Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

sample.html

windows7-x64

1

sample.html

windows10-2004-x64

6

Analysis

  • max time kernel
    121s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/11/2023, 18:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample.html

  • Size

    131KB

  • MD5

    57e429f966832244cf9508e96535867a

  • SHA1

    e973da3e248123e6549ad6a80e823206c8d6b855

  • SHA256

    735cbe02cee5f13171e6ea7558ac32e75ee2c8aa1e79fddf1c724834def0fed8

  • SHA512

    f961a511c5817462e200cfc94f48352ad1f61db388d6a07808daf44333a7c3c167f7cdab4925f3afb9e5ffb08bb61f9174625d53c209839ffc5718638ecb41c3

  • SSDEEP

    3072:jIcKkkAu0NVYa/MvP5fwtMEDilLgE1Pc2Oco:jIND5SJ

Score
6/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4300
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4300 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1276
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 3148
        3⤵
        • Program crash
        PID:2316
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4300 CREDAT:17414 /prefetch:2
      2⤵
        PID:4908
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4300 CREDAT:214018 /prefetch:2
        2⤵
          PID:3052
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1276 -ip 1276
        1⤵
          PID:3936

        Network

        • flag-us
          DNS
          8.8.8.8.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          8.8.8.8.in-addr.arpa
          IN PTR
          Response
          8.8.8.8.in-addr.arpa
          IN PTR
          dnsgoogle
        • flag-us
          DNS
          22.160.190.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          22.160.190.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          193.78.101.95.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          193.78.101.95.in-addr.arpa
          IN PTR
          Response
          193.78.101.95.in-addr.arpa
          IN PTR
          a95-101-78-193deploystaticakamaitechnologiescom
        • flag-us
          DNS
          241.154.82.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          241.154.82.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          155.245.36.23.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          155.245.36.23.in-addr.arpa
          IN PTR
          Response
          155.245.36.23.in-addr.arpa
          IN PTR
          a23-36-245-155deploystaticakamaitechnologiescom
        • flag-us
          DNS
          158.240.127.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          158.240.127.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          57.169.31.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          57.169.31.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          g.bing.com
          Remote address:
          8.8.8.8:53
          Request
          g.bing.com
          IN A
          Response
          g.bing.com
          IN CNAME
          g-bing-com.a-0001.a-msedge.net
          g-bing-com.a-0001.a-msedge.net
          IN CNAME
          dual-a-0001.a-msedge.net
          dual-a-0001.a-msedge.net
          IN A
          204.79.197.200
          dual-a-0001.a-msedge.net
          IN A
          13.107.21.200
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f925727bb3fa4df3a03e6df67b05f719&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=
          Remote address:
          204.79.197.200:443
          Request
          GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f925727bb3fa4df3a03e6df67b05f719&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          set-cookie: MUID=32A338C6769F69F317272B0D77D768E6; domain=.bing.com; expires=Tue, 10-Dec-2024 18:40:00 GMT; path=/; SameSite=None; Secure; Priority=High;
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: E1EC8ACFB5594F699328155B32736705 Ref B: BRU30EDGE0811 Ref C: 2023-11-16T18:40:00Z
          date: Thu, 16 Nov 2023 18:40:00 GMT
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f925727bb3fa4df3a03e6df67b05f719&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=
          Remote address:
          204.79.197.200:443
          Request
          GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f925727bb3fa4df3a03e6df67b05f719&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          cookie: MUID=32A338C6769F69F317272B0D77D768E6
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 82D98917A62449E6B7B798D9FE611FC7 Ref B: BRU30EDGE0811 Ref C: 2023-11-16T18:40:00Z
          date: Thu, 16 Nov 2023 18:40:00 GMT
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f925727bb3fa4df3a03e6df67b05f719&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=
          Remote address:
          204.79.197.200:443
          Request
          GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f925727bb3fa4df3a03e6df67b05f719&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          cookie: MUID=32A338C6769F69F317272B0D77D768E6
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 33DC893B36304268BCBD222D137A4DDE Ref B: BRU30EDGE0811 Ref C: 2023-11-16T18:40:00Z
          date: Thu, 16 Nov 2023 18:40:00 GMT
        • flag-us
          DNS
          ga.getresponse.com
          IEXPLORE.EXE
          Remote address:
          8.8.8.8:53
          Request
          ga.getresponse.com
          IN A
          Response
          ga.getresponse.com
          IN A
          178.16.117.14
        • flag-pl
          GET
          https://ga.getresponse.com/script/ga.js?grid=sBDcDWkVZdH4IBg%3D%3D
          IEXPLORE.EXE
          Remote address:
          178.16.117.14:443
          Request
          GET /script/ga.js?grid=sBDcDWkVZdH4IBg%3D%3D HTTP/2.0
          host: ga.getresponse.com
          accept: application/javascript, */*;q=0.8
          accept-language: en-US
          user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
          accept-encoding: gzip, deflate
          Response
          HTTP/2.0 200
          access-control-allow-origin: *
          content-length: 446
          content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
          content-type: text/javascript; charset=utf-8
          date: Thu, 16 Nov 2023 18:40:03 GMT
          etag: W/"1be-7GvH0oaKJEjfrWUUFB6xwOjZF08"
          origin-agent-cluster: ?1
          referrer-policy: no-referrer
          strict-transport-security: max-age=15552000; includeSubDomains
          vary: Accept-Encoding
          x-content-type-options: nosniff
          x-dns-prefetch-control: off
