Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11/05/2024, 04:59 UTC

General

  • Target

    32d85296972b34d859727e5d84a67ad9_JaffaCakes118.html

  • Size

    15KB

  • MD5

    32d85296972b34d859727e5d84a67ad9

  • SHA1

    1f291f43ced39ba23967c867bb034e0430649468

  • SHA256

    5ff6fb9cd8a7c874b33e04e1069e7e604d1d38ca3b51571478945a0c34900e27

  • SHA512

    6d29418fc4f632d1d7b73811bafee332bbee4c449b5bed378463bbfe37045fe34d0ef96b954b1f5d5b1435dd78e7d5fb8e02e7183341ef7e93c4c77e65ded189

  • SSDEEP

    384:WR5jiAomf6jIBVb91PRIkro7g/NBPKzNp1WB1V96mRNIv2XxNh:gmzBjINI7GNBPmNSDVjXxNh

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\32d85296972b34d859727e5d84a67ad9_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1276

Network

  • flag-us
    DNS
    thefireservice.co.uk
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    thefireservice.co.uk
    IN A
    Response
    thefireservice.co.uk
    IN A
    173.254.30.90
  • flag-us
    GET
    http://thefireservice.co.uk/wp-content/themes/cubic/style.css?ver=4.9.6
    IEXPLORE.EXE
    Remote address:
    173.254.30.90:80
    Request
    GET /wp-content/themes/cubic/style.css?ver=4.9.6 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: thefireservice.co.uk
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Sat, 11 May 2024 04:59:51 GMT
    Server: Apache
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
    Upgrade: h2,h2c
    Connection: Upgrade
    Vary: Accept-Encoding
    Content-Encoding: gzip
    X-Endurance-Cache-Level: 2
    X-nginx-cache: WordPress
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8
  • flag-us
    GET
    http://thefireservice.co.uk/wp-content/themes/boardwalk/style.css?ver=4.9.6
    IEXPLORE.EXE
    Remote address:
    173.254.30.90:80
    Request
    GET /wp-content/themes/boardwalk/style.css?ver=4.9.6 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: thefireservice.co.uk
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Sat, 11 May 2024 04:59:51 GMT
    Server: Apache
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
    Upgrade: h2,h2c
    Connection: Upgrade
    Vary: Accept-Encoding
    Content-Encoding: gzip
    X-Endurance-Cache-Level: 2
    X-nginx-cache: WordPress
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8
  • flag-us
    GET
    http://thefireservice.co.uk/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1
    IEXPLORE.EXE
    Remote address:
    173.254.30.90:80
    Request
    GET /wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: thefireservice.co.uk
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sat, 11 May 2024 04:59:51 GMT
    Server: Apache
    Upgrade: h2,h2c
    Connection: Upgrade
    Last-Modified: Tue, 30 May 2023 21:22:54 GMT
    Accept-Ranges: bytes
    Cache-Control: max-age=2592000
    Expires: Mon, 10 Jun 2024 04:59:51 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    X-Endurance-Cache-Level: 2
    X-nginx-cache: WordPress
    Transfer-Encoding: chunked
    Content-Type: text/css
  • flag-us
    GET
    http://thefireservice.co.uk/wp-content/themes/boardwalk/js/pace.js?ver=1.0.0
    IEXPLORE.EXE
    Remote address:
    173.254.30.90:80
    Request
    GET /wp-content/themes/boardwalk/js/pace.js?ver=1.0.0 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: thefireservice.co.uk
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Sat, 11 May 2024 04:59:51 GMT
    Server: Apache
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
    Vary: Accept-Encoding
    Content-Encoding: gzip
