Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/09/2024, 13:52 UTC

General

  • Target

    fa855af1ec77440a0c230d7549d279a1_JaffaCakes118.html

  • Size

    6KB

  • MD5

    fa855af1ec77440a0c230d7549d279a1

  • SHA1

    f859a1e9abb0305fbd4ffd5d4699e4e52db3c5c2

  • SHA256

    a4404d09a95e69886798ed2744c9b24a40941f91541d4316d15221363cb91f67

  • SHA512

    624d70266dba9a6b4586eba683c3cc91b7e8ff9798a8f2e51cd54dc4e7831dc1eac6045850eb0ddf91f7eb8fa856a70ec450780c411100d761abf23b7adac195

  • SSDEEP

    192:bsCx47zPc9jI2OHZDX/ORw3RXPEqHIvKxm/KEYRRqphnWhZVzaxmD+T:bsCU6EXGO3lPE5H/KxaphWhZFS

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fa855af1ec77440a0c230d7549d279a1_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3712
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe72da46f8,0x7ffe72da4708,0x7ffe72da4718
      2⤵
        PID:2156
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
        2⤵
          PID:4604
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2952
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
          2⤵
            PID:3668
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
            2⤵
              PID:1020
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
              2⤵
                PID:1708
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
                2⤵
                  PID:4544
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
                  2⤵
                    PID:2980
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
                    2⤵
                      PID:4912
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:5028
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
                      2⤵
                        PID:2228
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
                        2⤵
                          PID:1484
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
                          2⤵
                            PID:3628
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
                            2⤵
                              PID:2780
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,1465010710723990124,17674170847910509597,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5692 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3460
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4092
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3608

