9b6bb0f2deff0992d26bee2513cf42cfc56e9b4466077a01a0cc24c3fd5e35ee

Analysis

max time kernel
129s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 01:22 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

706b6078223a2adc2ba397e80983d12f_JaffaCakes118.html
Size

75KB
MD5

706b6078223a2adc2ba397e80983d12f
SHA1

eeb686bd6be1876eda79474db66c6a960970e1df
SHA256

9b6bb0f2deff0992d26bee2513cf42cfc56e9b4466077a01a0cc24c3fd5e35ee
SHA512

cfd1fff921f5d597c66b0a3273777701d405d102e475749d5994212eb621b87b864c7d6dcd042ae2a71f689e46e5d90c3cb4b735ac1d963bad6541598bbc1ab6
SSDEEP

1536:vbA6BeACJsGu5LuG6ej/0EvP+3Ty/I4tFk2hMhj8ZxbijpjS9hezrveSeh2h2Nt:DA6BePJsG8LN6pvp8ezrveS+2h2Nt

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3D1EA4B1-1A35-11EF-92D3-66DD11CD6629} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422762011"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1976	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1976	iexplore.exe
1976	iexplore.exe
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2916	1976	iexplore.exe	28
PID 1976 wrote to memory of 2916	1976	iexplore.exe	28
PID 1976 wrote to memory of 2916	1976	iexplore.exe	28
PID 1976 wrote to memory of 2916	1976	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\706b6078223a2adc2ba397e80983d12f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2916

Network

DNS

www.elucere.ro

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.elucere.ro

IN A

Response
DNS

assets.pinterest.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

assets.pinterest.com

IN A

Response

assets.pinterest.com

IN CNAME

s.pinimg.com

s.pinimg.com

IN CNAME

s-pinimg-com.gslb.pinterest.com

s-pinimg-com.gslb.pinterest.com

IN CNAME

static.gslb.pinterest.net

static.gslb.pinterest.net

IN CNAME

s.pinimg.com.edgekey.net

s.pinimg.com.edgekey.net

IN CNAME

e6449.dsca.akamaiedge.net

e6449.dsca.akamaiedge.net

IN A

23.55.96.209
DNS

platform.linkedin.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

platform.linkedin.com

IN A

Response

platform.linkedin.com

IN CNAME

2-01-2c3e-0055.cdx.cedexis.net

2-01-2c3e-0055.cdx.cedexis.net

IN CNAME

cs767.wpc.epsiloncdn.net

cs767.wpc.epsiloncdn.net

IN A

152.199.22.144
DNS

1.gravatar.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

1.gravatar.com

IN A

Response

1.gravatar.com

IN A

192.0.73.2
GET

http://fonts.googleapis.com/css?family=Oswald%3Aregular%2C700&subset=latin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext&ver=4.6.6

IEXPLORE.EXE

Remote address:

216.58.204.74:80

Request

GET /css?family=Oswald%3Aregular%2C700&subset=latin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext&ver=4.6.6 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Sat, 25 May 2024 01:22:25 GMT
Date: Sat, 25 May 2024 01:22:25 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
GET

http://1.gravatar.com/avatar/1257c70c45fd4a7539508703c50bf1bf?s=60&r=g

IEXPLORE.EXE

Remote address:

192.0.73.2:80

Request

GET /avatar/1257c70c45fd4a7539508703c50bf1bf?s=60&r=g HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Sat, 25 May 2024 01:22:25 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://1.gravatar.com/avatar/1257c70c45fd4a7539508703c50bf1bf?s=60&r=g
GET

http://platform.linkedin.com/in.js

IEXPLORE.EXE

Remote address:

