Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

2dbce3579b...8.html

windows7-x64

3

2dbce3579b...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 08:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2dbce3579beb0be54cadd5a43c306e58_JaffaCakes118.html

  • Size

    38KB

  • MD5

    2dbce3579beb0be54cadd5a43c306e58

  • SHA1

    9e6cd82e60980e927e87d71355a8215d5304e84b

  • SHA256

    af8712080f80535c04277d5059effba8d1d38adf0edd77f4e38e13ac7d9e00f3

  • SHA512

    d636783b1570aea1d940f9abb275cf64a56463d80f8914a3e02687e13353af6fa2a20abea1121aa5ea127675f37dab9e1d41f08c649bc363ec819da09968d77c

  • SSDEEP

    384:SIIJ86XmsCyp4xPA+aTTip2yeHip2SXr9+isU8c:SlQvaT96Ngc

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2dbce3579beb0be54cadd5a43c306e58_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3248
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed0a346f8,0x7ffed0a34708,0x7ffed0a34718
      2⤵
        PID:3924
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,4178120422115325068,2376206921331251071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
        2⤵
          PID:3496
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,4178120422115325068,2376206921331251071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2756
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,4178120422115325068,2376206921331251071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
          2⤵
            PID:2428
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4178120422115325068,2376206921331251071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
            2⤵
              PID:2792
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4178120422115325068,2376206921331251071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
              2⤵
                PID:4644
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4178120422115325068,2376206921331251071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
                2⤵
                  PID:3168
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4178120422115325068,2376206921331251071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
                  2⤵
                    PID:4936
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4178120422115325068,2376206921331251071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
                    2⤵
                      PID:2328
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4178120422115325068,2376206921331251071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
                      2⤵
                        PID:4132
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,4178120422115325068,2376206921331251071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6552 /prefetch:8
                        2⤵
                          PID:2388
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,4178120422115325068,2376206921331251071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6552 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:384
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4178120422115325068,2376206921331251071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
                          2⤵
                            PID:4932
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4178120422115325068,2376206921331251071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
                            2⤵
                              PID:2344
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,4178120422115325068,2376206921331251071,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5384 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2392
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4896
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4992

                              Network

                              • flag-us
                                DNS
                                www.wichsfotos-wichsfilme.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                www.wichsfotos-wichsfilme.com
                                IN A
                                Response
                              • flag-us
                                DNS
                                affaire.sexmoney.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                affaire.sexmoney.com
                                IN A
                                Response
                              • flag-us
                                DNS
                                bannerrotation.sexmoney.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                bannerrotation.sexmoney.com
                                IN A
                                Response
                              • flag-us
                                DNS
                                www.countmyusers.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                www.countmyusers.com
                                IN A
                                Response
                              • flag-us
                                DNS
                                www.wichsbilder-wichsvorlagen.net
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                www.wichsbilder-wichsvorlagen.net
                                IN A
                                Response
                              • flag-us
                                DNS
                                www.einfachgeiler.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                www.einfachgeiler.com
                                IN A
                                Response
                                www.einfachgeiler.com
                                IN CNAME
                                einfachgeiler.com
                                einfachgeiler.com
                                IN A
                                62.138.185.13
                              • flag-fr
                                GET
                                http://www.einfachgeiler.com/wmtools/ifr/321/wmdata_2266-iframe-5-5-000000-FF6600----
                                msedge.exe
                                Remote address:
                                62.138.185.13:80
                                Request
                                GET /wmtools/ifr/321/wmdata_2266-iframe-5-5-000000-FF6600---- HTTP/1.1
                                Host: www.einfachgeiler.com
                                Connection: keep-alive
                                Upgrade-Insecure-Requests: 1
                                DNT: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                Accept-Encoding: gzip, deflate
                                Accept-Language: en-US,en;q=0.9
                                Response
                                HTTP/1.1 301 Moved Permanently
                                Date: Wed, 09 Oct 2024 20:03:35 GMT
                                Server: Apache/2.4.25 (Debian)
                                Location: https://www.einfachgeiler.com/wmtools/ifr/321/wmdata_2266-iframe-5-5-000000-FF6600----
                                Content-Length: 381
                                Keep-Alive: timeout=5, max=100
                                Connection: Keep-Alive
                                Content-Type: text/html; charset=iso-8859-1
                              • flag-fr
                                GET
                                https://www.einfachgeiler.com/wmtools/ifr/321/wmdata_2266-iframe-5-5-000000-FF6600----
                                msedge.exe
                                Remote address:
                                62.138.185.13:443
                                Request
                                GET /wmtools/ifr/321/wmdata_2266-iframe-5-5-000000-FF6600---- HTTP/1.1
                                Host: www.einfachgeiler.com
                                Connection: keep-alive
                                Upgrade-Insecure-Requests: 1
                                DNT: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                Sec-Fetch-Site: cross-site
                                Sec-Fetch-Mode: navigate
                                Sec-Fetch-Dest: iframe
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                sec-ch-ua-mobile: ?0
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                Response
                                HTTP/1.1 301 Moved Permanently
                                Date: Wed, 09 Oct 2024 20:03:35 GMT
                                Server: Apache/2.4.25 (Debian)
                                Location: http://wm-space.einfachgeiler.com/dyn_xchange/bc_cat/321/?row=5&col=5&color=FF6600&bgcolor=000000&view_type=&wmid=2266&em=5
                                Connection: close
                                Content-Length: 0
                                Content-Type: text/html; charset=UTF-8
                              • flag-us
                                DNS
                                mhost.servemp3.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                mhost.servemp3.com
                                IN A
                                Response
                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                Response
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                dnsgoogle
                              • flag-us
                                DNS
                                71.31.126.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                71.31.126.40.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                13.185.138.62.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                13.185.138.62.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                88.210.23.2.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                88.210.23.2.in-addr.arpa
                                IN PTR
                                Response
                                88.210.23.2.in-addr.arpa
                                IN PTR
                                a2-23-210-88deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                43.58.199.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                43.58.199.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                wm-space.einfachgeiler.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                wm-space.einfachgeiler.com
                                IN A
                                Response
                                wm-space.einfachgeiler.com
                                IN A
                                62.138.185.16
                              • flag-us
                                DNS
                                212.20.149.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                212.20.149.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                198.187.3.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                198.187.3.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                101.11.19.2.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                101.11.19.2.in-addr.arpa
                                IN PTR
                                Response
                                101.11.19.2.in-addr.arpa
                                IN PTR
                                a2-19-11-101deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                134.190.18.2.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                134.190.18.2.in-addr.arpa
                                IN PTR
                                Response
                                134.190.18.2.in-addr.arpa
                                IN PTR
                                a2-18-190-134deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                139.190.18.2.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                139.190.18.2.in-addr.arpa
                                IN PTR
                                Response
                                139.190.18.2.in-addr.arpa
                                IN PTR
                                a2-18-190-139deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                19.229.111.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                19.229.111.52.in-addr.arpa
                                IN PTR
                                Response
                              • 62.138.185.13:80
                                http://www.einfachgeiler.com/wmtools/ifr/321/wmdata_2266-iframe-5-5-000000-FF6600----
                                http
                                msedge.exe
                                785 B
                                 916 B
                                 6
                                5

