Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 22:28 UTC

General

  • Target

    8c01859d724f26f305a4002fe6df46b3_JaffaCakes118.html

  • Size

    74KB

  • MD5

    8c01859d724f26f305a4002fe6df46b3

  • SHA1

    68ef4702c6009a12dd4cc3e917f76a79b4e77d88

  • SHA256

    4061b723f3ed0822a863a681729937582961a82cb4673842ce5bb9b2b061810d

  • SHA512

    4fe863d7bce5407f7c772ff1f0128df21821fcbcfb0910e9b7e91df69a3b6914f37c0bc50038818f87f0385924660f2f00b80572e73a818ef557547f520cfe1e

  • SSDEEP

    768:S7/gDCBgtYTSx7zPr1faREJ0u69bIL0TYtgNUElqmvkY0db2ffRdODGr:S7YDNPVaRE+u69bIL3gN7ADGr

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c01859d724f26f305a4002fe6df46b3_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb633a46f8,0x7ffb633a4708,0x7ffb633a4718
      2⤵
        PID:1364
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
        2⤵
          PID:2368
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2912
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
          2⤵
            PID:1388
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
            2⤵
              PID:2036
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
              2⤵
                PID:1032
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
                2⤵
                  PID:2648
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
                  2⤵
                    PID:4680
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
                    2⤵
                      PID:908
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3148
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
                      2⤵
                        PID:1404
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
                        2⤵
                          PID:724
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
                          2⤵
                            PID:516
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
                            2⤵
                              PID:3040
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4740
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3744
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4704