152.199.22.144:80

Request

GET /in.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: platform.linkedin.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Encoding: gzip
Accept-Ranges: bytes
Age: 2363
Cache-Control: public, max-age=3600
Content-Type: text/javascript; charset=UTF-8
Date: Sat, 25 May 2024 01:22:25 GMT
Expires: Sat, 25 May 2024 01:43:02 GMT
Last-Modified: Sat, 25 May 2024 00:43:02 GMT
Server: ECAcc (frb/6722)
Vary: Accept-Encoding
X-Cache: HIT
X-CDN: ECST
X-CDN-CLIENT-IP-VERSION: IPV4
X-CDN-Proto: HTTP1
X-Content-Type-Options: nosniff
X-Li-Fabric: prod-ltx1
X-Li-Pop: prod-ltx1-x
X-LI-Proto: http/1.1
X-LI-UUID: AAYZPJEKLSnmK7iDBGGyJw==
Content-Length: 163630
GET

http://assets.pinterest.com/images/PinExt.png

IEXPLORE.EXE

Remote address:

23.55.96.209:80

Request

GET /images/PinExt.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: assets.pinterest.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

ETag: "61ed0472dfcbfaf25e7585f119adf76a"
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 936
Cache-Control: max-age=3582
Connection: keep-alive
Vary: Accept-Encoding, Origin
X-CDN: akamai
Access-Control-Max-Age: 86400
Access-Control-Expose-Headers: X-CDN
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
GET

http://assets.pinterest.com/js/pinit.js

IEXPLORE.EXE

Remote address:

23.55.96.209:80

Request

GET /js/pinit.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: assets.pinterest.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

ETag: "82bfd941d2c9b3b9e0650a27c9d11737"
Content-Encoding: gzip
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 290
Akamai-X-True-TTL: 300
Cache-Control: max-age=300
Connection: keep-alive
Vary: Accept-Encoding, Origin
X-CDN: akamai
Access-Control-Max-Age: 86400
Access-Control-Expose-Headers: X-CDN
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
GET

https://1.gravatar.com/avatar/1257c70c45fd4a7539508703c50bf1bf?s=60&r=g

IEXPLORE.EXE

Remote address:

192.0.73.2:443

Request

GET /avatar/1257c70c45fd4a7539508703c50bf1bf?s=60&r=g HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 1.gravatar.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 25 May 2024 01:22:26 GMT
Content-Type: image/jpeg
Content-Length: 2196
Connection: keep-alive
Last-Modified: Tue, 28 Jul 2015 08:29:08 GMT
Link: <https://gravatar.com/avatar/1257c70c45fd4a7539508703c50bf1bf?s=60&r=g>; rel="canonical"
Content-Disposition: inline; filename="1257c70c45fd4a7539508703c50bf1bf.jpeg"
Access-Control-Allow-Origin: *
Expires: Sat, 25 May 2024 01:27:26 GMT
Cache-Control: max-age=300
X-nc: HIT lhr 4
Alt-Svc: h3=":443"; ma=86400
Accept-Ranges: bytes
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

platform.stumbleupon.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

platform.stumbleupon.com

IN A

Response
DNS

apis.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.200.14
GET

https://apis.google.com/js/plusone.js

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /js/plusone.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Sat, 25 May 2024 01:24:27 GMT
Expires: Sat, 25 May 2024 01:24:27 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "80d5c9d57d5f206f"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 55813
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 20 May 2024 15:06:31 GMT
Expires: Tue, 20 May 2025 15:06:31 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 382676
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=en-US&origin=file%3A%2F%2F&url=http%3A%2F%2Fwww.elucere.ro%2Fcum-introduci-franjurii-tinutele-tale-ponturi-si-trucuri-pentru-un-look-tendinte&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=en-US&origin=file%3A%2F%2F&url=http%3A%2F%2Fwww.elucere.ro%2Fcum-introduci-franjurii-tinutele-tale-ponturi-si-trucuri-pentru-un-look-tendinte&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: http://developers.google.com/
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 226
X-XSS-Protection: 0
Date: Sat, 25 May 2024 01:23:10 GMT
Expires: Sat, 25 May 2024 01:53:10 GMT
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=UTF-8
Age: 77
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/js/rpc:shindig_random.js?onload=init

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /js/rpc:shindig_random.js?onload=init HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Sat, 25 May 2024 01:24:27 GMT
Expires: Sat, 25 May 2024 01:24:27 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "9b77125b6924cb07"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 23473
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 20 May 2024 15:06:32 GMT
Expires: Tue, 20 May 2025 15:06:32 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 382675
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