    X-Endurance-Cache-Level: 2
    X-nginx-cache: WordPress
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8
  • flag-us
    GET
    http://thefireservice.co.uk/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
    IEXPLORE.EXE
    Remote address:
    173.254.30.90:80
    Request
    GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: thefireservice.co.uk
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sat, 11 May 2024 04:59:51 GMT
    Server: Apache
    Upgrade: h2,h2c
    Connection: Upgrade
    Last-Modified: Tue, 08 Aug 2023 20:28:15 GMT
    Accept-Ranges: bytes
    Cache-Control: max-age=21600
    Expires: Sat, 11 May 2024 10:59:51 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    X-Endurance-Cache-Level: 2
    X-nginx-cache: WordPress
    Content-Length: 5422
    Content-Type: application/javascript
  • flag-us
    GET
    http://thefireservice.co.uk/wp-content/plugins/wp-automatic/js/main-front.js?ver=4.9.6
    IEXPLORE.EXE
    Remote address:
    173.254.30.90:80
    Request
    GET /wp-content/plugins/wp-automatic/js/main-front.js?ver=4.9.6 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: thefireservice.co.uk
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Sat, 11 May 2024 04:59:51 GMT
    Server: Apache
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
    Vary: Accept-Encoding
    Content-Encoding: gzip
    X-Endurance-Cache-Level: 2
    X-nginx-cache: WordPress
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8
  • flag-us
    GET
    http://thefireservice.co.uk/wp-includes/js/jquery/jquery.js?ver=1.12.4
    IEXPLORE.EXE
    Remote address:
    173.254.30.90:80
    Request
    GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: thefireservice.co.uk
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sat, 11 May 2024 04:59:51 GMT
    Server: Apache
    Upgrade: h2,h2c
    Connection: Upgrade
    Last-Modified: Tue, 07 Nov 2023 21:02:41 GMT
    Accept-Ranges: bytes
    Cache-Control: max-age=21600
    Expires: Sat, 11 May 2024 10:59:51 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    X-Endurance-Cache-Level: 2
    X-nginx-cache: WordPress
    Transfer-Encoding: chunked
    Content-Type: application/javascript
  • flag-us
    GET
    http://thefireservice.co.uk/wp-content/themes/boardwalk/js/skip-link-focus-fix.js?ver=20130115
    IEXPLORE.EXE
    Remote address:
    173.254.30.90:80
    Request
    GET /wp-content/themes/boardwalk/js/skip-link-focus-fix.js?ver=20130115 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: thefireservice.co.uk
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Sat, 11 May 2024 04:59:51 GMT
    Server: Apache
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
    Vary: Accept-Encoding
    Content-Encoding: gzip
    X-Endurance-Cache-Level: 2
    X-nginx-cache: WordPress
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8
  • flag-us
    GET
    http://thefireservice.co.uk/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0
    IEXPLORE.EXE
    Remote address:
    173.254.30.90:80
    Request
    GET /wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0 HTTP/1.1
    Accept: text/css, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: thefireservice.co.uk
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Sat, 11 May 2024 04:59:51 GMT
    Server: Apache
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
    Upgrade: h2,h2c
    Connection: Upgrade
    Vary: Accept-Encoding
    Content-Encoding: gzip
    X-Endurance-Cache-Level: 2