                                HTTP Request

                                GET http://www.einfachgeiler.com/wmtools/ifr/321/wmdata_2266-iframe-5-5-000000-FF6600----

                                HTTP Response

                                301
                              • 62.138.185.13:443
                                https://www.einfachgeiler.com/wmtools/ifr/321/wmdata_2266-iframe-5-5-000000-FF6600----
                                tls, http
                                msedge.exe
                                1.9kB
                                 4.6kB
                                 11
                                11

                                HTTP Request

                                GET https://www.einfachgeiler.com/wmtools/ifr/321/wmdata_2266-iframe-5-5-000000-FF6600----

                                HTTP Response

                                301
                              • 62.138.185.16:80
                                wm-space.einfachgeiler.com
                                msedge.exe
                                260 B
                                 5
                              • 62.138.185.16:80
                                wm-space.einfachgeiler.com
                                msedge.exe
                                260 B
                                 5
                              • 8.8.8.8:53
                                www.wichsfotos-wichsfilme.com
                                dns
                                msedge.exe
                                75 B
                                 148 B
                                 1
                                1

                                DNS Request

                                www.wichsfotos-wichsfilme.com

                              • 8.8.8.8:53
                                affaire.sexmoney.com
                                dns
                                msedge.exe
                                66 B
                                 123 B
                                 1
                                1

                                DNS Request

                                affaire.sexmoney.com

                              • 8.8.8.8:53
                                bannerrotation.sexmoney.com
                                dns
                                msedge.exe
                                73 B
                                 130 B
                                 1
                                1

                                DNS Request

                                bannerrotation.sexmoney.com

                              • 8.8.8.8:53
                                www.countmyusers.com
                                dns
                                msedge.exe
                                66 B
                                 139 B
                                 1
                                1

                                DNS Request

                                www.countmyusers.com

                              • 8.8.8.8:53
                                www.wichsbilder-wichsvorlagen.net
                                dns
                                msedge.exe
                                79 B
                                 152 B
                                 1
                                1

                                DNS Request

                                www.wichsbilder-wichsvorlagen.net

                              • 8.8.8.8:53
                                www.einfachgeiler.com
                                dns
                                msedge.exe
                                67 B
                                 97 B
                                 1
                                1

                                DNS Request

                                www.einfachgeiler.com

                                DNS Response

                                62.138.185.13

                              • 8.8.8.8:53
                                mhost.servemp3.com
                                dns
                                msedge.exe
                                64 B
                                 121 B
                                 1
                                1

