Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

89d34d79ff...1.html

windows7-x64

1

89d34d79ff...1.html

windows10-2004-x64

1

Analysis

  • max time kernel
    88s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/02/2024, 15:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    89d34d79ff5894658638690b4f9bcac1.html

  • Size

    3.5MB

  • MD5

    89d34d79ff5894658638690b4f9bcac1

  • SHA1

    ab66200e8f3ee2649cab3158f46db9b54eefca0f

  • SHA256

    a4e43daa786e1245d8924b7cf51c80c8d2cb7c7432891f542b2b325457b3426a

  • SHA512

    f2bb2d94f8567edf861b966f45d5676e24af1575f2a622e09ddae6c25dd0322cf949ff9c3d38d29aced0a9f380a89cb4cfe3f1573566d0ec2d915b573fafe223

  • SSDEEP

    12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NyX:jvpjte4tT6sX

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 60 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\89d34d79ff5894658638690b4f9bcac1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4056

Network

  • flag-us
    DNS
    static.cloudflareinsights.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    static.cloudflareinsights.com
    IN A
    Response
    static.cloudflareinsights.com
    IN A
    104.16.56.101
    static.cloudflareinsights.com
    IN A
    104.16.57.101
  • flag-us
    GET
    https://static.cloudflareinsights.com/beacon.min.js
    IEXPLORE.EXE
    Remote address:
    104.16.56.101:443
    Request
    GET /beacon.min.js HTTP/2.0
    host: static.cloudflareinsights.com
    accept: application/javascript, */*;q=0.8
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    date: Fri, 02 Feb 2024 15:06:35 GMT
    content-type: text/javascript;charset=UTF-8
    access-control-allow-origin: *
    cache-control: public, max-age=86400
    etag: W/"2023.10.0"
    last-modified: Tue, 10 Oct 2023 21:38:13 GMT
    cross-origin-resource-policy: cross-origin
    vary: Accept-Encoding
    server: cloudflare
    cf-ray: 84f356c16c987765-LHR
    content-encoding: gzip
  • flag-us
    DNS
    ajax.googleapis.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ajax.googleapis.com
    IN A
    Response
    ajax.googleapis.com
    IN A
    142.250.179.234
  • flag-gb
    GET
    https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
    IEXPLORE.EXE
    Remote address:
    142.250.179.234:443
    Request
    GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/2.0
    host: ajax.googleapis.com
    accept: application/javascript, */*;q=0.8
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    accept-ranges: bytes
    content-encoding: gzip
    access-control-allow-origin: *
    content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
    cross-origin-resource-policy: cross-origin
    cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
    report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
    timing-allow-origin: *
    content-length: 30028
    x-content-type-options: nosniff
    server: sffe
    x-xss-protection: 0
    date: Wed, 31 Jan 2024 21:47:55 GMT
    expires: Thu, 30 Jan 2025 21:47:55 GMT
    cache-control: public, max-age=31536000, stale-while-revalidate=2592000
    last-modified: Tue, 03 Mar 2020 19:15:00 GMT
    content-type: text/javascript; charset=UTF-8
    vary: Accept-Encoding
    age: 148720
    alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.205.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.205.248.87.in-addr.arpa
    IN PTR
    Response
    0.205.248.87.in-addr.arpa
    IN PTR
    https-87-248-205-0lgwllnwnet
  • flag-us
    DNS
    101.56.16.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    101.56.16.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    234.179.250.142.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    234.179.250.142.in-addr.arpa
    IN PTR
    Response
    234.179.250.142.in-addr.arpa
    IN PTR
    lhr25s31-in-f101e100net
  • flag-us
    DNS
