Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
09/08/2024, 23:10 UTC
Static task
static1
Behavioral task
behavioral1
Sample
83ec16dafe696a90dd9bf0adc2f97079_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
83ec16dafe696a90dd9bf0adc2f97079_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
83ec16dafe696a90dd9bf0adc2f97079_JaffaCakes118.html
-
Size
57KB
-
MD5
83ec16dafe696a90dd9bf0adc2f97079
-
SHA1
8ea7aff45c4d4cedbfb9d4d8633704546beb7263
-
SHA256
ca5a669a54b7da39bdc4beee048bd6ed233c8409b129e00a8289a3a953733ba5
-
SHA512
08a834eaaed4920a0bcc878975bb237165a4a1fdd1e2a43666af5c01b2b0218ca9d6e31f9fbca8c7b8096e075915acf5502e3bbd84c6e8c4678c722ae5184473
-
SSDEEP
1536:gQZBCCOdn0IxC6UL9fIfqfr4fWfRfMf+f+fOfaf5fRfgfNfef7fzfUfDfofSfIfo:gk2l0IxMgS8+ZUmm2ihJ4VGT7sbwagy1
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8B49B701-56A4-11EF-914F-526E148F5AD5} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000034d0dddd7da7d98b45d2eeadbe7a65f9a1fc588d234988c716a9ce9894aa2e47000000000e8000000002000020000000bc0e0c116b2aa776ed6a2b8ad4199a717bdae7d1082fea82768a8d1db352774720000000a9915d83ef435b44b8f0acc8dd1859311f0e716e81ad8907f8fe9b7d18832df4400000002bf3e995694c11114f7f97e7408a6803c1315378189d440d0fa3f5b2300228d08b58f48714b5e6c2e5dd8b3f315c9a01095afb725200833a035238ace962699a iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429406886" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000009458efdaa2a2efd4f1ac410cb2f03f537eb995736e697464598fe4d6d2877bda000000000e8000000002000020000000794080cff978a969ecaf4e264ac5eb03324668c06a658c675a1f3a4e80b9e851900000003a723826ce126896a85423fb6669940ed7f0bbbfedd939d85f9d8dbeff685982de486f9826f263370d888140ce251ab0f535a9cd245d01b04fa044dd1bfe5fac1573a0631aa974dc1be1a0693d739804c41eaca55d86e3b2c9e3e585af7ebe234de9aceff360900757fc03ed6f31d6221d73b953ebdd67b7d8bd515442be9726f3ec8fad0b9622a4dd70fd60203539064000000010ad6d128392d9fb6a5cf65bdbf174af62dd7762f37aa8fae53ed869acc792a3753c513de222779a4852302744c118726840b2ff6078b6caa75e764618af561c iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3028c460b1eada01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2688 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2688 iexplore.exe 2688 iexplore.exe 2700 IEXPLORE.EXE 2700 IEXPLORE.EXE 2700 IEXPLORE.EXE 2700 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2688 wrote to memory of 2700 2688 iexplore.exe 30 PID 2688 wrote to memory of 2700 2688 iexplore.exe 30 PID 2688 wrote to memory of 2700 2688 iexplore.exe 30 PID 2688 wrote to memory of 2700 2688 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\83ec16dafe696a90dd9bf0adc2f97079_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2700
-
Network
-
Remote address:8.8.8.8:53Requestspellmanshow.comIN AResponse
-
Remote address:8.8.8.8:53Requestdouble.boublebarelled.wsIN AResponsedouble.boublebarelled.wsIN A64.70.19.203
-
Remote address:8.8.8.8:53Requestweb.icq.comIN AResponseweb.icq.comIN CNAMEwww.icq.comwww.icq.comIN CNAMEwww.ovip.icq.comwww.ovip.icq.comIN A5.61.236.229
-
Remote address:8.8.8.8:53Requestspellmanshow.comIN AResponse
-
Remote address:64.70.19.203:80RequestGET /FrMal HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: double.boublebarelled.ws
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Fri, 09 Aug 2024 23:10:20 GMT
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 577
Connection: keep-alive
Access-Control-Allow-Origin: *
-
