Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
07/09/2024, 21:30 UTC
General
-
Target
d2e0be3dc3da84c78be4d31da503c795_JaffaCakes118.html
-
Size
90KB
-
MD5
d2e0be3dc3da84c78be4d31da503c795
-
SHA1
b0e3b29921d9d1259bd0107cae0654cb40707fc9
-
SHA256
689ff6dd66fa038d19edf9d1cf50a5a850be768cfc34d20082ba6c7292384e1a
-
SHA512
b0b2473b6b0f2a2362ec7d545a0b0e1d963b269ba0e5bb8fdfc7c8aea8c040a36e1147261a33aa5f63f32a5f587b35f6b6e35b7d22d0c87ac95d391dbdb62db8
-
SSDEEP
1536:l/xwEWRuV3oQyr6cBXDE2r6E6sUZute6lUIWxAQVqpREPRTxXwJQej9pi8FQ+/KG:EbQ8Jt4iM2JjiYE6a5Qv
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 44 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d2e0be3dc3da84c78be4d31da503c795_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
-
DNSwww.google.comRemote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.27.105www.google.comIN A142.250.27.99www.google.comIN A142.250.27.147www.google.comIN A142.250.27.104www.google.comIN A142.250.27.106www.google.comIN A142.250.27.103 -
GEThttp://www.google.com/Remote address:142.250.27.105:80RequestGET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive
ResponseHTTP/1.1 302 Found
Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGJ6M87YGIjDfiHJA6hWHLRI8b5NhSYvNjx6ORuH-nJ_1bH3Lm25YU7cHZ2OKSdyiloHjdqstr_QyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
x-hallmonitor-challenge: CgwIn4zztgYQ8baWrgESBMJuDUY
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-efgHOdE0UcypaeN4_-hbuA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Date: Sat, 07 Sep 2024 21:31:11 GMT
Server: gws
Content-Length: 396
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AVYB7cqERSH6m9ReVpBTZYThjPO5S6zx_nZKqxu0OHUvEITiWzYUtD6itp4; expires=Thu, 06-Mar-2025 21:31:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
-
GEThttp://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGJ6M87YGIjDfiHJA6hWHLRI8b5NhSYvNjx6ORuH-nJ_1bH3Lm25YU7cHZ2OKSdyiloHjdqstr_QyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMRemote address:142.250.27.105:80RequestGET /sorry/index?continue=http://www.google.com/&q=EgTCbg1GGJ6M87YGIjDfiHJA6hWHLRI8b5NhSYvNjx6ORuH-nJ_1bH3Lm25YU7cHZ2OKSdyiloHjdqstr_QyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive
ResponseHTTP/1.1 429 Too Many Requests
Date: Sat, 07 Sep 2024 21:31:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html
Server: HTTP server (unknown)
Content-Length: 3052
X-XSS-Protection: 0
-
GEThttp://www.google.com/favicon.icoRemote address:142.250.27.105:80RequestGET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.google.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Content-Length: 1494
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 05 Sep 2024 23:10:25 GMT
Expires: Fri, 13 Sep 2024 23:10:25 GMT
Cache-Control: public, max-age=691200
Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
Content-Type: image/x-icon
Vary: Accept-Encoding
Age: 166851
-
GEThttps://www.google.com/recaptcha/api.jsRemote address:142.250.27.105:443RequestGET /recaptcha/api.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGJ6M87YGIjDfiHJA6hWHLRI8b5NhSYvNjx6ORuH-nJ_1bH3Lm25YU7cHZ2OKSdyiloHjdqstr_QyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive
Cookie: AEC=AVYB7cqERSH6m9ReVpBTZYThjPO5S6zx_nZKqxu0OHUvEITiWzYUtD6itp4
ResponseHTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Expires: Sat, 07 Sep 2024 21:31:15 GMT
Date: Sat, 07 Sep 2024 21:31:15 GMT
Cache-Control: private, max-age=300
Cross-Origin-Resource-Policy: cross-origin
Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
-
GEThttps://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cDovL3d3dy5nb29nbGUuY29tOjgw&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&s=pwV0nhNeYIjNfJVAqAfDzbvJwXwoyYAVsSyrQi7mq9owHQFITVexpVbGGXIRePcQVaALn2N9ml1_673XowrfDoVmT5szo1mTFv683sPNNFSEZMZOYQkcnBxLALPou-L_zkuyr-hxFLbHH8lz8jPeI_4-QggTjGQr-HU3Jn1CRbk9ArWU52M92uxscZgEHp22LXF6T1FQS-QoIF6AbgrjFN5jLLqk9Jj6ty5AqsvJlg80zIDTeOtTD8LpvUj7umtAbIoy-6hE-uW2wKj_6EvSrPKNl2AF7cc&cb=j3j1d2n3fuq0Remote address:142.250.27.105:443RequestGET /recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cDovL3d3dy5nb29nbGUuY29tOjgw&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&s=pwV0nhNeYIjNfJVAqAfDzbvJwXwoyYAVsSyrQi7mq9owHQFITVexpVbGGXIRePcQVaALn2N9ml1_673XowrfDoVmT5szo1mTFv683sPNNFSEZMZOYQkcnBxLALPou-L_zkuyr-hxFLbHH8lz8jPeI_4-QggTjGQr-HU3Jn1CRbk9ArWU52M92uxscZgEHp22LXF6T1FQS-QoIF6AbgrjFN5jLLqk9Jj6ty5AqsvJlg80zIDTeOtTD8LpvUj7umtAbIoy-6hE-uW2wKj_6EvSrPKNl2AF7cc&cb=j3j1d2n3fuq0 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGJ6M87YGIjDfiHJA6hWHLRI8b5NhSYvNjx6ORuH-nJ_1bH3Lm25YU7cHZ2OKSdyiloHjdqstr_QyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive
Cookie: AEC=AVYB7cqERSH6m9ReVpBTZYThjPO5S6zx_nZKqxu0OHUvEITiWzYUtD6itp4
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Embedder-Policy: require-corp
Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 07 Sep 2024 21:31:16 GMT
Content-Security-Policy: script-src 'nonce-SO0WV1s_MTRQR-tb28h7fw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
-
GEThttps://www.google.com/js/bg/HK4i__QwSVg9X5bn8gSexyOGrjbLTsGzNpLIxPo133o.jsRemote address:142.250.27.105:443RequestGET /js/bg/HK4i__QwSVg9X5bn8gSexyOGrjbLTsGzNpLIxPo133o.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cDovL3d3dy5nb29nbGUuY29tOjgw&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&s=pwV0nhNeYIjNfJVAqAfDzbvJwXwoyYAVsSyrQi7mq9owHQFITVexpVbGGXIRePcQVaALn2N9ml1_673XowrfDoVmT5szo1mTFv683sPNNFSEZMZOYQkcnBxLALPou-L_zkuyr-hxFLbHH8lz8jPeI_4-QggTjGQr-HU3Jn1CRbk9ArWU52M92uxscZgEHp22LXF6T1FQS-QoIF6AbgrjFN5jLLqk9Jj6ty5AqsvJlg80zIDTeOtTD8LpvUj7umtAbIoy-6hE-uW2wKj_6EvSrPKNl2AF7cc&cb=j3j1d2n3fuq0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive
Cookie: AEC=AVYB7cqERSH6m9ReVpBTZYThjPO5S6zx_nZKqxu0OHUvEITiWzYUtD6itp4
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="botguard-scs"
Report-To: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
Content-Length: 11192
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 05 Sep 2024 04:11:29 GMT
Expires: Fri, 05 Sep 2025 04:11:29 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 26 Aug 2024 15:30:00 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 235187
