Proof of payment2.html
This report is generated from a file or URL submitted to this webservice on July 25th 2018 20:33:58 (UTC) and action script Default browser analysis
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.10 © Hybrid Analysis
Incident Response
Risk Assessment
- Network Behavior
- Contacts 3 domains and 2 hosts. View all details
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Suspicious Indicators 1
-
Ransomware/Banking
-
Detected text artifact in screenshot that indicate file could be ransomware
- details
- "Payment" (Source: screen_3.png, Indicator: "payment")
- source
- File/Memory
- relevance
- 10/10
-
Detected text artifact in screenshot that indicate file could be ransomware
-
Informative 16
-
Anti-Reverse Engineering
-
Creates guarded memory regions (anti-debugging trick to avoid memory dumping)
- details
- "iexplore.exe" is protecting 8192 bytes with PAGE_GUARD access rights
- source
- API Call
- relevance
- 10/10
-
Creates guarded memory regions (anti-debugging trick to avoid memory dumping)
-
General
-
Contacts domains
- details
-
"ocsp.pki.goog"
"ssl.gstatic.com"
"lh5.googleusercontent.com" - source
- Network Traffic
- relevance
- 1/10
-
Contacts server
- details
-
"216.58.201.225:443"
"216.58.201.227:443" - source
- Network Traffic
- relevance
- 1/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\ConnHashTable<3176>_HashTable_Mutex"
"IESQMMUTEX_0_208"
"Local\c:!users!%OSUSER%!appdata!local!microsoft!windows!temporary internet files!content.ie5!"
"Local\Feed Eventing Shared Memory Mutex S-1-5-21-4162757579-3804539371-4239455898-1000"
"Local\ZonesCacheCounterMutex"
"IESQMMUTEX_0_191"
"Local\!IETld!Mutex"
"Local\c:!users!%OSUSER%!appdata!roaming!microsoft!windows!ietldcache!"
"Local\WininetProxyRegistryMutex"
"Local\RSS Eventing Connection Database Mutex 00000c68"
"Local\Feeds Store Mutex S-1-5-21-4162757579-3804539371-4239455898-1000"
"Local\ZonesCounterMutex"
"Local\Feed Arbitration Shared Memory Mutex [ User : S-1-5-21-4162757579-3804539371-4239455898-1000 ]"
"ConnHashTable<3176>_HashTable_Mutex"
"Local\WininetConnectionMutex"
"Local\WininetStartupMutex"
"Local\c:!users!%OSUSER%!appdata!roaming!microsoft!windows!cookies!"
"Local\c:!users!%OSUSER%!appdata!local!microsoft!windows!history!history.ie5!"
"RasPbFile"
"Local\ZoneAttributeCacheCounterMutex" - source
- Created Mutant
- relevance
- 3/10
-
Launches a browser
- details
- Launches browser "iexplore.exe" (Show Process)
- source
- Monitored Target
- relevance
- 3/10
-
Opened the service control manager
- details
- "iexplore.exe" called "OpenSCManager" requesting access rights "SC_MANAGER_CONNECT" (0x1)
- source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1035 (Show technique in the MITRE ATT&CK™ matrix)
-
Scanning for window names
- details
-
"iexplore.exe" searching for class "IEFrame"
"iexplore.exe" searching for class "Static"
"iexplore.exe" searching for class "Shell_TrayWnd" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1010 (Show technique in the MITRE ATT&CK™ matrix)
-
Spawns new processes
- details
- Spawned process "iexplore.exe" with commandline "SCODEF:3176 CREDAT:79873" (Show Process)
- source
- Monitored Target
- relevance
- 3/10
-
Spawns new processes that are not known child processes
- details
- Spawned process "iexplore.exe" with commandline "SCODEF:3176 CREDAT:79873" (Show Process)