IEXPLORE.EXE

Remote address:

142.250.200.14:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 35323
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 20 May 2024 15:06:32 GMT
Expires: Tue, 20 May 2025 15:06:32 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Apr 2024 18:15:45 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 382675
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

accounts.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

74.125.206.84
DNS

developers.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

developers.google.com

IN A

Response

developers.google.com

IN A

216.58.201.110
GET

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

74.125.206.84:443

Request

GET /o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: accounts.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8
Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 25 May 2024 01:24:27 GMT
Content-Security-Policy: script-src 'nonce-oo_SpjTVUueDm3YGaicmgg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
Content-Security-Policy: require-trusted-types-for 'script';report-uri /o/cspreport
Cross-Origin-Resource-Policy: same-site
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

http://developers.google.com/

IEXPLORE.EXE

Remote address:

216.58.201.110:80

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://developers.google.com/
X-Cloud-Trace-Context: 57cf5e0436d23a560872a8b381c41c58;o=1
Date: Sat, 25 May 2024 01:24:27 GMT
Content-Type: text/html
Server: Google Frontend
Content-Length: 0
GET

https://developers.google.com/

IEXPLORE.EXE

Remote address:

216.58.201.110:443

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: developers.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Last-Modified: Thu, 16 May 2024 15:08:21 GMT
Content-Type: text/html; charset=utf-8
Vary: Cookie
Vary: Accept-Encoding
Set-Cookie: _ga_devsite=GA1.3.3810778925.1716600267; Expires=Mon, 25 May 2026 01:24:27 GMT; Max-Age=63072000; Path=/
Content-Security-Policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-quhAS8EwXmlD3VEu3zjgEI5LCsFN0f' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Cache-Control: no-cache, must-revalidate
Expires: 0
Pragma: no-cache
Content-Encoding: gzip
X-Cloud-Trace-Context: 96bf1f565d0ef3becd2ba36da26a24b6
Date: Sat, 25 May 2024 01:24:27 GMT
Server: Google Frontend
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
DNS

ssl.gstatic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

216.58.213.3
GET

https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

IEXPLORE.EXE

Remote address:

216.58.213.3:443

Request

GET /accounts/o/3604799710-postmessagerelay.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ssl.gstatic.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="federated-signon-mpm-access"
Report-To: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
Content-Length: 4846
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 20 May 2024 15:06:40 GMT
Expires: Tue, 20 May 2025 15:06:40 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Sun, 12 May 2024 02:08:16 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 382667
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

216.58.204.74:80

http://fonts.googleapis.com/css?family=Oswald%3Aregular%2C700&subset=latin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext&ver=4.6.6

http

IEXPLORE.EXE

601 B
903 B
6
5

HTTP Request

GET http://fonts.googleapis.com/css?family=Oswald%3Aregular%2C700&subset=latin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext&ver=4.6.6