                              Network

                              • flag-us
                                DNS
                                241.150.49.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                241.150.49.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                static.generalfil.es
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                static.generalfil.es
                                IN A
                                Response
                              • flag-us
                                DNS
                                informpromo.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                informpromo.com
                                IN A
                                Response
                              • flag-us
                                DNS
                                static.general-community.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                static.general-community.com
                                IN A
                                Response
                              • flag-us
                                DNS
                                s7.addthis.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                s7.addthis.com
                                IN A
                                Response
                                s7.addthis.com
                                IN CNAME
                                s8.addthis.com
                                s8.addthis.com
                                IN CNAME
                                ds-s7.addthis.com.edgekey.net
                                ds-s7.addthis.com.edgekey.net
                                IN CNAME
                                e4016.a.akamaiedge.net
                                e4016.a.akamaiedge.net
                                IN A
                                104.68.81.91
                              • flag-us
                                DNS
                                203.142.123.92.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                203.142.123.92.in-addr.arpa
                                IN PTR
                                Response
                                203.142.123.92.in-addr.arpa
                                IN PTR
                                a92-123-142-203deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                23.159.190.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                23.159.190.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                95.221.229.192.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                95.221.229.192.in-addr.arpa
                                IN PTR
                                Response
                              • flag-be
                                GET
                                http://s7.addthis.com/js/250/addthis_widget.js
                                msedge.exe
                                Remote address:
                                104.68.81.91:80
                                Request
                                GET /js/250/addthis_widget.js HTTP/1.1
                                Host: s7.addthis.com
                                Connection: keep-alive
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                DNT: 1
                                Accept: */*
                                Accept-Encoding: gzip, deflate
                                Accept-Language: en-US,en;q=0.9
                                Response
                                HTTP/1.1 308 Permanent Redirect
                                Server: nginx/1.15.8
                                Content-Type: text/html
                                Content-Length: 171
                                Location: https://s7.addthis.com/js/250/addthis_widget.js
                                Date: Sat, 01 Jun 2024 22:28:27 GMT
                                Connection: keep-alive
                                X-Distribution: 99
                                X-Host: s7.addthis.com
                              • flag-us
                                DNS
                                cookies.ambercrow.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                cookies.ambercrow.com
                                IN A
                                Response
                              • flag-us
                                DNS
                                www.bnserving.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                www.bnserving.com
                                IN A
                                Response
                                www.bnserving.com
                                IN A
                                192.243.59.12
                                www.bnserving.com
                                IN A
                                192.243.59.13
                                www.bnserving.com
                                IN A
                                192.243.59.20
                                www.bnserving.com
                                IN A
                                192.243.61.225
                                www.bnserving.com
                                IN A
                                192.243.61.227
                              • flag-be
                                GET
                                https://s7.addthis.com/js/250/addthis_widget.js
                                msedge.exe
                                Remote address:
                                104.68.81.91:443
                                Request
                                GET /js/250/addthis_widget.js HTTP/2.0
                                host: s7.addthis.com
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                dnt: 1
                                accept: */*
                                sec-fetch-site: cross-site
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                content-type: text/plain
                                content-length: 16
                                server: Oracle API Gateway
                                strict-transport-security: max-age=31536000
                                opc-request-id: /29FDDA545D823881F0B41C2B1588E7C3/8E7B0AD92344CA094B42C94977C1BDCD
                                x-content-type-options: nosniff
                                x-frame-options: sameorigin
                                x-xss-protection: 1; mode=block
                                date: Sat, 01 Jun 2024 22:28:27 GMT
                                x-distribution: 99
                                x-host: s7.addthis.com
                              • flag-us
                                GET
                                http://www.bnserving.com/invoke.js
                                msedge.exe
                                Remote address:
                                192.243.59.12:80
                                Request
                                GET /invoke.js HTTP/1.1
                                Host: www.bnserving.com
                                Connection: keep-alive
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                Intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
                                DNT: 1
                                Accept: */*
                                Accept-Encoding: gzip, deflate
                                Accept-Language: en-US,en;q=0.9
                                Response
                                HTTP/1.1 200 OK
                                Server: nginx/1.19.5
                                Date: Sat, 01 Jun 2024 22:28:27 GMT
                                Content-Type: application/javascript
                                Transfer-Encoding: chunked
                                Connection: keep-alive
                                P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
                                Access-Control-Allow-Origin: *
                                Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                Cache-Control: no-cache
                                X-Request-ID: ebd6be83002955fdfba387dc894b85a3
                                Strict-Transport-Security: max-age=0; includeSubdomains
                                Content-Encoding: gzip
                              • flag-us
                                DNS
                                www.facebook.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                www.facebook.com
                                IN A
                                Response
                                www.facebook.com
                                IN CNAME
                                star-mini.c10r.facebook.com
                                star-mini.c10r.facebook.com
                                IN A
                                163.70.151.35
                              • flag-gb
                                GET
                                http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FGeneral-Search%2F426484295433&locale=en_US&width=220&connections=6&stream=true&header=false&height=540
                                msedge.exe
                                Remote address:
                                163.70.151.35:80
                                Request
                                GET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FGeneral-Search%2F426484295433&locale=en_US&width=220&connections=6&stream=true&header=false&height=540 HTTP/1.1
                                Host: www.facebook.com
                                Connection: keep-alive
                                Upgrade-Insecure-Requests: 1
                                DNT: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                Accept-Encoding: gzip, deflate
                                Accept-Language: en-US,en;q=0.9
                                Response
                                HTTP/1.1 301 Moved Permanently
                                Location: https://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FGeneral-Search%2F426484295433&locale=en_US&width=220&connections=6&stream=true&header=false&height=540
                                Content-Type: text/plain
                                Server: proxygen-bolt
                                Date: Sat, 01 Jun 2024 22:28:27 GMT
                                Connection: keep-alive
                                Content-Length: 0
                              • flag-us
                                DNS
                                www.urldelivery.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                www.urldelivery.com
                                IN A
                                Response
                                www.urldelivery.com
                                IN A
                                192.243.61.225
                                www.urldelivery.com
                                IN A
                                192.243.59.13
                                www.urldelivery.com
                                IN A
                                192.243.59.20
                                www.urldelivery.com
                                IN A
                                192.243.61.227
                                www.urldelivery.com
                                IN A
                                192.243.59.12
                              • flag-us
                                DNS
                                91.81.68.104.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                91.81.68.104.in-addr.arpa
                                IN PTR
                                Response
                                91.81.68.104.in-addr.arpa
                                IN PTR
                                a104-68-81-91deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                12.59.243.192.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                12.59.243.192.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                35.151.70.163.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                35.151.70.163.in-addr.arpa
                                IN PTR
                                Response
                                35.151.70.163.in-addr.arpa
                                IN PTR
                                edge-star-mini-shv-02-lhr6facebookcom
                              • flag-us
                                DNS
                                static.xx.fbcdn.net
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                static.xx.fbcdn.net
                                IN A
                                Response
                                static.xx.fbcdn.net
                                IN CNAME
                                scontent.xx.fbcdn.net
                                scontent.xx.fbcdn.net
                                IN A
                                163.70.151.21
                              • flag-us
                                DNS
                                scontent.xx.fbcdn.net
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                scontent.xx.fbcdn.net
                                IN A
                                Response
                                scontent.xx.fbcdn.net
                                IN A
                                163.70.151.21
                              • flag-us
                                DNS
                                www.urldelivery.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                www.urldelivery.com
                                IN A
                                Response
                                www.urldelivery.com
                                IN A
                                192.243.61.225
                                www.urldelivery.com
                                IN A
                                192.243.59.13
                                www.urldelivery.com
                                IN A
                                192.243.59.20
                                www.urldelivery.com
                                IN A
                                192.243.61.227
                                www.urldelivery.com
                                IN A
                                192.243.59.12
                              • flag-us
                                DNS
                                external.xx.fbcdn.net
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                external.xx.fbcdn.net
                                IN A
                                Response
                                external.xx.fbcdn.net
                                IN CNAME
                                scontent.xx.fbcdn.net
                                scontent.xx.fbcdn.net
                                IN A
                                163.70.151.21
                              • flag-us
                                DNS
                                21.151.70.163.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                21.151.70.163.in-addr.arpa
                                IN PTR
                                Response
                                21.151.70.163.in-addr.arpa
                                IN PTR
                                xx-fbcdn-shv-02-lhr6fbcdnnet
                              • flag-us
                                DNS
                                209.205.72.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                209.205.72.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                232.168.11.51.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                232.168.11.51.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                232.168.11.51.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                232.168.11.51.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                26.165.165.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                26.165.165.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                56.126.166.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                56.126.166.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                172.210.232.199.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                172.210.232.199.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                14.227.111.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                14.227.111.52.in-addr.arpa
                                IN PTR
                                Response
                              • 104.68.81.91:80
                                http://s7.addthis.com/js/250/addthis_widget.js
                                http
                                msedge.exe
                                693 B
                                778 B
                                8
                                7