- source
- Monitored Target
- relevance
- 3/10
-
Contacts domains
-
Installation/Persistance
-
Creates new processes
- details
- "iexplore.exe" is creating a new process (Name: "%PROGRAMFILES%\Internet Explorer\iexplore.exe", Handle: 776)
- source
- API Call
- relevance
- 8/10
-
Dropped files
- details
-
"h_sprite7[1].svg" has type "SVG Scalable Vector Graphics image"
"{1B7A548F-9085-11E8-8D2E-0A0027002F8F}.dat" has type "Composite Document File V2 Document Cannot read short stream"
"RecoveryStore.{1B7A547C-9085-11E8-8D2E-0A0027002F8F}.dat" has type "Composite Document File V2 Document Cannot read section info"
"RecoveryStore.{1B7A5489-9085-11E8-8D2E-0A0027002F8F}.dat" has type "Composite Document File V2 Document Cannot read section info"
"Tar574D.tmp" has type "data"
"Kno71F0.tmp" has type "XML 1.0 document ASCII text with CRLF line terminators"
"RecoveryStore.{91BA4BDF-B50F-11E4-ADE1-0800270E0C5C}.dat" has type "Composite Document File V2 Document Cannot read section info"
"RecoveryStore.{1B7A5479-9085-11E8-8D2E-0A0027002F8F}.dat" has type "Composite Document File V2 Document Cannot read section info"
"RecoveryStore.{1B7A5487-9085-11E8-8D2E-0A0027002F8F}.dat" has type "Composite Document File V2 Document Cannot read section info"
"{E7CA56C4-9084-11E8-8D2E-0A0027002F8F}.dat" has type "Composite Document File V2 Document Cannot read section info"
"CFE86DBBE02D859DC92F1E17E0574EE8_FDB452422670E72EDD3FB3D65568F821" has type "data"
"{1B7A5470-9085-11E8-8D2E-0A0027002F8F}.dat" has type "Composite Document File V2 Document Cannot read short stream"
"Tar764A.tmp" has type "data"
"{1B7A5483-9085-11E8-8D2E-0A0027002F8F}.dat" has type "Composite Document File V2 Document Cannot read short stream"
"{1B7A547B-9085-11E8-8D2E-0A0027002F8F}.dat" has type "Composite Document File V2 Document Cannot read short stream"
"{1B7A5472-9085-11E8-8D2E-0A0027002F8F}.dat" has type "Composite Document File V2 Document Cannot read short stream"
"RecoveryStore.{1B7A5484-9085-11E8-8D2E-0A0027002F8F}.dat" has type "Composite Document File V2 Document Cannot read section info"
"JavaDeployReg.log" has type "ASCII text with CRLF line terminators"
"F5F320A94D4D2B4465D8F17E2BB2D351_50DF963EB3347C7B42AC474AE4FC5C13" has type "data"
"{1B7A5474-9085-11E8-8D2E-0A0027002F8F}.dat" has type "Composite Document File V2 Document Cannot read short stream" - source
- Binary File
- relevance
- 3/10
-
Found a string that may be used as part of an injection method
- details
- "Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)
- source
- File/Memory
- relevance
- 4/10
- ATT&CK ID
- T1055 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates new processes
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "www.google.com"
Pattern match: "www.google.com0Y0"
Pattern match: "www.google.com0h"
Pattern match: "http://pki.goog/gsr2/GTSGIAG3.crt0"
Pattern match: "http://ocsp.pki.goog/GTSGIAG30"
Pattern match: "http://crl.pki.goog/GTSGIAG3.crl0"
Pattern match: "http://ocsp.pki.goog/gsr202"
Pattern match: "http://crl.pki.goog/gsr2/gsr2.crl0"
Pattern match: "https://pki.goog/repository/0"
Heuristic match: "docs.google.com"
Heuristic match: "*.google.com"
Heuristic match: "*.android.com"
Heuristic match: "*.appengine.google.com"
Heuristic match: "*.cloud.google.com"
