Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 09:23 UTC
Static task
static1
Behavioral task
behavioral1
Sample
803f33a554c533ee447a893d89f0c88c_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
803f33a554c533ee447a893d89f0c88c_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
803f33a554c533ee447a893d89f0c88c_JaffaCakes118.html
-
Size
87KB
-
MD5
803f33a554c533ee447a893d89f0c88c
-
SHA1
33a8e698e6253e2d15929d6e18e313e33820a574
-
SHA256
0273fcd532377fc0c41457908dd2278eba43e1efd4182db248cc22a015cca7a2
-
SHA512
a13365f3e4c7d694e987a4e43835454ad4b2f8e2019264f6cb7f1ff72e469a35319bf6b83c4adde1cac1e76ebd562f0aaf649c63efe834bd1644b6be5929fd41
-
SSDEEP
1536:SEQOkFWYNPfmhvXFGIrhlg2kKkVocxRe5gm8W7/foBy:SJWrhlgTw5j
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1664 msedge.exe 1664 msedge.exe 2364 msedge.exe 2364 msedge.exe 3348 identity_helper.exe 3348 identity_helper.exe 2448 msedge.exe 2448 msedge.exe 2448 msedge.exe 2448 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2364 wrote to memory of 2632 2364 msedge.exe 81 PID 2364 wrote to memory of 2632 2364 msedge.exe 81 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 848 2364 msedge.exe 82 PID 2364 wrote to memory of 1664 2364 msedge.exe 83 PID 2364 wrote to memory of 1664 2364 msedge.exe 83 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84 PID 2364 wrote to memory of 924 2364 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\803f33a554c533ee447a893d89f0c88c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffea93746f8,0x7ffea9374708,0x7ffea93747182⤵PID:2632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:82⤵PID:924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:3000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:4036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵PID:1140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:82⤵PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵PID:1004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵PID:4248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:1268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2866692893795675922,6925066475691154410,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2448
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4048
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1716
Network
-
Remote address:8.8.8.8:53Request149.220.183.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestwww.parfemika.skIN AResponse
-
Remote address:8.8.8.8:53Requestwww.parfemika.skIN AResponse
-
Remote address:8.8.8.8:53Request71.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestp1.naj.skIN AResponse
-
Remote address:8.8.8.8:53Requestwww.satelit-tv.skIN AResponsewww.satelit-tv.skIN A93.184.65.149
-
Remote address:93.184.65.149:80RequestGET //Data/1364/UserFiles/ilustracne/zehliaca-doska-210.jpg HTTP/1.1
Host: www.satelit-tv.sk
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
accept-ranges: bytes
etag: "2189748648"
last-modified: Mon, 23 May 2016 12:51:19 GMT
expires: Sat, 24 May 2025 09:23:23 GMT
cache-control: max-age=31104000
content-length: 5158
date: Wed, 29 May 2024 09:23:23 GMT
server: Apache-uni2
set-cookie: SERVERID=2; path=/
cache-control: private
-
Remote address:93.184.65.149:80RequestGET //Data/1364/UserFiles/ilustracne/plastovy-nabytok-210.jpg HTTP/1.1
Host: www.satelit-tv.sk
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
accept-ranges: bytes
etag: "868540460"
last-modified: Mon, 23 May 2016 12:51:19 GMT
expires: Sat, 24 May 2025 09:23:23 GMT
cache-control: max-age=31104000
content-length: 4773
date: Wed, 29 May 2024 09:23:23 GMT
server: Apache-uni1
set-cookie: SERVERID=1; path=/
cache-control: private
-
Remote address:142.250.75.238:80RequestGET /ga.js HTTP/1.1
Host: www.google-analytics.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Wed, 29 May 2024 07:43:01 GMT
Expires: Wed, 29 May 2024 09:43:01 GMT
Cache-Control: public, max-age=7200
Age: 6022
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
-
Remote address:8.8.8.8:53Requesttoplist.skIN AResponsetoplist.skIN A88.86.101.4
-
Remote address:88.86.101.4:80RequestGET /count.asp?id=1217471&logo=text&start=9526 HTTP/1.1