    X-nginx-cache: WordPress
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8
  • flag-us
    GET
    http://thefireservice.co.uk/wp-includes/js/comment-reply.min.js?ver=4.9.6
    IEXPLORE.EXE
    Remote address:
    173.254.30.90:80
    Request
    GET /wp-includes/js/comment-reply.min.js?ver=4.9.6 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: thefireservice.co.uk
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sat, 11 May 2024 04:59:52 GMT
    Server: Apache
    Upgrade: h2,h2c
    Connection: Upgrade
    Last-Modified: Tue, 24 May 2022 20:37:07 GMT
    Accept-Ranges: bytes
    Cache-Control: max-age=21600
    Expires: Sat, 11 May 2024 10:59:52 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    X-Endurance-Cache-Level: 2
    X-nginx-cache: WordPress
    Content-Length: 1477
    Content-Type: application/javascript
  • flag-us
    GET
    http://thefireservice.co.uk/wp-includes/js/wp-embed.min.js?ver=4.9.6
    IEXPLORE.EXE
    Remote address:
    173.254.30.90:80
    Request
    GET /wp-includes/js/wp-embed.min.js?ver=4.9.6 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: thefireservice.co.uk
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sat, 11 May 2024 04:59:52 GMT
    Server: Apache
    Last-Modified: Tue, 07 Nov 2023 21:02:41 GMT
    Accept-Ranges: bytes
    Cache-Control: max-age=21600
    Expires: Sat, 11 May 2024 10:59:52 GMT
    Vary: Accept-Encoding
    Content-Encoding: gzip
    X-Endurance-Cache-Level: 2
    X-nginx-cache: WordPress
    Content-Length: 692
    Content-Type: application/javascript
  • flag-us
    GET
    http://thefireservice.co.uk/wp-content/uploads/2018/07/%D9%87%D9%86%D8%A7%D9%83-%D8%B5%D8%AE%D8%B1%D8%A9-%D9%81%D9%8A-%D8%A7%D9%84%D9%8A%D8%A7%D8%A8%D8%A7%D9%86-%D8%B9%D9%84%D9%89-%D9%85%D9%86%D8%AD%D8%AF%D8%B1-%D9%83%D8%AA%D8%A8%D8%AA-%D8%B9%D9%84%D9%8A%D9%87%D8%A7-%D9%83%D9%84.jpg
    IEXPLORE.EXE
    Remote address:
    173.254.30.90:80
    Request
    GET /wp-content/uploads/2018/07/%D9%87%D9%86%D8%A7%D9%83-%D8%B5%D8%AE%D8%B1%D8%A9-%D9%81%D9%8A-%D8%A7%D9%84%D9%8A%D8%A7%D8%A8%D8%A7%D9%86-%D8%B9%D9%84%D9%89-%D9%85%D9%86%D8%AD%D8%AF%D8%B1-%D9%83%D8%AA%D8%A8%D8%AA-%D8%B9%D9%84%D9%8A%D9%87%D8%A7-%D9%83%D9%84.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: thefireservice.co.uk
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Sat, 11 May 2024 04:59:52 GMT
    Server: Apache
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
    Vary: Accept-Encoding
    Content-Encoding: gzip
    X-Endurance-Cache-Level: 2
    X-nginx-cache: WordPress
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8
  • flag-us
    GET
    http://thefireservice.co.uk/wp-content/themes/cubic/js/cubic.js?ver=20150113
    IEXPLORE.EXE
    Remote address:
    173.254.30.90:80
    Request
    GET /wp-content/themes/cubic/js/cubic.js?ver=20150113 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: thefireservice.co.uk
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Sat, 11 May 2024 04:59:52 GMT
    Server: Apache
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Link: <https://thefireservice.co.uk/wp-json/>; rel="https://api.w.org/"
    Upgrade: h2,h2c
    Connection: Upgrade
    Vary: Accept-Encoding
    Content-Encoding: gzip
    X-Endurance-Cache-Level: 2
    X-nginx-cache: WordPress
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8
  • 173.254.30.90:80
    http://thefireservice.co.uk/wp-content/themes/cubic/style.css?ver=4.9.6
    http
    IEXPLORE.EXE
    1.3kB
    27.6kB
    22
    24