    code.jquery.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    code.jquery.com
    IN A
    Response
    code.jquery.com
    IN A
    151.101.130.137
    code.jquery.com
    IN A
    151.101.194.137
    code.jquery.com
    IN A
    151.101.2.137
    code.jquery.com
    IN A
    151.101.66.137
  • flag-us
    GET
    https://code.jquery.com/jquery-3.1.1.min.js
    IEXPLORE.EXE
    Remote address:
    151.101.130.137:443
    Request
    GET /jquery-3.1.1.min.js HTTP/2.0
    host: code.jquery.com
    accept: application/javascript, */*;q=0.8
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    server: nginx
    content-type: application/javascript; charset=utf-8
    last-modified: Fri, 18 Oct 1991 12:00:00 GMT
    etag: W/"28feccc0-152b5"
    cache-control: public, max-age=31536000, stale-while-revalidate=604800
    access-control-allow-origin: *
    content-encoding: gzip
    via: 1.1 varnish, 1.1 varnish
    accept-ranges: bytes
    date: Fri, 02 Feb 2024 15:06:35 GMT
    age: 12085794
    x-served-by: cache-lga21947-LGA, cache-lhr7351-LHR
    x-cache: HIT, HIT
    x-cache-hits: 125, 37033
    x-timer: S1706886396.825245,VS0,VE0
    vary: Accept-Encoding
    content-length: 30070
  • flag-us
    GET
    https://code.jquery.com/jquery-3.2.1.slim.min.js
    IEXPLORE.EXE
    Remote address:
    151.101.130.137:443
    Request
    GET /jquery-3.2.1.slim.min.js HTTP/2.0
    host: code.jquery.com
    accept: application/javascript, */*;q=0.8
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    origin: file:
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    server: nginx
    content-type: application/javascript; charset=utf-8
    last-modified: Fri, 18 Oct 1991 12:00:00 GMT
    etag: W/"28feccc0-10fdd"
    cache-control: public, max-age=31536000, stale-while-revalidate=604800
    access-control-allow-origin: *
    content-encoding: gzip
    via: 1.1 varnish, 1.1 varnish
    accept-ranges: bytes
    date: Fri, 02 Feb 2024 15:06:38 GMT
    age: 11982597
    x-served-by: cache-lga21963-LGA, cache-lhr7351-LHR
    x-cache: HIT, HIT
    x-cache-hits: 7, 58476
    x-timer: S1706886399.688045,VS0,VE0
    vary: Accept-Encoding
    content-length: 23856
  • flag-us
    DNS
    67.204.58.216.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    67.204.58.216.in-addr.arpa
    IN PTR
    Response
    67.204.58.216.in-addr.arpa
    IN PTR
    lhr48s49-in-f31e100net
    67.204.58.216.in-addr.arpa
    IN PTR
    lhr25s13-in-f3�G
    67.204.58.216.in-addr.arpa
    IN PTR
    lhr25s13-in-f67�G
  • flag-us
    DNS
    137.130.101.151.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    137.130.101.151.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    233.38.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    233.38.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.149.64.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.149.64.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    maxcdn.bootstrapcdn.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    maxcdn.bootstrapcdn.com
    IN A
    Response
    maxcdn.bootstrapcdn.com
    IN A
    104.18.11.207
    maxcdn.bootstrapcdn.com
    IN A
    104.18.10.207
  • flag-us
    GET
    https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
    IEXPLORE.EXE
    Remote address:
    104.18.11.207:443
    Request
    GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/2.0
    host: maxcdn.bootstrapcdn.com
    accept: text/css, */*
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    date: Fri, 02 Feb 2024 15:06:37 GMT
    content-type: text/css; charset=utf-8
    vary: Accept-Encoding
    cdn-pullzone: 252412
    cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
    cdn-requestcountrycode: FR
    access-control-allow-origin: *
    cache-control: public, max-age=31919000
    content-encoding: gzip
    etag: W/"450fc463b8b1a349df717056fbb3e078"