          x-download-options: noopen
          x-frame-options: SAMEORIGIN
          x-permitted-cross-domain-policies: none
          x-response-id: edbc420a-cf6d-4700-8af4-e3cc23fff436
          x-xss-protection: 0
        • flag-us
          DNS
          200.179.250.142.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          200.179.250.142.in-addr.arpa
          IN PTR
          Response
          200.179.250.142.in-addr.arpa
          IN PTR
          ams15s42-in-f81e100net
        • flag-us
          DNS
          14.117.16.178.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          14.117.16.178.in-addr.arpa
          IN PTR
          Response
          14.117.16.178.in-addr.arpa
          IN PTR
          1411716178implixcom
        • flag-us
          DNS
          35.36.251.142.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          35.36.251.142.in-addr.arpa
          IN PTR
          Response
          35.36.251.142.in-addr.arpa
          IN PTR
          ams17s12-in-f31e100net
        • flag-us
          DNS
          24.249.124.192.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          24.249.124.192.in-addr.arpa
          IN PTR
          Response
          24.249.124.192.in-addr.arpa
          IN PTR
          cloudproxy10024sucurinet
        • flag-us
          DNS
          2.136.104.51.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          2.136.104.51.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          ga2.getresponse.com
          IEXPLORE.EXE
          Remote address:
          8.8.8.8:53
          Request
          ga2.getresponse.com
          IN A
          Response
          ga2.getresponse.com
          IN A
          178.16.117.14
        • flag-pl
          GET
          https://ga2.getresponse.com/script/ga.js?grid=sBDcDWkVZdH4IBg%3D%3D
          IEXPLORE.EXE
          Remote address:
          178.16.117.14:443
          Request
          GET /script/ga.js?grid=sBDcDWkVZdH4IBg%3D%3D HTTP/2.0
          host: ga2.getresponse.com
          accept: application/javascript, */*;q=0.8
          accept-language: en-US
          user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
          accept-encoding: gzip, deflate
          Response
          HTTP/2.0 200
          access-control-allow-origin: *
          content-length: 446
          content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
          content-type: text/javascript; charset=utf-8
          date: Thu, 16 Nov 2023 18:40:04 GMT
          etag: W/"1be-7GvH0oaKJEjfrWUUFB6xwOjZF08"
          origin-agent-cluster: ?1
          referrer-policy: no-referrer
          strict-transport-security: max-age=15552000; includeSubDomains
          vary: Accept-Encoding
          x-content-type-options: nosniff
          x-dns-prefetch-control: off
          x-download-options: noopen
          x-frame-options: SAMEORIGIN
          x-permitted-cross-domain-policies: none
          x-response-id: 08dc342a-c402-4dec-9e6c-0bf4e9ec2a55
          x-xss-protection: 0
        • flag-us
          DNS
          206.23.217.172.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          206.23.217.172.in-addr.arpa
          IN PTR
          Response
          206.23.217.172.in-addr.arpa
          IN PTR
          prg03s05-in-f2061e100net
          206.23.217.172.in-addr.arpa
          IN PTR
          prg03s05-in-f14�J
          206.23.217.172.in-addr.arpa
          IN PTR
          ams16s37-in-f14�J
        • flag-us
          DNS
          183.59.114.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          183.59.114.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          161.19.199.152.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          161.19.199.152.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          171.39.242.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          171.39.242.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          218.240.110.104.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          218.240.110.104.in-addr.arpa
          IN PTR
          Response
          218.240.110.104.in-addr.arpa
          IN PTR
          a104-110-240-218deploystaticakamaitechnologiescom
        • flag-us
          DNS
          135.1.85.104.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          135.1.85.104.in-addr.arpa
          IN PTR
          Response
          135.1.85.104.in-addr.arpa
          IN PTR
          a104-85-1-135deploystaticakamaitechnologiescom
        • flag-us
          DNS
          119.110.54.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          119.110.54.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          126.21.238.8.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          126.21.238.8.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          203.78.101.95.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          203.78.101.95.in-addr.arpa
          IN PTR
          Response
          203.78.101.95.in-addr.arpa
          IN PTR
          a95-101-78-203deploystaticakamaitechnologiescom
        • flag-us
          DNS
          43.229.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          43.229.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          tse1.mm.bing.net
          Remote address:
          8.8.8.8:53
          Request
          tse1.mm.bing.net
          IN A
          Response
          tse1.mm.bing.net
          IN CNAME
          mm-mm.bing.net.trafficmanager.net
          mm-mm.bing.net.trafficmanager.net
          IN CNAME
          dual-a-0001.a-msedge.net
          dual-a-0001.a-msedge.net
          IN A
          204.79.197.200
          dual-a-0001.a-msedge.net
          IN A
          13.107.21.200
        • flag-us
          DNS
          126.211.247.8.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          126.211.247.8.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          85.65.42.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          85.65.42.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          198.187.3.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          198.187.3.20.in-addr.arpa
          IN PTR
          Response
        • 204.79.197.200:443
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f925727bb3fa4df3a03e6df67b05f719&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=
          tls, http2
          2.0kB
           9.4kB
           23
          22