Remote address:5.61.236.229:80RequestGET /whitepages/online?icq=8765463453&img=5 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: web.icq.com
Connection: Keep-Alive
ResponseHTTP/1.1 301 Moved Permanently
Date: Fri, 09 Aug 2024 23:10:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://web.icq.com/whitepages/online?icq=8765463453&img=5
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
-
Remote address:5.61.236.229:443RequestGET /whitepages/online?icq=8765463453&img=5 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: web.icq.com
Connection: Keep-Alive
ResponseHTTP/1.1 301 Moved Permanently
Date: Fri, 09 Aug 2024 23:10:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://icq.com/
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
-
Remote address:8.8.8.8:53Requestwww.website.wsIN AResponsewww.website.wsIN CNAMEwebsite.wswebsite.wsIN A64.70.19.170
-
Remote address:8.8.8.8:53Requesticq.comIN AResponseicq.comIN A5.61.236.229
-
Remote address:5.61.236.229:443RequestGET / HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: icq.com
Connection: Keep-Alive
ResponseHTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Aug 2024 23:10:21 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: https://icq.com/en
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
-
Remote address:5.61.236.229:443RequestGET /en HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: icq.com
Connection: Keep-Alive
ResponseHTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Aug 2024 23:10:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://icq.com/desktop/en#windows
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy-Report-Only: default-src 'none'; script-src icq.com c.icq.com cicq.org 1l-hit.mail.ru www.google-analytics.com buddyicon.foto.mail.ru www.googletagmanager.com top-fwz1.mail.ru 'sha256-DKOsdd00IXAHc7qK64HiC18YrB2K4SfiH8Sl6A9aFyg=' 'sha256-u4WiMVZhYDdCrFwB8Zn3gLba1EI3pqIlFYWFZfXJl2I=' 'sha256-ynzJCJTMBeZF6kbmzoI2rC+vDRozRAHxsPfAruxve88=' 'sha256-j51JRkq0bwz97Hd/1wJQsIy6/aX9cz16Xyp+M8FshTA=' 'self'; style-src c.icq.com icq.com cicq.org 'self' 'unsafe-inline'; img-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com buddyicon.foto.mail.ru files.icq.com files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net swa.icq.com stats.g.doubleclick.net 'self'; media-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com files.icq.com api.icq.net files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net 'self'; font-src icq.com c.icq.com cicq.org 'self'; connect-src privacy.icq.com icq.com top-fwz1.mail.ru 'self'; report-uri /system/error
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 1; mode=block; report=https://cspreport.mail.ru/xxssprotection
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
-
Remote address:5.61.236.229:443RequestGET /desktop/en HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: icq.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Fri, 09 Aug 2024 23:10:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy-Report-Only: default-src 'none'; script-src icq.com c.icq.com cicq.org 1l-hit.mail.ru www.google-analytics.com buddyicon.foto.mail.ru www.googletagmanager.com top-fwz1.mail.ru 'sha256-DKOsdd00IXAHc7qK64HiC18YrB2K4SfiH8Sl6A9aFyg=' 'sha256-u4WiMVZhYDdCrFwB8Zn3gLba1EI3pqIlFYWFZfXJl2I=' 'sha256-ynzJCJTMBeZF6kbmzoI2rC+vDRozRAHxsPfAruxve88=' 'sha256-j51JRkq0bwz97Hd/1wJQsIy6/aX9cz16Xyp+M8FshTA=' 'self'; style-src c.icq.com icq.com cicq.org 'self' 'unsafe-inline'; img-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com buddyicon.foto.mail.ru files.icq.com files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net swa.icq.com stats.g.doubleclick.net 'self'; media-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com files.icq.com api.icq.net files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net 'self'; font-src icq.com c.icq.com cicq.org 'self'; connect-src privacy.icq.com icq.com top-fwz1.mail.ru 'self'; report-uri /system/error
