Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24/12/2023, 21:51 UTC
Static task
static1
Behavioral task
behavioral1
Sample
13e48d1510b8df2cc9cc92e51182ed02.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
13e48d1510b8df2cc9cc92e51182ed02.html
Resource
win10v2004-20231222-en
General
-
Target
13e48d1510b8df2cc9cc92e51182ed02.html
-
Size
3.5MB
-
MD5
13e48d1510b8df2cc9cc92e51182ed02
-
SHA1
98a8a53cef94226f89e590a1ec2bd631c2d4af7f
-
SHA256
d49e7afef9c4302a005a0c29227d704faa98e6732b04ba3a9c0bd03f6726d388
-
SHA512
79074c19a70265567ca6f0fedebe27394958ebbb4467d5b9450847c5ab726fa7aabb7b70e54fc939e9e629e022bfbdc8980bd49f0781e097069dda7b31566b27
-
SSDEEP
12288:jLZhBE6ffVfitmg11tmg1P16bf7axluxOT6NAQ:jvQjte4tT62Q
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000289e8746ff9d9d69bce0656b23272b36595ddca44750927f219c9e0b9ef0933b000000000e80000000020000200000006c9e4acd3b434a2699870382cb70a0d876773463fe1eaaaffd6efedbe47fef8d20000000169071b03f0fc706177ac2ca0b7272af26b310f8830b2489281317b3dc7451c0400000004f21c48b52ece45ddceb333e6d3f7414ebb0f90957015a1f672670cc24469da8f1e55705fe699d02c6698dd22d658abac1a53aac0d77c5abaf18d52ab6ded718 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0537b45e236da01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e9178664000000000200000000001066000000010000200000001db6e7f37878321b72def8c8ff34ab039c2dac44182ea5229d214a065cbf466c000000000e8000000002000020000000fe142d81d310e794fc36050eb263aef5e030dabe47286961cb09a8ccf34ff76990000000874690a7ed1b9326c19dcf13d853539cb38356cc77475885688342c66c87e77b8fdd76a6f0d3e8b8c385acbe248aa1113be881eb01ddc6d017bdb006362e73e483ed274574ab7a00eb78f04a2788ce80ccb0fdec4f3ff88370f6117a556e076de1dc72d6c0e3248e348669b9ac9071f1277e561da8e0dd67d398407009d01a6f4ce035cf76e87664b9b4c6f12205de77400000000d9d782fe2c7e5d106f354a30820519dc4589d9d3a5e6c3fde3d0db352e96d1938769f54b7520e4a21929a501a8f70891affbd2cf6f4213c890597df11feb9eb iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6209E731-A2D5-11EE-B377-EEC5CD00071E} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409636665" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2040 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2040 iexplore.exe 2040 iexplore.exe 1732 IEXPLORE.EXE 1732 IEXPLORE.EXE 1732 IEXPLORE.EXE 1732 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2040 wrote to memory of 1732 2040 iexplore.exe 28 PID 2040 wrote to memory of 1732 2040 iexplore.exe 28 PID 2040 wrote to memory of 1732 2040 iexplore.exe 28 PID 2040 wrote to memory of 1732 2040 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13e48d1510b8df2cc9cc92e51182ed02.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1732
-
Network
-
Remote address:8.8.8.8:53Requeststatic.cloudflareinsights.comIN AResponsestatic.cloudflareinsights.comIN A104.16.57.101static.cloudflareinsights.comIN A104.16.56.101
-
Remote address:104.16.57.101:443RequestGET /beacon.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: static.cloudflareinsights.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400
ETag: W/"2023.10.0"
Last-Modified: Tue, 10 Oct 2023 21:38:13 GMT
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 83adfba4d9647324-LHR
Content-Encoding: gzip
-
Remote address:8.8.8.8:53Requestajax.googleapis.comIN AResponseajax.googleapis.comIN A216.58.204.74
-
Remote address:8.8.8.8:53Requestajax.googleapis.comIN A
-
Remote address:216.58.204.74:443RequestGET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ajax.googleapis.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 30028
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 19 Dec 2023 08:03:21 GMT
Expires: Wed, 18 Dec 2024 08:03:21 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 501793
