Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

786558b01d...8.html

windows7-x64

1

786558b01d...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/05/2024, 07:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    786558b01d3400c1c7f47015e45e5d4b_JaffaCakes118.html

  • Size

    214KB

  • MD5

    786558b01d3400c1c7f47015e45e5d4b

  • SHA1

    e1f81f314e89078578a8bb0656dfee8e95ebf1b2

  • SHA256

    5cecc6a477931f2696851ca8f5691371f5df9da110a30c4c4b5e4c8f0ea96fea

  • SHA512

    9d5d590be5df9291399a00e80f724e899e7afa80a8146ea4398c3375a63ccaa9a67429499b5c359b88a29e7bda4e205ac1a3b33c5676ae2260bb45ffc13c285c

  • SSDEEP

    3072:IrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJU:Qz9VxLY7iAVLTBQJlU

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\786558b01d3400c1c7f47015e45e5d4b_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0ef46f8,0x7ff8c0ef4708,0x7ff8c0ef4718
      2⤵
        PID:3096
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11152578696064985483,18184299494449322754,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        2⤵
          PID:3516
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,11152578696064985483,18184299494449322754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3132
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,11152578696064985483,18184299494449322754,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
          2⤵
            PID:3608
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11152578696064985483,18184299494449322754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
            2⤵
              PID:1724
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11152578696064985483,18184299494449322754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
              2⤵
                PID:436
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11152578696064985483,18184299494449322754,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4964
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:3236
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:5052

                Network

                • flag-us
                  DNS
                  133.211.185.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  133.211.185.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  s22.cnzz.com
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  s22.cnzz.com
                  IN A
                  Response
                  s22.cnzz.com
                  IN CNAME
                  c.cnzz.com
                  c.cnzz.com
                  IN CNAME
                  all.cnzz.com.danuoyi.tbcache.com
                  all.cnzz.com.danuoyi.tbcache.com
                  IN A
                  220.185.168.234
                • flag-us
                  DNS
                  0.159.190.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  0.159.190.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  25.24.18.2.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  25.24.18.2.in-addr.arpa
                  IN PTR
                  Response
                  25.24.18.2.in-addr.arpa
                  IN PTR
                  a2-18-24-25deploystaticakamaitechnologiescom
                • flag-nl
                  GET
                  https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                  Remote address:
                  23.62.61.168:443
                  Request
                  GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
                  host: www.bing.com
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-type: image/png
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  content-length: 1107
                  date: Mon, 27 May 2024 07:45:21 GMT
                  alt-svc: h3=":443"; ma=93600
                  x-cdn-traceid: 0.a43d3e17.1716795921.95ae1db
                • flag-us
                  DNS
                  168.61.62.23.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  168.61.62.23.in-addr.arpa
                  IN PTR
                  Response
                  168.61.62.23.in-addr.arpa
                  IN PTR
                  a23-62-61-168deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  196.249.167.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  196.249.167.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  push.zhanzhang.baidu.com
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  push.zhanzhang.baidu.com
                  IN A
                  Response
                  push.zhanzhang.baidu.com
                  IN CNAME
                  share.jomodns.com
                  share.jomodns.com
                  IN CNAME
                  share.n.shifen.com
                  share.n.shifen.com
                  IN A
                  163.177.17.97
                  share.n.shifen.com
                  IN A
                  180.101.212.103
                  share.n.shifen.com
                  IN A
                  182.61.201.93
                  share.n.shifen.com
                  IN A
                  182.61.201.94
                  share.n.shifen.com
                  IN A
                  182.61.244.229
                  share.n.shifen.com
                  IN A
                  14.215.182.161
                  share.n.shifen.com
                  IN A
                  39.156.68.163
                  share.n.shifen.com
                  IN A
                  112.34.113.148
                • flag-us
                  DNS
                  50.23.12.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  50.23.12.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  198.187.3.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  198.187.3.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  43.58.199.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  43.58.199.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  14.227.111.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  14.227.111.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  tse1.mm.bing.net
                  Remote address:
                  8.8.8.8:53
                  Request
                  tse1.mm.bing.net
                  IN A
                  Response
                  tse1.mm.bing.net
                  IN CNAME
                  mm-mm.bing.net.trafficmanager.net
                  mm-mm.bing.net.trafficmanager.net
                  IN CNAME
                  dual-a-0001.a-msedge.net
                  dual-a-0001.a-msedge.net
                  IN A
                  204.79.197.200
                  dual-a-0001.a-msedge.net
                  IN A
                  13.107.21.200
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 659775
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 5BB5962FC40B47A4820AC5E33C6D3C7C Ref B: LON04EDGE0821 Ref C: 2024-05-27T07:46:59Z
                  date: Mon, 27 May 2024 07:46:59 GMT
                • flag-us
                  GET
                  https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                  host: tse1.mm.bing.net
                  accept: */*
                  accept-encoding: gzip, deflate, br
                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                  Response
                  HTTP/2.0 200
                  cache-control: public, max-age=2592000
                  content-length: 621794
                  content-type: image/jpeg
                  x-cache: TCP_HIT
                  access-control-allow-origin: *
                  access-control-allow-headers: *
                  access-control-allow-methods: GET, POST, OPTIONS
                  timing-allow-origin: *
                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 3C2C8B0B075D4C88963D19203925AFC3 Ref B: LON04EDGE0821 Ref C: 2024-05-27T07:46:59Z
                  date: Mon, 27 May 2024 07:46:59 GMT
                • flag-us
                  DNS
                  57.169.31.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  57.169.31.20.in-addr.arpa
                  IN PTR
                  Response
                • 220.185.168.234:443
                  s22.cnzz.com
                  msedge.exe
                  260 B
                   5
                • 220.185.168.234:443
                  s22.cnzz.com
                  msedge.exe
                  260 B
                   5
                • 23.62.61.168:443
                  https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                  tls, http2
                  1.4kB
                   6.3kB
                   15
                  11

