Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 22:28 UTC
Static task
static1
Behavioral task
behavioral1
Sample
8c01859d724f26f305a4002fe6df46b3_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8c01859d724f26f305a4002fe6df46b3_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8c01859d724f26f305a4002fe6df46b3_JaffaCakes118.html
-
Size
74KB
-
MD5
8c01859d724f26f305a4002fe6df46b3
-
SHA1
68ef4702c6009a12dd4cc3e917f76a79b4e77d88
-
SHA256
4061b723f3ed0822a863a681729937582961a82cb4673842ce5bb9b2b061810d
-
SHA512
4fe863d7bce5407f7c772ff1f0128df21821fcbcfb0910e9b7e91df69a3b6914f37c0bc50038818f87f0385924660f2f00b80572e73a818ef557547f520cfe1e
-
SSDEEP
768:S7/gDCBgtYTSx7zPr1faREJ0u69bIL0TYtgNUElqmvkY0db2ffRdODGr:S7YDNPVaRE+u69bIL3gN7ADGr
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2912 msedge.exe 2912 msedge.exe 2528 msedge.exe 2528 msedge.exe 3148 identity_helper.exe 3148 identity_helper.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2528 wrote to memory of 1364 2528 msedge.exe 82 PID 2528 wrote to memory of 1364 2528 msedge.exe 82 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2368 2528 msedge.exe 83 PID 2528 wrote to memory of 2912 2528 msedge.exe 84 PID 2528 wrote to memory of 2912 2528 msedge.exe 84 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85 PID 2528 wrote to memory of 1388 2528 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c01859d724f26f305a4002fe6df46b3_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb633a46f8,0x7ffb633a4708,0x7ffb633a47182⤵PID:1364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:2368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:82⤵PID:1388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵PID:2648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:82⤵PID:908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:1404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵PID:516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:12⤵PID:3040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6346594304165513057,6075940023109148941,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4740
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3744
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4704
Network
-
Remote address:8.8.8.8:53Request241.150.49.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requeststatic.generalfil.esIN AResponse
-
Remote address:8.8.8.8:53Requestinformpromo.comIN AResponse
-
Remote address:8.8.8.8:53Requeststatic.general-community.comIN AResponse
-
Remote address:8.8.8.8:53Requests7.addthis.comIN AResponses7.addthis.comIN CNAMEs8.addthis.coms8.addthis.comIN CNAMEds-s7.addthis.com.edgekey.netds-s7.addthis.com.edgekey.netIN CNAMEe4016.a.akamaiedge.nete4016.a.akamaiedge.netIN A104.68.81.91
-
Remote address:8.8.8.8:53Request203.142.123.92.in-addr.arpaIN PTRResponse203.142.123.92.in-addr.arpaIN PTRa92-123-142-203deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request23.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:104.68.81.91:80RequestGET /js/250/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 308 Permanent Redirect
Content-Type: text/html
Content-Length: 171
Location: https://s7.addthis.com/js/250/addthis_widget.js
Date: Sat, 01 Jun 2024 22:28:27 GMT
Connection: keep-alive
X-Distribution: 99
X-Host: s7.addthis.com
-
Remote address:8.8.8.8:53Requestcookies.ambercrow.comIN AResponse
-
Remote address:8.8.8.8:53Requestwww.bnserving.comIN AResponsewww.bnserving.comIN A192.243.59.12www.bnserving.comIN A192.243.59.13www.bnserving.comIN A192.243.59.20www.bnserving.comIN A192.243.61.225www.bnserving.comIN A192.243.61.227
-
Remote address:104.68.81.91:443RequestGET /js/250/addthis_widget.js HTTP/2.0