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f925727bb3fa4df3a03e6df67b05f719&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=

          HTTP Response

          204

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f925727bb3fa4df3a03e6df67b05f719&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=

          HTTP Response

          204

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f925727bb3fa4df3a03e6df67b05f719&localId=w:9CB21045-4E8F-0878-FA3B-FE17D82DC106&deviceId=6825820303329093&anid=

          HTTP Response

          204
        • 178.16.117.14:443
          https://ga.getresponse.com/script/ga.js?grid=sBDcDWkVZdH4IBg%3D%3D
          tls, http2
          IEXPLORE.EXE
          1.4kB
           7.5kB
           19
          14

          HTTP Request

          GET https://ga.getresponse.com/script/ga.js?grid=sBDcDWkVZdH4IBg%3D%3D

          HTTP Response

          200
        • 178.16.117.14:443
          ga.getresponse.com
          tls, http2
          IEXPLORE.EXE
          1.2kB
           6.3kB
           17
          13
        • 178.16.117.14:443
          https://ga2.getresponse.com/script/ga.js?grid=sBDcDWkVZdH4IBg%3D%3D
          tls, http2
          IEXPLORE.EXE
          1.4kB
           7.5kB
           19
          13

          HTTP Request

          GET https://ga2.getresponse.com/script/ga.js?grid=sBDcDWkVZdH4IBg%3D%3D

          HTTP Response

          200
        • 178.16.117.14:443
          ga2.getresponse.com
          tls, http2
          IEXPLORE.EXE
          1.2kB
           6.4kB
           18
          14
        • 204.79.197.200:443
          ieonline.microsoft.com
          tls, http2
          iexplore.exe
          1.2kB
           8.3kB
           15
          14
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls
          126.1kB
           3.7MB
           2702
          2700
        • 204.79.197.200:443
          tse1.mm.bing.net
          tls
          1.2kB
           8.3kB
           15
          14
        • 8.8.8.8:53
          8.8.8.8.in-addr.arpa
          dns
          66 B
           90 B
           1
          1

          DNS Request

          8.8.8.8.in-addr.arpa

        • 8.8.8.8:53
          22.160.190.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          22.160.190.20.in-addr.arpa

        • 8.8.8.8:53
          193.78.101.95.in-addr.arpa
          dns
          72 B
           137 B
           1
          1

          DNS Request

          193.78.101.95.in-addr.arpa

        • 8.8.8.8:53
          241.154.82.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          241.154.82.20.in-addr.arpa

