Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

www/backen...ate.sh

windows7-x64

3

www/backen...ate.sh

windows10-2004-x64

3

www/backen...ler.js

windows7-x64

1

www/backen...ler.js

windows10-2004-x64

1

www/backen...ler.js

windows7-x64

1

www/backen...ler.js

windows10-2004-x64

1

www/backen...ler.js

windows7-x64

1

www/backen...ler.js

windows10-2004-x64

1

www/backen...ler.js

windows7-x64

1

www/backen...ler.js

windows10-2004-x64

1

www/backen...rce.js

windows7-x64

1

www/backen...rce.js

windows10-2004-x64

1

www/backen...der.js

windows7-x64

1

www/backen...der.js

windows10-2004-x64

1

www/backen...ice.js

windows7-x64

1

www/backen...ice.js

windows10-2004-x64

1

www/backen...ice.js

windows7-x64

1

www/backen...ice.js

windows10-2004-x64

1

www/backend/artisan

ubuntu-18.04-amd64

1

www/backend/artisan

debian-9-armhf

7

www/backend/artisan

debian-9-mips

1

www/backend/artisan

debian-9-mipsel

7

www/backen...er.ps1

windows7-x64

1

www/backen...er.ps1

windows10-2004-x64

1

www/backen...l.html

windows7-x64

1

www/backen...l.html

windows10-2004-x64

1

www/backen...p.html

windows7-x64

1

www/backen...p.html

windows10-2004-x64

1

www/backen...e.html

windows7-x64

1

www/backen...e.html

windows10-2004-x64

1

www/backen...d.html

windows7-x64

1

www/backen...d.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/04/2024, 20:54 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    www/backend/public/injects/html/banks/air.app.scb.breeze.android.main.my.prod.html

  • Size

    43KB

  • MD5

    9819046a9f984e16124741ed8c7dbb57

  • SHA1

    e6f9b439ed9fc21ce4e6d23f5cddc9e5917fca5f

  • SHA256

    3b3f1adcabd446f5161b913a70ddb311e3b02bf4db74a14b7cccc947a16123ce

  • SHA512

    f5673ce7380bdd00ef07ee2000817adc44b9fca748a87f0f9415504ec73ae721da2c8ba9513724bd90843e9451950824b03243e188870463f5a69e93f20ed239

  • SSDEEP

    768:u8g7MahDbOOD+WCn21UNqx7GACn21UNqx7G2:aAa5bPQ2eNq82eNqF

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\www\backend\public\injects\html\banks\air.app.scb.breeze.android.main.my.prod.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4720
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd383646f8,0x7ffd38364708,0x7ffd38364718
      2⤵
        PID:2740
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2611229770331238525,16681052977777597349,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        2⤵
          PID:1860
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2611229770331238525,16681052977777597349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2872
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2611229770331238525,16681052977777597349,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
          2⤵
            PID:4860
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2611229770331238525,16681052977777597349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
            2⤵
              PID:3524
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2611229770331238525,16681052977777597349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
              2⤵
                PID:3988
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2611229770331238525,16681052977777597349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
                2⤵
                  PID:1412
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2611229770331238525,16681052977777597349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4772
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2611229770331238525,16681052977777597349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
                  2⤵
                    PID:1488
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2611229770331238525,16681052977777597349,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
                    2⤵
                      PID:1760
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2611229770331238525,16681052977777597349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
                      2⤵
                        PID:1696
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2611229770331238525,16681052977777597349,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
                        2⤵
                          PID:3556
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2611229770331238525,16681052977777597349,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:772
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:3028
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:5024