    last-modified: Mon, 25 Jan 2021 22:04:04 GMT
    cdn-cachedat: 11/23/2023 10:15:26
    cdn-proxyver: 1.04
    cdn-requestpullcode: 200
    cdn-requestpullsuccess: True
    cdn-edgestorageid: 946
    timing-allow-origin: *
    cross-origin-resource-policy: cross-origin
    x-content-type-options: nosniff
    cdn-status: 200
    cdn-requestid: d9b7ababe2fcb946f25bd60ef88cb64d
    cdn-cache: HIT
    cf-cache-status: HIT
    age: 5469802
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    server: cloudflare
    cf-ray: 84f356d19d168924-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
    IEXPLORE.EXE
    Remote address:
    104.18.11.207:443
    Request
    GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/2.0
    host: maxcdn.bootstrapcdn.com
    accept: application/javascript, */*;q=0.8
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    origin: file:
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    date: Fri, 02 Feb 2024 15:06:38 GMT
    content-type: application/javascript; charset=utf-8
    vary: Accept-Encoding
    cdn-pullzone: 252412
    cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
    cdn-requestcountrycode: FR
    access-control-allow-origin: *
    cache-control: public, max-age=31919000
    content-encoding: gzip
    etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
    last-modified: Mon, 25 Jan 2021 22:04:04 GMT
    cdn-cachedat: 10/31/2023 19:43:16
    cdn-proxyver: 1.04
    cdn-requestpullcode: 200
    cdn-requestpullsuccess: True
    cdn-edgestorageid: 951
    timing-allow-origin: *
    cross-origin-resource-policy: cross-origin
    x-content-type-options: nosniff
    cdn-status: 200
    cdn-requestid: 58c4d2a17abe72bd8d781d31d184e375
    cdn-cache: HIT
    cf-cache-status: HIT
    age: 3903023
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    server: cloudflare
    cf-ray: 84f356d9792b8924-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    kit.fontawesome.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    kit.fontawesome.com
    IN A
    Response
    kit.fontawesome.com
    IN CNAME
    kit.fontawesome.com.cdn.cloudflare.net
    kit.fontawesome.com.cdn.cloudflare.net
    IN A
    172.64.147.188
    kit.fontawesome.com.cdn.cloudflare.net
    IN A
    104.18.40.68
  • flag-us
    DNS
    207.11.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    207.11.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    42.200.250.142.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    42.200.250.142.in-addr.arpa
    IN PTR
    Response
    42.200.250.142.in-addr.arpa
    IN PTR
    lhr48s30-in-f101e100net
  • flag-us
    GET
    https://kit.fontawesome.com/585b051251.js
    IEXPLORE.EXE
    Remote address:
    172.64.147.188:443
    Request
    GET /585b051251.js HTTP/2.0
    host: kit.fontawesome.com
    accept: application/javascript, */*;q=0.8
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    origin: file:
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    date: Fri, 02 Feb 2024 15:06:38 GMT
    content-type: text/javascript
    access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
    access-control-allow-methods: GET, OPTIONS
    access-control-allow-origin: *
    access-control-max-age: 3000
    cache-control: max-age=60, public, stale-while-revalidate=30
    vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
    x-request-id: F6_1GBibjhez03XCrAPh
    cf-cache-status: REVALIDATED
    server: cloudflare
    cf-ray: 84f356d4997c63c5-LHR
    content-encoding: gzip
  • flag-us
    DNS
    ka-f.fontawesome.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ka-f.fontawesome.com
    IN A
    Response
    ka-f.fontawesome.com
    IN CNAME
    ka-f.fontawesome.com.cdn.cloudflare.net
    ka-f.fontawesome.com.cdn.cloudflare.net
    IN A
    172.64.128.7
    ka-f.fontawesome.com.cdn.cloudflare.net
    IN A