HTTP Response

200
216.58.204.74:80

fonts.googleapis.com

IEXPLORE.EXE

190 B
92 B
4
2
192.0.73.2:80

1.gravatar.com

IEXPLORE.EXE

190 B
132 B
4
3
192.0.73.2:80

http://1.gravatar.com/avatar/1257c70c45fd4a7539508703c50bf1bf?s=60&r=g

http

IEXPLORE.EXE

586 B
613 B
6
5

HTTP Request

GET http://1.gravatar.com/avatar/1257c70c45fd4a7539508703c50bf1bf?s=60&r=g

HTTP Response

301
152.199.22.144:80

http://platform.linkedin.com/in.js

http

IEXPLORE.EXE

3.4kB
169.3kB
68
127

HTTP Request

GET http://platform.linkedin.com/in.js

HTTP Response

200
152.199.22.144:80

platform.linkedin.com

IEXPLORE.EXE

190 B
132 B
4
3
23.55.96.209:80

http://assets.pinterest.com/images/PinExt.png

http

IEXPLORE.EXE

561 B
1.5kB
6
4

HTTP Request

GET http://assets.pinterest.com/images/PinExt.png

HTTP Response

200
23.55.96.209:80

http://assets.pinterest.com/js/pinit.js

http

IEXPLORE.EXE

538 B
901 B
6
4

HTTP Request

GET http://assets.pinterest.com/js/pinit.js

HTTP Response

200
192.0.73.2:443

https://1.gravatar.com/avatar/1257c70c45fd4a7539508703c50bf1bf?s=60&r=g

tls, http

IEXPLORE.EXE

1.2kB
7.2kB
13
13

HTTP Request

GET https://1.gravatar.com/avatar/1257c70c45fd4a7539508703c50bf1bf?s=60&r=g

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.6kB
9
12
23.55.96.209:443

assets.pinterest.com

tls

IEXPLORE.EXE

849 B
6.6kB
12
12
23.55.96.209:443

assets.pinterest.com

tls

IEXPLORE.EXE

849 B
6.6kB
12
12
23.55.96.209:443

assets.pinterest.com

tls

IEXPLORE.EXE

835 B
6.6kB
11
12
142.250.200.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

tls, http

IEXPLORE.EXE

5.5kB
122.8kB
58
97

HTTP Request

GET https://apis.google.com/js/plusone.js

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

HTTP Response

200

HTTP Request

GET https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=en-US&origin=file%3A%2F%2F&url=http%3A%2F%2Fwww.elucere.ro%2Fcum-introduci-franjurii-tinutele-tale-ponturi-si-trucuri-pentru-un-look-tendinte&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

301

HTTP Request

GET https://apis.google.com/js/rpc:shindig_random.js?onload=init

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

HTTP Response

200
142.250.200.14:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

tls, http

IEXPLORE.EXE

1.8kB
42.9kB
23
36

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

HTTP Response

200
142.250.200.14:443

apis.google.com

tls

IEXPLORE.EXE

427 B
315 B
4
4
74.125.206.84:443

https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

tls, http

IEXPLORE.EXE

1.2kB
6.3kB
9
11

HTTP Request

GET https://accounts.google.com/o/oauth2/postmessageRelay?parent=file%3A%2F%2F&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

HTTP Response

200
74.125.206.84:443

accounts.google.com

tls

IEXPLORE.EXE

664 B
4.7kB
8
8
216.58.201.110:80

developers.google.com

IEXPLORE.EXE

98 B
52 B
2
1
216.58.201.110:80

http://developers.google.com/

http

IEXPLORE.EXE

492 B
658 B
5
4

HTTP Request

GET http://developers.google.com/

HTTP Response

301
216.58.201.110:443

https://developers.google.com/

tls, http

IEXPLORE.EXE

1.4kB
24.1kB
17
23

HTTP Request

GET https://developers.google.com/

HTTP Response

200
216.58.213.3:443

https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

tls, http

IEXPLORE.EXE

1.3kB
10.7kB
10
12

HTTP Request

GET https://ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

HTTP Response

200
216.58.213.3:443

ssl.gstatic.com

tls

IEXPLORE.EXE

608 B
4.6kB
7
7
216.58.201.110:443

developers.google.com

tls

IEXPLORE.EXE

433 B
315 B
4
4

8.8.8.8:53

www.elucere.ro

dns

IEXPLORE.EXE

60 B
121 B
1
1

DNS Request

www.elucere.ro
8.8.8.8:53

assets.pinterest.com

dns

IEXPLORE.EXE

66 B
247 B
1
1

DNS Request

assets.pinterest.com

DNS Response

23.55.96.209
8.8.8.8:53

platform.linkedin.com

dns

IEXPLORE.EXE

67 B
162 B
1
1

DNS Request

platform.linkedin.com

DNS Response

152.199.22.144
8.8.8.8:53

1.gravatar.com

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

1.gravatar.com

DNS Response

192.0.73.2
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

platform.stumbleupon.com

dns

IEXPLORE.EXE

70 B
152 B
1
1

DNS Request

platform.stumbleupon.com
8.8.8.8:53

apis.google.com

dns

IEXPLORE.EXE

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.200.14
8.8.8.8:53

accounts.google.com

dns

IEXPLORE.EXE

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

74.125.206.84
8.8.8.8:53

developers.google.com

dns

IEXPLORE.EXE

67 B
83 B
1
1

DNS Request

developers.google.com

DNS Response

216.58.201.110
8.8.8.8:53

ssl.gstatic.com

dns

IEXPLORE.EXE

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

216.58.213.3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
a33c2610f4d65e15a360e2c2b787d09a