host: s7.addthis.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-length: 16
server: Oracle API Gateway
strict-transport-security: max-age=31536000
opc-request-id: /29FDDA545D823881F0B41C2B1588E7C3/8E7B0AD92344CA094B42C94977C1BDCD
x-content-type-options: nosniff
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
date: Sat, 01 Jun 2024 22:28:27 GMT
x-distribution: 99
x-host: s7.addthis.com
-
Remote address:192.243.59.12:80RequestGET /invoke.js HTTP/1.1
Host: www.bnserving.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Date: Sat, 01 Jun 2024 22:28:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ebd6be83002955fdfba387dc894b85a3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
-
Remote address:8.8.8.8:53Requestwww.facebook.comIN AResponsewww.facebook.comIN CNAMEstar-mini.c10r.facebook.comstar-mini.c10r.facebook.comIN A163.70.151.35
-
GEThttp://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FGeneral-Search%2F426484295433&locale=en_US&width=220&connections=6&stream=true&header=false&height=540msedge.exeRemote address:163.70.151.35:80RequestGET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FGeneral-Search%2F426484295433&locale=en_US&width=220&connections=6&stream=true&header=false&height=540 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/plain
Server: proxygen-bolt
Date: Sat, 01 Jun 2024 22:28:27 GMT
Connection: keep-alive
Content-Length: 0
-
Remote address:8.8.8.8:53Requestwww.urldelivery.comIN AResponsewww.urldelivery.comIN A192.243.61.225www.urldelivery.comIN A192.243.59.13www.urldelivery.comIN A192.243.59.20www.urldelivery.comIN A192.243.61.227www.urldelivery.comIN A192.243.59.12
-
Remote address:8.8.8.8:53Request91.81.68.104.in-addr.arpaIN PTRResponse91.81.68.104.in-addr.arpaIN PTRa104-68-81-91deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request12.59.243.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request35.151.70.163.in-addr.arpaIN PTRResponse35.151.70.163.in-addr.arpaIN PTRedge-star-mini-shv-02-lhr6facebookcom
-
Remote address:8.8.8.8:53Requeststatic.xx.fbcdn.netIN AResponsestatic.xx.fbcdn.netIN CNAMEscontent.xx.fbcdn.netscontent.xx.fbcdn.netIN A163.70.151.21
-
Remote address:8.8.8.8:53Requestscontent.xx.fbcdn.netIN AResponsescontent.xx.fbcdn.netIN A163.70.151.21
-
Remote address:8.8.8.8:53Requestwww.urldelivery.comIN AResponsewww.urldelivery.comIN A192.243.61.225www.urldelivery.comIN A192.243.59.13www.urldelivery.comIN A192.243.59.20www.urldelivery.comIN A192.243.61.227www.urldelivery.comIN A192.243.59.12
-
Remote address:8.8.8.8:53Requestexternal.xx.fbcdn.netIN AResponseexternal.xx.fbcdn.netIN CNAMEscontent.xx.fbcdn.netscontent.xx.fbcdn.netIN A163.70.151.21
-
Remote address:8.8.8.8:53Request21.151.70.163.in-addr.arpaIN PTRResponse21.151.70.163.in-addr.arpaIN PTRxx-fbcdn-shv-02-lhr6fbcdnnet
-
Remote address:8.8.8.8:53Request209.205.72.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request232.168.11.51.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request232.168.11.51.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request56.126.166.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request14.227.111.52.in-addr.arpaIN PTRResponse
-
693 B 778 B 8 7
HTTP Request
GET http://s7.addthis.com/js/250/addthis_widget.jsHTTP Response
308 -
2.8kB 6.8kB 19 20
HTTP Request
GET https://s7.addthis.com/js/250/addthis_widget.jsHTTP Response
200 -
770 B 6.3kB 8 9
HTTP Request
GET http://www.bnserving.com/invoke.jsHTTP Response
200 -
163.70.151.35:80http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FGeneral-Search%2F426484295433&locale=en_US&width=220&connections=6&stream=true&header=false&height=540httpmsedge.exe1.6kB 667 B 8 6
HTTP Request
