Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 09:23 UTC

General

  • Target

    803f33a554c533ee447a893d89f0c88c_JaffaCakes118.html

  • Size

    87KB

  • MD5

    803f33a554c533ee447a893d89f0c88c

  • SHA1

    33a8e698e6253e2d15929d6e18e313e33820a574

  • SHA256

    0273fcd532377fc0c41457908dd2278eba43e1efd4182db248cc22a015cca7a2

  • SHA512

    a13365f3e4c7d694e987a4e43835454ad4b2f8e2019264f6cb7f1ff72e469a35319bf6b83c4adde1cac1e76ebd562f0aaf649c63efe834bd1644b6be5929fd41

  • SSDEEP

    1536:SEQOkFWYNPfmhvXFGIrhlg2kKkVocxRe5gm8W7/foBy:SJWrhlgTw5j

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\803f33a554c533ee447a893d89f0c88c_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffea93746f8,0x7ffea9374708,0x7ffea9374718
      2⤵
        PID:2632
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
        2⤵
          PID:848
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1664
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
          2⤵
            PID:924
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
            2⤵
              PID:3000
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
              2⤵
                PID:4036
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
                2⤵
                  PID:1140
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
                  2⤵
                    PID:4216
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
                    2⤵
                      PID:4940
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3348
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
                      2⤵
                        PID:1004
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
                        2⤵
                          PID:232
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
                          2⤵
                            PID:4248
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
                            2⤵
                              PID:1268
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2448
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4048
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:1716