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Requestcode.jquery.comIN AResponsecode.jquery.comIN A151.101.2.137code.jquery.comIN A151.101.66.137code.jquery.comIN A151.101.130.137code.jquery.comIN A151.101.194.137
-
Remote address:151.101.2.137:443RequestGET /jquery-3.1.1.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: code.jquery.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Length: 30070
Server: nginx
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
ETag: W/"28feccc0-152b5"
Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 25 Dec 2023 03:26:39 GMT
Age: 8674198
X-Served-By: cache-lga21947-LGA, cache-lhr7359-LHR
X-Cache: HIT, HIT
X-Cache-Hits: 125, 13230
X-Timer: S1703474800.727573,VS0,VE0
Vary: Accept-Encoding
-
Remote address:151.101.2.137:443RequestGET /jquery-3.2.1.slim.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: code.jquery.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Length: 23856
Server: nginx
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
ETag: W/"28feccc0-10fdd"
Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 25 Dec 2023 03:26:50 GMT
Age: 8571010
X-Served-By: cache-lga21963-LGA, cache-lhr7359-LHR
X-Cache: HIT, HIT
X-Cache-Hits: 7, 15718
X-Timer: S1703474811.622073,VS0,VE0
Vary: Accept-Encoding
-
Remote address:8.8.8.8:53Requestmaxcdn.bootstrapcdn.comIN AResponsemaxcdn.bootstrapcdn.comIN A104.18.11.207maxcdn.bootstrapcdn.comIN A104.18.10.207
-
Remote address:8.8.8.8:53Requestmaxcdn.bootstrapcdn.comIN A
-
Remote address:104.18.11.207:443RequestGET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: maxcdn.bootstrapcdn.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CDN-PullZone: 252412
CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
CDN-RequestCountryCode: FR
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31919000
Content-Encoding: gzip
ETag: W/"450fc463b8b1a349df717056fbb3e078"
Last-Modified: Mon, 25 Jan 2021 22:04:04 GMT
CDN-CachedAt: 11/23/2023 10:15:26
CDN-ProxyVer: 1.04
CDN-RequestPullCode: 200
CDN-RequestPullSuccess: True
CDN-EdgeStorageId: 946
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
CDN-Status: 200
CDN-RequestId: d9b7ababe2fcb946f25bd60ef88cb64d
CDN-Cache: HIT
CF-Cache-Status: HIT
Age: 2058210
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 83adfbfbccf976ba-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:104.18.11.207:443RequestGET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: maxcdn.bootstrapcdn.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CDN-PullZone: 252412
CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
CDN-RequestCountryCode: FR
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31919000
Content-Encoding: gzip
ETag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
Last-Modified: Mon, 25 Jan 2021 22:04:04 GMT
CDN-CachedAt: 10/31/2023 19:43:16
CDN-ProxyVer: 1.04
CDN-RequestPullCode: 200
CDN-RequestPullSuccess: True
CDN-EdgeStorageId: 951
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
CDN-Status: 200
CDN-RequestId: e2b3a1b5272f70a6fb3a56aa2ffd7fcd
CDN-Cache: HIT
CF-Cache-Status: HIT
Age: 2144206
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 83adfc307be076ba-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Requestkit.fontawesome.comIN AResponsekit.fontawesome.comIN CNAMEkit.fontawesome.com.cdn.cloudflare.netkit.fontawesome.com.cdn.cloudflare.netIN A104.18.40.68kit.fontawesome.com.cdn.cloudflare.netIN A172.64.147.188
-
Remote address:8.8.8.8:53Requestcrl.usertrust.comIN AResponsecrl.usertrust.comIN CNAMEcrl.comodoca.com.cdn.cloudflare.netcrl.comodoca.com.cdn.cloudflare.netIN A104.18.38.233crl.comodoca.com.cdn.cloudflare.netIN A172.64.149.23