    HTTP Request

    GET http://thefireservice.co.uk/wp-content/themes/cubic/style.css?ver=4.9.6

    HTTP Response

    404
  • 173.254.30.90:80
    http://thefireservice.co.uk/wp-content/themes/boardwalk/style.css?ver=4.9.6
    http
    IEXPLORE.EXE
    1.2kB
    27.5kB
    21
    23

    HTTP Request

    GET http://thefireservice.co.uk/wp-content/themes/boardwalk/style.css?ver=4.9.6

    HTTP Response

    404
  • 173.254.30.90:80
    http://thefireservice.co.uk/wp-content/themes/boardwalk/js/pace.js?ver=1.0.0
    http
    IEXPLORE.EXE
    2.2kB
    44.8kB
    34
    38

    HTTP Request

    GET http://thefireservice.co.uk/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1

    HTTP Response

    200

    HTTP Request

    GET http://thefireservice.co.uk/wp-content/themes/boardwalk/js/pace.js?ver=1.0.0

    HTTP Response

    404
  • 173.254.30.90:80
    http://thefireservice.co.uk/wp-content/plugins/wp-automatic/js/main-front.js?ver=4.9.6
    http
    IEXPLORE.EXE
    1.5kB
    22.0kB
    19
    20

    HTTP Request

    GET http://thefireservice.co.uk/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

    HTTP Response

    200

    HTTP Request

    GET http://thefireservice.co.uk/wp-content/plugins/wp-automatic/js/main-front.js?ver=4.9.6

    HTTP Response

    404
  • 173.254.30.90:80
    http://thefireservice.co.uk/wp-content/themes/boardwalk/js/skip-link-focus-fix.js?ver=20130115
    http
    IEXPLORE.EXE
    3.5kB
    142.9kB
    64
    109

    HTTP Request

    GET http://thefireservice.co.uk/wp-includes/js/jquery/jquery.js?ver=1.12.4

    HTTP Response

    200

    HTTP Request

    GET http://thefireservice.co.uk/wp-content/themes/boardwalk/js/skip-link-focus-fix.js?ver=20130115

    HTTP Response

    404
  • 173.254.30.90:80
    http://thefireservice.co.uk/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0
    http
    IEXPLORE.EXE
    1.3kB
    27.5kB
    22
    23

    HTTP Request

    GET http://thefireservice.co.uk/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0

    HTTP Response

    404
  • 173.254.30.90:80
    http://thefireservice.co.uk/wp-content/uploads/2018/07/%D9%87%D9%86%D8%A7%D9%83-%D8%B5%D8%AE%D8%B1%D8%A9-%D9%81%D9%8A-%D8%A7%D9%84%D9%8A%D8%A7%D8%A8%D8%A7%D9%86-%D8%B9%D9%84%D9%89-%D9%85%D9%86%D8%AD%D8%AF%D8%B1-%D9%83%D8%AA%D8%A8%D8%AA-%D8%B9%D9%84%D9%8A%D9%87%D8%A7-%D9%83%D9%84.jpg
    http
    IEXPLORE.EXE
    2.2kB
    30.6kB
    25
    28

    HTTP Request

    GET http://thefireservice.co.uk/wp-includes/js/comment-reply.min.js?ver=4.9.6

    HTTP Response

    200

    HTTP Request

    GET http://thefireservice.co.uk/wp-includes/js/wp-embed.min.js?ver=4.9.6

    HTTP Response

    200

    HTTP Request

    GET http://thefireservice.co.uk/wp-content/uploads/2018/07/%D9%87%D9%86%D8%A7%D9%83-%D8%B5%D8%AE%D8%B1%D8%A9-%D9%81%D9%8A-%D8%A7%D9%84%D9%8A%D8%A7%D8%A8%D8%A7%D9%86-%D8%B9%D9%84%D9%89-%D9%85%D9%86%D8%AD%D8%AF%D8%B1-%D9%83%D8%AA%D8%A8%D8%AA-%D8%B9%D9%84%D9%8A%D9%87%D8%A7-%D9%83%D9%84.jpg

    HTTP Response

    404
  • 173.254.30.90:80
    http://thefireservice.co.uk/wp-content/themes/cubic/js/cubic.js?ver=20150113
    http
    IEXPLORE.EXE
    1.3kB
    27.5kB
    22
    23

    HTTP Request

    GET http://thefireservice.co.uk/wp-content/themes/cubic/js/cubic.js?ver=20150113

    HTTP Response

    404
  • 173.254.30.90:80
    thefireservice.co.uk
    IEXPLORE.EXE
    242 B
    144 B
    5
    3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
    7.7kB
    10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
    7.7kB
    10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    831 B
    7.7kB
    10
    13
  • 8.8.8.8:53
    thefireservice.co.uk
    dns
    IEXPLORE.EXE
    66 B
    82 B
    1
    1

    DNS Request

    thefireservice.co.uk

    DNS Response

    173.254.30.90

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0431f6e5ab06fb350f2ba2871142d2c6

    SHA1

    266ad71ee2e6dfba5fd57add96bb982274ffe41b

    SHA256

    25fecbef4c54e3ec7ad04c4217b738f8737b3ee15d6a7ae746ec3e596a48d449

    SHA512

    f1e5dfd41d257e56d397e3044c3f9ae29148590ab840f5af78b656c174e85285efbc6e69d94397fdd00df0ef599b0a21718f31fdf5dd21dd53367e8d06d081e7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    57371df5710bdaac40b09b3836d92a15