                          Network

                          • flag-us
                            DNS
                            232.168.11.51.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            232.168.11.51.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            249.197.17.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            249.197.17.2.in-addr.arpa
                            IN PTR
                            Response
                            249.197.17.2.in-addr.arpa
                            IN PTR
                            a2-17-197-249deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            22.160.190.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            22.160.190.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            209.205.72.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            209.205.72.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            maxcdn.bootstrapcdn.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            maxcdn.bootstrapcdn.com
                            IN A
                            Response
                            maxcdn.bootstrapcdn.com
                            IN A
                            104.18.10.207
                            maxcdn.bootstrapcdn.com
                            IN A
                            104.18.11.207
                          • flag-us
                            DNS
                            ajax.googleapis.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ajax.googleapis.com
                            IN A
                            Response
                            ajax.googleapis.com
                            IN A
                            142.250.186.106
                          • flag-us
                            DNS
                            cdnjs.cloudflare.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            cdnjs.cloudflare.com
                            IN A
                            Response
                            cdnjs.cloudflare.com
                            IN A
                            104.17.25.14
                            cdnjs.cloudflare.com
                            IN A
                            104.17.24.14
                          • flag-us
                            GET
                            https://maxcdn.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css
                            msedge.exe
                            Remote address:
                            104.18.10.207:443
                            Request
                            GET /bootstrap/4.1.0/css/bootstrap.min.css HTTP/2.0
                            host: maxcdn.bootstrapcdn.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: text/css,*/*;q=0.1
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: style
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 06 Apr 2024 21:04:07 GMT
                            content-type: text/css; charset=utf-8
                            vary: Accept-Encoding
                            cdn-pullzone: 252412
                            cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
                            cdn-requestcountrycode: FR
                            access-control-allow-origin: *
                            cache-control: public, max-age=31919000
                            etag: W/"89916fa773ce96569604016ef25cab50"
                            last-modified: Mon, 25 Jan 2021 22:04:54 GMT
                            cdn-cachedat: 11/26/2023 17:42:21
                            cdn-proxyver: 1.04
                            cdn-requestpullcode: 200
                            cdn-requestpullsuccess: True
                            cdn-edgestorageid: 1186
                            timing-allow-origin: *
                            cross-origin-resource-policy: cross-origin
                            x-content-type-options: nosniff
                            cdn-status: 200
                            cdn-requestid: 512ac3615984df6e2626ad19f562116a
                            cdn-cache: HIT
                            cf-cache-status: HIT
                            age: 1659303
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            server: cloudflare
                            cf-ray: 8704ba7dbac4413a-LHR
                            content-encoding: br
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css
                            msedge.exe
                            Remote address:
                            104.18.10.207:443
                            Request
                            GET /font-awesome/4.6.1/css/font-awesome.min.css HTTP/2.0
                            host: maxcdn.bootstrapcdn.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: text/css,*/*;q=0.1
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: style
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 06 Apr 2024 21:04:07 GMT
                            content-type: application/javascript; charset=utf-8
                            vary: Accept-Encoding
                            cdn-pullzone: 252412
                            cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
                            cdn-requestcountrycode: FR
                            access-control-allow-origin: *
                            cache-control: public, max-age=31919000
                            etag: W/"ce6e785579ae4cb555c9de311d1b9271"
                            last-modified: Mon, 25 Jan 2021 22:04:05 GMT
                            cdn-cachedat: 10/31/2023 19:35:53
                            cdn-proxyver: 1.04
                            cdn-requestpullcode: 200
                            cdn-requestpullsuccess: True
                            cdn-edgestorageid: 947
                            timing-allow-origin: *
                            cross-origin-resource-policy: cross-origin
                            x-content-type-options: nosniff
                            cdn-status: 200
                            cdn-requestid: 9aa581b1446202280508eedd952e8df8
                            cdn-cache: HIT
                            cf-cache-status: HIT
                            age: 1648696
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            server: cloudflare
                            cf-ray: 8704ba7dbac5413a-LHR
                            content-encoding: br
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://maxcdn.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js
                            msedge.exe
                            Remote address:
                            104.18.10.207:443
                            Request
                            GET /bootstrap/4.1.0/js/bootstrap.min.js HTTP/2.0
                            host: maxcdn.bootstrapcdn.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: */*
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: script
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 06 Apr 2024 21:04:07 GMT
                            content-type: text/css; charset=utf-8
                            vary: Accept-Encoding
                            cdn-pullzone: 252412
                            cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
                            cdn-requestcountrycode: DE
                            cdn-edgestorageid: 723
                            cdn-edgestorageid: 617
                            cdn-edgestorageid: 617
                            last-modified: Mon, 25 Jan 2021 22:04:04 GMT
                            cdn-cachedat: 2021-07-24 16:52:17
                            cdn-requestpullsuccess: True
                            cdn-requestpullcode: 200
                            cache-control: public, max-age=31919000
                            timing-allow-origin: *
                            cross-origin-resource-policy: cross-origin
                            access-control-allow-origin: *
                            x-content-type-options: nosniff
                            cdn-requestid: fe637f643ecb37778cb95cee551d9dc8
                            cdn-status: 200
                            cdn-cache: HIT
                            cf-cache-status: HIT
                            age: 1659298
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            server: cloudflare
                            cf-ray: 8704ba7daabf413a-LHR
                            content-encoding: br
                            alt-svc: h3=":443"; ma=86400
                          • flag-us
                            GET
                            https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.15/jquery.mask.js
                            msedge.exe
                            Remote address:
                            104.17.25.14:443
                            Request
                            GET /ajax/libs/jquery.mask/1.14.15/jquery.mask.js HTTP/2.0
                            host: cdnjs.cloudflare.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: */*
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: script
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Sat, 06 Apr 2024 21:04:09 GMT
                            content-type: application/javascript; charset=utf-8
                            content-length: 4938
                            access-control-allow-origin: *
                            cache-control: public, max-age=30672000
                            content-encoding: br
                            etag: "5eb03ec3-5a58"
                            last-modified: Mon, 04 May 2020 16:11:47 GMT
                            cf-cdnjs-via: cfworker/kv
                            cross-origin-resource-policy: cross-origin
                            timing-allow-origin: *
                            x-content-type-options: nosniff
                            vary: Accept-Encoding
                            cf-cache-status: HIT
                            age: 1300061
                            expires: Thu, 27 Mar 2025 21:04:09 GMT
                            accept-ranges: bytes
                            report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V10IRPsemLANPTvMvO3jAxdnWUgTkSiRRfTwQhy6tni0CM34LP8fyIlHXMA%2FlFSdJRQ3sy9m9FxRP5%2BiPP7UtifpObMxaI5H0Zv108cn3OWWAMOX2xMo4%2FkZ4dLtiw3JFQ2BX06K"}],"group":"cf-nel","max_age":604800}
                            nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                            strict-transport-security: max-age=15780000
                            server: cloudflare
                            cf-ray: 8704ba8d8b71773e-LHR
                            alt-svc: h3=":443"; ma=86400
                          • flag-de
                            GET
                            https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
                            msedge.exe
                            Remote address:
                            142.250.186.106:443
                            Request
                            GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/2.0
                            host: ajax.googleapis.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: */*
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: script
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            DNS
                            207.10.18.104.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            207.10.18.104.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            14.25.17.104.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            14.25.17.104.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            106.186.250.142.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            106.186.250.142.in-addr.arpa
                            IN PTR
                            Response
                            106.186.250.142.in-addr.arpa
                            IN PTR
                            fra24s06-in-f101e100net
                          • flag-us
                            DNS
                            41.192.122.92.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            41.192.122.92.in-addr.arpa
                            IN PTR
                            Response
                            41.192.122.92.in-addr.arpa
                            IN PTR
                            a92-122-192-41deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            15.164.165.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            15.164.165.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            183.59.114.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            183.59.114.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            134.71.91.104.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            134.71.91.104.in-addr.arpa
                            IN PTR
                            Response
                            134.71.91.104.in-addr.arpa
                            IN PTR
                            a104-91-71-134deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            0.205.248.87.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            0.205.248.87.in-addr.arpa
                            IN PTR
                            Response
                            0.205.248.87.in-addr.arpa
                            IN PTR
                            https-87-248-205-0lgwllnwnet
                          • 104.18.10.207:443
                            https://maxcdn.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js
                            tls, http2
                            msedge.exe
                            4.0kB
                             51.8kB
                             56
                            52

