    IEXPLORE.EXE
    1.7kB
     12.7kB
     23
    24

    HTTP Request

    GET https://code.jquery.com/jquery-3.6.0.min.js

    HTTP Response

    304
  • 172.67.161.230:443
    https://r2.e-z.host/261e66e8-f7e0-4556-9e66-da7c4f073a2c/jumgb43w.mp4
    tls, http2
    IEXPLORE.EXE
    1.3kB
     1.0kB
     11
    7

    HTTP Request

    GET https://r2.e-z.host/261e66e8-f7e0-4556-9e66-da7c4f073a2c/jumgb43w.mp4

    HTTP Response

    304
  • 172.67.161.230:443
    r2.e-z.host
    tls, http2
    IEXPLORE.EXE
    960 B
     483 B
     9
    6
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    260 B
     5
  • 52.242.101.226:443
    104 B
     2
  • 8.8.8.8:53
    i.e-z.host
    dns
    IEXPLORE.EXE
    56 B
     88 B
     1
    1

    DNS Request

    i.e-z.host

    DNS Response

    104.21.10.11
    172.67.161.230

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    code.jquery.com
    dns
    IEXPLORE.EXE
    61 B
     93 B
     1
    1

    DNS Request

    code.jquery.com

    DNS Response

    69.16.175.42
    69.16.175.10

  • 8.8.8.8:53
    11.10.21.104.in-addr.arpa
    dns
    355 B
     5

    DNS Request

    11.10.21.104.in-addr.arpa

    DNS Request

    11.10.21.104.in-addr.arpa

    DNS Request

    11.10.21.104.in-addr.arpa

    DNS Request

    11.10.21.104.in-addr.arpa

    DNS Request

    11.10.21.104.in-addr.arpa

  • 8.8.8.8:53
    42.175.16.69.in-addr.arpa
    dns
    71 B
     112 B
     1
    1

    DNS Request

    42.175.16.69.in-addr.arpa

  • 8.8.8.8:53
    101.14.18.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    101.14.18.104.in-addr.arpa

  • 8.8.8.8:53
    101.15.18.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    101.15.18.104.in-addr.arpa

  • 8.8.8.8:53
    r2.e-z.host
    dns
    IEXPLORE.EXE
    57 B
     89 B
     1
    1

    DNS Request

    r2.e-z.host

    DNS Response

    172.67.161.230
    104.21.10.11

  • 8.8.8.8:53
    230.161.67.172.in-addr.arpa
    dns
    73 B
     135 B
     1
    1

    DNS Request

    230.161.67.172.in-addr.arpa

  • 8.8.8.8:53
    69.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    69.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    240.232.18.117.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.232.18.117.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    161.19.199.152.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    161.19.199.152.in-addr.arpa

  • 8.8.8.8:53
    64.13.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    64.13.109.52.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    0a18c4e5d48519f11d47e21d48beb4c1

    SHA1

    ef72edf3da93c8438e33829542296d86b9608d48

    SHA256

    572990d6df4be97a68222158083b64bc4391b26347069435b00407b3fd1d0e0e

    SHA512

    d6b78a5a080d0339a58a490122c80165dd3cce9ef1aad17e6363814859116c91a05142a5b8a7de4cbae658c9cc754dbbc1c99f96f139a17303db3f749ab6b7d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    ecb87f518a91e18589949be5d89b7d06

    SHA1

    44c88ce12b8dbcf4f10aeb2332957842ae56016c

    SHA256

    b32812a554c68d52158f963ca1fc5d654c3383595d5eba25d1c313b841b974b9

    SHA512

    af8a12237e6d3f19d67dc0fa3796f2031b5fd7c73ae908bfe6185dddf555d1eebb3b91d06f94bc2c720c9cf27df6d5487c544b8dffc0a7cf2877ff0e094fed32

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\F12\network\settings.json
    Filesize

    3B

    MD5

    ecaa88f7fa0bf610a5a26cf545dcd3aa

    SHA1

    57218c316b6921e2cd61027a2387edc31a2d9471

    SHA256

    f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

    SHA512

    37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\controls[2]
    Filesize

    22KB

    MD5

    cf6ae18a4a5a48e497570557391d7920

    SHA1

    ad9ce2ad74fd0bcd5fa998cff895168ada13a1cc

    SHA256

    993700d10307ac3485ea71e01c49dd2abae6360a5f1406e03e91c7a6532fc591

    SHA512

    43e9e37f8de63d2131e3159471a8a7765a08a4efbbd1505a1fb1dce4a85ca2e7e1391a241b2e01509f69b5ffb183ab488d20341a5baace00cfd8d753d3955e8f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\plugin[1]
    Filesize