    172.64.129.7
  • flag-us
    GET
    https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251
    IEXPLORE.EXE
    Remote address:
    172.64.128.7:443
    Request
    GET /releases/v5.15.4/css/free.min.css?token=585b051251 HTTP/2.0
    host: ka-f.fontawesome.com
    accept: */*
    accept-language: en-US
    accept-encoding: gzip, deflate
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Response
    HTTP/2.0 200
    date: Fri, 02 Feb 2024 15:06:38 GMT
    content-type: text/css
    access-control-allow-origin: *
    access-control-allow-methods: GET
    access-control-max-age: 3000
    last-modified: Wed, 04 Aug 2021 18:53:09 GMT
    etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
    cache-control: max-age=31556926
    access-control-allow-headers: fa-kit-token
    content-encoding: gzip
    vary: Accept-Encoding
    x-cache: Hit from cloudfront
    via: 1.1 b74ec591a994ce96ac6e89b5e760c4bc.cloudfront.net (CloudFront)
    x-amz-cf-pop: LHR5-P6
    x-amz-cf-id: TYSmI2kiJYfQ84gdtq8ycMAjSASBK9LE_LDQawtGQhJvXEtQBq_-3A==
    age: 3959774
    cf-cache-status: HIT
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jt3H5YN%2BekYmgFvQfYzlmkKyDTcCoFUhC90Tya41HEsuLrSf3R6ArpuSttsCTenIWxGQwVg7a9AM90Zz4jFh5AsV62w5A40E%2F%2BngxRPEUo%2FoI%2Bn%2BCmyTerljPKE1isloyDhQLUE2EA%3D%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 84f356d85fd563d2-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251
    IEXPLORE.EXE
    Remote address:
    172.64.128.7:443
    Request
    GET /releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251 HTTP/2.0
    host: ka-f.fontawesome.com
    accept: */*
    accept-language: en-US
    accept-encoding: gzip, deflate
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Response
    HTTP/2.0 200
    date: Fri, 02 Feb 2024 15:06:38 GMT
    content-type: text/css
    access-control-allow-origin: *
    access-control-allow-methods: GET
    access-control-max-age: 3000
    last-modified: Wed, 04 Aug 2021 18:53:09 GMT
    etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
    cache-control: max-age=31556926
    access-control-allow-headers: fa-kit-token
    content-encoding: gzip
    vary: Accept-Encoding
    x-cache: Hit from cloudfront
    via: 1.1 cdd8daeefcf66738f6e908663e79c33e.cloudfront.net (CloudFront)
    x-amz-cf-pop: LHR50-P1
    x-amz-cf-id: SdXvnaSWwMp_0mQuLuqbSwY9dx-jnzgmuNDzrlpAuo3xX5adPKuUAQ==
    age: 6678824
    cf-cache-status: HIT
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I3p8FKLIK7T0KQw5v66TD3qMk4TXZTW7k8altFF%2Fr2JxQ%2BYRfqnvjLGlGdGUMo%2BqKlLJxKyF1k8S0VYcfPq9SiCtUkZxSPoq00q4bqtzo2G8tHMOHArOoPFhkRjG7SuD1y%2Fill7YKA%3D%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 84f356d85fd363d2-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    cdnjs.cloudflare.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    cdnjs.cloudflare.com
    IN A
    Response
    cdnjs.cloudflare.com
    IN A
    104.17.25.14
    cdnjs.cloudflare.com
    IN A
    104.17.24.14
  • flag-us
    GET
    https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
    IEXPLORE.EXE
    Remote address:
    104.17.25.14:443
    Request
    GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/2.0
    host: cdnjs.cloudflare.com
    accept: application/javascript, */*;q=0.8
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    origin: file:
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    date: Fri, 02 Feb 2024 15:06:38 GMT
    content-type: application/javascript; charset=utf-8
    content-length: 6908
    access-control-allow-origin: *
    cache-control: public, max-age=30672000
    content-encoding: gzip
    etag: "5eb03fa9-4af4"
    last-modified: Mon, 04 May 2020 16:15:37 GMT
    cf-cdnjs-via: cfworker/kv
    cross-origin-resource-policy: cross-origin
    timing-allow-origin: *
    x-content-type-options: nosniff
    vary: Accept-Encoding