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 1; mode=block; report=https://cspreport.mail.ru/xxssprotection
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
-
Remote address:8.8.8.8:53Requestcrl.microsoft.comIN AResponsecrl.microsoft.comIN CNAMEcrl.www.ms.akadns.netcrl.www.ms.akadns.netIN CNAMEa1363.dscg.akamai.neta1363.dscg.akamai.netIN A92.123.142.59a1363.dscg.akamai.netIN A92.123.143.227
-
Remote address:92.123.142.59:80RequestGET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 01 May 2024 09:28:59 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-MD5: 5xIscz+eN7ugykyYXOEdbQ==
Last-Modified: Thu, 11 Jul 2024 01:45:51 GMT
ETag: 0x8DCA14B323B2CC0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5fc09696-301e-0053-5f42-d374de000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 09 Aug 2024 23:10:51 GMT
Connection: keep-alive
-
Remote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A95.100.245.144
-
Remote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A95.100.245.144
-
816 B 942 B 12 4
HTTP Request
GET http://double.boublebarelled.ws/FrMalHTTP Response
200 -
374 B 48 B 8 1
-
190 B 124 B 4 3
-
573 B 683 B 6 5
HTTP Request
GET http://web.icq.com/whitepages/online?icq=8765463453&img=5HTTP Response
301 -
1.3kB 5.5kB 13 13
HTTP Request
GET https://web.icq.com/whitepages/online?icq=8765463453&img=5HTTP Response
301 -
395 B 215 B 5 5
-
395 B 215 B 5 5
-
357 B 215 B 5 5
-
357 B 215 B 5 5
-
824 B 5.0kB 11 12
-
2.1kB 20.1kB 18 24
HTTP Request
GET https://icq.com/HTTP Response
302HTTP Request
GET https://icq.com/enHTTP Response
302HTTP Request
GET https://icq.com/desktop/enHTTP Response
200 -
288 B 215 B 5 5
-
288 B 215 B 5 5
-
190 B 88 B 4 2
-
190 B 88 B 4 2
-
399 B 1.7kB 4 4
HTTP Request
GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crlHTTP Response
200 -
747 B 7.6kB 9 11
-
747 B 7.6kB 9 11
-
779 B 7.7kB 9 12
-
62 B 62 B 1 1
DNS Request
spellmanshow.com
-
70 B 86 B 1 1
DNS Request
double.boublebarelled.ws
DNS Response
64.70.19.203
-
57 B 114 B 1 1
DNS Request
web.icq.com
DNS Response
5.61.236.229
-
62 B 62 B 1 1
DNS Request
spellmanshow.com
-
60 B 90 B 1 1
DNS Request
www.website.ws
DNS Response
64.70.19.170
-
53 B 69 B 1 1
DNS Request
icq.com
DNS Response
5.61.236.229
-
63 B 162 B 1 1
DNS Request
crl.microsoft.com
DNS Response
92.123.142.5992.123.143.227
-
63 B 230 B 1 1
DNS Request
www.microsoft.com
DNS Response
95.100.245.144
-
63 B 230 B 1 1
DNS Request
www.microsoft.com
DNS Response
95.100.245.144
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD516464da7f23e8e15e37983f0f618ba9e
SHA181b2f3a435985401a47649f0ba966e2661347bb3
SHA256ffa880cf307beb0e8ba36ea8914c80dbba4c34acc9aa549ee9b5214fae3ae9cd
SHA51270cab814b79c6e0e2570d67dc8011a386aef99b3588faf9eae7fbbbb07dda81d54926af856f61a2ce21c71d4b7f42f129eb3ed6dbca23751b7fb23a788f289a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b8a6d10c1e0b6cdd36fc27a5a3f64ebb
SHA1d9b69689307f13771fd739307d9872703a6f446f
SHA256ac0e02ef2cff60a4d6411cf40a2b5867f7113d6fbc1dea54ccc47042bf7cf702
SHA512598687008080360e080f2eeaf2963538bc57d6c40a1a5b4bd55ec08c041b7f0116b189e38ca432a6c491db57773e3cdcacfddecc944b38249f0cdfc724a198f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54d69913047330076830c216dcb1d8f3f
SHA17e6dc83965485a6786f1aa8d3f6f3a6ac6fd81c5
SHA2563283cc90a2b59f214f874d66c04e26ee4acf369fa9da347039aa2756c835b317
SHA51257d32651a9fa4c189f2dc40137ee96cd09dfcbe66685b7d3b0ed388bf8a7e0dff88dcd1162db8c35323d3b39508966db87fae995d98346a10b6a75b545ea333f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a3441f32bdc852e4896b25023fcf90c4
SHA1d18eb89cc2237a4520de2a4af8972298f58a8cb0
SHA256e824a13ca6cda55e1e569ed98cc01a285ee12dc2c909842c29f70d8dd5424807
SHA5120084849ea0a36039dc47279a85345f604a9bbdc671a3807093f171cfc786ba4bb4e477b9386d8ef682fa0d76e8f5564d93296de1143b7029a60bc7e1c71ca92e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d30dd250bda8c1c8af06f20468ed542
SHA151cb37b973c2fc8a233b41807cb4b64eadbb535f
SHA256dbfd8744a4deb6888f3a5106fbdaa95ba4b3c2d8324f06d4599052530c50c313
SHA51226d5be40e807f2d70560023c0c26e06da5f2ad5efe5aebcbbb2c206a37d6adce69c236165ca00ababc54cea35e8a56ce82b3b14a1a7c326acbc540cab41557e3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc044e6f0e0f31418d061e337d171b46
SHA16f449d58a69d873cc482eb62fc91ce3476645359
SHA256991569ce21fd781ef94dd8031570f53fd430cb9a2e6d26de1a5cb4d92603f5a6
SHA5123c412d88f4f77a01446475167f8822bcfb9fc1e439c012e86f859aeeb95e463b183e3ee9b5c7cd0b169c32683034a6ffd01667473af70ab79634feab673a1f87
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5658ea7080f08e51d86869b7967dfd4e8
SHA1ccb7ac611b70b712ee4f4d528d61746a1ad58b00
SHA25699504f5cc669da6574992a92be16b6bf6cd1f09a16fbbdd3dc9b84e2aa1e47eb
SHA5125b6e023e6bd4c1f35a1cedd2ca7d21e28c8f84dfb2db42bfffb51ff2a964a857386bda445e0a81d648521c2a391b8ad1b93cae250bab5fe7c14f84059fdbf354
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb4ce39434f565d167925ed838be7c8a
SHA19bdf5b33bf9225cca306a0edeb1f9121b9c58168
SHA256631cf1190fac14c619c52c48b15469fe99f70d1436bd16a8718e3f322b2a7ed8
SHA512fb2c119686a792bef99f8b871497792de14deb87d25ccbddab94b799795647442838b43b88c70e1bc9f60433b1e13986aeb826f24470e48831ba3a38a7a5aadc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5521961f587f56e7ccd18e69f05ba38de
SHA187758fc7a1c149dde305a7dafe5ac71c8766c4de
SHA256e7414efccf35dab358b1be677f770114112972878ccb96b87bde89df7f7745f1
SHA5120c4c7ccea640281d30587f01c7b5d9ecb21e2ac38068b6249409d30970eca343e28a56ef484e9c324e915cd383008f7d458cbb1f48076dce638110345983bfa2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5566d9d0a42dd850efc2836f24359ec4e
SHA1628a624fe1f5387f9c6c86af79d574746e2c071c
SHA25674aeee245f01e0f53e37aefe087bee4620c71f40f224ff088e984577cf8528c1
SHA512e67a253aeced557e3a6db6573d666f24d949075555c66002d1d685d666b3c93dec168df8bd9bd21e11a96f0de494dfdbe3b0eb7300c436916bff641629643a05
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD580921e576e3b9261d0b743f1d58b1bd7
SHA1b83de7703ff2acde2fbbb63108c122cf1cbb78c1
SHA256dc467747ea3be84cff5bdf3045ddb0442a68c1e2c58f6be74659adcec8aafe6f
SHA5129205b17e8777e22a16448847b7a0499d536f64c38a87e30db4b27ad04ca13d23c6ebbfc3f1b69431fe6aaa6091b0810b6e6e5574e5d68011d7fa4d7b2eadd794
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5068524cb55d305ff0a3cdba586eb3d1a
SHA1a1db474d3c192f2c28ebb11f4fd992978af9267f
SHA2564308a8105f525b7c06051c45488209dd15c53b923d18764f806a002bdb3a3bf4
SHA51252b454192fee0f6a8ea814bde0524ac1500d170f8d7fc3184712222a3229d7b2a25627f7bd2b075c5a6abc025f68aa35b6ea1d87b63c4a9ece4c514e240fedc0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5486d2a4c594c5ca539535dcaa3cbebea
SHA1a76fad487e84bb56eb2347522728cbdb55ee31d1
SHA2569e12cbe6ca4014e885479be497137596e53e642bebdd02de062a273cb689a151
SHA5120bfa43274555e8ad9e29371a452115db7ec65f3a1714ce5b6c0e88db7854a85cf039f469e7aac560742b01d94167731adb9056c3be954594561126d9371d4914
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD585f542621da8c68f069be7f56a3eba6f
SHA19da1333a47c53e651631cabe0217c0dd5955776e
SHA2562a12008179b88797350fe7838aff0cbf2f041410d9f88f8d9b14d7d65705bafb
SHA512bb6a2c9f4727db32c2c49f5e54e03f4831b0e794bb55136765759efaef71775c8228dd3845b8c818b9e4f9ebc1c433c9602adcd2e94f0c753be277d648fb107e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5295a2b54dc9755bdb97f0da48ffabab2
SHA1db659912745505842a92a3533be50078008821f4
SHA256af1d32147b6a3987945d59bfb84107052f9f81e033b175bc224aee0a4a6a735f
SHA512a419f79bc27dd2fce39960c91dc3bebd671b7231093d9f9298ddd899dfafad447ce2f676c1e4fb27d543a98c2794602f4102a17b69f96ab680b59fcbdfb48432
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d96379f5ff7753521753249c6f73fc1f
SHA1b520cbeca0fcc5159fd97aceba17bff02dd9f23e
SHA256d08343de734ac9f270ea8f97720c7c6abe4b61739bd07598bef76c40be218af9
SHA512c6fdd6be045f9793d4d8a81a198783ba520ac4a3eac53329ef8c9f13ab53479c8cd15634c72089f929a60d849e713b46f6f762d6f51f82949c3b869e0711e38d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f2361d36f4ce24ac7c4c92ec6a9a41ef
SHA1be1fd07034901ee2dcc99e8f5baaaad2cee6d957
SHA25634c01f420bef4560172b5873a34c04f6cfe2e7466463738a33bb2389baff2ca1
SHA512ec3d9f9c3d20662d1c9b9562df72811198856b4aae6da879ec4bc50b54b9d3913272a8468d1ebdda39e2fba6ce203ef26ac68adc62d829a78d63b5752f9d170a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eea98ad95e09594a0f8ba37231fca6cc
SHA1eb5c2d3f9dd5d3c0dadf8a7354b7d835a3162aef
SHA256443813871885074704c6904658ac174abe0def9ea7eaa07322d7c33740b2eeb1
SHA512672164c223090536b3ace01a791b0f80f02ab5aa25e18ea0c26dfb3bea8630ef33fa49817990f31dc37fb4689750c0accd0d44399a9d758b0d029ddc61515784
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fc26ceb37d35dcd45b98b625ce1c8ce5
SHA13a9341c39bcb8746eb7e7e4dcce3a15440785a80
SHA25692e803c568ac2b96236e5873a39083a278c4d06d8056df3d1633f1bbc212d55c
SHA51269604ec18729d48f67a43331ce381169ca3bd4338115db39b37902cb28e8dbe3ab63f0fbf3a438aff5a48def580c57f9ffe572f2f3798316d7281c112874bfef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a972566999f5f9a4be230ddcb1521d51
SHA1016cc89a85b9c0e6cbc16d63b4ca9180731f0cf2
SHA25615581d9ea5857a3653afc71b8c7e43b31cee09f007b88a1f2bd703027434a168
SHA512da962b9a3ac75d4d2a3f632674ca6a0d74e94f35cf9dd68ddf13a68c2ea3d78deaefebaba8f3d5b27c40731fe896b5a04087222c5a6f62484aee1628cd77d2e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e4745906db32754eb8fa2369a6da8cc9
SHA147a7673e2fa5ce96291a9ce15bb56843b0fa8824
SHA25660f424338edacee2fa609ec875742af8e1581e8cd8288a4c1b8b2daba425cdd8
SHA512325c18e3db3187af6b5b95ec45a41b25c1f41e04c4b2066d3b2d3c88b4da2f156b0d4e78a6bb212fd7127addd854477dfe325c7ef338f05c13e4d199dbcc94c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD503fe5c4f1af60a2a1a5697d690610756
SHA13c62aebe8df215732d82f12d4cf3c2ba723acd96
SHA2565aa6d729b079c1530737a56b69bb409361109aeb96b87befb8e086fde699c117
SHA51251b3bfe690ded9f3dcfd84b3bb522a11ae2464def5463a09215e33c263619b3d682f350d1023ad429d5d7e0efb658641921cb29f0ac420cac7da9242f83ec616
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b