                                DNS Request

                                mhost.servemp3.com

                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                66 B
                                 90 B
                                 1
                                1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                71.31.126.40.in-addr.arpa
                                dns
                                71 B
                                 157 B
                                 1
                                1

                                DNS Request

                                71.31.126.40.in-addr.arpa

                              • 8.8.8.8:53
                                13.185.138.62.in-addr.arpa
                                dns
                                72 B
                                 144 B
                                 1
                                1

                                DNS Request

                                13.185.138.62.in-addr.arpa

                              • 8.8.8.8:53
                                88.210.23.2.in-addr.arpa
                                dns
                                70 B
                                 133 B
                                 1
                                1

                                DNS Request

                                88.210.23.2.in-addr.arpa

                              • 8.8.8.8:53
                                43.58.199.20.in-addr.arpa
                                dns
                                71 B
                                 157 B
                                 1
                                1

                                DNS Request

                                43.58.199.20.in-addr.arpa

                              • 8.8.8.8:53
                                wm-space.einfachgeiler.com
                                dns
                                msedge.exe
                                72 B
                                 88 B
                                 1
                                1

                                DNS Request

                                wm-space.einfachgeiler.com

                                DNS Response

                                62.138.185.16

                              • 224.0.0.251:5353
                                msedge.exe
                                451 B
                                 7
                              • 8.8.8.8:53
                                212.20.149.52.in-addr.arpa
                                dns
                                72 B
                                 146 B
                                 1
                                1

                                DNS Request

                                212.20.149.52.in-addr.arpa

                              • 8.8.8.8:53
                                198.187.3.20.in-addr.arpa
                                dns
                                71 B
                                 157 B
                                 1
                                1

                                DNS Request

                                198.187.3.20.in-addr.arpa

                              • 8.8.8.8:53
                                101.11.19.2.in-addr.arpa
                                dns
                                70 B
                                 133 B
                                 1
                                1

                                DNS Request

                                101.11.19.2.in-addr.arpa

                              • 8.8.8.8:53
                                134.190.18.2.in-addr.arpa
                                dns
                                71 B
                                 135 B
                                 1
                                1

                                DNS Request

                                134.190.18.2.in-addr.arpa

                              • 8.8.8.8:53
                                139.190.18.2.in-addr.arpa
                                dns
                                71 B
                                 135 B
                                 1
                                1

                                DNS Request

                                139.190.18.2.in-addr.arpa

                              • 8.8.8.8:53
                                19.229.111.52.in-addr.arpa
                                dns
                                72 B
                                 158 B
                                 1
                                1

                                DNS Request

                                19.229.111.52.in-addr.arpa

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                b8880802fc2bb880a7a869faa01315b0

                                SHA1

                                51d1a3fa2c272f094515675d82150bfce08ee8d3

                                SHA256

                                467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

                                SHA512

                                e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                ba6ef346187b40694d493da98d5da979

                                SHA1

                                643c15bec043f8673943885199bb06cd1652ee37

                                SHA256

                                d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

                                SHA512

                                2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                0f3f13871f546939b1d8d71ecdc219ee

                                SHA1

                                f66dca76161c07f7132e77e955f8f60680d5dfbb

                                SHA256

                                9f522d11f0bb8dc17190fe51efd644278d571fd288ea754a485724d90a46938a

                                SHA512

                                aa48ea874598cb2ad89842ce07adb57930e0948760fadaece01e208c95b306eb8c37e04587dccfce851c3599f35213944064d5857d0313acc0eed29ea937e8ae

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                256d41bbca4def6a231015b4fb7db6a3

                                SHA1

                                5b4519251052543067ad831f1b8d462fa43ceec9

                                SHA256

                                b20a6cc5de9ec4f8b66cf894d0afe99ca482862b7bd2e89a79f2e37385946631

                                SHA512

                                be81aa8e81cb32f9d77bc0df49d02b742929d030e69d86d7606e92f4d5afed493269405b6417ed4f35a91a6005b10ea3bb41e997baefdbdb2cbb74e1ec446925

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                46295cac801e5d4857d09837238a6394

                                SHA1

                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                SHA256

                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                SHA512

                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                206702161f94c5cd39fadd03f4014d98

                                SHA1

                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                SHA256

                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                SHA512

                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                10KB

                                MD5

                                b2ccb810242260ee08ad6f2006d07baa

                                SHA1

                                078415da52dcb202f4692b200dbebe13a4e6733a

                                SHA256

                                abb1c1334031af712a9d0776a8da66586d7349f828d710e454afeeaecc27932c

                                SHA512

                                3069d81a73e273371d0e16c722891a1011bb6f8549845154d0feb0c0cceaffdca09b6b488bc7f1594d33593fc52151bf0b1f7329b96bb2dba88be33e93fd4151

                                Download Submit

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.