                                HTTP Request

                                GET http://s7.addthis.com/js/250/addthis_widget.js

                                HTTP Response

                                308
                              • 104.68.81.91:443
                                https://s7.addthis.com/js/250/addthis_widget.js
                                tls, http2
                                msedge.exe
                                2.8kB
                                6.8kB
                                19
                                20

                                HTTP Request

                                GET https://s7.addthis.com/js/250/addthis_widget.js

                                HTTP Response

                                200
                              • 192.243.59.12:80
                                http://www.bnserving.com/invoke.js
                                http
                                msedge.exe
                                770 B
                                6.3kB
                                8
                                9

                                HTTP Request

                                GET http://www.bnserving.com/invoke.js

                                HTTP Response

                                200
                              • 163.70.151.35:80
                                http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FGeneral-Search%2F426484295433&locale=en_US&width=220&connections=6&stream=true&header=false&height=540
                                http
                                msedge.exe
                                1.6kB
                                667 B
                                8
                                6

                                HTTP Request

                                GET http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FGeneral-Search%2F426484295433&locale=en_US&width=220&connections=6&stream=true&header=false&height=540

                                HTTP Response

                                301
                              • 216.58.213.14:445
                                www.google-analytics.com
                                260 B
                                5
                              • 192.243.61.225:445
                                www.urldelivery.com
                                260 B
                                200 B
                                5
                                5
                              • 163.70.151.35:443
                                www.facebook.com
                                tls
                                msedge.exe
                                2.4kB
                                39.4kB
                                26
                                39
                              • 163.70.151.21:443
                                static.xx.fbcdn.net
                                tls
                                msedge.exe
                                989 B
                                2.9kB
                                9
                                7
                              • 163.70.151.21:443
                                static.xx.fbcdn.net
                                tls
                                msedge.exe
                                11.9kB
                                324.9kB
                                174
                                281
                              • 163.70.151.21:443
                                static.xx.fbcdn.net
                                tls
                                msedge.exe
                                897 B
                                2.6kB
                                7
                                5
                              • 163.70.151.21:443
                                static.xx.fbcdn.net
                                tls
                                msedge.exe
                                897 B
                                2.6kB
                                7
                                5
                              • 163.70.151.21:443
                                static.xx.fbcdn.net
                                tls
                                msedge.exe
                                943 B
                                2.8kB
                                8
                                6
                              • 163.70.151.21:443
                                static.xx.fbcdn.net
                                tls
                                msedge.exe
                                989 B
                                2.9kB
                                9
                                7
                              • 192.243.59.13:445
                                www.urldelivery.com
                                260 B
                                200 B
                                5
                                5
                              • 192.243.59.20:445
                                www.urldelivery.com
                                260 B
                                200 B
                                5
                                5
                              • 192.243.61.227:445
                                www.urldelivery.com
                                260 B
                                200 B
                                5
                                5
                              • 192.243.59.12:445
                                www.urldelivery.com
                                260 B
                                200 B
                                5
                                5
                              • 216.58.213.14:139
                                www.google-analytics.com
                                260 B
                                5
                              • 192.243.61.225:139
                                www.urldelivery.com
                                260 B
                                200 B
                                5
                                5
                              • 52.111.236.23:443
                                322 B
                                7
                              • 8.8.8.8:53
                                241.150.49.20.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                241.150.49.20.in-addr.arpa

