f08130ff8f580e3bf902eec1400af45854341bbb5ccf00f669092efc76a076fa

Analysis

max time kernel
137s
max time network
146s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
17/07/2023, 03:13 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

classroom.html
Size

517B
MD5

ff28760867f416f792f570022ac87974
SHA1

01b2dd0349eb737ea3d43be36e0f610ddb7eb70a
SHA256

cc055d1486aa3f323ee3a22ee16e343619b98e538b5cf7ff960bc53e0deb72e0
SHA512

829f8cd106f8532cc7c5a477d68c9aeb440af3937ced4d82d49289fce786f64233dbff9d722f8d47d5b8eb0714e49832f53053041ec3e27345ff1ac345fcd0c3

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "396328662"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015e49348610e2a42ac63317e6e4271ae000000000200000000001066000000010000200000006b028820e36710977e834656cc2a09b09b06f773f02d862ad7136c5dec42ee8d000000000e8000000002000020000000331baced785fef9a3ab3c1976e73bce18d61ff1e68eb4d64ea519732090c94c890000000acb9f89a8d1ae622d69e95a888bc3b65cbb7d3b235d744057737ff45da21cd38220122cbc5a648ebc7fd2e2d626f65771253449b07fefe92f59f292da871fdf67c460a89bab58aa055d6c918ca3148b8bef4f80e140df1c4905392078ff65a3db40dac0ecdd4757d165116fb1bcab2fad1d9887e9f84d6d2dc69f1d392a645a242c7b963bd0dc78ba54df1b9e14af8e6400000001254cc22759fe52812370b10cfbfa8fb19bc32fe788eae4d1af6183931de89708a8eb1310807d88b8f4910021d8e673414eaa41ec9c408a5c2ace6c6e15318de	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{159F8ED1-2450-11EE-80F5-E23FD76D3CC4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015e49348610e2a42ac63317e6e4271ae0000000002000000000010660000000100002000000024e0a7b7a90d84853dabb82a5994a1919a4d52fb36e575b07eb4e30fbfa3a5d2000000000e8000000002000020000000c634177516dad1615809979254e6a965e2ee5971ec73f00b2a66aa685051c3d920000000d2dadf91a5dcafc5fd2d310d23cd61229291ffae64e44f4e2fd1b540156398fe40000000381501a164e289cf8134cdb955fab4eaf5ee1bbe61d922ffac5e7c5e76a64ea195bc9f952ada7b25d6758e1f6592e689d2be00609ce36feb3db7a28d5d8084a3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10bc75f05cb8d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1700	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1700	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1700	iexplore.exe
1700	iexplore.exe
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2620	1700	iexplore.exe	28
PID 1700 wrote to memory of 2620	1700	iexplore.exe	28
PID 1700 wrote to memory of 2620	1700	iexplore.exe	28
PID 1700 wrote to memory of 2620	1700	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\classroom.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2620

Network

DNS

apis.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

172.217.23.206
GET

https://apis.google.com/js/platform.js

IEXPLORE.EXE

Remote address:

172.217.23.206:443

Request

GET /js/platform.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Mon, 17 Jul 2023 03:14:58 GMT
Expires: Mon, 17 Jul 2023 03:14:58 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "350a26909a9a3486"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5o5-TAFr18s.O/m=sharetoclassroom/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

172.217.23.206:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.5o5-TAFr18s.O/m=sharetoclassroom/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 54704
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 13 Jul 2023 18:53:18 GMT
Expires: Fri, 12 Jul 2024 18:53:18 GMT
Cache-Control: public, max-age=31536000
Age: 289300
Last-Modified: Tue, 06 Jun 2023 15:25:44 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5o5-TAFr18s.O/m=auth/exm=sharetoclassroom/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ/cb=gapi.loaded_1?le=scs

IEXPLORE.EXE

Remote address:

172.217.23.206:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.5o5-TAFr18s.O/m=auth/exm=sharetoclassroom/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ/cb=gapi.loaded_1?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 34445
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 15 Jul 2023 19:34:00 GMT
Expires: Sun, 14 Jul 2024 19:34:00 GMT
Cache-Control: public, max-age=31536000
Age: 114058
Last-Modified: Tue, 06 Jun 2023 15:25:44 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/js/rpc:shindig_random.js?onload=init

IEXPLORE.EXE

Remote address:

172.217.23.206:443

Request

GET /js/rpc:shindig_random.js?onload=init HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive
Cookie: NID=511=A1mO3AkcupSvTCUnAdwOJ3p9kfQ-EpexmR6yLR4GQW2ScezAF_qOeucCe897SI8CNdwIucQPfuBb_L7CSAgO_N2KWM2oca0coxbGK5IKNeuy87a1LyBZQVvNpAwhkm4XQaAMftnhqv9manB1zp3NXZwM18FejE4oE9hw8HODKvs