    cf-cache-status: HIT
    age: 51349
    expires: Wed, 22 Jan 2025 15:06:38 GMT
    accept-ranges: bytes
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jiM7grSly94jkJLd%2BXYirnTy135%2FPdjN2Je%2B6owDGz6NVLmPFhUtmaI4ZQVQGv9UlLwSS7wnmkmpKS7NPh17ewwE%2Bkg0TkQ3s8Y8WTKjY9c4JvcPsrd4qZmk0gG%2BAb2VOyyPJo82"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
    strict-transport-security: max-age=15780000
    server: cloudflare
    cf-ray: 84f356d91e2448bc-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    188.147.64.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    188.147.64.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    7.128.64.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    7.128.64.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    14.25.17.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.25.17.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    57.110.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.110.18.2.in-addr.arpa
    IN PTR
    Response
    57.110.18.2.in-addr.arpa
    IN PTR
    a2-18-110-57deploystaticakamaitechnologiescom
  • GET
    https://ieonline.microsoft.com/ie/known_providers_download_v1.xml
    Request
    GET /ie/known_providers_download_v1.xml HTTP/2.0
    host: ieonline.microsoft.com
    accept: */*
    accept-language: en-US
    ua-cpu: AMD64
    accept-encoding: gzip, deflate
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    if-modified-since: Thu, 20 Feb 2020 01:30:24 GMT
    cookie: _EDGE_V=1; MUID=0B6295915EED66101C5B867E5F566773; MUIDB=0B6295915EED66101C5B867E5F566773
    Response
    HTTP/2.0 304
    cache-control: private
    set-cookie: _EDGE_S=SID=0ABB9904EAA961CE18CC8D1DEB496072; domain=.microsoft.com; path=/; HttpOnly
    set-cookie: MUIDB=0B6295915EED66101C5B867E5F566773; expires=Wed, 26-Feb-2025 15:06:40 GMT; path=/; HttpOnly
    x-eventid: 65bd0500bcdf407b90da0f56f1c2983a
    useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 00A10A560A0A4AD28D8D4507EEBF1A01 Ref B: LON04EDGE1121 Ref C: 2024-02-02T15:06:40Z
    date: Fri, 02 Feb 2024 15:06:39 GMT
  • flag-gb
    GET
    https://www.bing.com/favicon.ico
    iexplore.exe
    Remote address:
    92.123.128.172:443
    Request
    GET /favicon.ico HTTP/2.0
    host: www.bing.com
    accept: */*
    ua-cpu: AMD64
    accept-encoding: gzip, deflate
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
    Response
    HTTP/2.0 200
    cache-control: public, max-age=15552000
    content-length: 4286
    content-type: image/x-icon
    last-modified: Mon, 01 Jan 1601 00:00:00 GMT
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0FD04CFC1A1E485B9EBD8B31934F6D09 Ref B: LTSEDGE0810 Ref C: 2022-12-09T13:31:02Z
    date: Fri, 02 Feb 2024 15:06:40 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.ac777b5c.1706886400.2a35cf83
  • flag-us
    DNS
    172.128.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.128.123.92.in-addr.arpa
    IN PTR
    Response
    172.128.123.92.in-addr.arpa
    IN PTR
    a92-123-128-172deploystaticakamaitechnologiescom
  • flag-us
    DNS
    59.128.231.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    59.128.231.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    161.19.199.152.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    161.19.199.152.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    177.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    177.178.17.96.in-addr.arpa
    IN PTR
    Response
    177.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-177deploystaticakamaitechnologiescom
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • 104.16.56.101:443
    static.cloudflareinsights.com
    tls, http2
    IEXPLORE.EXE
    1.1kB
     3.6kB
     14
    10
  • 104.16.56.101:443
    https://static.cloudflareinsights.com/beacon.min.js
    tls, http2
    IEXPLORE.EXE
    1.7kB
     11.3kB
     24
    19