                              Network

                              • flag-us
                                DNS
                                149.220.183.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                149.220.183.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                www.parfemika.sk
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                www.parfemika.sk
                                IN A
                                Response
                              • flag-us
                                DNS
                                www.parfemika.sk
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                www.parfemika.sk
                                IN A
                                Response
                              • flag-us
                                DNS
                                71.31.126.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                71.31.126.40.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                p1.naj.sk
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                p1.naj.sk
                                IN A
                                Response
                              • flag-us
                                DNS
                                www.satelit-tv.sk
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                www.satelit-tv.sk
                                IN A
                                Response
                                www.satelit-tv.sk
                                IN A
                                93.184.65.149
                              • flag-sk
                                GET
                                http://www.satelit-tv.sk//Data/1364/UserFiles/ilustracne/zehliaca-doska-210.jpg
                                msedge.exe
                                Remote address:
                                93.184.65.149:80
                                Request
                                GET //Data/1364/UserFiles/ilustracne/zehliaca-doska-210.jpg HTTP/1.1
                                Host: www.satelit-tv.sk
                                Connection: keep-alive
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                DNT: 1
                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                Accept-Encoding: gzip, deflate
                                Accept-Language: en-US,en;q=0.9
                                Response
                                HTTP/1.1 200 OK
                                content-type: image/jpeg
                                accept-ranges: bytes
                                etag: "2189748648"
                                last-modified: Mon, 23 May 2016 12:51:19 GMT
                                expires: Sat, 24 May 2025 09:23:23 GMT
                                cache-control: max-age=31104000
                                content-length: 5158
                                date: Wed, 29 May 2024 09:23:23 GMT
                                server: Apache-uni2
                                set-cookie: SERVERID=2; path=/
                                cache-control: private
                              • flag-sk
                                GET
                                http://www.satelit-tv.sk//Data/1364/UserFiles/ilustracne/plastovy-nabytok-210.jpg
                                msedge.exe
                                Remote address:
                                93.184.65.149:80
                                Request
                                GET //Data/1364/UserFiles/ilustracne/plastovy-nabytok-210.jpg HTTP/1.1
                                Host: www.satelit-tv.sk
                                Connection: keep-alive
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                DNT: 1
                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                Accept-Encoding: gzip, deflate
                                Accept-Language: en-US,en;q=0.9
                                Response
                                HTTP/1.1 200 OK
                                content-type: image/jpeg
                                accept-ranges: bytes
                                etag: "868540460"
                                last-modified: Mon, 23 May 2016 12:51:19 GMT
                                expires: Sat, 24 May 2025 09:23:23 GMT
                                cache-control: max-age=31104000
                                content-length: 4773
                                date: Wed, 29 May 2024 09:23:23 GMT
                                server: Apache-uni1
                                set-cookie: SERVERID=1; path=/
                                cache-control: private
                              • flag-fr
                                GET
                                http://www.google-analytics.com/ga.js
                                msedge.exe
                                Remote address:
                                142.250.75.238:80
                                Request
                                GET /ga.js HTTP/1.1
                                Host: www.google-analytics.com
                                Connection: keep-alive
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                Intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
                                DNT: 1
                                Accept: */*
                                Accept-Encoding: gzip, deflate
                                Accept-Language: en-US,en;q=0.9
                                Response
                                HTTP/1.1 200 OK
                                Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
                                X-Content-Type-Options: nosniff
                                Content-Encoding: gzip
                                Cross-Origin-Resource-Policy: cross-origin
                                Server: Golfe2
                                Content-Length: 17168
                                Date: Wed, 29 May 2024 07:43:01 GMT
                                Expires: Wed, 29 May 2024 09:43:01 GMT
                                Cache-Control: public, max-age=7200
                                Age: 6022
                                Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
                                Content-Type: text/javascript
                                Vary: Accept-Encoding
                              • flag-us
                                DNS
                                toplist.sk
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                toplist.sk
                                IN A
                                Response
                                toplist.sk
                                IN A
                                88.86.101.4
                              • flag-cz
                                GET
                                http://toplist.sk/count.asp?id=1217471&logo=text&start=9526
                                msedge.exe
                                Remote address:
                                88.86.101.4:80
                                Request
                                GET /count.asp?id=1217471&logo=text&start=9526 HTTP/1.1
                                Host: toplist.sk
                                Connection: keep-alive
                                Upgrade-Insecure-Requests: 1
                                DNT: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                Accept-Encoding: gzip, deflate
                                Accept-Language: en-US,en;q=0.9
                                Response
                                HTTP/1.1 301 Moved Permanently
                                Content-length: 0
                                Location: https://toplist.sk/count.asp?id=1217471&logo=text&start=9526
                              • flag-cz
                                GET
                                https://toplist.sk/count.asp?id=1217471&logo=text&start=9526
                                msedge.exe
                                Remote address:
                                88.86.101.4:443
                                Request
                                GET /count.asp?id=1217471&logo=text&start=9526 HTTP/2.0
                                host: toplist.sk
                                upgrade-insecure-requests: 1
                                dnt: 1
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                sec-fetch-site: cross-site
                                sec-fetch-mode: navigate
                                sec-fetch-dest: iframe
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                sec-ch-ua-mobile: ?0
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                date: Wed, 29 May 2024 09:23:24 GMT
                                server: Apache/2.4.29 (Ubuntu) mod_fcgid/2.3.9
                                pragma: no-cache
                                cache-control: private,no-cache,no-store,must-revalidate,max-age=0
                                expires: Thu, 01 Dec 1994 16:00:00 GMT
                                p3p: CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI"
                                x-w: 9
                                content-type: text/html; charset=utf-8
                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                              • flag-us
                                DNS
                                149.65.184.93.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                149.65.184.93.in-addr.arpa
                                IN PTR
                                Response
                                149.65.184.93.in-addr.arpa
                                IN CNAME
                                149.128/27.65.184.93.in-addr.arpa
                              • flag-us
                                DNS
                                238.75.250.142.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                238.75.250.142.in-addr.arpa
                                IN PTR
                                Response
                                238.75.250.142.in-addr.arpa
                                IN PTR
                                par10s41-in-f141e100net
                              • flag-us
                                DNS
                                4.101.86.88.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                4.101.86.88.in-addr.arpa
                                IN PTR
                                Response
                                4.101.86.88.in-addr.arpa
                                IN PTR
                                www3toplistcz
                              • flag-us
                                DNS
                                58.55.71.13.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                58.55.71.13.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                86.23.85.13.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                86.23.85.13.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                198.187.3.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                198.187.3.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                25.140.123.92.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                25.140.123.92.in-addr.arpa
                                IN PTR
                                Response
                                25.140.123.92.in-addr.arpa
                                IN PTR
                                a92-123-140-25deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                31.243.111.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                31.243.111.52.in-addr.arpa
                                IN PTR
                                Response
                              • 93.184.65.149:80
                                http://www.satelit-tv.sk//Data/1364/UserFiles/ilustracne/zehliaca-doska-210.jpg
                                http
                                msedge.exe
                                816 B
                                5.9kB
                                9
                                9