SHA1
599a86ca3d68ea5d76589cb164daf52c373475e3

SHA256
7567daab4e188b6156851cc410487d60f65047467f7f72beb311fc93562464b8

SHA512
422b1ab043d308ed06b94ede0186b1c43799b429e7d4c3ef97fe0b038ae82100af5f2a19848e4672f66fb43f802d4cff06aafd8e05b7384faab9a53b8f9f424f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbee0882f8774d18f4bb6f046cbdd6f2

SHA1
ed4a900b9ca837c5011c58d4fcec05eccac8fca5

SHA256
5ebf4d79f335352a30673a0d986b3444e5f7db9de030b0de0264c27dfc4e5117

SHA512
000b868e716bba13070044f8bd2d868dc07976f6f1f02c6dab91217d4f9e2e6ad67dc9906a5668d4100064806660bef6aff166c05937ffff0742192eee0aae70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8397d0b9785f6186d4023114cdf02ae1

SHA1
8dc19ea591f2493513fcf12587dc8d8be559e940

SHA256
7d053bcd85e707b222ff5ebd950b8a98831c98d0acd957ec7618e5f71a89374d

SHA512
387ce4a704dd741dcc92184feac6e36473d28799b157dee8bf30ab44f60d8147952c15b84b0996a7ec6f72a723640220ad57ce34ce86478d3a54c6f5f797d03a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e182e63c45e3476be436b0fae6926aa

SHA1
3883a0b211dcedf953a06b6f729181a7556c4204

SHA256
a21c036e179ed8271f0505f8bf8a054fb5611a991f2bef8f307ea818196ceebc

SHA512
0a603d396585f3ef5418afe02a4234c4f2ce2fee13aff0bc638f4d59ef79845c40c2af98dda2cc643c08e5ec9f9a4b58662093398ad1429fc7255b80e8c4580b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fa14d4b8f1b879c126bb3ec302360a3

SHA1
0b0a232f8553c5a6770ea2ad87206a94b8f89596

SHA256
f30f9584f5cc0ae81e3d56b72f82394b90ab14f8557048cefe831d4c167c2723

SHA512
1421add0c2303728438bc72df49e60568711708658a5a1c84fb07275196b8de63540f2f59bbd29816c8cc69fbe4d2ab0cc0596c7c53bd374939be3255250de08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3c6720e7ab33682a37a397ba7429790

SHA1
74b90ed4ee3c182188e3f854a47f3275e7b9148b

SHA256
17d1bce03435745b0b69395d44d2f58fea5abbbc8c791ba053b2ee775f32f3cf

SHA512
093580f4ecd9ed24edd782177d7a67b56542f53425151753d96274485fe0c946c7ea84cceadcb3d786e685eeb6b05d6ccd7f48176d78b210a356ef2eae3b48f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec5d14e20834fdb58f395025994ca8ff

SHA1
98b16b15cb7e9bf5d8c4fa2c1993fed493ff1a11

SHA256
2a08cecda25f96fc34e35df01e6a3a68967a08a6b27a35346fc7ee142ab08693

SHA512
2786de34beae6e6700619155f4439103313420f71e4b0c32c85a26b65553c97339230373d4ae6284288cec1f6ee85087dfce81e8b4d7b04bfbd224fa4838fe8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49103138c4cb1cb307591c559632021c

SHA1
7501bac2ad625460823460c84c8ee4c5727a7b8d

SHA256
908700fed7a0a7ecca276535e47d2241f28166318b2485feb935ab3ddbe1cbf9

SHA512
2cccde1f6d21335bab8934e97c3501506354cdac3759a6501be95166392a29662fed90efdb772127cb5609c561c8b66c228b773091880816299186fba5b71b9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
880115f5f6977a623176028685a65491