                              • 8.8.8.8:53
                                static.generalfil.es
                                dns
                                msedge.exe
                                66 B
                                121 B
                                1
                                1

                                DNS Request

                                static.generalfil.es

                              • 8.8.8.8:53
                                informpromo.com
                                dns
                                msedge.exe
                                61 B
                                134 B
                                1
                                1

                                DNS Request

                                informpromo.com

                              • 8.8.8.8:53
                                static.general-community.com
                                dns
                                msedge.exe
                                74 B
                                74 B
                                1
                                1

                                DNS Request

                                static.general-community.com

                              • 8.8.8.8:53
                                s7.addthis.com
                                dns
                                msedge.exe
                                60 B
                                169 B
                                1
                                1

                                DNS Request

                                s7.addthis.com

                                DNS Response

                                104.68.81.91

                              • 8.8.8.8:53
                                203.142.123.92.in-addr.arpa
                                dns
                                73 B
                                139 B
                                1
                                1

                                DNS Request

                                203.142.123.92.in-addr.arpa

                              • 8.8.8.8:53
                                23.159.190.20.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                23.159.190.20.in-addr.arpa

                              • 8.8.8.8:53
                                95.221.229.192.in-addr.arpa
                                dns
                                73 B
                                144 B
                                1
                                1

                                DNS Request

                                95.221.229.192.in-addr.arpa

                              • 8.8.8.8:53
                                cookies.ambercrow.com
                                dns
                                msedge.exe
                                67 B
                                135 B
                                1
                                1

                                DNS Request

                                cookies.ambercrow.com

                              • 8.8.8.8:53
                                www.bnserving.com
                                dns
                                msedge.exe
                                63 B
                                143 B
                                1
                                1

                                DNS Request

                                www.bnserving.com

                                DNS Response

                                192.243.59.12
                                192.243.59.13
                                192.243.59.20
                                192.243.61.225
                                192.243.61.227

                              • 8.8.8.8:53
                                www.facebook.com
                                dns
                                msedge.exe
                                62 B
                                107 B
                                1
                                1

                                DNS Request

                                www.facebook.com

                                DNS Response

                                163.70.151.35

                              • 8.8.8.8:53
                                www.urldelivery.com
                                dns
                                65 B
                                145 B
                                1
                                1

                                DNS Request

                                www.urldelivery.com

                                DNS Response

                                192.243.61.225
                                192.243.59.13
                                192.243.59.20
                                192.243.61.227
                                192.243.59.12

                              • 8.8.8.8:53
                                91.81.68.104.in-addr.arpa
                                dns
                                71 B
                                135 B
                                1
                                1

                                DNS Request

                                91.81.68.104.in-addr.arpa

                              • 8.8.8.8:53
                                12.59.243.192.in-addr.arpa
                                dns
                                72 B
                                147 B
                                1
                                1

                                DNS Request

                                12.59.243.192.in-addr.arpa

                              • 8.8.8.8:53
                                35.151.70.163.in-addr.arpa
                                dns
                                72 B
                                125 B
                                1
                                1

                                DNS Request

                                35.151.70.163.in-addr.arpa

                              • 8.8.8.8:53
                                static.xx.fbcdn.net
                                dns
                                msedge.exe
                                65 B
                                104 B
                                1
                                1

                                DNS Request

                                static.xx.fbcdn.net

                                DNS Response

                                163.70.151.21

                              • 8.8.8.8:53
                                scontent.xx.fbcdn.net
                                dns
                                msedge.exe
                                67 B
                                83 B
                                1
                                1

                                DNS Request

                                scontent.xx.fbcdn.net

                                DNS Response

                                163.70.151.21

                              • 8.8.8.8:53
                                www.urldelivery.com
                                dns
                                65 B
                                145 B
                                1
                                1

                                DNS Request

                                www.urldelivery.com

                                DNS Response

                                192.243.61.225
                                192.243.59.13
                                192.243.59.20
                                192.243.61.227
                                192.243.59.12

                              • 8.8.8.8:53
                                external.xx.fbcdn.net
                                dns
                                msedge.exe
                                67 B
                                106 B
                                1
                                1