    SHA1

    26e9e0ab5b8a6de32298227acdd11a3d85a74bd9

    SHA256

    540432dc8187c646f1091d204c011c23d87f4ac0af5f373139f9bf9910325033

    SHA512

    a424f262ff809f04c265ff94013577781b61d88034edd1aa7443aaf8c95e44c1ea0d4ba12f194ad16ed025604137dfb9c7566c7ace68b0438264a7a9fa8a6cc2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6c7471ea682d34991cb595d85e2ac53e

    SHA1

    c2ceb3d273f8f77204e22d56dada398250f4815c

    SHA256

    6dc0dcdeff363d478ec4c95bcc848546f6d0ca56284724333331876572bccca6

    SHA512

    4674f8a0a81eb658a0ca19809d1912f2601a21c7a410a9745c754ec510a9f884e740163ad4565d357540452bf26dc5ff38e7ab3946dc1183b68889edff6a0fc1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3c07b380ef133e9087f1a9e5dc97f54f

    SHA1

    65ffd6c733917e93d2862b24e6eb21467191b6e1

    SHA256

    c80ced1f2c78b839dc8a01ba73e7a104c5b4d058d3990e16b76d84a82b7f2c6a

    SHA512

    476c9f60aa6ea18d343cb9be8109685ada886c3b1b8a26b72c6aae754fc4d7b1ec55927d05df53c640fa9b2a67890b40d08a90a4a6d8ab5a614427f154d04011

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    84fd815608e9a33b44dd27f7ff1194e3

    SHA1

    3dcbb24f80e5aaaf2229ecd28b83c4a256bbbe9c

    SHA256

    877c9f8abb87a3539339c27be39dbee0cc69a1fc16673b3f2a263a2b0f460bc0

    SHA512

    51c5c7f2a16e23ec60bc17eaa5481d51736613fbf55c15717e7e3c7d05756c3597510af46afe287575b16477912fd264f740e26a86a1360f97bb32db59251e06

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    853dac15c0a71737613858f979212bfc

    SHA1

    564b22987658bce8b489bb8fe0866967a38658ea

    SHA256

    afed2c0bfe2705980a590186ca6d3c17af458e85fbcd450e9d090bfe4adf0d0f

    SHA512

    132ab89491fe1eda9820e9b6c22b67d5a7fa68e5bbbef0311cebc73ef6f1ea565aa6847367af85ea6a42ad5c11f835c3d0dc1563e182afb4a59c885ef0f1a531

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    81aba972dcfef203056346fd92086700

    SHA1

    87a284312105c7b6bc4d72dee72144ee0cf1e9ab

    SHA256

    21f522e073db963ac59b72e5b719cee36858b7c81f8a4aa1e1e757fa1bc66192

    SHA512

    59a457e638f3262ae539e7505014d38d6ea9112a41cb0716534473f803c96a0e269ccba7a8f5d357bdc684f0f7a34e63d17e6787afa349034a1b92c13ce4f5de

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    84d84c6ddfddfa4b1a6b108cf12f3693

    SHA1

    2cecf41705d32d27ebb36645e4fb7e255ec18428

    SHA256

    1034c53c76d1837c70f0e5ed1a0aea068013f53783f65c90af07af7ee315c86f

    SHA512

    38e609cbd4d03963000379d345a93d79bd9d850ba728725a4aff48b73a8277d8ab4fd0138f49002a22496ef87dd12f93e2360881474e3a82b8dcb1d91c85d6ee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cebb30a585332fc7ea3e01931b7a9386

    SHA1

    e95c8f46d686a5c804c999e53ce4437333b0fe8d

    SHA256

    f806062191fbe3185c6ea6b642fa178bdffa51fea4a72a8d53b7044138aadd62

    SHA512

    2297d4df6e327d22d9fd72f887bdde29faf814ffb73306d114d343a76c6f4dd5213be071655632b591797249c6a5c003bb1d1252626e60131a9fdd9af16b817d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5b65ebfee6cd48c8c430565d387f14bd