                            HTTP Request

                            GET https://maxcdn.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css

                            HTTP Request

                            GET https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css

                            HTTP Request

                            GET https://maxcdn.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200
                          • 104.18.10.207:443
                            maxcdn.bootstrapcdn.com
                            tls, http2
                            msedge.exe
                            989 B
                             5.1kB
                             9
                            8
                          • 104.18.10.207:443
                            maxcdn.bootstrapcdn.com
                            tls, http2
                            msedge.exe
                            989 B
                             5.1kB
                             9
                            8
                          • 104.17.25.14:443
                            https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.15/jquery.mask.js
                            tls, http2
                            msedge.exe
                            1.8kB
                             9.1kB
                             17
                            17

                            HTTP Request

                            GET https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.15/jquery.mask.js

                            HTTP Response

                            200
                          • 142.250.186.106:443
                            https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
                            tls, http2
                            msedge.exe
                            2.6kB
                             38.9kB
                             34
                            36

                            HTTP Request

                            GET https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
                          • 52.142.223.178:80
                            46 B
                             1
                          • 8.8.8.8:53
                            232.168.11.51.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            232.168.11.51.in-addr.arpa

                          • 8.8.8.8:53
                            249.197.17.2.in-addr.arpa
                            dns
                            71 B
                             135 B
                             1
                            1

                            DNS Request

                            249.197.17.2.in-addr.arpa

                          • 8.8.8.8:53
                            22.160.190.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            22.160.190.20.in-addr.arpa

                          • 8.8.8.8:53
                            209.205.72.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            209.205.72.20.in-addr.arpa

                          • 8.8.8.8:53
                            maxcdn.bootstrapcdn.com
                            dns
                            msedge.exe
                            69 B
                             101 B
                             1
                            1

                            DNS Request

                            maxcdn.bootstrapcdn.com

                            DNS Response

                            104.18.10.207
                            104.18.11.207

                          • 8.8.8.8:53
                            ajax.googleapis.com
                            dns
                            msedge.exe
                            65 B
                             81 B
                             1
                            1