                                DNS Request

                                external.xx.fbcdn.net

                                DNS Response

                                163.70.151.21

                              • 8.8.8.8:53
                                21.151.70.163.in-addr.arpa
                                dns
                                72 B
                                116 B
                                1
                                1

                                DNS Request

                                21.151.70.163.in-addr.arpa

                              • 224.0.0.251:5353
                                msedge.exe
                                535 B
                                8
                              • 8.8.8.8:53
                                209.205.72.20.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                209.205.72.20.in-addr.arpa

                              • 8.8.8.8:53
                                232.168.11.51.in-addr.arpa
                                dns
                                144 B
                                158 B
                                2
                                1

                                DNS Request

                                232.168.11.51.in-addr.arpa

                                DNS Request

                                232.168.11.51.in-addr.arpa

                              • 8.8.8.8:53
                                26.165.165.52.in-addr.arpa
                                dns
                                72 B
                                146 B
                                1
                                1

                                DNS Request

                                26.165.165.52.in-addr.arpa

                              • 8.8.8.8:53
                                56.126.166.20.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                56.126.166.20.in-addr.arpa

                              • 8.8.8.8:53
                                172.210.232.199.in-addr.arpa
                                dns
                                74 B
                                128 B
                                1
                                1

                                DNS Request

                                172.210.232.199.in-addr.arpa

                              • 8.8.8.8:53
                                14.227.111.52.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                14.227.111.52.in-addr.arpa

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                2daa93382bba07cbc40af372d30ec576

                                SHA1

                                c5e709dc3e2e4df2ff841fbde3e30170e7428a94

                                SHA256

                                1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

                                SHA512

                                65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                ecdc2754d7d2ae862272153aa9b9ca6e

                                SHA1

                                c19bed1c6e1c998b9fa93298639ad7961339147d

                                SHA256

                                a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

                                SHA512

                                cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                312B

                                MD5

                                ac96b0cc335522e1bac31f19158b3db2

                                SHA1

                                15f2b02cf4484c2c19ab84234e2f965d5a653970

                                SHA256

                                e6855808440c517ed333a6dd7d26101926235a40a44ecb34ff8fc000574039e3

                                SHA512

                                4709dc7bc1d1ea1e4634a9c3671e82f31e8b87c06fdc32b7a84a102a91505d1afb8a7a08e7cae89df824ecf36f81d1d180642aaf453978d2dad366876f77ba42

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                333B

                                MD5

                                ee57360b409b7db75dfb1640805c2856

                                SHA1

                                dd6c9c8c702bd6c7f960a8b2c6017d9cf8dca850

                                SHA256

                                206d60ff675449f6b880c83ce18d1b974acdfca7b8b5ec5d4f1db96b265acbbd

                                SHA512

                                9513383eb0e93c9557592d60584b3c6261a638d93ea7d4442004a039fd5644e7a5eaf2d9ce970567de52c39bf9aaee9e2b327d18446140c8d41ceed894e4c3e2

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                5c1cd34018f55b7365bd84a790d220aa

                                SHA1

                                a28863edeb4f3e547406cbafa3c9450f9897b346

                                SHA256

                                aafe076cb487f2254485030ed294292bf4bb5754827c60b040c2ed433439052b

                                SHA512

                                69ff56170dd2b3234a9ee7a5d7edacf1726f429f7a27a0947ec80ed764362377c306d0026092af367004c206bfbcc370091603910fca63a4c86fff626245d6ac

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                d5df68d33cea2b1ec305d98a33ab2788

                                SHA1

                                6951c08a466700b8bd654e5ea9a3d241e02bfce1

                                SHA256

                                16d33572d3218d3b1fdfc98f83e320c052666788e028cfe8d35edf67ac26a614

                                SHA512

                                f0e5790b9503c0a1216df8d0ea324545cbf8a21cc2af0a206cc07855c7697795f0113ceb44fe9b0ab4c73de66170999116af82275c567328671ea093556bdb69

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                Filesize

                                10KB

                                MD5

                                bf481b6b82c0bd221d672c3d6306f589

                                SHA1

                                9d778e5f2f6768c5ef0d2f5caec94e0d5349210d

                                SHA256

                                6c3083d1e805a348f5ce51f2ae673c4877a39ab2002373e64adffa470c5d2f58

                                SHA512

                                d5fbffe218381145028360bfa4616f3a28d643ecd8c0023f655a02c4221140ee791a19c91f637cd75b23112ff4e4933fad588fb4ae24b7041d27eacd3a30cf88

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.