SHA1
3f8a95be2e3bd51900ac8db67d590e7f826523d5

SHA256
6e0119e6058c0cc456bdb01e8297c6339f75f6185d4533ea9001777ca2d81c98

SHA512
0ca08410ad3b1157905c4d27ce59eaa88827fc2043813b21921d8a83b5c128da177f5d2ddd4fc5dd4cda376a4840f42c4ae8a293c593d535ab5465cee12bc372

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b01c8795e8a663d87eb8043b360fe46

SHA1
4ca7f3684e0c1899a10e0010b4ee1dd1bfb61964

SHA256
c9669708cba69209bea4ffd70ae3aeac3dc6a946f5b8ac272c250af3d4ecf734

SHA512
aa9b8bfaff9f65b94868b66998e9b2b6c4e84f27139df01bd90a98be2461106a489ab7f907e2158a00c0148ae4f7b9efdf399b3f08a873f7e2b2baeec2b2756c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e183399b64099f2e0e332dd75a1b52df

SHA1
842ac3392d6e3c59a2a1c2bec5afa5826996db45

SHA256
672babe88ee81b1cc85fde367d1be66e34e12967645bbaff7d5b049f9c0c818b

SHA512
15b6c02279f39e775f8d80ac054e43b8e23a537acf84d8ed6311b5ede9a8c72f450cba3a954e0bb68fe431c1ee9635763389ae97368f8862c01614d507e23901

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4dee763f399f6526da3b754cf4dd928b

SHA1
d849cb9617a2f8f2507531eea060fafb29776ff3

SHA256
e72bf974c1b818016755160b8b2fa200a705ce144672a5c79cc06e21c3904063

SHA512
030624bf157eb6f43c558b7d43c50eedc6f5a9335195617d485994665f033af762bf2fc187ccd65a632f2163a542af708ae1a1812606b771a5e4f913ee91263e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3d6d8622329572df88c2cc7e3d60742

SHA1
7d67e902bc62b2deaf3649300e335e5065ab3e37

SHA256
c7b238c1cd0791f2150fa8740a1f825463b38018de860175be95255aea9b01d5

SHA512
fb65eb8419f3cf5309c6e2fa05567c4a191b147df4a7ea0c2703401227b6c1a52f4a3a2d27878edc18b87461c003bca4061f58a61480baec29982fe169dedaeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d2214ef70038ca40581e06b49a73d46

SHA1
6fe024e85578baa99039362adbb4328b89a0f773

SHA256
440bdf2be1cbd42d52a5517d7b90c77208dcb7dd166b29da39fa602b9f0bec91

SHA512
43ec9f8d21900bb0cc9ddff54866e234c39614ed35446709731eeb2045d8fc040774bc16a7e2f0a4b6e0cc83187a8a91c09a7e328622f82a446f1c9c9a77fc09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e648b0c12afd3234144615f5514b38c

SHA1
6d7c264084a00b2d1164e7786a78b27ecdae3c65

SHA256
0969c5fd62840c02312e20555421fc02762b43c592be443906a8239db361b051

SHA512
2b812237228d34668a18f30a7c5af235d14f153efd6c93851f53872250aa5333011fb1b3a00420a0e522a1b31594a46abc5cc8ac2f7fc3895daca5fbe0e79109

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1cb229d190fc8902137471bea1c69f36

SHA1
8d58130b84a20d0df6d387cea8c6e4401e485e09

SHA256
e2099e2433d96bb65752872b4fd577f8ba70ab7822250e37893dd2b747fd6b6c

SHA512
1bc096c9451b0cf6f340d82b1b0d5aab9b80c38fd12bd01ad449ea1697d888933e700738d5931ece64abf821442b52002a5cec20d1053b8b6b82c65b90513a19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
640b9d0045cc0e8d30bed8ea654fd3f1