                              Network

                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                Response
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                dnsgoogle
                              • flag-us
                                DNS
                                onlyfind.net
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                onlyfind.net
                                IN A
                                Response
                                onlyfind.net
                                IN A
                                185.53.179.170
                              • flag-de
                                GET
                                http://onlyfind.net/in.cgi?3&group=18&parameter=agenzia+viaggi+lecco
                                msedge.exe
                                Remote address:
                                185.53.179.170:80
                                Request
                                GET /in.cgi?3&group=18&parameter=agenzia+viaggi+lecco HTTP/1.1
                                Host: onlyfind.net
                                Connection: keep-alive
                                Upgrade-Insecure-Requests: 1
                                DNT: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                Accept-Encoding: gzip, deflate
                                Accept-Language: en-US,en;q=0.9
                                Response
                                HTTP/1.1 200 OK
                                Server: nginx
                                Date: Fri, 27 Sep 2024 13:52:49 GMT
                                Content-Type: text/html; charset=UTF-8
                                Transfer-Encoding: chunked
                                Connection: keep-alive
                                Vary: Accept-Encoding
                                X-Redirect: skenzo
                                X-Buckets: bucket011,bucket088
                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_JBrU4718Ao88r8o77l1HZNUcOx7UcJMu+ACWW3jyoBLfQWZR4m667k+ExjLpDZvdAcpF/scZh00XKeGMrVuvJQ==
                                X-Template: tpl_CleanPeppermintBlack_twoclick
                                X-Language: english
                                Accept-CH: viewport-width
                                Accept-CH: dpr
                                Accept-CH: device-memory
                                Accept-CH: rtt
                                Accept-CH: downlink
                                Accept-CH: ect
                                Accept-CH: ua
                                Accept-CH: ua-full-version
                                Accept-CH: ua-platform
                                Accept-CH: ua-platform-version
                                Accept-CH: ua-arch
                                Accept-CH: ua-model
                                Accept-CH: ua-mobile
                                Accept-CH-Lifetime: 30
                                X-Pcrew-Ip-Organization: Datacamp
                                X-Pcrew-Blocked-Reason: hosting network
                                X-Domain: onlyfind.net
                                X-Subdomain:
                                Content-Encoding: gzip
                              • flag-de
                                GET
                                http://onlyfind.net/favicon.ico
                                msedge.exe
                                Remote address:
                                185.53.179.170:80
                                Request
                                GET /favicon.ico HTTP/1.1
                                Host: onlyfind.net
                                Connection: keep-alive
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                DNT: 1
                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                Referer: http://onlyfind.net/in.cgi?3&group=18&parameter=agenzia+viaggi+lecco
                                Accept-Encoding: gzip, deflate
                                Accept-Language: en-US,en;q=0.9
                                Response
                                HTTP/1.1 200 OK
                                Server: nginx
                                Date: Fri, 27 Sep 2024 13:52:50 GMT
                                Content-Type: image/x-icon
                                Content-Length: 0
                                Connection: keep-alive
                                Last-Modified: Thu, 26 Sep 2024 07:56:43 GMT
                                ETag: "66f513bb-0"
                                Accept-Ranges: bytes
                              • flag-us
                                DNS
                                ifdnzact.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                ifdnzact.com
                                IN A
                                Response
                                ifdnzact.com
                                IN A
                                208.91.196.46
                              • flag-us
                                DNS
                                www.mydomaincontact.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                www.mydomaincontact.com
                                IN A
                                Response
                                www.mydomaincontact.com
                                IN A
                                54.72.135.125
                                www.mydomaincontact.com
                                IN A
                                54.72.39.107
                                www.mydomaincontact.com
                                IN A
                                63.33.162.142
                              • flag-us
                                GET
                                http://ifdnzact.com/?dn=onlyfind.net&pid=9PO755G95
                                msedge.exe
                                Remote address:
                                208.91.196.46:80
                                Request
                                GET /?dn=onlyfind.net&pid=9PO755G95 HTTP/1.1
                                Host: ifdnzact.com
                                Connection: keep-alive
                                Upgrade-Insecure-Requests: 1
                                DNT: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                Referer: http://onlyfind.net/
                                Accept-Encoding: gzip, deflate
                                Accept-Language: en-US,en;q=0.9
                                Response
                                HTTP/1.1 403 Forbidden
                                Date: Fri, 27 Sep 2024 13:52:50 GMT
                                Server: Apache
                                Referrer-Policy: no-referrer-when-downgrade
                                Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                Content-Length: 300
                                Keep-Alive: timeout=5, max=112
                                Connection: Keep-Alive
                                Content-Type: text/html; charset=UTF-8
                              • flag-us
                                DNS
                                209.205.72.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                209.205.72.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                138.32.126.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                138.32.126.40.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                170.179.53.185.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                170.179.53.185.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                88.210.23.2.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                88.210.23.2.in-addr.arpa
                                IN PTR
                                Response
                                88.210.23.2.in-addr.arpa
                                IN PTR
                                a2-23-210-88deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                95.221.229.192.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                95.221.229.192.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                46.196.91.208.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                46.196.91.208.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                46.196.91.208.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                46.196.91.208.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                46.196.91.208.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                46.196.91.208.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                197.87.175.4.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                197.87.175.4.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                171.39.242.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                171.39.242.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                99.209.201.84.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                99.209.201.84.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                172.214.232.199.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                172.214.232.199.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                11.227.111.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                11.227.111.52.in-addr.arpa
                                IN PTR
                                Response
                              • 185.53.179.170:80
                                http://onlyfind.net/favicon.ico
                                http
                                msedge.exe
                                1.3kB
                                4.1kB
                                9
                                11

                                HTTP Request

                                GET http://onlyfind.net/in.cgi?3&group=18&parameter=agenzia+viaggi+lecco

                                HTTP Response

                                200

                                HTTP Request

                                GET http://onlyfind.net/favicon.ico

                                HTTP Response

                                200
                              • 185.53.179.170:80
                                onlyfind.net
                                msedge.exe
                                190 B
                                164 B
                                4
                                4
                              • 208.91.196.46:80
                                http://ifdnzact.com/?dn=onlyfind.net&pid=9PO755G95
                                http
                                msedge.exe
                                827 B
                                1.2kB
                                7
                                5

                                HTTP Request

                                GET http://ifdnzact.com/?dn=onlyfind.net&pid=9PO755G95

                                HTTP Response

                                403
                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                66 B
                                90 B
                                1
                                1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                onlyfind.net
                                dns
                                msedge.exe
                                58 B
                                74 B
                                1
                                1

                                DNS Request

                                onlyfind.net

                                DNS Response

                                185.53.179.170

                              • 8.8.8.8:53
                                ifdnzact.com
                                dns
                                msedge.exe
                                58 B
                                74 B
                                1
                                1

                                DNS Request

                                ifdnzact.com

                                DNS Response

                                208.91.196.46

                              • 8.8.8.8:53
                                www.mydomaincontact.com
                                dns
                                msedge.exe
                                69 B
                                117 B
                                1
                                1