                  HTTP Request

                  GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

                  HTTP Response

                  200
                • 163.177.17.97:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 163.177.17.97:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 180.101.212.103:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 180.101.212.103:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 182.61.201.93:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 182.61.201.93:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 182.61.201.94:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 182.61.201.94:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 204.79.197.200:443
                  https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                  tls, http2
                  48.1kB
                   1.3MB
                   986
                  983

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                  HTTP Request

                  GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                  HTTP Response

                  200

                  HTTP Response

                  200
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls, http2
                  1.2kB
                   8.1kB
                   16
                  14
                • 182.61.244.229:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 182.61.244.229:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 14.215.182.161:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 14.215.182.161:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 39.156.68.163:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  52 B
                   1
                • 39.156.68.163:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  52 B
                   1
                • 8.8.8.8:53
                  133.211.185.52.in-addr.arpa
                  dns
                  73 B
                   147 B
                   1
                  1

                  DNS Request

                  133.211.185.52.in-addr.arpa

                • 8.8.8.8:53
                  s22.cnzz.com
                  dns
                  msedge.exe
                  58 B
                   133 B
                   1
                  1

                  DNS Request

                  s22.cnzz.com

                  DNS Response

                  220.185.168.234

                • 8.8.8.8:53
                  0.159.190.20.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  0.159.190.20.in-addr.arpa

                • 8.8.8.8:53
                  25.24.18.2.in-addr.arpa
                  dns
                  69 B
                   131 B
                   1
                  1

                  DNS Request

                  25.24.18.2.in-addr.arpa

                • 8.8.8.8:53
                  168.61.62.23.in-addr.arpa
                  dns
                  71 B
                   135 B
                   1
                  1

                  DNS Request

                  168.61.62.23.in-addr.arpa

                • 224.0.0.251:5353
                  316 B
                   5
                • 8.8.8.8:53
                  196.249.167.52.in-addr.arpa
                  dns
                  73 B
                   147 B
                   1
                  1