-
Remote address:104.18.38.233:80RequestGET /USERTrustRSACertificationAuthority.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.usertrust.com
ResponseHTTP/1.1 200 OK
Content-Type: application/pkix-crl
Content-Length: 1275
Connection: keep-alive
Last-Modified: Sun, 24 Dec 2023 23:24:44 GMT
ETag: "6588bdbc-4fb"
X-CCACDN-Mirror-ID: sscrl2
Cache-Control: max-age=14400, s-maxage=3600
Expires: Sun, 31 Dec 2023 23:24:44 GMT
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 2609
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 83adfc208ea963e9-LHR
-
Remote address:8.8.8.8:53Requestcdnjs.cloudflare.comIN AResponsecdnjs.cloudflare.comIN A104.17.25.14cdnjs.cloudflare.comIN A104.17.24.14
-
Remote address:8.8.8.8:53Requestcdnjs.cloudflare.comIN A
-
Remote address:8.8.8.8:53Requestcdnjs.cloudflare.comIN A
-
Remote address:104.17.25.14:443RequestGET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdnjs.cloudflare.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 6908
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=30672000
Content-Encoding: gzip
ETag: "5eb03fa9-4af4"
Last-Modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 896204
Expires: Sat, 14 Dec 2024 03:26:53 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yNWjrRq9wAkwEqficWsCYzECQMjP99PLOAa2J0DjG2o%2FnaeNVwDromAULHMx7Oh2MhHNXauq0hKanoKvq188zjHbhAOAFCP3rCOd6m28yWL2g5Omui8fOeOVXiovYIj%2FQ4fPGWKH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=15780000
Server: cloudflare
CF-RAY: 83adfc302e4b6319-LHR
alt-svc: h3=":443"; ma=86400
-
766 B 3.4kB 10 9
-
1.2kB 11.2kB 14 17
HTTP Request
GET https://static.cloudflareinsights.com/beacon.min.jsHTTP Response
200 -
216.58.204.74:443https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.jstls, httpIEXPLORE.EXE2.1kB 41.1kB 29 36
HTTP Request
GET https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.jsHTTP Response
200 -
974 B 5.1kB 12 9
-
3.7kB 68.5kB 52 61
HTTP Request
GET https://code.jquery.com/jquery-3.1.1.min.jsHTTP Response
200HTTP Request
GET https://code.jquery.com/jquery-3.2.1.slim.min.jsHTTP Response
200 -
992 B 6.2kB 11 12
-
104.18.11.207:443https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.jstls, httpIEXPLORE.EXE4.4kB 55.0kB 57 75
HTTP Request
GET https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.cssHTTP Response
200HTTP Request
GET https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.jsHTTP Response
200 -
836 B 5.9kB 11 11
-
682 B 4.4kB 8 7
-
780 B 4.5kB 10 9
-
489 B 2.4kB 7 5
HTTP Request
GET http://crl.usertrust.com/USERTrustRSACertificationAuthority.crlHTTP Response
200 -
714 B 4.4kB 8 7
-
104.17.25.14:443https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jstls, httpIEXPLORE.EXE1.2kB 11.7kB 12 15
HTTP Request
GET https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jsHTTP Response
200 -
975 B 4.8kB 12 10
-
463 B 136 B 6 3
-
463 B 136 B 6 3
-
448 B 132 B 4 3
-
448 B 132 B 4 3
-
196 B 132 B 3 3
-
196 B 132 B 3 3
-
144 B 132 B 3 3
-
144 B 132 B 3 3
-
75 B 107 B 1 1
DNS Request
static.cloudflareinsights.com
DNS Response
104.16.57.101104.16.56.101
-
130 B 81 B 2 1
DNS Request
ajax.googleapis.com
DNS Request
ajax.googleapis.com
DNS Response
216.58.204.74
-
61 B 125 B 1 1
DNS Request
code.jquery.com
DNS Response
151.101.2.137151.101.66.137151.101.130.137151.101.194.137
-
138 B 101 B 2 1
DNS Request
maxcdn.bootstrapcdn.com
DNS Request
maxcdn.bootstrapcdn.com
DNS Response
104.18.11.207104.18.10.207
-
65 B 149 B 1 1
DNS Request
kit.fontawesome.com
DNS Response
104.18.40.68172.64.147.188
-
63 B 144 B 1 1
DNS Request
crl.usertrust.com
DNS Response
104.18.38.233172.64.149.23
-
198 B 98 B 3 1