    411B

    MD5

    6f65b6608be4e65166d660fdc450fa60

    SHA1

    91862bd34ab08e3511b7b7f1e71baefd57c33016

    SHA256

    7c56cbab79bd396e31a1f2a0891e23aa7d49e7a87c3bfd6d7ca445a095d73b9d

    SHA512

    38fcbb1e3f5ac1fc959d7509b6b1930d6ee5e3284815ca13c2976501ca8f00fa0b5661d9ebb76e5800ca126b3d0564626015e45e7beb401ba42c99f4d6230e2e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\CommonMerged[1]
    Filesize

    572KB

    MD5

    9ef197a076681c3d4c5e7a1e07cf15f5

    SHA1

    350d4ad02899f3838e4ce3bca3a13deb496c5509

    SHA256

    a24521823149886e4ebb47b4c8bdb7859985683ec302aaf941872b8d2852bebb

    SHA512

    6ca063a22f226421c8c901e659a38180f5198a12af7a8d380d74de1e2fcfb5bfb892cda88770729a2367f2b23e5a1bfc34cede0fade20c4dc13e0391fbd41cc3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\jquery-3.6.0.min[1].js
    Filesize

    87KB

    MD5

    8fb8fee4fcc3cc86ff6c724154c49c42

    SHA1

    b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

    SHA256

    ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

    SHA512

    f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\jquery-3.6.0.min[1].js
    Filesize

    87KB

    MD5

    8fb8fee4fcc3cc86ff6c724154c49c42

    SHA1

    b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

    SHA256

    ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

    SHA512

    f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\jumgb43w[1].htm
    Filesize

    3KB

    MD5

    7ad9d28efea9d74c0460faa4e77e4157

    SHA1

    f57baaa5883333d7c265e65ffc46f2448b1d9e3b

    SHA256

    d9b8a111647870be4e845b2094a543ed9e57e9791448fe55ecd2e8b11aa8bb4c

    SHA512

    0f58cc49ad403196f9b6b37dea2780f5786f75cf5ea6d61875a8f36077a6c5574c023e673e68a3b749f6a00e6c758f9f668e8ed5b5707ab887fe849490f6d547

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\main[1].css
    Filesize

    17KB

    MD5

    ff2224a58be45a4f4ba31ed83bd02b3f

    SHA1

    88aad7328c06d4d12fa4725e63a8404aad1ae3a7

    SHA256

    8b47aa3911e2f7e8d4750af5d42469c3a494f422da7901e52d123ba9f891eaad

    SHA512

    b2f3d2de3b328b619b5132675faa102128d085cdabb314328532d6a6f6571e1acfc65f4dba6b7a95b27334c14532a7c967d091a0c11a6c6e59377f0d0878edd0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\main[1].css
    Filesize

    17KB

    MD5

    ff2224a58be45a4f4ba31ed83bd02b3f

    SHA1

    88aad7328c06d4d12fa4725e63a8404aad1ae3a7

    SHA256

    8b47aa3911e2f7e8d4750af5d42469c3a494f422da7901e52d123ba9f891eaad

    SHA512

    b2f3d2de3b328b619b5132675faa102128d085cdabb314328532d6a6f6571e1acfc65f4dba6b7a95b27334c14532a7c967d091a0c11a6c6e59377f0d0878edd0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\plugin.f12[1]
    Filesize

    160KB

    MD5

    fdf4a73ffdab93e3a0422b9d2e252ca9

    SHA1

    c969911ecf2414e17fc16c1a15512bab79842d23

    SHA256

    26c3f906421451fb7a86d275288c9ea0bd6810959812edb6564e0c23f76702e0

    SHA512

    569c53094876dd65556a824416bfd0016764205ebf6e61c87529445d4c619860a086895a92f735089da501b96e5fb3361279f9731f5d46c56695133bf8318b6a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\isDebugBuild[1]
    Filesize

    87B

    MD5

    70f25a5edce5e20d870ff1c98a5ec5f5

    SHA1

    5fe33de0c8cb6d65f794c4dff0bfd5bdb15a7073

    SHA256

    ae2cfc14f884e61f693b00ad0945f372face67b1fc49c6479502cefba3b82e9e

    SHA512

    e4db4b122bc436edaa2dc810dbe1b0d61a5115e01a05b8e4f0874e639781b517b70ba5a80e1df7176aa612917c05ea10c06fc8114a8caeb00b38b7b01f8dc34e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.