                  DNS Request

                  196.249.167.52.in-addr.arpa

                • 8.8.8.8:53
                  push.zhanzhang.baidu.com
                  dns
                  msedge.exe
                  70 B
                   255 B
                   1
                  1

                  DNS Request

                  push.zhanzhang.baidu.com

                  DNS Response

                  163.177.17.97
                  180.101.212.103
                  182.61.201.93
                  182.61.201.94
                  182.61.244.229
                  14.215.182.161
                  39.156.68.163
                  112.34.113.148

                • 8.8.8.8:53
                  50.23.12.20.in-addr.arpa
                  dns
                  70 B
                   156 B
                   1
                  1

                  DNS Request

                  50.23.12.20.in-addr.arpa

                • 8.8.8.8:53
                  198.187.3.20.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  198.187.3.20.in-addr.arpa

                • 8.8.8.8:53
                  43.58.199.20.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  43.58.199.20.in-addr.arpa

                • 8.8.8.8:53
                  14.227.111.52.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  14.227.111.52.in-addr.arpa

                • 8.8.8.8:53
                  tse1.mm.bing.net
                  dns
                  62 B
                   173 B
                   1
                  1

                  DNS Request

                  tse1.mm.bing.net

                  DNS Response

                  204.79.197.200
                  13.107.21.200

                • 8.8.8.8:53
                  57.169.31.20.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  57.169.31.20.in-addr.arpa

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  ce4c898f8fc7601e2fbc252fdadb5115

                  SHA1

                  01bf06badc5da353e539c7c07527d30dccc55a91

                  SHA256

                  bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

                  SHA512

                  80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  4158365912175436289496136e7912c2

                  SHA1

                  813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

                  SHA256

                  354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

                  SHA512

                  74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  19ab6747480df5f8ffd153337607ad76

                  SHA1

                  4de9fd4901e1ee85bc917c7e2c9d86db93fd8651

                  SHA256

                  88d7ce5618e46cfe2c17e5d844458a1c0ec2663c01025e27f22d4c721da5d01a

                  SHA512

                  66b1c824f48ac59df1aa152429005c3480603a2b35777b6b24931945764177c62112cd66f29342d9d7fbf768e934d1bae6d53129375a70592cb941575badb5bb

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  f31aff3e9f3a77429724f51bc126feb9

                  SHA1

                  b01e63b9e2aefe5ee6825a5cc469ec929fb173d4

                  SHA256

                  ee3cccecb5ed268f6348614ea7b596ab91cda1daa3e0c088dea12605b49cf0fd

                  SHA512

                  c57d2f9627b213594d90afc1ce03844b19a678fb57b85e2f3794ee7ebbb99f2110ea8bc2369cb36e8992b6031e2125c469941da5d03de394d0dec647217dd2d8

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  c7709359db638c4fa1e00148e8cb1e2a

                  SHA1

                  35a51588f56666a385b3ba56717314d7509237ce

                  SHA256

                  bb024ff401fa07669fa21f765723a0e2a18ea34c18fe83a10dbdd6edbe26679a

                  SHA512

                  7b275ae880eab6ed71280ba0fc333655cb02204a960eac0d67b59e9a8104bab4b957e767ecc1e56eb656b20e2eb046baaf2757bb8561f0a60ec98a34cdae2ddf

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  11KB

                  MD5

                  2c82bb730352ca7a382a6f46cd5246ba

                  SHA1

                  134f088795a6f3878cb115aeade452171dee1138

                  SHA256

                  b1b1ad89a2eddc6b80ed74e72fb525dcec515547007bc5965c893ff09960d2b5

                  SHA512

                  ef39bd5a78211c0d20ae323e4f5749a52ce8cca42041c3b3a8263f70e9e310d14fb3451283011fec9053a26be32a98d4b78db9888a32d3e866353561f3bccc01

                  Download Submit

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.