DNS Request
cdnjs.cloudflare.com
DNS Request
cdnjs.cloudflare.com
DNS Request
cdnjs.cloudflare.com
DNS Response
104.17.25.14104.17.24.14
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52bc1015bb383953b632db33fa8759586
SHA1ce36446a77913e297cf9e2010949f01c74c86e46
SHA256f1389564b2b2a7c7c118f159337c4a8808d8866525952bb6c85f450476b44e52
SHA5129c9a92ba36ab4c897ee4ad542f179c790af847255708e0c80761883ee4f85662530b0a9dc46db3b09c0b51c9cc92696423aca7b8416c9d4a7568ceec7c26aa64
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55a432d5e1705b566e897aa23c68a890a
SHA1fb89304a780b0d902bd4332532a286668adfba8c
SHA2562b0c55df6fb573018d4172b9456153cd2746935890508921dd5430ebd73af57e
SHA5125886024a078d9dfffb5b0e884e2e8347aa63abc8502afbe5c7318e671710380eeb2bf7f9f36343a3ab16dab709c8ef5c1c41ca5de26539c97df9f1a478f3cd22
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD545095590d478c6326d41db77a6d8f2a3
SHA110828fec9e2f1e4ac34bfe7e0d59726a5cd8f88a
SHA2567c448ba5b81ba2c7902e4699a25d445d64af2b8b458d46f928b3c289e48fb6c0
SHA51258829a95340018247bd6cacb6ee8555fe1666a285f04c963c8d2ea6e25414e44652569dd4e6116ddef3478dc02cb7c9ca896271535b8350533940c7eda712d3e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58a7ebe0e193acb72f9076d1b09f3de74
SHA137be4131f9d8dce4b37effc5435922202208c7c2
SHA2564be2826bca3845939185aa8b63f234ae3181be672e8004aeb35f5666412b1e78
SHA5125f7cc9fc7ba56023ba3db9ce0d371098f7b1c29c1aa0a4cc035a6b3e6221b246ca62e4616796259dbffa49b71611364490a1a80f9b572980656e73457acf26a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b0c47b7e9b48e5247f94a2ed4dd41814
SHA18266b74da34fbb03254a0bc3fa715a777596d67f
SHA256d3392d4ec52acf4ba41f8f6d43ccb8a7c9b5730a6e6a4914da7ea46a111aaf19
SHA512da1a5f87d150a77ac87b0974e895fb2ae6fafdb1d9d3a91346e89a420a42f4467d30cc887c291b15ddc4f43b8c90a7819ed2b069f871a55960a8bb7f0b94e766
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59aa546a1bfe6bc4bc489b091d02e5ad6
SHA190a2cdfd7e781ae2af0fe0ed9fa0ab6397f04f25
SHA256d670f4d11a67ef4995a0641198a9bef7bae3fcc912e885da1da9894fe381f2b5
SHA512850ac201f906be5f4fbb2eb527735ba6b4b85f7d4ad6d0f0476068e28ecab939fab9aeca9d40fb4175c709dc0f9229502dfa6cbe5eea3fab77e79f5e52296561
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52dced1dda8689baad1d84bdfea1e4249
SHA15d03f132d4db3643eda80943b91356080cafb1ab
SHA2560a737ce8c565c1b398bcb6ecd335c2f8705bd24d626c220c6d8bac4d7c612b03
SHA5121085bcf3ae7b5d8d03d3993a67c56344ebb013d0fcc36776610c65f4c316c98477a24dc38a502f9d314deae55a9c6d53eee61f09db8acc88dc031ec74da2a007
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5478c1416da45196d6cd6b603f4f8a7cd
SHA17798244a246ad94a1c704cc4712b62a4abaf5572
SHA256501917b4b30728bef13016b5e9b44f972d8c4b00c89548bcf460c3aaf2a4a6ec
SHA512f13ac615f173278213519270367353a988cbdc31b629ab72384d2c681519d963c9fb1c3203c8f64c1d16edb7f913705a2054dfcef017fecaba8a83d19a5bfa98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e92298de5d593d3c961c9a63fd9b68b0
SHA14f4fd0faa6081a7085868e1c1f8c4dec58621f72
SHA2567ba18a899dd30f1c30ce28abb2ab0c7c4bf4a529839f8daa4bdbfc3d80b621e1
SHA51285f7980f2ad066ee0c8cd2166d5ac5d7aeb14e9d4a94f5954c04d49e732d548b73298935375d52ab189449eb379e6f9d4b67183e3d238b9799e722160c77c0b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57b96c824252f25fa74e987b7344bf222
SHA1473fc546867d0bdf0eb0d19ac29df1ce777775c3
SHA25696c8aeaaa2aaca5f2e367e09b545218099b4ea9a618e6db55e171ed04d973e86
SHA5128a2ccea91f3821338017f26c38b816033680c427bdf95b7b27a36bf704fe2f0b4357de78d759a5553b661535793e49ea0206f63154db84166520563156e8c1c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5048787cb5be06f2a3669892408ca7b09
SHA1b167071decaccf2135c444e97c78bca5dafa82d3