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Mon, 17 Jul 2023 03:15:01 GMT
Expires: Mon, 17 Jul 2023 03:15:01 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "f506aa030db91aa0"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5o5-TAFr18s.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

172.217.23.206:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.5o5-TAFr18s.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive
Cookie: NID=511=A1mO3AkcupSvTCUnAdwOJ3p9kfQ-EpexmR6yLR4GQW2ScezAF_qOeucCe897SI8CNdwIucQPfuBb_L7CSAgO_N2KWM2oca0coxbGK5IKNeuy87a1LyBZQVvNpAwhkm4XQaAMftnhqv9manB1zp3NXZwM18FejE4oE9hw8HODKvs

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 22860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 15 Jul 2023 09:21:07 GMT
Expires: Sun, 14 Jul 2024 09:21:07 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 06 Jun 2023 15:25:44 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 150834
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

classroom.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

classroom.google.com

IN A

Response

classroom.google.com

IN A

142.251.36.46
GET

https://classroom.google.com/sharewidget?usegapi=1&url=%24VIDEO_URL%24&body=test&origin=file%3A%2F%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.251.36.46:443

Request

GET /sharewidget?usegapi=1&url=%24VIDEO_URL%24&body=test&origin=file%3A%2F%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: classroom.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Expires: Mon, 17 Jul 2023 03:15:00 GMT
Date: Mon, 17 Jul 2023 03:15:00 GMT
Cache-Control: private, max-age=86400
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport
Content-Security-Policy: script-src 'nonce-9DVjEIShX4N1Clfcdxck8A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://classroom.google.com/cspreport
Cross-Origin-Resource-Policy: same-site
Cross-Origin-Opener-Policy: same-origin
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Set-Cookie: NID=511=A1mO3AkcupSvTCUnAdwOJ3p9kfQ-EpexmR6yLR4GQW2ScezAF_qOeucCe897SI8CNdwIucQPfuBb_L7CSAgO_N2KWM2oca0coxbGK5IKNeuy87a1LyBZQVvNpAwhkm4XQaAMftnhqv9manB1zp3NXZwM18FejE4oE9hw8HODKvs; expires=Tue, 16-Jan-2024 03:15:00 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

accounts.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.251.36.45
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.251.36.45:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive
Cookie: NID=511=A1mO3AkcupSvTCUnAdwOJ3p9kfQ-EpexmR6yLR4GQW2ScezAF_qOeucCe897SI8CNdwIucQPfuBb_L7CSAgO_N2KWM2oca0coxbGK5IKNeuy87a1LyBZQVvNpAwhkm4XQaAMftnhqv9manB1zp3NXZwM18FejE4oE9hw8HODKvs

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 17 Jul 2023 03:15:01 GMT
Content-Security-Policy: script-src 'nonce--Y4dWE7rRjxb3WicsCauTA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

ssl.gstatic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

172.217.23.195
GET

https://ssl.gstatic.com/accounts/o/3698212825-postmessagerelay.js

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /accounts/o/3698212825-postmessagerelay.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ssl.gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="federated-signon-mpm-access"
Report-To: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
Content-Length: 5184
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 16 Jul 2023 15:45:49 GMT
Expires: Mon, 15 Jul 2024 15:45:49 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 13 Jul 2023 00:13:48 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 41352
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.251.36.45:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive
Cookie: NID=511=A1mO3AkcupSvTCUnAdwOJ3p9kfQ-EpexmR6yLR4GQW2ScezAF_qOeucCe897SI8CNdwIucQPfuBb_L7CSAgO_N2KWM2oca0coxbGK5IKNeuy87a1LyBZQVvNpAwhkm4XQaAMftnhqv9manB1zp3NXZwM18FejE4oE9hw8HODKvs

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 17 Jul 2023 03:16:03 GMT
Content-Security-Policy: script-src 'nonce-Qey9yXv8MlJXvOO7kzikCg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.251.36.45:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive
Cookie: NID=511=A1mO3AkcupSvTCUnAdwOJ3p9kfQ-EpexmR6yLR4GQW2ScezAF_qOeucCe897SI8CNdwIucQPfuBb_L7CSAgO_N2KWM2oca0coxbGK5IKNeuy87a1LyBZQVvNpAwhkm4XQaAMftnhqv9manB1zp3NXZwM18FejE4oE9hw8HODKvs

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 17 Jul 2023 03:17:05 GMT
Content-Security-Policy: script-src 'nonce-paABWMLJKMNZmdfwlK8v1w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked

172.217.23.206:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5o5-TAFr18s.O/m=sharetoclassroom/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ/cb=gapi.loaded_0?le=scs

tls, http

IEXPLORE.EXE

3.0kB
88.0kB
44
70

HTTP Request

GET https://apis.google.com/js/platform.js

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5o5-TAFr18s.O/m=sharetoclassroom/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ/cb=gapi.loaded_0?le=scs

HTTP Response

200
172.217.23.206:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5o5-TAFr18s.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ/cb=gapi.loaded_0?le=scs

tls, http

IEXPLORE.EXE

4.1kB
75.8kB
39
62

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5o5-TAFr18s.O/m=auth/exm=sharetoclassroom/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ/cb=gapi.loaded_1?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/js/rpc:shindig_random.js?onload=init

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5o5-TAFr18s.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ/cb=gapi.loaded_0?le=scs

HTTP Response

200
142.251.36.46:443

classroom.google.com

tls

IEXPLORE.EXE

757 B
4.8kB
10
9
142.251.36.46:443

https://classroom.google.com/sharewidget?usegapi=1&url=%24VIDEO_URL%24&body=test&origin=file%3A%2F%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.4kB
7.0kB
12
14

HTTP Request

GET https://classroom.google.com/sharewidget?usegapi=1&url=%24VIDEO_URL%24&body=test&origin=file%3A%2F%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__

HTTP Response

200
142.251.36.45:443

accounts.google.com

tls

IEXPLORE.EXE

756 B
4.8kB
10
9
142.251.36.45:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.5kB
6.2kB
11
13

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__

HTTP Response

200
172.217.23.195:443

https://ssl.gstatic.com/accounts/o/3698212825-postmessagerelay.js

tls, http

IEXPLORE.EXE

1.4kB
11.9kB
12
14

HTTP Request

GET https://ssl.gstatic.com/accounts/o/3698212825-postmessagerelay.js

HTTP Response

200
172.217.23.195:443

ssl.gstatic.com

tls

IEXPLORE.EXE

752 B
4.8kB
10
9
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
142.251.36.45:443

accounts.google.com

tls

IEXPLORE.EXE

523 B
355 B
6
5
142.251.36.45:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.4kB
1.9kB
10
10

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__

HTTP Response

200
142.251.36.45:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.2kB
1.9kB
7
8

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.5o5-TAFr18s.O%2Fd%3D1%2Frs%3DAHpOoo_qgszOsFrBH7bZ1Rmfwa9Mc03wLQ%2Fm%3D__features__

HTTP Response

200
142.251.36.45:443

accounts.google.com

tls

IEXPLORE.EXE

431 B
315 B
4
4

8.8.8.8:53

apis.google.com

dns

IEXPLORE.EXE

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

172.217.23.206
8.8.8.8:53

classroom.google.com

dns

IEXPLORE.EXE

66 B
82 B
1
1

DNS Request

classroom.google.com

DNS Response

142.251.36.46
8.8.8.8:53

accounts.google.com

dns

IEXPLORE.EXE

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.251.36.45
8.8.8.8:53

ssl.gstatic.com

dns

IEXPLORE.EXE

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

172.217.23.195

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1947f0f0d5c22c0486cfcf574e38e45

SHA1
53529c5e7bfda72c7b708d0222e5e01d0bb7f268

SHA256
038b65065b1638a33ff60834ca5a8424304f829bf6aa95c2ed74d153bf88784f

SHA512
d3bf09dbf13adbf2895284270e38507e88028f5d2d9b68ace82b5d52cf916f2a6891a4c80b703a92d1fd5f4dd8723dad907c8afc4dcec25df333295a84592269

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fa75282e5d5dbd79542a21ea9d412fa

SHA1
a0d7977473899ffcfc9aae7e96f682f48bcace78

SHA256
856e0b7aa84709cb87741db3877e7ad81b4aad803e5b2ffbe6aa88539048e5f7

SHA512
d0069e14b101ac2583e43c1b67faf6eda09cf037325f544c9ed3cca0458aa05552a65a9ec6d38423d53a8e43b2a6aac32da945fe646b60c4823640db45860584

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc1373edeb6302548efb3acc71e0917b

SHA1
15109fa0a13afbd8431daff57201cf66ddc474e1

SHA256
712d01e1f7b36522999542ed12bd2dc2e670424c266843741e8dbb62d51b6851

SHA512
900c5532e6d0b7613ebd95f6f5ad252c8fa293f374adb977bf2b7d63de73a3a89ce7021e59421e1dec8c565bc79abb60afe09e5756329558429e101d2d21985c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
048d541b37ae783a04b2277f6df57b2c

SHA1
407346854b72ecd71c29c8f6104b2432ffc4a658

SHA256
ad39092c3ea3dca6f1e5d70f06c85b136fe834fa7743270b6f0659ec6514feec

SHA512
7ca73c543772fb12a4c8563cb08cac0b28689511ed51378e859fc8514b18e99490d24166f8b2454aa4c8b10d6a66ca243dc91738a54f229deaa23c8f34901928

