Analysis
-
max time kernel
139s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
29/03/2025, 18:56 UTC
General
-
Target
JaffaCakes118_93398043cbad8c6d06e715bc195987f6.html
-
Size
46KB
-
MD5
93398043cbad8c6d06e715bc195987f6
-
SHA1
4944791cec18559af8ff7e0563580d7546efa8e2
-
SHA256
6f431106c802aee5bcab8fddc38e42c0b4d1bb9f23033cb1c7ed6b7f4f7856b2
-
SHA512
b98d0f54d9e500169305122c231a88b35bf40ae25ed9022b74b6e1e6e2375da354c3dedce15667c71301d0349b9dffd6805c13364f0e934b52a8a2bfd6e513e8
-
SSDEEP
768:Ei1S5y5v/2UBX1w6U85l8pJodPhOiMMtS5dE2T:dg81/2UJ1w6modPhaMtS55T
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_93398043cbad8c6d06e715bc195987f6.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
-
DNSapis.google.comRemote address:8.8.8.8:53Requestapis.google.comIN AResponseapis.google.comIN CNAMEplus.l.google.complus.l.google.comIN A142.250.178.14 -
DNSimg1.blogblog.comRemote address:8.8.8.8:53Requestimg1.blogblog.comIN AResponseimg1.blogblog.comIN CNAMEblogger.l.google.comblogger.l.google.comIN A172.217.169.9
-
GEThttp://img1.blogblog.com/img/icon18_wrench_allbkg.pngRemote address:172.217.169.9:80RequestGET /img/icon18_wrench_allbkg.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img1.blogblog.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 475
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 28 Mar 2025 19:54:38 GMT
Expires: Fri, 04 Apr 2025 19:54:38 GMT
Cache-Control: public, max-age=604800
Last-Modified: Fri, 28 Mar 2025 07:54:23 GMT
Content-Type: image/png
Age: 111937
-
GEThttps://apis.google.com/js/plusone.jsRemote address:142.250.178.14:443RequestGET /js/plusone.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Content-Security-Policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="gapi-team"
Report-To: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
Timing-Allow-Origin: *
Date: Sun, 30 Mar 2025 03:00:15 GMT
Expires: Sun, 30 Mar 2025 03:00:15 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
ETag: "b16cddaf61a3a25b"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
-
GEThttps://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.fwXSHnIYz-4.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_SvulQ5pP6FvvJyrQeIOJ4MStGTQ/cb=gapi.loaded_0?le=scsRemote address:142.250.178.14:443RequestGET /_/scs/abc-static/_/js/k=gapi.lb.en.fwXSHnIYz-4.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_SvulQ5pP6FvvJyrQeIOJ4MStGTQ/cb=gapi.loaded_0?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 54264
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 28 Mar 2025 20:03:18 GMT
Expires: Sat, 28 Mar 2026 20:03:18 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 04 Mar 2025 15:24:42 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 111418
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
GEThttps://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.fwXSHnIYz-4.O/m=iframes_styles_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_SvulQ5pP6FvvJyrQeIOJ4MStGTQ/cb=gapi.loaded_1?le=scsRemote address:142.250.178.14:443RequestGET /_/scs/abc-static/_/js/k=gapi.lb.en.fwXSHnIYz-4.O/m=iframes_styles_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_SvulQ5pP6FvvJyrQeIOJ4MStGTQ/cb=gapi.loaded_1?le=scs HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: apis.google.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 13720