                                HTTP Request

                                GET http://www.satelit-tv.sk//Data/1364/UserFiles/ilustracne/zehliaca-doska-210.jpg

                                HTTP Response

                                200
                              • 93.184.65.149:80
                                http://www.satelit-tv.sk//Data/1364/UserFiles/ilustracne/plastovy-nabytok-210.jpg
                                http
                                msedge.exe
                                772 B
                                5.5kB
                                8
                                8

                                HTTP Request

                                GET http://www.satelit-tv.sk//Data/1364/UserFiles/ilustracne/plastovy-nabytok-210.jpg

                                HTTP Response

                                200
                              • 142.250.75.238:80
                                http://www.google-analytics.com/ga.js
                                http
                                msedge.exe
                                1.0kB
                                18.4kB
                                13
                                18

                                HTTP Request

                                GET http://www.google-analytics.com/ga.js

                                HTTP Response

                                200
                              • 88.86.101.4:80
                                http://toplist.sk/count.asp?id=1217471&logo=text&start=9526
                                http
                                msedge.exe
                                805 B
                                337 B
                                7
                                5

                                HTTP Request

                                GET http://toplist.sk/count.asp?id=1217471&logo=text&start=9526

                                HTTP Response

                                301
                              • 88.86.101.4:443
                                https://toplist.sk/count.asp?id=1217471&logo=text&start=9526
                                tls, http2
                                msedge.exe
                                1.7kB
                                4.8kB
                                12
                                13

                                HTTP Request

                                GET https://toplist.sk/count.asp?id=1217471&logo=text&start=9526

                                HTTP Response

                                200
                              • 8.8.8.8:53
                                149.220.183.52.in-addr.arpa
                                dns
                                73 B
                                147 B
                                1
                                1

                                DNS Request

                                149.220.183.52.in-addr.arpa

                              • 8.8.8.8:53
                                www.parfemika.sk
                                dns
                                msedge.exe
                                124 B
                                244 B
                                2
                                2

                                DNS Request

                                www.parfemika.sk

                                DNS Request

                                www.parfemika.sk

                              • 8.8.8.8:53
                                71.31.126.40.in-addr.arpa
                                dns
                                71 B
                                157 B
                                1
                                1

                                DNS Request

                                71.31.126.40.in-addr.arpa

                              • 8.8.8.8:53
                                p1.naj.sk
                                dns
                                msedge.exe
                                55 B
                                112 B
                                1
                                1

                                DNS Request

                                p1.naj.sk

                              • 8.8.8.8:53
                                www.satelit-tv.sk
                                dns
                                msedge.exe
                                63 B
                                79 B
                                1
                                1

                                DNS Request

                                www.satelit-tv.sk

                                DNS Response

                                93.184.65.149

                              • 8.8.8.8:53
                                toplist.sk
                                dns
                                msedge.exe
                                56 B
                                72 B
                                1
                                1

                                DNS Request

                                toplist.sk

                                DNS Response

                                88.86.101.4

                              • 8.8.8.8:53
                                149.65.184.93.in-addr.arpa
                                dns
                                72 B
                                159 B
                                1
                                1