    HTTP Request

    GET https://static.cloudflareinsights.com/beacon.min.js

    HTTP Response

    200
  • 142.250.179.234:443
    ajax.googleapis.com
    tls, http2
    IEXPLORE.EXE
    1.1kB
     5.5kB
     15
    11
  • 142.250.179.234:443
    https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
    tls, http2
    IEXPLORE.EXE
    2.5kB
     37.8kB
     41
    35

    HTTP Request

    GET https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

    HTTP Response

    200
  • 151.101.130.137:443
    https://code.jquery.com/jquery-3.2.1.slim.min.js
    tls, http2
    IEXPLORE.EXE
    3.4kB
     63.9kB
     61
    60

    HTTP Request

    GET https://code.jquery.com/jquery-3.1.1.min.js

    HTTP Response

    200

    HTTP Request

    GET https://code.jquery.com/jquery-3.2.1.slim.min.js

    HTTP Response

    200
  • 151.101.130.137:443
    code.jquery.com
    tls, http2
    IEXPLORE.EXE
    1.1kB
     6.4kB
     16
    15
  • 104.18.11.207:443
    maxcdn.bootstrapcdn.com
    tls, http2
    IEXPLORE.EXE
    1.1kB
     5.9kB
     15
    11
  • 104.18.11.207:443
    https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
    tls, http2
    IEXPLORE.EXE
    3.3kB
     49.7kB
     57
    52

    HTTP Request

    GET https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

    HTTP Response

    200

    HTTP Request

    GET https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

    HTTP Response

    200
  • 172.64.147.188:443
    https://kit.fontawesome.com/585b051251.js
    tls, http2
    IEXPLORE.EXE
    1.5kB
     9.8kB
     20
    15

    HTTP Request

    GET https://kit.fontawesome.com/585b051251.js

    HTTP Response

    200
  • 172.64.147.188:443
    kit.fontawesome.com
    tls, http2
    IEXPLORE.EXE
    1.0kB
     4.7kB
     13
    9
  • 172.64.128.7:443
    ka-f.fontawesome.com
    tls, http2
    IEXPLORE.EXE
    1.1kB
     5.9kB
     15
    11
  • 172.64.128.7:443
    https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251
    tls, http2
    IEXPLORE.EXE
    2.3kB
     25.5kB
     36
    30

    HTTP Request

    GET https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251

    HTTP Request

    GET https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251

    HTTP Response

    200

    HTTP Response

    200
  • 104.17.25.14:443
    cdnjs.cloudflare.com
    tls, http2
    IEXPLORE.EXE
    1.0kB
     3.6kB
     13
    9
  • 104.17.25.14:443
    https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
    tls, http2
    IEXPLORE.EXE
    1.6kB
     11.7kB
     23
    18

    HTTP Request

    GET https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls, http2
    iexplore.exe
    1.3kB
     8.2kB
     17
    16
  • 92.123.128.172:443
    https://www.bing.com/favicon.ico
    tls, http2
    iexplore.exe
    1.5kB
     9.8kB
     21
    19

    HTTP Request

    GET https://www.bing.com/favicon.ico

    HTTP Response

    200
  • 92.123.128.172:443
    www.bing.com
    tls, http2
    iexplore.exe
    1.1kB
     4.9kB
     15
    14
  • 20.231.121.79:80
    46 B
     1
  • 8.8.8.8:53
    static.cloudflareinsights.com
    dns
    IEXPLORE.EXE
    75 B
     107 B
     1
    1

    DNS Request

    static.cloudflareinsights.com

    DNS Response

    104.16.56.101
    104.16.57.101

  • 8.8.8.8:53
    ajax.googleapis.com
    dns
    IEXPLORE.EXE
    65 B
     81 B
     1
    1

    DNS Request

    ajax.googleapis.com

    DNS Response

    142.250.179.234

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    0.205.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    0.205.248.87.in-addr.arpa

  • 8.8.8.8:53
    101.56.16.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    101.56.16.104.in-addr.arpa

  • 8.8.8.8:53
    234.179.250.142.in-addr.arpa
    dns
    74 B
     113 B
     1
    1

    DNS Request

    234.179.250.142.in-addr.arpa

  • 8.8.8.8:53
    code.jquery.com
    dns
    IEXPLORE.EXE
    61 B
     125 B
     1
    1

    DNS Request

    code.jquery.com

    DNS Response

    151.101.130.137
    151.101.194.137
    151.101.2.137
    151.101.66.137

  • 8.8.8.8:53
    67.204.58.216.in-addr.arpa
    dns
    72 B
     169 B
     1
    1

    DNS Request

    67.204.58.216.in-addr.arpa

  • 8.8.8.8:53
    137.130.101.151.in-addr.arpa
    dns
    74 B
     134 B
     1
    1

    DNS Request

    137.130.101.151.in-addr.arpa

  • 8.8.8.8:53
    23.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    23.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    233.38.18.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    233.38.18.104.in-addr.arpa

  • 8.8.8.8:53
    23.149.64.172.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    23.149.64.172.in-addr.arpa