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 29 Mar 2025 17:04:15 GMT
Expires: Sun, 29 Mar 2026 17:04:15 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 04 Mar 2025 15:24:42 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 35761
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
DNSc.pki.googRemote address:8.8.8.8:53Requestc.pki.googIN AResponsec.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A142.250.187.227
-
DNSc.pki.googRemote address:8.8.8.8:53Requestc.pki.googIN AResponsec.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A142.250.187.227
-
GEThttp://c.pki.goog/r/r1.crlRemote address:142.250.187.227:80RequestGET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 30 Mar 2025 02:31:00 GMT
Expires: Sun, 30 Mar 2025 03:21:00 GMT
Cache-Control: public, max-age=3000
Age: 1755
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
GEThttp://c.pki.goog/r/r1.crlRemote address:142.250.187.227:80RequestGET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: c.pki.goog
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 30 Mar 2025 02:31:00 GMT
Expires: Sun, 30 Mar 2025 03:21:00 GMT
Cache-Control: public, max-age=3000
Age: 1755
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
-
DNSo.pki.googRemote address:8.8.8.8:53Requesto.pki.googIN AResponseo.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A142.250.187.227
-
DNSo.pki.googRemote address:8.8.8.8:53Requesto.pki.googIN AResponseo.pki.googIN CNAMEpki-goog.l.google.compki-goog.l.google.comIN A142.250.187.227
-
GEThttp://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEG11VBWXpwxREnc7neg4MLs%3DRemote address:142.250.187.227:80RequestGET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEG11VBWXpwxREnc7neg4MLs%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog
ResponseHTTP/1.1 200 OK
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sun, 30 Mar 2025 02:18:00 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2535
-
GEThttp://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEG11VBWXpwxREnc7neg4MLs%3DRemote address:142.250.187.227:80RequestGET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEG11VBWXpwxREnc7neg4MLs%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: o.pki.goog
ResponseHTTP/1.1 200 OK
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sun, 30 Mar 2025 02:18:00 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2535
-
DNSwww.google.comRemote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.178.4
-
DNS4.bp.blogspot.comRemote address:8.8.8.8:53Request4.bp.blogspot.comIN AResponse4.bp.blogspot.comIN CNAMEphotos-ugc.l.googleusercontent.comphotos-ugc.l.googleusercontent.comIN A216.58.201.97
-
DNSimg132.imageshack.usRemote address:8.8.8.8:53Requestimg132.imageshack.usIN AResponseimg132.imageshack.usIN CNAMEimagizer-cv.imageshack.usimagizer-cv.imageshack.usIN A38.99.77.16imagizer-cv.imageshack.usIN A38.99.77.17
-
GEThttp://www.google.com/friendconnect/script/friendconnect.jsRemote address:142.250.178.4:80RequestGET /friendconnect/script/friendconnect.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive
ResponseHTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1598
Date: Sun, 30 Mar 2025 03:00:16 GMT