        • 8.8.8.8:53
          155.245.36.23.in-addr.arpa
          dns
          72 B
           137 B
           1
          1

          DNS Request

          155.245.36.23.in-addr.arpa

        • 8.8.8.8:53
          158.240.127.40.in-addr.arpa
          dns
          73 B
           147 B
           1
          1

          DNS Request

          158.240.127.40.in-addr.arpa

        • 8.8.8.8:53
          57.169.31.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          57.169.31.20.in-addr.arpa

        • 8.8.8.8:53
          g.bing.com
          dns
          56 B
           158 B
           1
          1

          DNS Request

          g.bing.com

          DNS Response

          204.79.197.200
          13.107.21.200

        • 8.8.8.8:53
          ga.getresponse.com
          dns
          IEXPLORE.EXE
          64 B
           80 B
           1
          1

          DNS Request

          ga.getresponse.com

          DNS Response

          178.16.117.14

        • 8.8.8.8:53
          200.179.250.142.in-addr.arpa
          dns
          74 B
           112 B
           1
          1

          DNS Request

          200.179.250.142.in-addr.arpa

        • 8.8.8.8:53
          14.117.16.178.in-addr.arpa
          dns
          72 B
           110 B
           1
          1

          DNS Request

          14.117.16.178.in-addr.arpa

        • 8.8.8.8:53
          35.36.251.142.in-addr.arpa
          dns
          72 B
           110 B
           1
          1

          DNS Request

          35.36.251.142.in-addr.arpa

        • 8.8.8.8:53
          24.249.124.192.in-addr.arpa
          dns
          73 B
           113 B
           1
          1

          DNS Request

          24.249.124.192.in-addr.arpa

        • 8.8.8.8:53
          2.136.104.51.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          2.136.104.51.in-addr.arpa

        • 8.8.8.8:53
          ga2.getresponse.com
          dns
          IEXPLORE.EXE
          65 B
           81 B
           1
          1

          DNS Request

          ga2.getresponse.com

          DNS Response

          178.16.117.14

        • 8.8.8.8:53
          206.23.217.172.in-addr.arpa
          dns
          73 B
           173 B
           1
          1

          DNS Request

          206.23.217.172.in-addr.arpa

        • 8.8.8.8:53
          183.59.114.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          183.59.114.20.in-addr.arpa

        • 8.8.8.8:53
          161.19.199.152.in-addr.arpa
          dns
          73 B
           144 B
           1
          1

          DNS Request

          161.19.199.152.in-addr.arpa

        • 8.8.8.8:53
          171.39.242.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          171.39.242.20.in-addr.arpa

        • 8.8.8.8:53
          218.240.110.104.in-addr.arpa
          dns
          74 B
           141 B
           1
          1

          DNS Request

          218.240.110.104.in-addr.arpa

        • 8.8.8.8:53
          135.1.85.104.in-addr.arpa
          dns
          71 B
           135 B
           1
          1

          DNS Request

          135.1.85.104.in-addr.arpa

        • 8.8.8.8:53
          119.110.54.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          119.110.54.20.in-addr.arpa

        • 8.8.8.8:53
          126.21.238.8.in-addr.arpa
          dns
          71 B
           125 B
           1
          1

          DNS Request

          126.21.238.8.in-addr.arpa

        • 8.8.8.8:53
          203.78.101.95.in-addr.arpa
          dns
          72 B
           137 B
           1
          1

          DNS Request

          203.78.101.95.in-addr.arpa

        • 8.8.8.8:53
          43.229.111.52.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          43.229.111.52.in-addr.arpa

        • 8.8.8.8:53
          tse1.mm.bing.net
          dns
          62 B
           173 B
           1
          1

          DNS Request

          tse1.mm.bing.net

          DNS Response

          204.79.197.200
          13.107.21.200

        • 8.8.8.8:53
          126.211.247.8.in-addr.arpa
          dns
          72 B
           126 B
           1
          1

          DNS Request

          126.211.247.8.in-addr.arpa

        • 8.8.8.8:53
          85.65.42.20.in-addr.arpa
          dns
          70 B
           156 B
           1
          1

          DNS Request

          85.65.42.20.in-addr.arpa

        • 8.8.8.8:53
          198.187.3.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          198.187.3.20.in-addr.arpa

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5FZHGTXM\js[1].js
          Filesize