    SHA1

    8bb4f45dc924338784aeacc37b178d76467701fb

    SHA256

    8126f2f321f3d6fcd8468e633b05d6aed1f8e878c0441bdfa18f5a91caa1bf0e

    SHA512

    337bb7d03a3c8326d13998012dfd524ee2ce340e74159df9c1248bd6b58c8257dc2fe6c44f992dcffc3af2ccd8df78d4e88111b1dcaf66f5fec754c3ff48cf75

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a6f81548939b2bd25f876212f338f296

    SHA1

    329c4451311ea88de0a39e4b43e57b9dff65e964

    SHA256

    f17c2f6e15360a43659b9d9db689334405a8e16841e96aa95d49127fc9f40ea2

    SHA512

    c147889be4fb4797d01a8101202194baf4174e8f9542a621142974820db675264578d67f9629bc54a3ead1f6a3dbd4480183059a9e96ec981d0ca1abfd555a02

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8358a4013ed8915693f2d7c969c8e4f8

    SHA1

    fb92d471db808f9fa37f7940d2bd78a9fcf67da9

    SHA256

    1bbbdc700ff88ef9d341e557c0d7e701e50a229d96ca117b1a9541c014f09c8c

    SHA512

    8850f9113d61d8c2aae0f443311d19dd5809564fd0f4d820b9031721b23a0cbba869caf7d5427495a0fc00b35166bf12344998127d44bebdad4b939293ad3e09

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1abdac9584aec9adbb1dbf7628aeec89

    SHA1

    901ff6dae5bed2ff4076930e0114e075907393fd

    SHA256

    1229b6564117ad7abadde01d1e0b970283d2d8acfbec2e3037147de17360619a

    SHA512

    9688ab040523cef1130f6ca4b021918db1dffc063a75c24040d7db4734c01de33e8b5811be609eeda4902f40af719bea04dffa6dff012de48f7efc14cf4b4bb8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dcedbc88ee23f54fd524074f9624af72

    SHA1

    2f85f6a4251b453cb72b031b4b3f8d12d3b8be57

    SHA256

    1cc30992acaf02c7f063aedb974425a28f3b6cdc543fd76d32b896d45cc23185

    SHA512

    24000d431ef897c25fd1d3fe023feb7ea1634c3d6cef735d9acb6ac7d7e3cfacf9f304e8dcc58fee2c3fa1f332bcab77521eb8be83714947a8c64b42602ab250

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    97a51e6e69721c8606d003c48fea95ee

    SHA1

    2578161a83f1e48b919b055935776f5c27fa130d

    SHA256

    a13b9cc7c1f589835464ce3851c8d044ce26b28b4285b7d726994907ec5de0ef

    SHA512

    d7739ac7aba9916cd71c91a57784b4cde91ac5301d86a73cd0719e60608654c032509ba71f0a69ef010823b8ed8c9c15793b5af65a793bce84bba19150e63fc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7e935db94b21e480a1057e8d8f296ee3

    SHA1

    54a986e6af9db8fd6d81f34bed79cfa904bd0a1b

    SHA256

    0d91e81590d08e2115c408abc1eb531603c4a425331f8bc9009ef7885a4f9992

    SHA512

    945c719f420072c406ba34e1fd9aed3973a3dd0a4a3c02d049fe26c98bfefe89d21d4747ba0e851debd429472a978141c901cb71f11172272d012d1a84369cc4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c09b845d7b2d7d577734c054e87e9bbd

    SHA1

    8e86ff7f108a02ea3010d7df4c957c5494554463

    SHA256

    e79856d0265af4a5505093669b34ed6a8591c1955b4387a87caf4680f0ede426

    SHA512

    133ad6f630ff2de01dca8bbda30a0badd097dc32451c2f1a948deb6853d64d36ef9d70c93f087881c5041a9f3edf9889902193e44f4df9101fcba9ce6fb3aad7

  • C:\Users\Admin\AppData\Local\Temp\Cab3278.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar3279.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.