SHA1
f297249c5b9a9f877397bd1a27107919dfeb6656

SHA256
28d41b1f1dba78ffbae65b268d2ce8162c1abcba8a523b314cb3361220165b96

SHA512
16c6e7704ef2de58dd008759f1dbde26c2730c65a1ec1f56cc63b49cb57159304851edefe13cb6f9778f16f62d646bf038a4538b3a76d11d7298a9972894834c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1dfd44404a9839b41e863d3c75addf61

SHA1
bf0b2ea75214f3f9a5c277614de43e037464aca5

SHA256
837f5f937a7a082cab59b69905d85e7de4c27a486b2c9bcab922c2111efe3b1a

SHA512
3661ee8fb51df2b898f2e1856bb10dff2eb598bfdef2fb43359ca97c7796871524d1fe9d2677d2249b9d5c9e0ad08988053acc33f64efcfc64262099ccc2fb07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e554b8e06ecdd9e6bc1456568f2693c9

SHA1
435ddf2d4028c08fe68fb0a9ff42f90fce8338a5

SHA256
53de28931894ef855c35f552f49fdf56d56062eb4a70d8e56127531cc11f15d5

SHA512
9dbe3d96af3b1b938c6ede49a18cb068f7b36f8452b6ba42827a45d5e321dc40b78c48659ecc99acc578f1097002f3a5b164cbe390531ad8d8083b27e412e60f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
071fb5070177129adfb7d96bdfc551da

SHA1
5448d890affadd548a303621fb6371a97ec3b19f

SHA256
f4166e986f23a7b5bc8c28ead463616a52974d4cac5e4a88d34907a75d0d8321

SHA512
013c1dcaa96042fd76cb747f29431d1a09c1a19bac5b03a105449a6d6e8c7848ac6f1984084aef46107bcbbba9bedfe7a439926cece12b4e682741a4a2f08826

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0872e47f54bfbe803ceeb41a6f44905

SHA1
b3c6ae73d2c2f7ccbaa54d4cd708d41f3f81d1e5

SHA256
828ef80451cbb83206a7171fb9402929af3e5a7e24b58ac262d2f175d2746a73

SHA512
894fbda2b1aeec1540225a185bae734673925f22bd1acd6d8e75cef2fa8c9758f2c1cf0603c0b1a44805512532bbc88d0a8a58092c195b6567315771f9851eca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19047f54b6c97b9c15a941320f50ad8e

SHA1
601fbeef905746601b5d5691de36b480f81f7915

SHA256
3faaa52a1d448c4642bd82964d3bb1cce2ee46fe508f9442881e7d1a174ca8c4

SHA512
94245360483c737910889432ae3657c4f0a9011441bb0b86df9319d97535b84dd011e951d4372f4f76bfe70bd37826b6c37ce636a548fc3e7da779e47c5459d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d68bbe74cae3ffc7f1a96ec835312fd

SHA1
876b2da5eb827cc2b297d667721e709a4f9c6cb7

SHA256
97af23b27f4815b8c71a56c139ca84b00292d0900a72f24570ba79af5e02068e

SHA512
88d765c9149a6853d73683d70c18ad5cb6509254a2f0781f28d52611f18871a66bf5ddc1a009ab5839bbd3e9107d1c46395ea44b040e15c86b7614b3cb3d7405

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c85f81450e299688f4e7772b7f6a159

SHA1
d4bfc41a712095ad9fd7cfd474a3d2bf338e2907

SHA256
4b2d69d105732027ad3e513dc4f6b88e58165062824eca6bf2aac76713328706

SHA512
69df961d2447a483dc6f6ae331007163a48633872d3faf243259aa3a9c52a73092a0de2f2e713aa842d3207bcd5759527d2e4e3bd79a4ff3e8ffd3a021b81af3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a71b30e4cb34cbbdb448fc7caab37a5b

SHA1
07e611f1b41288a202641b3be439effb15c4e3df

SHA256
4b4a4784b1d8a1805c6dd633c882d06c3d908fe92992b40f29bba23dd635624c

SHA512
79f6fd9614b80eac0b11b7472e5b358dd4c6349fc67d199bdaa5716b8a3540a38ff0e3e8791d11a5f2aebfc4fddc5e07cae3d40f15d83974b326c4d7fc3b06ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
821801ab9f9a4643fbd032411e7937d3