          216KB

          MD5

          eb0890815d6b7806c20ed4e1eb57349c

          SHA1

          1a2dbe4a8a56541be5dd383e1ca54eb73a0d92f6

          SHA256

          edc837ff248b032eb1091bf6596787d77c5e1dbec21356f09ed0ef2e956bb19e

          SHA512

          41ce006ffa7692adb72f18a609024102da1b48ecdef0b371f5fb67a5f8ed4ba53c1dc206bf66d924f17dbf4eb4b0010b96ca3161bfd6fa7a4e1eba69e09ed6db

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5FZHGTXM\js[2].js
          Filesize

          185KB

          MD5

          555b41d462368821c7d0b703c6e835a9

          SHA1

          fcbfb1271dad40f6a2fc7ef40c7d75afa3161e09

          SHA256

          7220ec17f8384a539af86a7c60c59a30474c5de21826b77d6a3e1d13b9094f94

          SHA512

          9aec33d8132ced31bf7c9f32a2480572f95d7f417633c52ce8c02db725c0b6d944831d7544812565f2794724837402b67a800f21070cab93f4b96128fd79975b

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E51EX1F6\ga[1].js
          Filesize

          446B

          MD5

          26da5226166e2b35109627fb63cde21d

          SHA1

          ec6bc7d2868a2448dfad6514141eb1c0e8d9174f

          SHA256

          118bdfd4efb0bfc2c5c33935249bbe60dda510585ac00deda6100a80c491b9db

          SHA512

          a165e52525ea226b59e233660aca86a97f0ef05da13341ab0d90895e32f96305c51d8ddc6c469f4d1f15f897d7a50b98752dff4c231b0adadcc9cf26ac4134cf

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E51EX1F6\js[1].js
          Filesize

          186KB

          MD5

          79f8b3d25865ee15be79dcb95fe59cc5

          SHA1

          06e3d6734b00032e145211cde4e51617cdb181d6

          SHA256

          3afe2f102375bdc52f2f9f1f919f6daebaa51a1ef959ce33d3b85e4adb88e6d9

          SHA512

          4fbb9ee2f1237136a5caa8aad6a4d4421d759cf9005d00949b9dd5400e874d1242e6460e958d5db0aaf647492cefc14bcbacfc88a514c1c9736c0b09c61ac2b2

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E51EX1F6\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FG4P7PGK\analytics[1].js
          Filesize

          51KB

          MD5

          575b5480531da4d14e7453e2016fe0bc

          SHA1

          e5c5f3134fe29e60b591c87ea85951f0aea36ee1

          SHA256

          de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

          SHA512

          174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FG4P7PGK\ga[1].js
          Filesize

          446B

          MD5

          26da5226166e2b35109627fb63cde21d

          SHA1

          ec6bc7d2868a2448dfad6514141eb1c0e8d9174f

          SHA256

          118bdfd4efb0bfc2c5c33935249bbe60dda510585ac00deda6100a80c491b9db

          SHA512

          a165e52525ea226b59e233660aca86a97f0ef05da13341ab0d90895e32f96305c51d8ddc6c469f4d1f15f897d7a50b98752dff4c231b0adadcc9cf26ac4134cf

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FG4P7PGK\ga[1].js
          Filesize

          446B

          MD5

          26da5226166e2b35109627fb63cde21d

          SHA1

          ec6bc7d2868a2448dfad6514141eb1c0e8d9174f

          SHA256

          118bdfd4efb0bfc2c5c33935249bbe60dda510585ac00deda6100a80c491b9db

          SHA512

          a165e52525ea226b59e233660aca86a97f0ef05da13341ab0d90895e32f96305c51d8ddc6c469f4d1f15f897d7a50b98752dff4c231b0adadcc9cf26ac4134cf

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ39371N\js[1].js
          Filesize

          223KB

          MD5

          e735179899f28e4f03e6afbdcb357a27

          SHA1

          c5549c9195509211dc679d807ef45db51a04235b

          SHA256

          a203a7bde6e2b4dd319c9f1811a4b886e31e66a7be09056c13e750cdf13c6685

          SHA512

          0bb24487e1818d5ba153c04038b1fc11efda2516afb1a48093a456acfc0b9e2361fff34b87665f3f68195a4d8eff0e1b5df37d1ef0d7c7bbd822bcfa0ea066df

          Download Submit

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.