                                DNS Request

                                149.65.184.93.in-addr.arpa

                              • 8.8.8.8:53
                                238.75.250.142.in-addr.arpa
                                dns
                                73 B
                                112 B
                                1
                                1

                                DNS Request

                                238.75.250.142.in-addr.arpa

                              • 8.8.8.8:53
                                4.101.86.88.in-addr.arpa
                                dns
                                70 B
                                99 B
                                1
                                1

                                DNS Request

                                4.101.86.88.in-addr.arpa

                              • 224.0.0.251:5353
                                578 B
                                9
                              • 8.8.8.8:53
                                58.55.71.13.in-addr.arpa
                                dns
                                70 B
                                144 B
                                1
                                1

                                DNS Request

                                58.55.71.13.in-addr.arpa

                              • 8.8.8.8:53
                                86.23.85.13.in-addr.arpa
                                dns
                                70 B
                                144 B
                                1
                                1

                                DNS Request

                                86.23.85.13.in-addr.arpa

                              • 8.8.8.8:53
                                198.187.3.20.in-addr.arpa
                                dns
                                71 B
                                157 B
                                1
                                1

                                DNS Request

                                198.187.3.20.in-addr.arpa

                              • 8.8.8.8:53
                                25.140.123.92.in-addr.arpa
                                dns
                                72 B
                                137 B
                                1
                                1

                                DNS Request

                                25.140.123.92.in-addr.arpa

                              • 8.8.8.8:53
                                31.243.111.52.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                31.243.111.52.in-addr.arpa

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                4f7152bc5a1a715ef481e37d1c791959

                                SHA1

                                c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

                                SHA256

                                704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

                                SHA512

                                2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                ea98e583ad99df195d29aa066204ab56

                                SHA1

                                f89398664af0179641aa0138b337097b617cb2db

                                SHA256

                                a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

                                SHA512

                                e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                178B

                                MD5

                                14cde357ea467a6e1f4c6a506f621c9c

                                SHA1

                                7ab31693f88014419a83ce890799d91900a1eacf

                                SHA256

                                77bdda060796e4a725f6e7203d93ff8c1816adbbcb9cfae4a04c5eab9fa03557

                                SHA512

                                a96e2fd9d21049020dc9ff2c31fc7012c72afdb515dd66814a006c3472d82c128cddd6ee04f79380ff27e898dc927f87f7151df51176e964f6d8208056d7ecc8

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                dfe1c9852e216bfc611ec852b5da1131

                                SHA1

                                3f8c17e92f83f17defd73c2fcdb3fa4e6bddb74b

                                SHA256

                                3691a16642140352cbda59f1ae68f962466d724651062d649ddc3022703c4cda

                                SHA512

                                13029a0d87358fadee033acb5df5fecce5b20e3985d38e90e9fb16fce7f075f75a9273be0cc21818f6e25d0fd25ff5b9d84f9a5ef7818d22b0b6799d42519bf0

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                05454431f4d440663a8047d350dc76cd

                                SHA1

                                f45bb1d09d967a5fb0f485bbf06c41cae84ed8fa

                                SHA256

                                72812ca5686213833769fee7c757a56a10e0228e21685e01207cc4eb37b4ef17

                                SHA512

                                a6b5d89f4442bc54cd4954f467c7956305e0352ab374f2a84a3c75995dd446ede012f76c4976acedeb1c9d07b0cf74a225d32fc9c73a4048d6ba8213fb9edd02

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                Filesize

                                10KB

                                MD5

                                e5a7b2b32132c10aa8848f4e00555684

                                SHA1

                                48e8fb8ffe9eb3c7e0b03bb16d43ac1b37f5b96b

                                SHA256

                                26705d69893d441dc0048e319caa6b485fe85088fa3191b50811030b16c42c07

                                SHA512

                                bb93973b7fcdd12c93f34e96037cd8bfb91ef707a996c98bc3332446ed7d3a40d16fe6dc435db58994e4d7c8e431dc187426f5a21ab9012e996b2829f577c8d7

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.