-
GEThttp://img132.imageshack.us/img132/7414/header2f.jpgRemote address:38.99.77.16:80RequestGET /img132/7414/header2f.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img132.imageshack.us
Connection: Keep-Alive
ResponseHTTP/1.1 404 Not Found
Server: nginx/1.2.8
Date: Sun, 30 Mar 2025 03:00:16 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since
Access-Control-Expose-Headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since
-
GEThttp://4.bp.blogspot.com/_jA-SP6SAtfY/SrCOsBgFT6I/AAAAAAAABNo/mRr1xtkBjMw/s1600/header1y.jpgRemote address:216.58.201.97:80RequestGET /_jA-SP6SAtfY/SrCOsBgFT6I/AAAAAAAABNo/mRr1xtkBjMw/s1600/header1y.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 4.bp.blogspot.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="header1y.jpg"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 22554
X-XSS-Protection: 0
Date: Sun, 30 Mar 2025 03:00:16 GMT
Expires: Mon, 31 Mar 2025 03:00:16 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v4da"
Content-Type: image/jpeg
Vary: Origin
Age: 0
-
DNSwww.microsoft.comRemote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A23.192.18.101
-
DNSwww.microsoft.comRemote address:8.8.8.8:53Requestwww.microsoft.comIN A
-
GEThttp://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crlRemote address:23.192.18.101:80RequestGET /pkiops/crl/MicCodSigPCA2011_2011-07-08.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 18 Aug 2024 00:23:49 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 1078
Content-Type: application/octet-stream
Content-MD5: HqJzZuA065RHozzmOcAUiQ==
Last-Modified: Tue, 14 Jan 2025 20:41:31 GMT
ETag: 0x8DD34DBD43549F4
x-ms-request-id: 90d94cda-601e-004e-55c9-667962000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sun, 30 Mar 2025 03:00:47 GMT
Connection: keep-alive
TLS_version: UNKNOWN
ms-cv: CASMicrosoftCV4442f715.0
ms-cv-esi: CASMicrosoftCV4442f715.0
X-RTag: RT
-
DNScrl.microsoft.comRemote address:8.8.8.8:53Requestcrl.microsoft.comIN AResponsecrl.microsoft.comIN CNAMEcrl.www.ms.akadns.netcrl.www.ms.akadns.netIN CNAMEa1363.dscg.akamai.neta1363.dscg.akamai.netIN A2.19.252.143a1363.dscg.akamai.netIN A2.19.252.157
-
GEThttp://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crlRemote address:2.19.252.143:80RequestGET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 26 Sep 2024 02:21:11 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Length: 825
Content-Type: application/octet-stream
Content-MD5: O14L1mQEVqdJ2RVebBNXJw==
Last-Modified: Wed, 26 Feb 2025 21:48:51 GMT
ETag: 0x8DD56AF5BD2A499
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 42091eff-701e-0052-4a9a-882b02000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sun, 30 Mar 2025 03:00:47 GMT
Connection: keep-alive
-
DNSwww.microsoft.comRemote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A23.192.18.101
-
DNSwww.microsoft.comRemote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A23.192.18.101
-
172.217.169.9:80http://img1.blogblog.com/img/icon18_wrench_allbkg.pnghttp
HTTP Request
GET http://img1.blogblog.com/img/icon18_wrench_allbkg.pngHTTP Response
200 -
172.217.169.9:80img1.blogblog.com
-
142.250.178.14:443https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.fwXSHnIYz-4.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_SvulQ5pP6FvvJyrQeIOJ4MStGTQ/cb=gapi.loaded_0?le=scstls, http