Heuristic match: "*.db833953.google.cn"
Heuristic match: "*.gcp.gvt2.com"
Heuristic match: "*.google-analytics.com"
Heuristic match: "*.google.ca"
Heuristic match: "*.google.cl"
Heuristic match: "*.google.co.in"
Heuristic match: "*.google.co.jp"
Heuristic match: "*.google.co.uk"
Heuristic match: "*.google.com.ar"
Heuristic match: "*.google.com.au"
Heuristic match: "*.google.com.br"
Heuristic match: "*.google.com.co"
Heuristic match: "*.google.com.mx"
Heuristic match: "*.google.com.tr"
Heuristic match: "*.google.com.vn"
Heuristic match: "*.google.de"
Heuristic match: "*.google.es"
Heuristic match: "*.google.fr"
Heuristic match: "*.google.hu"
Heuristic match: "*.google.it"
Heuristic match: "*.google.nl"
Heuristic match: "*.google.pl"
Heuristic match: "*.google.pt"
Heuristic match: "*.googleadapis.com"
Heuristic match: "*.googleapis.cn"
Heuristic match: "*.googlecommerce.com"
Heuristic match: "*.googlevideo.com"
Heuristic match: "*.gstatic.cn"
Heuristic match: "*.gstatic.com"
Heuristic match: "*.gvt1.com"
Heuristic match: "*.gvt2.com"
Heuristic match: "*.metric.gstatic.com"
Heuristic match: "*.urchin.com"
Heuristic match: "*.url.google.com"
Heuristic match: "*.youtube-nocookie.com"
Heuristic match: "*.youtube.com"
Heuristic match: "*.youtubeeducation.com"
Heuristic match: "*.ytimg.com"
Heuristic match: "android.clients.google.com"
Heuristic match: "android.com"
Heuristic match: "developer.android.google.cn"
Heuristic match: "developers.android.google.cn"
Heuristic match: "google-analytics.com"
Heuristic match: "google.com"
Heuristic match: "googlecommerce.com"
Heuristic match: "source.android.google.cn"
Pattern match: "www.goo.gl"
Heuristic match: "youtube.com"
Heuristic match: "youtubeeducation.com"
Heuristic match: "tools.google.com"
Heuristic match: "lh5.googleusercontent.com"
Heuristic match: "ssl.gstatic.com"
Heuristic match: "*.googleusercontent.com"
Heuristic match: "*.apps.googleusercontent.com"
Heuristic match: "$*.appspot.com.storage.googleapis.com"
Heuristic match: "*.blogspot.com"
Heuristic match: "*.bp.blogspot.com"
Heuristic match: "*.commondatastorage.googleapis.com"
Heuristic match: ")*.content-storage-download.googleapis.com"
Heuristic match: "'*.content-storage-upload.googleapis.com"
Heuristic match: "*.content-storage.googleapis.com"
Heuristic match: "*.doubleclickusercontent.com"
Heuristic match: "*.ggpht.com"
Heuristic match: "*.googledrive.com"
Heuristic match: "*.googlesyndication.com"
Heuristic match: "*.googleweblight.com"
Heuristic match: "&*.local.amp4mail.googleusercontent.com"
Heuristic match: "4*.playground-internal.amp4mail.googleusercontent.com"
Heuristic match: "+*.playground.amp4mail.googleusercontent.com"
Heuristic match: "%*.prod.amp4mail.googleusercontent.com"
Heuristic match: "*.safenup.googleusercontent.com"
Heuristic match: "*.sandbox.googleusercontent.com"
Heuristic match: "!*.storage-download.googleapis.com"
Heuristic match: "*.storage-upload.googleapis.com"
Heuristic match: "*.storage.googleapis.com"
Heuristic match: "*.storage.select.googleapis.com"
Heuristic match: "blogspot.com"
Heuristic match: "bp.blogspot.com"
Heuristic match: "commondatastorage.googleapis.com"
Heuristic match: "doubleclickusercontent.com"
Heuristic match: "ggpht.com"
Heuristic match: "googleusercontent.com"
Heuristic match: "googleweblight.com"
Heuristic match: "manifest.lh3.googleusercontent.com"
Heuristic match: "+static.panoramio.com.storage.googleapis.com"
Heuristic match: "storage.googleapis.com"
Heuristic match: "storage.select.googleapis.com"
Pattern match: "www.aka.ms"
Pattern match: "mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%205.crl"
Pattern match: "crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%205.crl0"
Pattern match: "www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%205.crt0"
Pattern match: "http://ocsp.msocsp.com0"
Pattern match: "http://www.microsoft.com/pki/mscorp/cps0"
Pattern match: "http://ocsp.digicert.com0"
Pattern match: "http://crl3.digicert.com/Omniroot2025.crl0="
Pattern match: "https://www.digicert.com/CPS0"
Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.digicert.com"
Heuristic match: "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAIDRU2YL2JJtYm8AAAAAgNE%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.msocsp.com"
Pattern match: "www.bing.com0"
Pattern match: "www.bing.com"
Heuristic match: "dict.bing.com.cn"
Heuristic match: "*.platform.bing.com"
Heuristic match: "*.bing.com"
Heuristic match: "*.windowssearch.com"
Heuristic match: "*.origin.bing.com"
Heuristic match: "*.mm.bing.net"
Heuristic match: "ecn.dev.virtualearth.net"
Heuristic match: "*.cn.bing.net"
Heuristic match: "*.cn.bing.com"
Heuristic match: "ssl-api.bing.com"
Heuristic match: "ssl-api.bing.net"
Heuristic match: "*.api.bing.net"
Heuristic match: "*.bingapis.com"
Heuristic match: "bingsandbox.com"
Heuristic match: "insertmedia.bing.office.net"
Heuristic match: "r.bat.bing.com"
Heuristic match: "*.r.bat.bing.com"
Heuristic match: "*.dict.bing.com.cn"
Heuristic match: "*.dict.bing.com"
Heuristic match: "*.ssl.bing.com"
Heuristic match: "*.appex.bing.com"
Heuristic match: "*.platform.cn.bing.com"
Heuristic match: "wp.m.bing.com"
Heuristic match: "*.m.bing.com"
Heuristic match: "global.bing.com"
Heuristic match: "windowssearch.com"
Heuristic match: "search.msn.com"
Heuristic match: "*.bingsandbox.com"
Heuristic match: "*.api.tiles.ditu.live.com"
Heuristic match: "*.ditu.live.com"
Heuristic match: "*.t0.tiles.ditu.live.com"
Heuristic match: "*.t1.tiles.ditu.live.com"
Heuristic match: "*.t2.tiles.ditu.live.com"
Heuristic match: "*.t3.tiles.ditu.live.com"
Heuristic match: "*.tiles.ditu.live.com"
Heuristic match: "3d.live.com"
Heuristic match: "api.search.live.com"
Heuristic match: "beta.search.live.com"
Heuristic match: "cnweb.search.live.com"
Heuristic match: "dev.live.com"
Heuristic match: "ditu.live.com"
Heuristic match: "farecast.live.com"
Heuristic match: "image.live.com"
Heuristic match: "images.live.com"
Heuristic match: "local.live.com.au"
Heuristic match: "localsearch.live.com"
Heuristic match: "ls4d.search.live.com"
Heuristic match: "mail.live.com"
Heuristic match: "mapindia.live.com"
Heuristic match: "local.live.com"
Heuristic match: "maps.live.com"
Heuristic match: "maps.live.com.au"
Heuristic match: "mindia.live.com"
Heuristic match: "news.live.com"
Heuristic match: "origin.cnweb.search.live.com"
Heuristic match: "preview.local.live.com"
Heuristic match: "search.live.com"
Heuristic match: "test.maps.live.com"
Heuristic match: "video.live.com"
Heuristic match: "videos.live.com"
Heuristic match: "virtualearth.live.com"
Heuristic match: "wap.live.com"
Heuristic match: "webmaster.live.com"
Heuristic match: "webmasters.live.com"
Pattern match: "www.local.live.com.au"
Pattern match: "www.maps.live.com.au0"
Pattern match: "https://ieonline.microsoft.com/#ieslice"
Pattern match: "http://go.microsoft.com/fwlink/?LinkId=121315"
Pattern match: "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight"
Pattern match: "http://www.bing.com/favicon.ico"
Pattern match: "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
Spyware/Information Retrieval
-
Found a reference to a known community page
- details
-
"*.youtube-nocookie.com" (Indicator: "youtube")
"*.youtube.com" (Indicator: "youtube")
"*.youtubeeducation.com" (Indicator: "youtube")
"youtube.com" (Indicator: "youtube")
"youtubeeducation.com" (Indicator: "youtube") - source
- File/Memory
- relevance
- 7/10
-
Found a reference to a known community page
-
System Security
-
Hooks API calls
- details
-
"DialogBoxIndirectParamW@USER32.DLL" in "iexplore.exe"
"PageSetupDlgW@COMDLG32.DLL" in "iexplore.exe"
"MessageBoxIndirectA@USER32.DLL" in "iexplore.exe"
"DialogBoxParamA@USER32.DLL" in "iexplore.exe"
"MessageBoxExA@USER32.DLL" in "iexplore.exe"
"MessageBoxIndirectW@USER32.DLL" in "iexplore.exe"
"DialogBoxIndirectParamA@USER32.DLL" in "iexplore.exe"
"MessageBoxExW@USER32.DLL" in "iexplore.exe"
"OleCreatePropertyFrameIndirect@OLEAUT32.DLL" in "iexplore.exe"
"CreateWindowExW@USER32.DLL" in "iexplore.exe"
"PropertySheet@COMCTL32.DLL" in "iexplore.exe"
"DialogBoxParamW@USER32.DLL" in "iexplore.exe"
"PropertySheetW@COMCTL32.DLL" in "iexplore.exe" - source
- Hook Detection
- relevance
- 10/10
- ATT&CK ID
- T1179 (Show technique in the MITRE ATT&CK™ matrix)
-
Hooks API calls
-
Unusual Characteristics
-
Installs hooks/patches the running process
- details
-
"iexplore.exe" wrote bytes "c4ca717680bb7176aa6e72769fbb717608bb717646ce717661387276de2f7276d0d97176000000001779b9764f91b9767f6fb976f4f7b97611f7b976f283b976857eb97600000000" to virtual address "0x6FD31000" (part of module "MSIMG32.DLL")
"iexplore.exe" wrote bytes "e954a108f9" to virtual address "0x76113B7F" ("DialogBoxIndirectParamW@USER32.DLL")
"iexplore.exe" wrote bytes "e99ac38ef8" to virtual address "0x768B2694" ("PageSetupDlgW@COMDLG32.DLL")
"iexplore.exe" wrote bytes "e99cf305f9" to virtual address "0x7613E869" ("MessageBoxIndirectA@USER32.DLL")
"iexplore.exe" wrote bytes "e92e0d07f9" to virtual address "0x7612CF42" ("DialogBoxParamA@USER32.DLL")
"iexplore.exe" wrote bytes "e96ff105f9" to virtual address "0x7613E9C9" ("MessageBoxExA@USER32.DLL")
"iexplore.exe" wrote bytes "4053ba775858bb77186abb77653cbc770000000000bf71760000000056cc7176000000007cca7176000000003768f4756a2cbc77d62dbc77000000002069f4750000000029a6717600000000a48df47500000000f70e717600000000" to virtual address "0x77CC1000" (part of module "NSI.DLL")
"iexplore.exe" wrote bytes "e937f205f9" to virtual address "0x7613E963" ("MessageBoxIndirectW@USER32.DLL")
"iexplore.exe" wrote bytes "e9c20a07f9" to virtual address "0x7612D274" ("DialogBoxIndirectParamA@USER32.DLL")
"iexplore.exe" wrote bytes "92e6b77779a8bc77be72bc77d62dbc771de2b77705a2bc77bee3b777616fbc776841ba770050ba7700000000ad3780768b2d8076b641807600000000" to virtual address "0x751C1000" (part of module "WSHTCPIP.DLL")
"iexplore.exe" wrote bytes "e9e9f005f9" to virtual address "0x7613E9ED" ("MessageBoxExW@USER32.DLL")
"iexplore.exe" wrote bytes "e9395481f8" to virtual address "0x769893FC" ("OleCreatePropertyFrameIndirect@OLEAUT32.DLL")
"iexplore.exe" wrote bytes "e9b34bf7f8" to virtual address "0x760EEC7C" ("CreateWindowExW@USER32.DLL")
"iexplore.exe" wrote bytes "e9fc7952fa" to virtual address "0x74C77922" ("PropertySheet@COMCTL32.DLL")
"iexplore.exe" wrote bytes "e9b943e9f8" to virtual address "0x76103B9B" ("DialogBoxParamW@USER32.DLL")
"iexplore.exe" wrote bytes "7739b87779a8bc77be72bc77d62dbc771de2b77705a2bc77c868bb7757d1c277bee3b777616fbc776841ba770050ba7700000000ad3780768b2d8076b641807600000000" to virtual address "0x756F1000" (part of module "WSHIP6.DLL")
"iexplore.exe" wrote bytes "e9efb95cfa" to virtual address "0x74BD388E" ("PropertySheetW@COMCTL32.DLL")
"iexplore.exe" wrote bytes "e9652bfaf8" to virtual address "0x760EADF9" (part of module "USER32.DLL")
"iexplore.exe" wrote bytes "e9e89af3f8" to virtual address "0x760EE30C" (part of module "USER32.DLL")
"iexplore.exe" wrote bytes "e99ac38ef8" to virtual address "0x768B2694" (part of module "COMDLG32.DLL") - source
- Hook Detection
- relevance
- 10/10
- ATT&CK ID
- T1179 (Show technique in the MITRE ATT&CK™ matrix)
-
Installs hooks/patches the running process
File Details
Proof of payment2.html
- Filename
- Proof of payment2.html
- Size
- 259KiB (264804 bytes)
- Type
- html
- Description
- HTML document, ASCII text, with very long lines, with CRLF line terminators
- Architecture
- WINDOWS
- SHA256
- 62adbb79b132b8c49b906c932f6341489d3a38b518fe119b06a2ad3db453d613
- MD5
- 70f52627282d95e1529c5bef1294a1bf
- SHA1
- ad58386974cd67a5e372587b382b0cc753a18306
Classification (TrID)
- 100.0% (.HTML) HyperText Markup Language
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 2 processes in total.
-
iexplore.exe
-nohome
(PID: 3176)
- iexplore.exe SCODEF:3176 CREDAT:79873 (PID: 2192)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
ssl.gstatic.com |
216.58.201.227
TTL: 299 |
- | United States |
ocsp.pki.goog |
216.58.201.238
TTL: 2592 |
- | United States |
lh5.googleusercontent.com
OSINT |
216.58.201.225
TTL: 21599 |
MarkMonitor, Inc.
Organization: Google Inc. Name Server: NS1.GOOGLE.COM Creation Date: Mon, 17 Nov 2008 00:00:00 GMT |
United States |
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
216.58.201.225 |
443
TCP |
iexplore.exe PID: 2192 |
United States |
216.58.201.227 |
443
TCP |
iexplore.exe PID: 2192 |
United States |
Contacted Countries
HTTP Traffic
Endpoint | Request | URL | |
---|---|---|---|
216.58.201.238:80 (ocsp.pki.goog) | GET | ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D | GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.pki.goog More Details |
216.58.201.238:80 (ocsp.pki.goog) | GET | ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCFPTr8ZynL%2FO | GET /GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCFPTr8ZynL%2FO HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.pki.goog More Details |
216.58.201.238:80 (ocsp.pki.goog) | GET | ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCEM5Rm4ycYDk | GET /GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCEM5Rm4ycYDk HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.pki.goog More Details |
Extracted Strings
Extracted Files
Displaying 21 extracted file(s). The remaining 36 file(s) are available in the full version and XML/JSON reports.
-
Informative Selection 1
-
-
Tar764A.tmp
- Size
- 127KiB (130369 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- 1ce93e08013d491c3209cece260b9119
- SHA1
- ee562301f20a1fbb55b5f7e4cd5546eaba21845f
- SHA256
- 3b41d93c0113bfffb597179c36eb0eab49b08668215686b708c223e0496affca
-
-
Informative 20
-
-
RecoveryStore.{E7CA56C3-9084-11E8-8D2E-0A0027002F8F}.dat
- Size
- 5KiB (5120 bytes)
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- 75e9f702f5d72e25214bfb4367e034cc
- SHA1
- 5ab1e17009ba37e5f1d1af2868728de67971a0e6
- SHA256
- 8cefe4c2cf062f771cbb4fcc17f676338fe7d0be18ec6b86147b4727240633a9
-
{E7CA56C4-9084-11E8-8D2E-0A0027002F8F}.dat
- Size
- 6.5KiB (6656 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- 949b2044d9045aa1620fea73b10b47ce
- SHA1
- 6bae3e16e6160ccf87f7cd4772851651a9d08469
- SHA256
- 78a5fc67f1b21acbd8f3c63423ebe4b43f721196176f4c2b4c519da84c9783c9
-
RecoveryStore.{1B7A5477-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 4.5KiB (4608 bytes)
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- 471f6617871a32f78de8e19508eda2c7
- SHA1
- acfe377d9790f73b1184eb486af824c5117d3498
- SHA256
- 0d803ac6e82dfe58437a916c79946027f722c6cd4b62f27821af76d658989b81
-
RecoveryStore.{1B7A5479-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 4.5KiB (4608 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- 39ed4549fb4091d3ee68238093f4dd56
- SHA1
- 2de183008c4c51e0171b3d2beb5613caff6a06c7
- SHA256
- feeab03ba2e9a22837075f4acc59321f7d239bb72a9751ba1b6013e1036a5df0
-
RecoveryStore.{1B7A547C-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 4.5KiB (4608 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- 3c1105b8d7b72f51ddb08d2932e9bd72
- SHA1
- 9c0f29a3eb54d70183dd6e6fc420709ce7f529c9
- SHA256
- ce25815048174669161abd4d7b8ef0ea6862a627044ec33bc45b8ede4a8c2870
-
RecoveryStore.{1B7A547F-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 4.5KiB (4608 bytes)
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- f979dc06a9166c95bfcc668d0b8658f4
- SHA1
- 6fd1fdc5b034b3088d849654716b7ab4db74473d
- SHA256
- ecfd13ad5b6e7a7939c9d22a4d7a8616fa8b9ed3ae1ea478330359874b03c4d1
-
RecoveryStore.{1B7A5482-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 4.5KiB (4608 bytes)
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- 8a75f0ca7a37c099018e1d0811915fc8
- SHA1
- 333d179cfffddffab22c762f3929ee370fca5d59
- SHA256
- a1c23c79f18607f2732caafff30bbc3de70818e88b12114c390fc577875265bb
-
RecoveryStore.{1B7A5484-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 4.5KiB (4608 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- 6a70e47d760f481c2744db5fce1522cc
- SHA1
- 151c60925d7f9fbc98bf1a1f61ee4307c9992143
- SHA256
- c2d55e28cccc1443ae3af852b3173cf0beb4565f6233ce4ee2e90d000e0324d4
-
RecoveryStore.{1B7A5487-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 4.5KiB (4608 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- af740a1dd09ed83ff29a35a4ebadc434
- SHA1
- c6d055c57088326e5277810c94a84d2d9de52395
- SHA256
- 7301a2dd0820eaa8a39122f0af950d5a2d3592b9c01d7fa2527822c7aaffbfcc
-
RecoveryStore.{1B7A5489-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 4.5KiB (4608 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- d2719d42173094def0e9d6eb09f2d0d6
- SHA1
- 819627bc84b56d9ddf103f30d54a2c925a086ba3
- SHA256
- 2b1a0c71453ef6cbd764464cef62947d11444ac1ebcebb45392e6578dbb51476
-
RecoveryStore.{1B7A548B-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 4.5KiB (4608 bytes)
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- d207efd96b0dda6e02424d5b0da725ac
- SHA1
- dc66410cb155f50ad4daa36c224e35ca00d092d9
- SHA256
- ed071f48491f0343528788370bd1679770c84e7db669234590d2be22ab519064
-
RecoveryStore.{1B7A548D-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 4.5KiB (4608 bytes)
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- edfe2db53cf8a89f6696fcee68189d1f
- SHA1
- c97324b52bbca74c635c2094967ffbeee07c31e9
- SHA256
- 749da357f962521eb299562b6b11081771fcbce81dcfe261922ba28a26203998
-
RecoveryStore.{91BA4BDF-B50F-11E4-ADE1-0800270E0C5C}.dat
- Size
- 4.5KiB (4608 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- 1b1714c0651edc56f91fc81d9005ca30
- SHA1
- 7c894a6cac538bf80d186136b847ac47f3142f0d
- SHA256
- e2ba67c2b8465c694cac033038c6944c9088994680865d1980b4acdcd6909433
-
{1B7A5470-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 5.7KiB (5878 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read short stream
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- c403ca3df358529747f553ef65f8e162
- SHA1
- d3617ad53d6c1ac68a5b5c7a2881ba8a41a81d4c
- SHA256
- 113952db6913fd0d662124a604dc8b84c44f6c5fc9f1b25921f2999d7226cab9
-
{1B7A5471-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 5.7KiB (5878 bytes)
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- 97731f05a366414a73d15d98dd5af074
- SHA1
- e0b311eddfe315b4e5739e6fe3208e18044f3a75
- SHA256
- a2bbd63dfab31de88400f5b55b71452abfe822d277c63316605a830478ea385e
-
{1B7A5472-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 5.7KiB (5878 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read short stream
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- 9a6b1670aa17a10f0a15f81c1c6564ae
- SHA1
- 99ac25c888c58c040f57abe44269089ee7e6f831
- SHA256
- 0808cce7e37b23e0066e6946f9315c55bc4519d97510743b06dbb59cff5cf349
-
{1B7A5473-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 5.7KiB (5878 bytes)
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- 401ee8f4fe478b9a841d51fffa8bba95
- SHA1
- 054c8aff4dd1d4ec76205a97281145e709bec6ef
- SHA256
- 3b64e26af72e32584f404542b902b58953cc960cce45a022fc8da4a0d7dc08d0
-
{1B7A5474-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 5.7KiB (5878 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read short stream
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- cb0389a15377d21829f0ab6a929bdad6
- SHA1
- fe92142679514947b16e4f6519cc56392ac8e8fd
- SHA256
- 59b0d7d4bce85f7b299af5b0ad53dd0c3010524f2b3f5bd4029f140dd1f0685a
-
{1B7A5475-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 5.7KiB (5878 bytes)
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- ccb2d31e658d85b57f03e79679faa0ea
- SHA1
- 3714cf9191510ad2dd082e34793c6d4d8d8f597f
- SHA256
- e3156def94428f6690483eabb5664d0bc16a4dcfcb2bc3d20e3611265a9564cc
-
{1B7A5476-9085-11E8-8D2E-0A0027002F8F}.dat
- Size
- 5.7KiB (5878 bytes)
- Runtime Process
- iexplore.exe (PID: 3176)
- MD5
- 47eb0951012679906db326b935561e97
- SHA1
- 1942c82aaf07feffb0340875e871c0d6c9f663da
- SHA256
- e6b11cd33fb442297a887bfa3fdcb953c11c84466bb81ac05307f0853d4f12ee
-
Notifications
-
Runtime
- A process crash was detected during the runtime analysis
- Not all IP/URL string resources were checked online
- Not all file accesses are visible for iexplore.exe (PID: 2192)
- Not all sources for indicator ID "binary-0" are available in the report
- Not all sources for indicator ID "hooks-8" are available in the report
- Not all sources for indicator ID "mutant-0" are available in the report
- Some low-level data is hidden, as this is only a slim report