SHA1
e61a40d7944a2bf094f573ed582cf5ee1a193181

SHA256
9fc20b18ef137777e97e2d4268654600056ef4928340f47ec27840c9b5682e1d

SHA512
88079d311e354a0fe7b5e41c3c4e1a8c4a4af1ffd897b9ce669934bab727212ad2b85c6686f4d023332673a069d7c2959280207044745b303507cce0f41f06e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86afaac5f749e7410f79bc310fe5ff2b

SHA1
ccdf9476f4cfcf1e6bf7dbad6f3e53e9d27a4d7c

SHA256
f6d0ca3114de515138d91992664a8f1b950f649d1fd73cf22cd55c8bf7ee3afc

SHA512
1bb68d092d393a39a74069b9518483bf13663b69bbf99d8460643b26153db30de0588cf0275387feed08b9bd72ba20c86866c7c1c398360e16c71f4ed44084c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2e987e1adc09a49023ab512131535f5

SHA1
c00afa5895029eb6ee0368b0e5d8045f819a31fe

SHA256
63f471ade6502099dc19a1921dc354c2716772dc2d76f3a95ab2e9244cc8d994

SHA512
45f8d43faaa8dfcc75b159ab3d1b2ca6f0faa14101cf544fc5a5e09d48216a354fe8c44425872137bccd31fa5f4aa1f7c7b8cf50083844da863d8cc2b7131551

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d5c1995b808e788cb93dcd91b8cc1e0

SHA1
5f6bb9f51dc9a4617cb23ed9f723deac04e91cc0

SHA256
39e496c566c24af86a8cc1fc24b96d8a63acc6ad1832a07ec06ab90caa87a4fe

SHA512
70e22738b583c43cc2a939fc4be192bd672870d9abcf222d82db458e55226163eeb6a927865ff06e789b1fcdb2fce1cc9e4911b227cf54dffac280b28eedbffb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c5b1b970bbc7e8104bd65a0a7167c91

SHA1
25743947b63cc578370f9dc551d16db188c9e933

SHA256
e0564256e103f57d3d30d4f4cea24db107a59b57d073c3e769d19c037a23aaa5

SHA512
051b7b36b81e689df917eca018bc59b7db5fe5b8e6189d4c4ce9f43e592c73cc2753e8f0bb4f85b8de25a9b67f1009ec0f0f628a825bd491658c6008189e1659

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ac9dce9fc7e5dd6a9d62c30d717a974

SHA1
0bc9a5ee81ee045a2c5da5e358ea42de30ff67bd

SHA256
3f8bd2c2756fa56607ae5ec63be283b8e1baab6711336ac156af1f57ad614897

SHA512
d5056a0d776484bdc3922dfc92895273c55070aa7abcce64a8ea2d549ea7806d78e27694deb147ede7e2c10f7ab2a76220e82b7329da32de3bc67b0daa578bca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
13e51dab507e86629c638cf096440bc4

SHA1
9f1aed29d06ecbc09049543c4d5e711822878c2a

SHA256
5b637ea68ff1b7db5694b79926e9810e42a1535827213576496c00a52bf115e3

SHA512
e98060db95b0996ea9e42f9e885658357b592c72e366ccd0db575ffee1014e597cc39b596dbba8dff655ea996253ae764fd766ca4903a1d8f48dc176c3394021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\cb=gapi[1].js

Filesize
64KB

MD5
63e5a0b45632b3dde3694ffcaf0e3f7a

SHA1
923736d0cdc308331d5cfaa0ea159bfedc83d53f

SHA256
889109910477919b3457416e7764bcd0add19fd959848253026125c7c35c43db

SHA512
5b886c4b5122d61f0209ede748aa84445c9388cf38813316c41b3dbd2308216e88394d9a45cfc27113c0cf3bc93b9c37d808f6d3c67888244c176ee095d42259

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar25FF.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.