  • 8.8.8.8:53
    maxcdn.bootstrapcdn.com
    dns
    IEXPLORE.EXE
    69 B
     101 B
     1
    1

    DNS Request

    maxcdn.bootstrapcdn.com

    DNS Response

    104.18.11.207
    104.18.10.207

  • 8.8.8.8:53
    kit.fontawesome.com
    dns
    IEXPLORE.EXE
    65 B
     149 B
     1
    1

    DNS Request

    kit.fontawesome.com

    DNS Response

    172.64.147.188
    104.18.40.68

  • 8.8.8.8:53
    207.11.18.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    207.11.18.104.in-addr.arpa

  • 8.8.8.8:53
    42.200.250.142.in-addr.arpa
    dns
    73 B
     112 B
     1
    1

    DNS Request

    42.200.250.142.in-addr.arpa

  • 8.8.8.8:53
    ka-f.fontawesome.com
    dns
    IEXPLORE.EXE
    66 B
     151 B
     1
    1

    DNS Request

    ka-f.fontawesome.com

    DNS Response

    172.64.128.7
    172.64.129.7

  • 8.8.8.8:53
    cdnjs.cloudflare.com
    dns
    IEXPLORE.EXE
    66 B
     98 B
     1
    1

    DNS Request

    cdnjs.cloudflare.com

    DNS Response

    104.17.25.14
    104.17.24.14

  • 8.8.8.8:53
    188.147.64.172.in-addr.arpa
    dns
    73 B
     135 B
     1
    1

    DNS Request

    188.147.64.172.in-addr.arpa

  • 8.8.8.8:53
    7.128.64.172.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    7.128.64.172.in-addr.arpa

  • 8.8.8.8:53
    14.25.17.104.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    14.25.17.104.in-addr.arpa

  • 8.8.8.8:53
    57.110.18.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    57.110.18.2.in-addr.arpa

  • 8.8.8.8:53
    172.128.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    172.128.123.92.in-addr.arpa

  • 8.8.8.8:53
    59.128.231.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    59.128.231.4.in-addr.arpa

  • 8.8.8.8:53
    161.19.199.152.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    161.19.199.152.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    177.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    177.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    144 B
     316 B
     2
    2

    DNS Request

    48.229.111.52.in-addr.arpa

    DNS Request

    48.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    cb99b6d5040641081530ef8f6049f1aa

    SHA1

    3fa9e3148cbee0e561da3787919043483ee5e5c0

    SHA256

    3e1607026f332ae19539f0621c8b18c820245d196febf8bf258253667ebc94d8

    SHA512

    13cdc5995fa4741d474c00491ea55b26101a88ee3495327950249e8bef1e16de29f46d0c1ffef3682eac0e041f0b06545d51ef8152a33606f0e13fe35e6a1d83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    2317aa64be54a0e5b453272d81fe267f

    SHA1

    85e8271feaebdcd5d946983b55fd8507b2e69798

    SHA256

    60e1b178c131f3beb444c6d480f98316b83152ea11e9ea4190f16908a43cef90

    SHA512

    aae162cbb0a72cebde2309ddf6ad1fc9d691712dcc552a74579674fccb11d37e686ed67bf420705704528dea50d5634453d8934657e4124a3903be89d8876e3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7V1N9ZS9\beacon.min[1].js
    Filesize

    19KB

    MD5

    dd1d068fdb5fe90b6c05a5b3940e088c

    SHA1

    0d96f9df8772633a9df4c81cf323a4ef8998ba59

    SHA256

    6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

    SHA512

    7aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8D1Z5HG5\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GG17NQDF\jquery.min[1].js
    Filesize

    83KB

    MD5

    2f6b11a7e914718e0290410e85366fe9

    SHA1

    69bb69e25ca7d5ef0935317584e6153f3fd9a88c

    SHA256

    05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

    SHA512

    0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UCK1SA0Q\jquery-3.1.1.min[1].js
    Filesize

    84KB

    MD5

    e071abda8fe61194711cfc2ab99fe104

    SHA1

    f647a6d37dc4ca055ced3cf64bbc1f490070acba

    SHA256

    85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

    SHA512

    53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.