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b57e252104b1bdf914859a68b471bcb7

SHA1
30149d7e856bc24f3029351210aca0bc590207a0

SHA256
af17b82005b46cfd85f901762f04459320ec7a343c581e2e45635859d25b7153

SHA512
f3caf990b3b3adb5a6ecb58008144fa66b1537e351c72553acbeffa3cac5ed66f687e327952198f34ecb2a6b1f0a1423feb237de1be25d3ec19fd1c0904066d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64b35c7a3ddd640a5de17a3f65c7ab72

SHA1
b592183d05e87c58898949aee3d8c8ce02ae8e8d

SHA256
1ac282aa8771f41252068eccb2672798035c8145c96e604d426768009b6fdb49

SHA512
d308aba9baa468f0fc3a2999a568d70990782c574d5e8e5c499d34116499d5a4b0ac9785502caf16be42d94441a93edb3a4ecfe07e5efe734eff680cb28cbb7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d49010dddc599a547f19bcd5df61eceb

SHA1
a99d50f34311c5c5e97ded16da61dcccc29854de

SHA256
0cc779be9f9392e5a76abbd8ba1357250498fbe6054c394a6528e7d124f3b5b3

SHA512
8dc444b6fcaed6f4ba2ee900d4c42a2bf40e882c27676cb87859abbe9c8025d62841de392f995f289d38d15ccddc5369fa0aedd6d2731a6991f10feac7d6b945

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
040adb3db905299b623e9ba63fb3012e

SHA1
fe6191101a80c7511aae366f43165c829380f1ec

SHA256
12fd6752f809ba2309839d124014a38705029453001374cf4c095b936b8f23e8

SHA512
0786c45fcedea1608ef0cc306be62cd7d491306693518bd13c93d83275957b7219c6114f21d97706065ba3c0a40a68ebfa179e8a1c77605d194a573892d490b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7907da7aa4cb7c2178f45e755e6d586

SHA1
8f517a4acfeb62a9693e3143d1b161cefc14c98a

SHA256
76282a4b0e4d85c31f0a63a1b9d63aadf3d01f2c03ccd9e8cd9f043e81b70900

SHA512
142ae9937e22d70f29baa23da242d8686aadb58638762eeb91c28c37eb6b0033b37642c51f982a64085b2eb719cc768b59f57c3989cac2ddb4bd431b426cc5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8SBJDRU3\rpc_shindig_random[1].js

Filesize
17KB

MD5
0ac770aa6d065c4f7ea98177e9420420

SHA1
ac286099bb09b1b3777c23d662282cb7c1fa1bfb

SHA256
fbd9a7627b8eee732c7f1393a8736593b27824b706046f38c4a444093165e561

SHA512
7f565af0595892c9737e61243194bd721657416227c18dfaa3e62e2fafa2f1b0a7a12ec0b4af7885e0d2e607006c46c87660e3d2c9fe2d6117e5ef567a3277b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJMXAU3H\3698212825-postmessagerelay[1].js

Filesize
12KB

MD5
e89f3c34bd849d5b959045facdced264

SHA1
6a4ed30e37cf844b1f56d5d81dc6dfec1c611476

SHA256
37acf5f6aa181790c9f46f7a25b5c89ecc46c35603b9b62c3086228faf72b26d

SHA512
2049d0baf05f0a8214fefe3abb2b4c6e104dda723d2feb439313114922887045cdabb08e3cffb5a624dc13a3c0b2fdf28114098b8c8ccfc3555ea43f19f20f7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJMXAU3H\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5N1CMJ9\cb=gapi[1].js

Filesize
63KB

MD5
8448c1eb40e855ff3b5de9fd4513d933

SHA1
fc2bb63a7d81e649a78408f942d1b5367485e349

SHA256
63aaa2777db39521dafa0ba3815720599151adb12b4105f8848f597f97918d83

SHA512
b6608b64d71e94ecd68566f118708926af490c5f9f46cd051d1c6895b69bfc88a37171d47df8d00a4b157cd3afc57538260842e92cfd062bad819051c283d5be

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE765.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE766.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ABA192DN.txt

Filesize
608B

MD5
c8bde4365ecf6ebcf6d197c22956b899

SHA1
0382f9c413b2dac017e3ef9378de1c7ee0d7f2b1

SHA256
0025274008224a3cdb82464edbf23ec6d6d5243834e1eb052fe18f7b592d6f33

SHA512
07d266d4e901203f23d7cffe7dbcafd32029e53ab7eccbff007d6a9686f11e99498d7de3eb931fde9007a8491f9b0dc5b2da9b1418f6bb05d65ad92bb8cff8e9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.