HTTP Request
GET https://apis.google.com/js/plusone.jsHTTP Response
200HTTP Request
GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.fwXSHnIYz-4.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_SvulQ5pP6FvvJyrQeIOJ4MStGTQ/cb=gapi.loaded_0?le=scsHTTP Response
200 -
142.250.178.14:443https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.fwXSHnIYz-4.O/m=iframes_styles_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_SvulQ5pP6FvvJyrQeIOJ4MStGTQ/cb=gapi.loaded_1?le=scstls, http
HTTP Request
GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.fwXSHnIYz-4.O/m=iframes_styles_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_SvulQ5pP6FvvJyrQeIOJ4MStGTQ/cb=gapi.loaded_1?le=scsHTTP Response
200 -
142.250.187.227:80http://c.pki.goog/r/r1.crlhttp
HTTP Request
GET http://c.pki.goog/r/r1.crlHTTP Response
200 -
142.250.187.227:80http://c.pki.goog/r/r1.crlhttp
HTTP Request
GET http://c.pki.goog/r/r1.crlHTTP Response
200 -
142.250.187.227:80http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEG11VBWXpwxREnc7neg4MLs%3Dhttp
HTTP Request
GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEG11VBWXpwxREnc7neg4MLs%3DHTTP Response
200 -
142.250.187.227:80http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEG11VBWXpwxREnc7neg4MLs%3Dhttp
HTTP Request
GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEG11VBWXpwxREnc7neg4MLs%3DHTTP Response
200 -
142.250.178.4:80http://www.google.com/friendconnect/script/friendconnect.jshttp
HTTP Request
GET http://www.google.com/friendconnect/script/friendconnect.jsHTTP Response
404 -
142.250.178.4:80www.google.com
-
38.99.77.16:80http://img132.imageshack.us/img132/7414/header2f.jpghttp
HTTP Request
GET http://img132.imageshack.us/img132/7414/header2f.jpgHTTP Response
404 -
38.99.77.16:80img132.imageshack.us
-
216.58.201.97:80http://4.bp.blogspot.com/_jA-SP6SAtfY/SrCOsBgFT6I/AAAAAAAABNo/mRr1xtkBjMw/s1600/header1y.jpghttp
HTTP Request
GET http://4.bp.blogspot.com/_jA-SP6SAtfY/SrCOsBgFT6I/AAAAAAAABNo/mRr1xtkBjMw/s1600/header1y.jpgHTTP Response
200 -
216.58.201.97:804.bp.blogspot.com
-
23.192.18.101:80http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crlhttp
HTTP Request
GET http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crlHTTP Response
200 -
2.19.252.143:80http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crlhttp
HTTP Request
GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crlHTTP Response
200 -
204.79.197.200:443ieonline.microsoft.comtls
-
204.79.197.200:443ieonline.microsoft.comtls
-
204.79.197.200:443ieonline.microsoft.comtls
-
8.8.8.8:53apis.google.comdns
DNS Request
apis.google.com
DNS Response
142.250.178.14
-
8.8.8.8:53img1.blogblog.comdns
DNS Request
img1.blogblog.com
DNS Response
172.217.169.9
-
8.8.8.8:53c.pki.googdns
DNS Request
c.pki.goog
DNS Response
142.250.187.227
-
8.8.8.8:53c.pki.googdns
DNS Request
c.pki.goog
DNS Response
142.250.187.227
-
8.8.8.8:53o.pki.googdns
DNS Request
o.pki.goog
DNS Response
142.250.187.227
-
8.8.8.8:53o.pki.googdns
DNS Request
o.pki.goog
DNS Response
142.250.187.227
-
8.8.8.8:53www.google.comdns
DNS Request
www.google.com
DNS Response
142.250.178.4
-
8.8.8.8:534.bp.blogspot.comdns
DNS Request