                            DNS Request

                            ajax.googleapis.com

                            DNS Response

                            142.250.186.106

                          • 8.8.8.8:53
                            cdnjs.cloudflare.com
                            dns
                            msedge.exe
                            66 B
                             98 B
                             1
                            1

                            DNS Request

                            cdnjs.cloudflare.com

                            DNS Response

                            104.17.25.14
                            104.17.24.14

                          • 8.8.8.8:53
                            207.10.18.104.in-addr.arpa
                            dns
                            72 B
                             134 B
                             1
                            1

                            DNS Request

                            207.10.18.104.in-addr.arpa

                          • 8.8.8.8:53
                            14.25.17.104.in-addr.arpa
                            dns
                            71 B
                             133 B
                             1
                            1

                            DNS Request

                            14.25.17.104.in-addr.arpa

                          • 8.8.8.8:53
                            106.186.250.142.in-addr.arpa
                            dns
                            74 B
                             113 B
                             1
                            1

                            DNS Request

                            106.186.250.142.in-addr.arpa

                          • 8.8.8.8:53
                            41.192.122.92.in-addr.arpa
                            dns
                            72 B
                             137 B
                             1
                            1

                            DNS Request

                            41.192.122.92.in-addr.arpa

                          • 224.0.0.251:5353
                            515 B
                             8
                          • 8.8.8.8:53
                            183.59.114.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            183.59.114.20.in-addr.arpa

                          • 8.8.8.8:53
                            15.164.165.52.in-addr.arpa
                            dns
                            72 B
                             146 B
                             1
                            1

                            DNS Request

                            15.164.165.52.in-addr.arpa

                          • 8.8.8.8:53
                            134.71.91.104.in-addr.arpa
                            dns
                            72 B
                             137 B
                             1
                            1

                            DNS Request

                            134.71.91.104.in-addr.arpa

                          • 8.8.8.8:53
                            0.205.248.87.in-addr.arpa
                            dns
                            71 B
                             116 B
                             1
                            1

                            DNS Request

                            0.205.248.87.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            47b2c6613360b818825d076d14c051f7

                            SHA1

                            7df7304568313a06540f490bf3305cb89bc03e5c

                            SHA256

                            47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

                            SHA512

                            08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            e0811105475d528ab174dfdb69f935f3

                            SHA1

                            dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

                            SHA256

                            c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

                            SHA512

                            8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0183b401-357f-46a0-a66d-97619bdb8173.tmp
                            Filesize

                            6KB

                            MD5

                            c5e9517b690846f3ca4509fe07b6f4e9

                            SHA1

                            fb11ff329a285d587ea73ed5a7576e9b833a3791

                            SHA256

                            9a84f9ccc053fb81e9e64049b201167fcbe9fea57869c8abf25c144a6126ec89

                            SHA512

                            17ffcaa43cef7998215b8da340233e34ec79aef786147f2370f1fac0661177c2117ac7f51a357d35c863cf1f79bb0e8f045cc492111bc6e6f45161983b23ed60

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            467B

                            MD5

                            23b0a98ebfa558386581c11f8a6b54be

                            SHA1

                            b5b721578ebc96d0a5038f52d2f256db6b48e364

                            SHA256

                            cda8a369668766a9e6aaa3d25e0d7c23bfb44ca13ea39af8c5884fde7ec94014

                            SHA512

                            e01f3f253eaa4c25ef8b30286e2530330ece2ecf3ade65a08d8f04867e6d8d48da10a1571a8ffb51e91d79b3a899cb44aa68a83dd8ef87f3072f19c0abf04333

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            12b78c5cb1057a41c51510e582d8ae4d

                            SHA1

                            1a3f31931495396805d6fd7997067b5a20f87a08

                            SHA256

                            e10bbe1bbd4873613b2cbeadb8b9d4d33e924f9f62d8d756140ce162c01a58e9

                            SHA512

                            ed50ba74c74b6df50a5d23916015b8fa1af1d0836a55b2a383382538bc42a4295df96e079c29e1e345b5846790c07fb349b14c5b6d287702506a0255b19db9f2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            7cf68cb6250d7ca3c1d7978407513e79

                            SHA1

                            09d6007a657555b06ba387fa4abd565204890b12

                            SHA256

                            ea790e6cb5d97a230fe1ca653eda69c6a262be839a173c242d016f2b6316b8cf

                            SHA512

                            4cebbf82384b7fd99a10a5350ba41a60a95a7eeba6345bcf523d2ccbae89672d6b60793db41abd4a5df3fa9731afb8485d432589e9cd35654980d219497e3fe8

                            Download Submit

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.