GET http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FGeneral-Search%2F426484295433&locale=en_US&width=220&connections=6&stream=true&header=false&height=540HTTP Response
301 -
260 B 5
-
260 B 200 B 5 5
-
2.4kB 39.4kB 26 39
-
989 B 2.9kB 9 7
-
11.9kB 324.9kB 174 281
-
897 B 2.6kB 7 5
-
897 B 2.6kB 7 5
-
943 B 2.8kB 8 6
-
989 B 2.9kB 9 7
-
260 B 200 B 5 5
-
260 B 200 B 5 5
-
260 B 200 B 5 5
-
260 B 200 B 5 5
-
260 B 5
-
260 B 200 B 5 5
-
322 B 7
-
72 B 158 B 1 1
DNS Request
241.150.49.20.in-addr.arpa
-
66 B 121 B 1 1
DNS Request
static.generalfil.es
-
61 B 134 B 1 1
DNS Request
informpromo.com
-
74 B 74 B 1 1
DNS Request
static.general-community.com
-
60 B 169 B 1 1
DNS Request
s7.addthis.com
DNS Response
104.68.81.91
-
73 B 139 B 1 1
DNS Request
203.142.123.92.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
23.159.190.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
67 B 135 B 1 1
DNS Request
cookies.ambercrow.com
-
63 B 143 B 1 1
DNS Request
www.bnserving.com
DNS Response
192.243.59.12192.243.59.13192.243.59.20192.243.61.225192.243.61.227
-
62 B 107 B 1 1
DNS Request
www.facebook.com
DNS Response
163.70.151.35
-
65 B 145 B 1 1
DNS Request
www.urldelivery.com
DNS Response
192.243.61.225192.243.59.13192.243.59.20192.243.61.227192.243.59.12
-
71 B 135 B 1 1
DNS Request
91.81.68.104.in-addr.arpa
-
72 B 147 B 1 1
DNS Request
12.59.243.192.in-addr.arpa
-
72 B 125 B 1 1
DNS Request
35.151.70.163.in-addr.arpa
-
65 B 104 B 1 1
DNS Request
static.xx.fbcdn.net
DNS Response
163.70.151.21
-
67 B 83 B 1 1
DNS Request
scontent.xx.fbcdn.net
DNS Response
163.70.151.21
-
65 B 145 B 1 1
DNS Request
www.urldelivery.com
DNS Response
192.243.61.225192.243.59.13192.243.59.20192.243.61.227192.243.59.12
-
67 B 106 B 1 1
DNS Request
external.xx.fbcdn.net
DNS Response
163.70.151.21
-
72 B 116 B 1 1
DNS Request
21.151.70.163.in-addr.arpa
-
535 B 8
-
72 B 158 B 1 1
DNS Request
209.205.72.20.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
232.168.11.51.in-addr.arpa
DNS Request
232.168.11.51.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
26.165.165.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
56.126.166.20.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
14.227.111.52.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD5ac96b0cc335522e1bac31f19158b3db2
SHA115f2b02cf4484c2c19ab84234e2f965d5a653970
SHA256e6855808440c517ed333a6dd7d26101926235a40a44ecb34ff8fc000574039e3
SHA5124709dc7bc1d1ea1e4634a9c3671e82f31e8b87c06fdc32b7a84a102a91505d1afb8a7a08e7cae89df824ecf36f81d1d180642aaf453978d2dad366876f77ba42
-
Filesize
333B
MD5ee57360b409b7db75dfb1640805c2856
SHA1dd6c9c8c702bd6c7f960a8b2c6017d9cf8dca850
SHA256206d60ff675449f6b880c83ce18d1b974acdfca7b8b5ec5d4f1db96b265acbbd
SHA5129513383eb0e93c9557592d60584b3c6261a638d93ea7d4442004a039fd5644e7a5eaf2d9ce970567de52c39bf9aaee9e2b327d18446140c8d41ceed894e4c3e2
-
Filesize
5KB
MD55c1cd34018f55b7365bd84a790d220aa
SHA1a28863edeb4f3e547406cbafa3c9450f9897b346
SHA256aafe076cb487f2254485030ed294292bf4bb5754827c60b040c2ed433439052b
SHA51269ff56170dd2b3234a9ee7a5d7edacf1726f429f7a27a0947ec80ed764362377c306d0026092af367004c206bfbcc370091603910fca63a4c86fff626245d6ac
-
Filesize
6KB
MD5d5df68d33cea2b1ec305d98a33ab2788
SHA16951c08a466700b8bd654e5ea9a3d241e02bfce1
SHA25616d33572d3218d3b1fdfc98f83e320c052666788e028cfe8d35edf67ac26a614
SHA512f0e5790b9503c0a1216df8d0ea324545cbf8a21cc2af0a206cc07855c7697795f0113ceb44fe9b0ab4c73de66170999116af82275c567328671ea093556bdb69
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5bf481b6b82c0bd221d672c3d6306f589
SHA19d778e5f2f6768c5ef0d2f5caec94e0d5349210d
SHA2566c3083d1e805a348f5ce51f2ae673c4877a39ab2002373e64adffa470c5d2f58
SHA512d5fbffe218381145028360bfa4616f3a28d643ecd8c0023f655a02c4221140ee791a19c91f637cd75b23112ff4e4933fad588fb4ae24b7041d27eacd3a30cf88