SHA256435dc39199d97f91e4ca880f666776c2462ed5890bfcbf01721995aef90edc71
SHA5121968a480248dba24bc70c4f1d69bf18b210b4adbb4a9c1321c6e0248fd221546565f70f25e5902c57afe634510c18c580256649a1695af86049b3400eb64e234
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53bc2170af5922e691e620452d8419928
SHA14eaea79412f179ef853ff49049013e01568c7a64
SHA256e0d52539cdf5ee3ace5442fe0c5a093459f7b4ceb65cc15b9ec19b21668e40e4
SHA512cf2652e0a2a1c85f0e2fa77e482aca8ad9e3db9e7ffb8ed1a30fa6b5eca2e01e8c2e12c4e7193e958ffc1068659cf936d9e5fdc32c5049906bec6a3d78ad2419
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b6b2a80dfe9f7674772aec12b87df7a3
SHA1b1555e62ec25ca561f9e0eabb307acc6571cb70e
SHA256519472b1c69ee17215d1870090f583c0a695c0677b6f76fe9ea27dbf4156100a
SHA512b8d242dfe1b8c4e8120d4215de988dd7044f91133aa4da47766967c3653529a9f085d3fb72c07aa3cc78664fedfa22fc5742e9be7dd3f967c38a25c1ebf33aac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD528c3e5f55558249e333dfe542e94a73c
SHA167574dfa1da9289b84f752f461c02a63fd24c9b6
SHA2562d28925bcb9801dc253f0006e3859386be8497becd5529e749054994cc56f668
SHA512e6eeb14b0a5fd1d8ffbb4d9a2bf3e0432f22f447d1cb1351e3360a1adf02bbe0e265e84dc369a5202726b086d45c7a99665292301dc009abaa0343a487971f96
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52427369fa85ce1506eb39c0c22c370cb
SHA190ccc81cbf83498c39e8e71a17b7f87c9cba2c7d
SHA256dc02d07122e505607ae81cda3dfedf0695bc88edc400159b32f433e9f12f4b03
SHA512eb59df744c967d251ecc22e82ca8ff8fc7306e8723cf884786635da657f82b44974ac288e1f708e3b491d797488519576e82a6a9967512344958b1ce1aec4fb0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a943c213c770cfd1d355cf78422133cb
SHA1ed6737d6d7acb3d8b793fb229cb352dab715de1e
SHA2568e20f213f8525b18172819b9bd267c05faaadf0d28ba084c5a9b58534225362b
SHA5125c114443493b0efc5efb6de5b51116f06c380f33a9e6e2402a4aa4115b3e7e7b0f92d67caf8ec1a97fb0ce48429868f0d3a5effff8d1b63fdeb1bfceab28e8b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD531c3b156578e307d7a332a7105efa102
SHA1a22f7fb2d19fffaaed646e2b4d9aff6ac7d1aa45
SHA25653d29474f2457733ec4af67af45aceeb7f5dcac4a80a64a3e0560f424036493b
SHA512d3782f9fc6649ea8a898c6c305564da331bdf1ec4f8153c4ccb7d8082ee8c14ed1d20e227232742504b114deb2f9874dfdf62bce8019295e858296bcb8089773
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD520d94b9dd2de4973995a7817f5acf8e9
SHA1ce30199da702cd24196ca42d0194d1df622103ae
SHA256fe8b7b757987854a0575d871c9a8f6144656d9f1634ecb6104916de5788272c1
SHA512d5050bc7a5d223fa631f1ed06473a139b319e1b94bd374aef9e102ebc2a2dbc8be3e4af1fa0959d25b3002b0d7160f68a429166b4fb37b95debbcbd1963991e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b22acc1cf7b0c93eba7068b5cc39cfb2
SHA10cba702b63df7623122376e0acbe1858b2a91ed7
SHA2568624ee89f15b457ecb7c0328346ca2697e4159393eb62a467d0678225def8443
SHA51275858f8874ff9e77cb6068f7fa5d3802e665a8d387464b510fa055d5f15809cc2945940cd2a079411b89a450f0e5bf035cc62eb21d715d1faca41d44e42e2c15
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1CCB52I\jquery-3.1.1.min[1].js
Filesize84KB
MD5e071abda8fe61194711cfc2ab99fe104
SHA1f647a6d37dc4ca055ced3cf64bbc1f490070acba
SHA25685556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
SHA51253a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1J1BPYJ\jquery.min[1].js
Filesize83KB
MD52f6b11a7e914718e0290410e85366fe9
SHA169bb69e25ca7d5ef0935317584e6153f3fd9a88c
SHA25605b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
SHA5120d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV6H14B0\beacon.min[1].js
Filesize19KB
MD5dd1d068fdb5fe90b6c05a5b3940e088c
SHA10d96f9df8772633a9df4c81cf323a4ef8998ba59
SHA2566153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
SHA5127aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06