                                DNS Request

                                www.mydomaincontact.com

                                DNS Response

                                54.72.135.125
                                54.72.39.107
                                63.33.162.142

                              • 8.8.8.8:53
                                209.205.72.20.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                209.205.72.20.in-addr.arpa

                              • 8.8.8.8:53
                                138.32.126.40.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                138.32.126.40.in-addr.arpa

                              • 8.8.8.8:53
                                170.179.53.185.in-addr.arpa
                                dns
                                73 B
                                151 B
                                1
                                1

                                DNS Request

                                170.179.53.185.in-addr.arpa

                              • 8.8.8.8:53
                                88.210.23.2.in-addr.arpa
                                dns
                                70 B
                                133 B
                                1
                                1

                                DNS Request

                                88.210.23.2.in-addr.arpa

                              • 8.8.8.8:53
                                95.221.229.192.in-addr.arpa
                                dns
                                73 B
                                144 B
                                1
                                1

                                DNS Request

                                95.221.229.192.in-addr.arpa

                              • 8.8.8.8:53
                                46.196.91.208.in-addr.arpa
                                dns
                                216 B
                                216 B
                                3
                                3

                                DNS Request

                                46.196.91.208.in-addr.arpa

                                DNS Request

                                46.196.91.208.in-addr.arpa

                                DNS Request

                                46.196.91.208.in-addr.arpa

                              • 224.0.0.251:5353
                                584 B
                                9
                              • 8.8.8.8:53
                                197.87.175.4.in-addr.arpa
                                dns
                                71 B
                                157 B
                                1
                                1

                                DNS Request

                                197.87.175.4.in-addr.arpa

                              • 8.8.8.8:53
                                171.39.242.20.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                171.39.242.20.in-addr.arpa

                              • 8.8.8.8:53
                                99.209.201.84.in-addr.arpa
                                dns
                                72 B
                                132 B
                                1
                                1

                                DNS Request

                                99.209.201.84.in-addr.arpa

                              • 8.8.8.8:53
                                172.214.232.199.in-addr.arpa
                                dns
                                74 B
                                128 B
                                1
                                1

                                DNS Request

                                172.214.232.199.in-addr.arpa

                              • 8.8.8.8:53
                                11.227.111.52.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                11.227.111.52.in-addr.arpa

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                e4f80e7950cbd3bb11257d2000cb885e

                                SHA1

                                10ac643904d539042d8f7aa4a312b13ec2106035

                                SHA256

                                1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

                                SHA512

                                2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                2dc1a9f2f3f8c3cfe51bb29b078166c5

                                SHA1

                                eaf3c3dad3c8dc6f18dc3e055b415da78b704402

                                SHA256

                                dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

                                SHA512

                                682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                216b36062793a404265326f0b2912a8d

                                SHA1

                                3ac0b87d3c35be086fe2e9e7668d77139da08f69

                                SHA256

                                5ea936fc473fc9c39f123933f1f89c5e7ae82ad23c8ddd08e0ac2793f73b9aab

                                SHA512

                                0641a2f728a6c3b062f146dd79a2192bb8862d31c2d69f83f7c4205850502d299b77d14a85e848add8ea1b49e6385fb05142ea8df16737cf11426da1319c70d9

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                8b9435498172eec9451b192681971d39

                                SHA1

                                df1ce9d691ef2579dc25206eb39776967ff47893

                                SHA256

                                6615fad9f0e10c6b554c52f1c723650ff6bfcb7e4cce3e410ca296350b9368e5

                                SHA512

                                26698dca53ac08d9df475128f8db6dbe029682b86d41f4142a12cc84b6acba9fef82f11085e965ea52a1fcbe51a6fb7cba5b0a9c496b842ce5ded8f6d87b0706

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                Filesize

                                10KB

                                MD5

                                1e91c47834e59d56d7168cccc284ff52

                                SHA1

                                1aa0d5184374a6e683206acff63eb2faabfbee2c

                                SHA256

                                8197a1b63d5d5c062a77e27efc507679bd568597dd8893809f09f0d3a0186868

                                SHA512

                                2f27e96b3cbe29856f725a82f378e9e5d51e1f0f1a8a891566b210fdd10e54d652842843153d97cffecc689d88a3844f45b294007eb50792fb69923c5b36a6a1

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.