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://www.google.com/recaptcha/api2/webworker.js?hl=en&v=EGbODne6buzpTnWrrBprcfAYRemote address:142.250.27.105:443RequestGET /recaptcha/api2/webworker.js?hl=en&v=EGbODne6buzpTnWrrBprcfAY HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cDovL3d3dy5nb29nbGUuY29tOjgw&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&s=pwV0nhNeYIjNfJVAqAfDzbvJwXwoyYAVsSyrQi7mq9owHQFITVexpVbGGXIRePcQVaALn2N9ml1_673XowrfDoVmT5szo1mTFv683sPNNFSEZMZOYQkcnBxLALPou-L_zkuyr-hxFLbHH8lz8jPeI_4-QggTjGQr-HU3Jn1CRbk9ArWU52M92uxscZgEHp22LXF6T1FQS-QoIF6AbgrjFN5jLLqk9Jj6ty5AqsvJlg80zIDTeOtTD8LpvUj7umtAbIoy-6hE-uW2wKj_6EvSrPKNl2AF7cc&cb=j3j1d2n3fuq0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive
Cookie: AEC=AVYB7cqERSH6m9ReVpBTZYThjPO5S6zx_nZKqxu0OHUvEITiWzYUtD6itp4
ResponseHTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Cross-Origin-Embedder-Policy: require-corp
Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
Expires: Sat, 07 Sep 2024 21:31:16 GMT
Date: Sat, 07 Sep 2024 21:31:16 GMT
Cache-Control: private, max-age=300
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
Cross-Origin-Resource-Policy: same-site
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
-
GEThttps://www.google.com/recaptcha/api2/bframe?hl=en&v=EGbODne6buzpTnWrrBprcfAY&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1bRemote address:142.250.27.105:443RequestGET /recaptcha/api2/bframe?hl=en&v=EGbODne6buzpTnWrrBprcfAY&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGJ6M87YGIjDfiHJA6hWHLRI8b5NhSYvNjx6ORuH-nJ_1bH3Lm25YU7cHZ2OKSdyiloHjdqstr_QyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive
Cookie: AEC=AVYB7cqERSH6m9ReVpBTZYThjPO5S6zx_nZKqxu0OHUvEITiWzYUtD6itp4
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Embedder-Policy: require-corp
Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 07 Sep 2024 21:31:22 GMT
Content-Security-Policy: script-src 'nonce-HmP5iGFP6qOaGjYl16l01w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
-
DNSc.pki.googRemote address:8.8.8.8:53Requestc.pki.googIN AResponsec.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A142.250.27.94
-
GEThttp://c.pki.goog/r/r1.crlRemote address:142.250.27.94:80RequestGET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 07 Sep 2024 20:47:24 GMT
Expires: Sat, 07 Sep 2024 21:37:24 GMT
Cache-Control: public, max-age=3000
Age: 2630
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
DNSo.pki.googRemote address:8.8.8.8:53Requesto.pki.googIN AResponseo.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A142.250.27.94
-
GEThttp://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEBFwHbrJaxWDCjHK4%2BG0Wcs%3DRemote address:142.250.27.94:80RequestGET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEBFwHbrJaxWDCjHK4%2BG0Wcs%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog
ResponseHTTP/1.1 200 OK
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 21:23:45 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 449
-
GEThttp://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6Remote address:142.250.27.94:80RequestGET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog
ResponseHTTP/1.1 200 OK
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 20:55:42 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2133
-
GEThttp://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6Remote address:142.250.27.94:80RequestGET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog
ResponseHTTP/1.1 200 OK
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sat, 07 Sep 2024 20:55:42 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2133
-
142.250.27.105:80www.google.com
-
142.250.27.105:80http://www.google.com/favicon.icohttp
HTTP Request
GET http://www.google.com/HTTP Response
302HTTP Request
GET http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGJ6M87YGIjDfiHJA6hWHLRI8b5NhSYvNjx6ORuH-nJ_1bH3Lm25YU7cHZ2OKSdyiloHjdqstr_QyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMHTTP Response
429HTTP Request
GET http://www.google.com/favicon.icoHTTP Response
200 -
142.250.27.105:443https://www.google.com/recaptcha/api2/bframe?hl=en&v=EGbODne6buzpTnWrrBprcfAY&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1btls, http
HTTP Request
GET https://www.google.com/recaptcha/api.jsHTTP Response
200HTTP Request
GET https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cDovL3d3dy5nb29nbGUuY29tOjgw&hl=en&v=EGbODne6buzpTnWrrBprcfAY&size=normal&s=pwV0nhNeYIjNfJVAqAfDzbvJwXwoyYAVsSyrQi7mq9owHQFITVexpVbGGXIRePcQVaALn2N9ml1_673XowrfDoVmT5szo1mTFv683sPNNFSEZMZOYQkcnBxLALPou-L_zkuyr-hxFLbHH8lz8jPeI_4-QggTjGQr-HU3Jn1CRbk9ArWU52M92uxscZgEHp22LXF6T1FQS-QoIF6AbgrjFN5jLLqk9Jj6ty5AqsvJlg80zIDTeOtTD8LpvUj7umtAbIoy-6hE-uW2wKj_6EvSrPKNl2AF7cc&cb=j3j1d2n3fuq0HTTP Response
200HTTP Request
GET https://www.google.com/js/bg/HK4i__QwSVg9X5bn8gSexyOGrjbLTsGzNpLIxPo133o.jsHTTP Response
200HTTP Request
GET https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=EGbODne6buzpTnWrrBprcfAYHTTP Response
200HTTP Request
GET https://www.google.com/recaptcha/api2/bframe?hl=en&v=EGbODne6buzpTnWrrBprcfAY&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1bHTTP Response
200 -
142.250.27.94:80http://c.pki.goog/r/r1.crlhttp
HTTP Request
GET http://c.pki.goog/r/r1.crlHTTP Response
200 -
142.250.27.94:80http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6http
HTTP Request
GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEBFwHbrJaxWDCjHK4%2BG0Wcs%3DHTTP Response
200HTTP Request
GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6HTTP Response
200 -
142.250.27.94:80http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6http
HTTP Request
GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDBBI61buTJSxBPkvvajAV6HTTP Response
200 -
142.250.27.105:443www.google.comtls
-
204.79.197.200:443ieonline.microsoft.comtls
-
204.79.197.200:443ieonline.microsoft.comtls
-
204.79.197.200:443ieonline.microsoft.comtls
-
8.8.8.8:53www.google.comdns
DNS Request
www.google.com
DNS Response
142.250.27.105142.250.27.99142.250.27.147142.250.27.104142.250.27.106142.250.27.103
-
8.8.8.8:53c.pki.googdns
DNS Request
c.pki.goog
DNS Response
142.250.27.94
-
8.8.8.8:53o.pki.googdns
DNS Request
o.pki.goog
DNS Response
142.250.27.94
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5fa7bb96124c9e935096478c49833077b
SHA11ddba07c7a1ee55c4b090c7e6cd317ceb1015ea3
SHA256c55ba3857903eae8652f5f289c54151017b551367c2efad946f8ba031e179db7
SHA512cac826e5a90b6d78051820bfafd0e6dc7c685d4ae9b24fe96ffe1b5e11c0739be2eed389de11545ca51a01fceb8a63e0ed84873657117dfae0cc90021b9302cb
-
Filesize
342B
MD5fb665dd9545459a0c2f598675b551163
SHA18b51daf912850203a3d045c91be551a63e77f081
SHA256b7f560a407b5f7461c1febcbbf4cb5a1ebf3a1e332abc1e8b90a61314c9219d7
SHA5120296c3f9113d7ce582e34af9557f2836016ba72814fb74cfeb6930b6d08a1e1e987c15f7502f5af255472506e6b2522aa69c041b525475a9d8637903033490ae
-
Filesize
342B
MD5da31dcbb774e45ee9252a51720427ca8
SHA1a588e8ff35bf05a7e53d1dbd7de8ea9856b67be9
SHA256e4843fe80961c0953baed9253303f92e36b50f6631142a5c63234b3e8ebd3752
SHA512860962e7440d3d9573a332a2827dc9e469b6bd046d97fa955a9044765d1f50ef64184ee280d94abb27f2adddff5e10e5b8a8a1fb63bc6ff622a5786d80212405
-
Filesize
342B
MD57a99f97ee42dd040340b5c0999671030
SHA17aaf8e4ad9a582cf16f6d8b10473a23710e46a98
SHA256d43a78cdf6d623b38572e0a1c7a38472f86d1830adc34458e2c2ce2e1e1ada0e
SHA512da7eb31c967805991b65aa721583e3b653ced5cebc2bc60bedfb75b6aac89ff765e94508f3a184b32fa1aa332e336d861cb92089140d723c2e976999f14d5062
-
Filesize
342B
MD5785c517a348a6fa7cadd281b5ea9e561
SHA122545a6b0cac5c690d08e5605748a2a27008bdd5
SHA256ed7fa6b2638f1e41afbb1c21a510d59b8e1f3fc0bc42596cdff32fa9f0321024
SHA512b161d6f597f944bf503239d48e4b3a4999e9efbe9c79cf338e9bb325fa46d27bcf482e8da131097c6615f16059f3a15f101c56bd682bf6a74ee8a0b4ba621128
-
Filesize
342B
MD5ba098894a310308f2de216f742f91939
SHA12e0a21d28e6ea3eabc22f2bfe1f8da45664e2c8a
SHA256e08ce4e7f58f300bd6f930120292b6aed46dfcbecd95f7f7d15f9b66a65c4c75
SHA5123c067ff667f6813abce25e77455f96683985a08c4e9ea3a4619d780bf3ccec902191717c017a0bd0ead19a06d6e2e8e4ae6cd8f3bdc2f0f03875f0bd0eacf5d0
-
Filesize
342B
MD5883c91ef33e450c3d82e3ca4b139ed58
SHA196055d5dbf9b84d26ecf81ff09a9bd0559283bb6
SHA256bc5b27a551078fb12fc7aacd53af8af178fadc15504fedf76708274798c759f2
SHA5128d55e34f699551c20a8ee8e94e7131a840161e00fab0fa1eb98542c797d3515a18947befb28349cfeeeab5f3bb63e76dc605a0df4c9a3f64f9342d75cd173fbf
-
Filesize
342B
MD5b81ce8c4377f461567ee142fcd5bf443
SHA1a75c38f8ff57804d51613a6f56f86ee6b938bff4
SHA25682c07e5875c8d899d3f6ab76ff0dc62e09be96b183a300c3cb46d947f8139706
SHA512d5ab565d149a18a45117d63a3c1ad798a8144997efc6456ea1b76e4c4672513d16422c1d2594b62d255b53f98dbde5a221cee843537deb20baedf8d0cb324fc0
-
Filesize
342B
MD5f2d320b842d3ff6e20a0f8bb2378e5d0
SHA1f36331b7005538246dcca84ac671c4e82b142a57
SHA2564eb751262dfecb1a756447233010440816a1bc4ab76ecc5ee50c9d71a34a6050
SHA512182578e0aee050a47e2a366a53d76aa8390c23991232fe5e7d24afcb244b32ca6765ebf23ec4bc5a7d14300b836c4776fa2caf2eeef085cf6e467b940e98ef38
-
Filesize
342B
MD52e69ff203044190df84f4357a61c0433
SHA1a71b7e7f03c4438b4861d4f5295037547c6c0cbd
SHA2567e57ecbe87fb5db65ccae85b7fae7ba34444bd548b9af253a2f869103c64809b
SHA512f83fc94dc93f9a1c6a8594b6d16f04318a1161c9f3ce5a67309f1046d48127a7d453d9065cbee9ed1f19aea609025322d67db06031c2337e11be2c9d2f0639dc
-
Filesize
342B
MD567da3678a22af239cae6085027e290dc
SHA19bfbe7cfbc935f59071046466c18e133e241e555
SHA256db37988be3ba7daad763286fccd3ac4c6716c29c25ed1a1a206f96df1316266a
SHA512119b755f4618efa6257683facc08cfe5a7111e642aa210eaebb574dcfd83fd251c0bf03fc38f0cbda2a705a67da9ac27396264d7b39a8adcd3105de8f35a4e66
-
Filesize
342B
MD58be5d00cd06620966c03afa883289dfb
SHA11bb52abd443d6aa92a52e4b0e75ee0d252e5bfd4
SHA256f90e4e11678c9445fe964375c9f777609282ad002e064be896190922a93d5e08
SHA512d5e56798013413223343c6751fa2a2dbea3b66ad0611d1533e8952dc0a127a1f29e0d65ac7a0d0379f213ef6a696e37ff6413358095baffc81bd3470551a06a4
-
Filesize
342B
MD5139be95b3b4580b3d5155356f95765bd
SHA160e3ec2b86be7b26ed8074c643011cc2bebd58bc
SHA256dd4e2dca5a81e2648ea224e9706eb9bb14324f0f0612218171d596ad881687b5
SHA512316dc32bdaf0d24beda3457ba6420b8d19b75f910c857100b6cb6eed950ad46273560a0b40b6e23d1597a325d8ed20712b339998961e2798801d7aadc87972f7
-
Filesize
342B
MD596ac5a228b2895d47d0e3fa7a76a9bb7
SHA1400766a7d7363b4ae22d3bef2fea417b30c5ea7b
SHA2561b17e71bb2e50954976666a50a13cf000caca6dee1f4e090baba6728ff0edef6
SHA5127756a25393430a5de0d7dc3b97f7f4e8d4e70385b211cd11fe6adc4d0ac109ae6268994e271a376d43ff09a23dad41f04be81e405f994466881d1a217e654d2e
-
Filesize
342B
MD569f8e2e1cf28237b4b51b50f8266369c
SHA17c4f910eddf493a9933afe3bac714b1190eaf983
SHA2564a97f473592e82dbad7baad4737e9e7a0bc84385abc7018ba3dda8bca7f8adf4
SHA512c48260777fccbb8ce212821dfad6c328d5835352ab34b94e31c36091f9866567488448e66dafdd325832c01224f7475e2955886fd63a8f7fa96a2d24f0a8d351
-
Filesize
342B
MD57121abe98a094b44f9b59230132ded4a
SHA1788bcb978fa013178a985b872e424edf00c3883c
SHA256cee2c95c961e1f6318b95fe33749a8dfd19618b68a0b8d92974b090d67a94d78
SHA512bba22b7f43e927ae2b70e55925a91398cafd56ba3f85f0c26d0ee3169ee43dad3a1ea9d65f6c6fbf9475daf954091b1b4f362a52424c98cab798af3419976d10
-
Filesize
342B
MD5efeac62427dbc9c0ce94b5bb0559ab1f
SHA192b8e5c0baea32bb774970a3b7b3988f2c8517dd
SHA256736d4541f935a617252f81c19d09bcd27c7c3a67263c3315c6c305629999e2be
SHA512d77aaa6855ec8a4e11515ed92d8604f44c46c493275702757ac6727369914c900c86a678f9786261b236f1ffa9a27d3f20c6646c8d79a27bfda6bfc3b215d858
-
Filesize
5KB
MD5c0ece03631a3711e001e3a7739837db4
SHA1afd63bb1fe1ee4bc393188f736e468972eb8a135
SHA256c79767478897621f83ceeccae83cab082b4c8c1c142e69ccce6ebbdaf1f1d2bc
SHA512fd4ea239258d608dc3863b770a20a686ad11487a5c8f8fb4ef2f0345f942358abd9a844446a2e3d4f7aa826d112985b2aa0883d48fd92aec019f66127063315c
-
Filesize
5KB
MD5f3418a443e7d841097c714d69ec4bcb8
SHA149263695f6b0cdd72f45cf1b775e660fdc36c606
SHA2566da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA51282d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563
-
Filesize
537KB
MD5c7be68088b0a823f1a4c1f77c702d1b4
SHA105d42d754afd21681c0e815799b88fbe1fbabf4e
SHA2564943e91f7f53318d481ca07297395abbc52541c2be55d7276ecda152cd7ad9c3
SHA512cb76505845e7fc0988ade0598e6ea80636713e20209e1260ee4413423b45235f57cb0a33fca7baf223e829835cb76a52244c3197e4c0c166dad9b946b9285222
-
Filesize
55KB
MD54adccf70587477c74e2fcd636e4ec895
SHA1af63034901c98e2d93faa7737f9c8f52e302d88b
SHA2560e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d
SHA512d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b