Host: toplist.sk
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Location: https://toplist.sk/count.asp?id=1217471&logo=text&start=9526
-
Remote address:88.86.101.4:443RequestGET /count.asp?id=1217471&logo=text&start=9526 HTTP/2.0
host: toplist.sk
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
server: Apache/2.4.29 (Ubuntu) mod_fcgid/2.3.9
pragma: no-cache
cache-control: private,no-cache,no-store,must-revalidate,max-age=0
expires: Thu, 01 Dec 1994 16:00:00 GMT
p3p: CP="NON DSP ADM DEV PSD CUSo OUR IND STP PRE NAV UNI"
x-w: 9
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000; includeSubDomains; preload
-
Remote address:8.8.8.8:53Request149.65.184.93.in-addr.arpaIN PTRResponse149.65.184.93.in-addr.arpaIN CNAME149.128/27.65.184.93.in-addr.arpa
-
Remote address:8.8.8.8:53Request238.75.250.142.in-addr.arpaIN PTRResponse238.75.250.142.in-addr.arpaIN PTRpar10s41-in-f141e100net
-
Remote address:8.8.8.8:53Request4.101.86.88.in-addr.arpaIN PTRResponse4.101.86.88.in-addr.arpaIN PTRwww3toplistcz
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request25.140.123.92.in-addr.arpaIN PTRResponse25.140.123.92.in-addr.arpaIN PTRa92-123-140-25deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request31.243.111.52.in-addr.arpaIN PTRResponse
-
93.184.65.149:80http://www.satelit-tv.sk//Data/1364/UserFiles/ilustracne/zehliaca-doska-210.jpghttpmsedge.exe816 B 5.9kB 9 9
HTTP Request
GET http://www.satelit-tv.sk//Data/1364/UserFiles/ilustracne/zehliaca-doska-210.jpgHTTP Response
200 -
93.184.65.149:80http://www.satelit-tv.sk//Data/1364/UserFiles/ilustracne/plastovy-nabytok-210.jpghttpmsedge.exe772 B 5.5kB 8 8
HTTP Request
GET http://www.satelit-tv.sk//Data/1364/UserFiles/ilustracne/plastovy-nabytok-210.jpgHTTP Response
200 -
1.0kB 18.4kB 13 18
HTTP Request
GET http://www.google-analytics.com/ga.jsHTTP Response
200 -
805 B 337 B 7 5
HTTP Request
GET http://toplist.sk/count.asp?id=1217471&logo=text&start=9526HTTP Response
301 -
1.7kB 4.8kB 12 13
HTTP Request
GET https://toplist.sk/count.asp?id=1217471&logo=text&start=9526HTTP Response
200
-
73 B 147 B 1 1
DNS Request
149.220.183.52.in-addr.arpa
-
124 B 244 B 2 2
DNS Request
www.parfemika.sk
DNS Request
www.parfemika.sk
-
71 B 157 B 1 1
DNS Request
71.31.126.40.in-addr.arpa
-
55 B 112 B 1 1
DNS Request
p1.naj.sk
-
63 B 79 B 1 1
DNS Request
www.satelit-tv.sk
DNS Response
93.184.65.149
-
56 B 72 B 1 1
DNS Request
toplist.sk
DNS Response
88.86.101.4
-
72 B 159 B 1 1
DNS Request
149.65.184.93.in-addr.arpa
-
73 B 112 B 1 1
DNS Request
238.75.250.142.in-addr.arpa
-
70 B 99 B 1 1
DNS Request
4.101.86.88.in-addr.arpa
-
578 B 9
-
70 B 144 B 1 1
DNS Request
58.55.71.13.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
86.23.85.13.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
25.140.123.92.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
31.243.111.52.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
Filesize
178B
MD514cde357ea467a6e1f4c6a506f621c9c
SHA17ab31693f88014419a83ce890799d91900a1eacf
SHA25677bdda060796e4a725f6e7203d93ff8c1816adbbcb9cfae4a04c5eab9fa03557
SHA512a96e2fd9d21049020dc9ff2c31fc7012c72afdb515dd66814a006c3472d82c128cddd6ee04f79380ff27e898dc927f87f7151df51176e964f6d8208056d7ecc8
-
Filesize
5KB
MD5dfe1c9852e216bfc611ec852b5da1131
SHA13f8c17e92f83f17defd73c2fcdb3fa4e6bddb74b
SHA2563691a16642140352cbda59f1ae68f962466d724651062d649ddc3022703c4cda
SHA51213029a0d87358fadee033acb5df5fecce5b20e3985d38e90e9fb16fce7f075f75a9273be0cc21818f6e25d0fd25ff5b9d84f9a5ef7818d22b0b6799d42519bf0
-
Filesize
6KB
MD505454431f4d440663a8047d350dc76cd
SHA1f45bb1d09d967a5fb0f485bbf06c41cae84ed8fa
SHA25672812ca5686213833769fee7c757a56a10e0228e21685e01207cc4eb37b4ef17
SHA512a6b5d89f4442bc54cd4954f467c7956305e0352ab374f2a84a3c75995dd446ede012f76c4976acedeb1c9d07b0cf74a225d32fc9c73a4048d6ba8213fb9edd02
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5e5a7b2b32132c10aa8848f4e00555684
SHA148e8fb8ffe9eb3c7e0b03bb16d43ac1b37f5b96b
SHA25626705d69893d441dc0048e319caa6b485fe85088fa3191b50811030b16c42c07
SHA512bb93973b7fcdd12c93f34e96037cd8bfb91ef707a996c98bc3332446ed7d3a40d16fe6dc435db58994e4d7c8e431dc187426f5a21ab9012e996b2829f577c8d7