4.bp.blogspot.com
DNS Response
216.58.201.97
-
8.8.8.8:53img132.imageshack.usdns
DNS Request
img132.imageshack.us
DNS Response
38.99.77.1638.99.77.17
-
8.8.8.8:53www.microsoft.comdns
DNS Request
www.microsoft.com
DNS Request
www.microsoft.com
DNS Response
23.192.18.101
-
8.8.8.8:53crl.microsoft.comdns
DNS Request
crl.microsoft.com
DNS Response
2.19.252.1432.19.252.157
-
8.8.8.8:53www.microsoft.comdns
DNS Request
www.microsoft.com
DNS Response
23.192.18.101
-
8.8.8.8:53www.microsoft.comdns
DNS Request
www.microsoft.com
DNS Response
23.192.18.101
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
71KB
MD583142242e97b8953c386f988aa694e4a
SHA1833ed12fc15b356136dcdd27c61a50f59c5c7d50
SHA256d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755
SHA512bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD5389316cf0f1246a9815b09001772c949
SHA19fb7d06ca94a865ab8366566d20f83eb91323027
SHA2568d3cc9a3eba3028265c50c3968e6d35c708005ea1cb5687a24dedfc9643e577b
SHA512c862a97e7d150a3bab7a1c50683d4a732c2b4631f77e63cf2fd6a7ee352086965d0df162e25caac58cec0da1f59d3f2afc08c8d9ead944de98704ac791b23001
-
Filesize
344B
MD5b5b30ab7b248b374f23b608f77262ee7
SHA1f0851d91830e9c07bdcd9addfc8c0ca5e00bc06d
SHA256f6146aa58f5711efbee96b24052ddd0c89d431698347f8bd8f94224ca3f27e78
SHA51280228fe1adc8a74c6303ccf55db5def14c245ca63ffe870c2c3d527697d5370b3bcec3c5e80db8232582de5d5fe130f7eba64935d818555d88cfa4cfaa830fac
-
Filesize
344B
MD529f0406f219092237970b84423889961
SHA1bd9a6c1310d9f35283c76142ed8c4f0fa3feb5b4
SHA256d3da5dd61d13cdbfdc428584add62e5c2dfdc1c69225ddca1643e0990ad48265
SHA512b6229f669273ae2fa6a13c6fed04e6530a6fe8515ab63467d28b6fb5e0b495ab4cb5a78c20e86809c620edf6906e1106e4425b5e21cc9a8282ff46dd6bae487f
-
Filesize
344B
MD5f9dca9097b9e2ab4224edeb6dbf5ae30
SHA1b3adaede23e7f1c420a3e09fbc578c1292b6b128
SHA2568b4a4941a239ea227e5b2540d66c959ca39f8b2908d5e04df4155237f9b8a5b0
SHA512b26b5f54e08f9b87b8076fbbdab75e5e6477b8388e4f3cf45489125a59b6bf4b1b79d421e414902bb40c6445c798c15bb44acf550a1c1468c68ecaa19d6b9372
-
Filesize
344B
MD533fbcf9b6cfd110effc805795c12efd3
SHA1a4d3b6846d59c7bab092eeec60e182aa03365209
SHA2568cc5efe803133389dd023038c76adf5ab8e39b43448a9444b15865abd0f6ddc9
SHA512081b37f60c5a109ebb8623e3660cbe0a9770a6abedae48761ddf702745ddd300e4a148a4fe2058f1acc05efc90e55cbb49e25f9e40b04833066042a8577eba89
-
Filesize
344B
MD5635ae1c50b801575bdc6bef32294f7e3
SHA1064c1b7796b9044a37cba17ace3f8d985a25428a
SHA2569a18064ba4b95a686fef621e67f97f24770e5ae3a7c8d46d78188c0f3628859f
SHA51223257ee0645b38dd2109b03de0b11c987fde9f21de568ba12d781bef0f4a748153a5b1b1de6450a41c7561d3e0eb4416771f25117cade492640adbf84ada960b
-
Filesize
344B
MD5cb2bf8eecbb96f9084df6db04a051406
SHA1e02719f58cf0ab7401009cbe61d747995e270571
SHA2568c2910375870e99eed68223d3fbf33d98622a79719fc7b9f2981ceb0d7bda333
SHA51208f9224ff6a97f2889b253d031ba257f1eee8ffd8a2343e474c0bcad0437fa9770ad9fbd1e7e69ed57db52732143193f8bbc77df6b41a9f70e6059d2526da2e0
-
Filesize
344B
MD5f7ac0cf9445e679141ae9137fb15a6a0
SHA1c43b6f8d0f2bb0eb929285ed68db625541ec1a93
SHA2565a384597b178db69fb281cc45785ad7fdcffb13df15e1655343335b40289c8c7
SHA512ec7f4b8e5ca49c8f5ffb3f545a348cf997763840f030ea55e98e8ef077837968504293aa82656e472bfffce2e46bd00ed1c226289acd2e3e805e2023b5ad0b68
-
Filesize
344B
MD544bd2bea0c8c86427941ee3e8094b8d9
SHA1141fe9c0254d68fca524e0ac139bf1567078a115
SHA256bb26fb837ed272399c2125a855e291b38d68d607564abdb7404d0a1dd0889ff5
SHA512a159272a5587456b890f06e13ae43f5076032db60b470b4f253a844c1df4cedb146edae8e771d58fbf07a7ffd1cb0d61168b45dcecec1b498b258b43d59e232a
-
Filesize
342B
MD5a659b525ba366634fbcf42e804ae86b4
SHA1a4fbed9661de3f4fcfa2a779a64f3a7c275b68d1
SHA256452cb3d5a8435f9747c7b6fbcb06e62c5c8ef1f81bae8eda9f4d5185cd59f4db
SHA5127ac065377bcca1858948f5b9c9dafce2cf07b726ead97fb4917e3e2053c70dc3e40d96f0cb297289b355ce43d0ce8205673cd549d85f9a23b1700583f1ee2327
-
Filesize
344B
MD515491ba2237332f5cc16cdef1bb55926
SHA1d578642fa708a634e47d0b4f7ee94487d761f5a6
SHA25654a8951a794ef6f6080343da453b51a935ec75c63469b6964d7f1f94fd24be38
SHA5120bc1031868f966f5f416b0f9eaa9ac591c63c861295d765219e50f478fc58d37bac879e52b53a7c59ffd0c252030f1e424e49a24864e524565ff1728ebc5d150
-
Filesize
344B
MD523a8632530dee0eeca1a6b9890e3250f
SHA1136097996c60de8bbedd4b3fa485410058c1036b
SHA256514f61fc1255d525dc333a449a82c5f64b5fdb1acc8f34a6b5aa803e2ccc1f26
SHA5127bfcfb172043eda208557d5dc1cbf57aea76443721383ccc3b4b9a0668c66a5d55baa0af7292611a9bac18398761fecc504b0a9d4c95826bbd8b908485e71d0d
-
Filesize
344B
MD5b7afcf0d4f27970c2f26aa53d3cffbd5
SHA1fb7791c62f96a7a90f89e8fb8b4122c139c469fd
SHA256d319358d11198ae3a29ffaefb3c8c7510a4cf22482b24bdc45299030cdd407e8
SHA51288b57f876486ee0fbb0d912d5ac686e7eb7f8db34fa94707dde1d5dfe8a999f169f060471e54a477438bc8026f99b4a77eea8a6f0e4f9b26f661e6e18b40896e
-
Filesize
344B
MD5d0eb66aba685871694378f69e3755410
SHA14d46ef90c00210d4fa3c6ec666a08b1a2ecc6d64
SHA256daea7ec681f57872231adab72515dc1cea2819833b59c8fedb6d3e0b2dd1dcb0
SHA512680f81b8b7169661f2c2005c062d9971350a4f127a5d83e9f1f7c1d486737adeea73987992a7ed5be89cf971f5db43e44f2557a80999ced6e63ce2f8eca5dac0
-
Filesize
344B
MD57ae02fbe6dc26c8b986122e01eb2214a
SHA10e38031f144aa9aff2657aa0277d139acda54f06
SHA256ab3edf2967b5907f9136cffb0a4c72749d5fa7177ccb2212868923b828be90e1
SHA51237b4e9aaa6d5b602dfeb40a1e3a26816b56090d4d6783d2f9e0199dec9dec83b92d4e36e11020cb4a34316397faa7c45a82a84fd6a702de1d36a76f3538c24ad
-
Filesize
344B
MD5948625b8b2af2c405622e4dbc12683a8
SHA19087179aee9f9d9bf33bb00192147e7b9520eb74
SHA256bbceaa6d5aed08da0d06f5fd6df767f5a84d48587779d018994469114acd60f5
SHA5129a14b17951b974ac6520425b0da30f589af4567907c91a516ef2b01a8d01fd06cad232a1358557466bd25b8118a8931e793fc76fd441726c288af74d30a55e6b
-
Filesize
344B
MD5410782b514fec3046acdd0548b91a868
SHA17a11d8db208a6f74dd12de2dfc9a0832d5be425c
SHA2565a69f9e2aaea1fc8c52818f8d044a4c4f8802c4c0ab57b3838291310192c902f
SHA512755c69239aa8b55c318ab5aec72cf5f7d9f3afcdda70c95a4c8603c083fb5132924bacdad23227482514aa4a64d61692509cb9beaefb879fdc0818eac8fad98c
-
Filesize
242B
MD57c5fb0a5a8848afd2f7ca6fd864a5b0b
SHA1a8c466ad0b0502d9068b98054ff3f1ec546aaafd
SHA25676a4abeae24f407808e7f811853a2559a7388a9024825d3bfea961362ed62fe2
SHA51279ba9ad0e1af41b3282bc152496c720253b85f752bc59fc6ded698a90e757a6d599750e4527dd2a6d8200480292e4501be4caefcdd8560a48d185204e22443b8
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
183KB
MD5109cab5505f5e065b63d01361467a83b
SHA14ed78955b9272a9ed689b51bf2bf4a86a25e53fc
SHA256ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673
SHA512753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc