http://e.gcgame.info/
This report is generated from a file or URL submitted to this webservice on September 12th 2023 09:04:42 (UTC) and action script Default browser analysis
Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v10.2.0 © Hybrid Analysis
Incident Response
Risk Assessment
- Network Behavior
- Contacts 4 domains and 4 hosts. View all details
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 1
-
External Systems
-
Sample was identified as malicious by a trusted Antivirus engine
- details
- No specific details available
- source
- External System
- relevance
- 10/10
-
Sample was identified as malicious by a trusted Antivirus engine
-
Suspicious Indicators 6
-
External Systems
-
Found an IP/URL artifact that was identified as malicious by at least three reputation engines
- details
-
6/90 reputation engines marked "http://e.gcgame.info/" as malicious (6% detection rate)
6/90 reputation engines marked "http://e.gcgame.info" as malicious (6% detection rate) - source
- External System
- relevance
- 10/10
-
Sample was identified as malicious by at least one Antivirus engine
- details
- 6/90 Antivirus vendors marked sample as malicious (6% detection rate)
- source
- External System
-
Found an IP/URL artifact that was identified as malicious by at least three reputation engines
-
General
-
Found a potential E-Mail address in binary/memory
- details
- Pattern match: "apm-rum@5.9.1"
- source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1114 (Show technique in the MITRE ATT&CK™ matrix)
-
GETs files from a webserver
- details
-
"GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: e.gcgame.info
DNT: 1
Connection: Keep-Alive" Response ==> HTTP/1.1 301 Moved Permanently
Date: Tue
12 Sep 2023 09:07:09 GMT
Server: Apache
Via: p3plgemwbe17-03
Location: https://email.secureserver.net/login.php?domain=e.gcgame.info
Content-Length: 269
Keep-Alive: timeout=5
max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1 with response body ==>3C21444F43545950452048544D4C205055424C494320222D2F2F494554462F2F4454442048544D4C20322E302F2F454E223E0A3C68746D6C3E3C686561643E0A....... - source
- Network Traffic
- relevance
- 10/10
- ATT&CK ID
- T1071.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Found a potential E-Mail address in binary/memory
-
Network Related
-
Found potential IP address in binary/memory
- details
-
Potential IP "22.1.3.27" found in string "// 22.1.3.27 Array.prototype.sort ( comparefn )"
Potential IP "19.1.2.10" found in string "// 19.1.2.10 Object.getOwnPropertyNames ( O )"
Potential IP "19.1.2.8" found in string "// 19.1.2.8 Object.getOwnPropertyDescriptor ( O, P )"
Potential IP "19.1.2.1" found in string "// 19.1.2.1 Object.assign ( target, ...sources )"
Potential IP "19.4.3.2" found in string "// 19.4.3.2 get Symbol.prototype.description"
Potential IP "23.2.2.2" found in string "// 23.2.2.2 get Set [ @@species ]"
Potential IP "23.2.3.8" found in string "// 23.2.3.8 Set.prototype.keys ( )"
Potential IP "19.2.4.2" found in string "// 19.2.4.2 name"
Potential IP "23.2.5.3" found in string "// 3. If O does not have all of the internal slots of a Set Iterator Instance (23.2.5.3), throw a TypeError exception."
Potential IP "23.3.1.1" found in string "// 23.3.1.1 WeakMap ( [ iterable ] )"
Potential IP "23.3.2.1" found in string "// 23.3.2.1 WeakMap.prototype"
Potential IP "23.3.3.1" found in string "// 23.3.3.1 WeakMap.prototype.constructor"
Potential IP "23.3.3.2" found in string "// 23.3.3.2 WeakMap.prototype.delete ( key )"
Potential IP "23.3.3.3" found in string "// 23.3.3.3 WeakMap.prototype.get ( key )"
Potential IP "23.3.3.4" found in string "// 23.3.3.4 WeakMap.prototype.has ( key )"
Potential IP "23.3.3.5" found in string "// 23.3.3.5 WeakMap.prototype.set ( key, value )"
Potential IP "23.3.3.6" found in string "// 23.3.3.6 WeakMap.prototype [ @@toStringTag ]" - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential IP address in binary/memory
-
Unusual Characteristics
-
Contacts Mail Related Domain Names
- details
- "email.secureserver.net" is probably a mail server
- source
- Network Traffic
- relevance
- 10/10
- ATT&CK ID
- T1071.003 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts Mail Related Domain Names
-
Informative 11
-
Environment Awareness
-
Attempts to detect virtual machine (file access)
- details
-
"iexplore.exe" trying to touch file "%WINDIR%\System32\vm3dum_loader.dll"
"iexplore.exe" trying to touch file "C:\Windows\System32\vm3dum_10.dll"
"iexplore.exe" trying to touch file "C:\Windows\System32\vm3dum.dll"
"iexplore.exe" trying to touch file "%WINDIR%\System32\vm3dum_10.dll" - source
- API Call
- relevance
- 8/10
- ATT&CK ID
- T1497 (Show technique in the MITRE ATT&CK™ matrix)
-
Attempts to detect virtual machine (file access)
-
General
-
Contacts domains
- details
- "e.gcgame.info"
- source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts server
- details
-
"173.201.193.133:80"
"173.201.193.133:443"
"104.16.125.175:443"
"44.234.208.169:443" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\IsoScope_a54_IESQMMUTEX_0_519"
"Local\InternetShortcutMutex"
"Local\ZonesCacheCounterMutex"
"{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"
"IsoScope_a54_IESQMMUTEX_0_303"
"IsoScope_a54_IE_EarlyTabStart_0xa24_Mutex"
"Local\!BrowserEmulation!SharedMemory!Mutex"
"IsoScope_a54_IESQMMUTEX_0_331"
"Local\URLBLOCK_FILEMAPSWITCH_MUTEX_2644"
"Local\ZonesLockedCacheCounterMutex"
"Local\URLBLOCK_HASHFILESWITCH_MUTEX"
"IsoScope_a54_ConnHashTable<2644>_HashTable_Mutex"
"Local\URLBLOCK_DOWNLOAD_MUTEX"
"Local\VERMGMTBlockListFileMutex"
"{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"
"IsoScope_a54_IESQMMUTEX_0_519"
"UpdatingNewTabPageData"
"\Sessions\1\BaseNamedObjects\UpdatingNewTabPageData"
"\Sessions\1\BaseNamedObjects\Local\!BrowserEmulation!SharedMemory!Mutex"
"\Sessions\1\BaseNamedObjects\Local\VERMGMTBlockListFileMutex"
"\Sessions\1\BaseNamedObjects\Local\URLBLOCK_FILEMAPSWITCH_MUTEX_2644"
"\Sessions\1\BaseNamedObjects\Local\URLBLOCK_HASHFILESWITCH_MUTEX"
"\Sessions\1\BaseNamedObjects\Local\URLBLOCK_DOWNLOAD_MUTEX"
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex" - source
- Created Mutant
- relevance
- 3/10
-
Drops files marked as clean
- details
- Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")
- source
- Binary File
- relevance
- 10/10
-
Queries DNS server
- details
-
"55c74eee6fcf46b1a0517a610f8d289a.apm.vpce.gdw55e.elastic-cloud.com"
"e.gcgame.info"
"email.secureserver.net"
"unpkg.com" - source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071.004 (Show technique in the MITRE ATT&CK™ matrix)
-
References JavaScript(s)
- details
-
Found string "<script type="text/javascript" nonce="">" (Indicator: "text/javascript"; File: "XEQ6VZJ5.htm")
Found string "<script type="text/javascript" id="inlinehead-inline-script" nonce="">" (Indicator: "text/javascript"; File: "XEQ6VZJ5.htm")
file/memory contains long string with (Indicator: "text/javascript"; File: "XEQ6VZJ5.htm")
Found string "<script src='https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.836027f376edefc7b09a.js' type="text/javascript" nonce="" crossorigin="anonymous"></script>" (Indicator: "text/javascript"; File: "XEQ6VZJ5.htm")
Found string "<script src='https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.f0dc8bbbc7b4d116660b.js' type="text/javascript" nonce="" crossorigin="anonymous"></script>" (Indicator: "text/javascript"; File: "XEQ6VZJ5.htm")
Found string "<script src='https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.f4d6737f460385e09d02.js' type="text/javascript" nonce="" crossorigin="anonymous"></script>" (Indicator: "text/javascript"; File: "XEQ6VZJ5.htm")
Found string "<script src='https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.057b9084c6f702aa78a9.js' type="text/javascript" nonce="" crossorigin="anonymous"></script>" (Indicator: "text/javascript"; File: "XEQ6VZJ5.htm") - source
- File/Memory
- relevance
- 1/10
- ATT&CK ID
- T1059.007 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts domains
-
Installation/Persistence
-
Dropped files
- details
-
"urlblockindex_1_.bin" has type "data"- [targetUID: N/A]
"utility-header_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]
"_app-0b02b2793ea6ea46_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"polyfill_1_.js" has type "UTF-8 Unicode text with very long lines"- [targetUID: N/A]
"vendor.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]
"urlref_httpe.gcgame.info" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]
"login_1_.htm" has type "HTML document UTF-8 Unicode text with very long lines"- [targetUID: N/A]
"uxcore2.min_1_.css" has type "UTF-8 Unicode text with very long lines with no line terminators"- [targetUID: N/A]
"p_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"XEQ6VZJ5.htm" has type "HTML document UTF-8 Unicode text with very long lines with CRLF NEL line terminators"- Location: [%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\37NU00GP\XEQ6VZJ5.htm]- [targetUID: 00000000-00002644]
"tcc.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]
"uxcore2.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]
"main-9bdc9a9bbec1efdd_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"hivemind-3.0.1_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]
"polyfills-c67a75d1b6f99dc8_1_.js" has type "UTF-8 Unicode text with very long lines with LF NEL line terminators"- [targetUID: N/A]
"utility-header_1_.css" has type "ASCII text with very long lines"- [targetUID: N/A]
"elastic-apm-rum.umd.min_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]
"3474-271d74164cd98341_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"7925-157a1c4da84f914f_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"48c0c289363e4edd_1_.css" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"en-US.4" has type "data"- Location: [%LOCALAPPDATA%\Microsoft\Internet Explorer\DomainSuggestions\en-US.4]- [targetUID: 00000000-00002644]
"~DFE578669D89F701AF.TMP" has type "data"- Location: [%TEMP%\~DFE578669D89F701AF.TMP]- [targetUID: 00000000-00002644]
"~DF10F0B32BBD7CF968.TMP" has type "data"- Location: [%TEMP%\~DF10F0B32BBD7CF968.TMP]- [targetUID: 00000000-00002644]
"~DFB72FD8B2E52B8995.TMP" has type "data"- Location: [%TEMP%\~DFB72FD8B2E52B8995.TMP]- [targetUID: 00000000-00002644]
"8052-bca0c8e8aa0481a4_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"7057-c336b06af46421f9_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"_buildManifest_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"webpack-db88dc23ef1dfe77_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"RecoveryStore._D3778E9D-513A-11EE-BE22-00505691EAA0_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]
"_D3778E9F-513A-11EE-BE22-00505691EAA0_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]
"_DCEC75C4-513A-11EE-BE22-00505691EAA0_.dat" has type "Composite Document File V2 Document Cannot read section info"- [targetUID: N/A]
"heartbeat_1_.js" has type "ASCII text with very long lines"- [targetUID: N/A]
"framework-8b82e441bea91899_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"login-f853c14b5e546b89_1_.js" has type "ASCII text with very long lines with no line terminators"- [targetUID: N/A]
"SHYSPQM7.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\SHYSPQM7.txt]- [targetUID: 00000000-00003856]
"8XNRBJZ4.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\8XNRBJZ4.txt]- [targetUID: 00000000-00003856]
"I4W4J3DU.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\I4W4J3DU.txt]- [targetUID: 00000000-00002644]
"U94OBLY0.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\U94OBLY0.txt]- [targetUID: 00000000-00002644]
"WR3O3B0H.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\WR3O3B0H.txt]- [targetUID: 00000000-00003856]
"7PMEIT4R.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\7PMEIT4R.txt]- [targetUID: 00000000-00003856]
"VDL8R4XB.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\VDL8R4XB.txt]- [targetUID: 00000000-00002644]
"GH2I6D98.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\GH2I6D98.txt]- [targetUID: 00000000-00003856]
"YW23SP9V.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\YW23SP9V.txt]- [targetUID: 00000000-00003856]
"78KJBPOV.htm" has type "HTML document ASCII text"- Location: [%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKDNCXYS\78KJBPOV.htm]- [targetUID: 00000000-00003856]
"68SGPCON.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\68SGPCON.txt]- [targetUID: 00000000-00002644]
"QML2WORZ.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\QML2WORZ.txt]- [targetUID: 00000000-00003856]
"3L3VPMNI.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\3L3VPMNI.txt]- [targetUID: 00000000-00003856]
"FPAIPR7J.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\FPAIPR7J.txt]- [targetUID: 00000000-00002644]
"BXV3WCGT.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\BXV3WCGT.txt]- [targetUID: 00000000-00003856]
"PEI3EMUM.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\PEI3EMUM.txt]- [targetUID: 00000000-00003856]
"C83D821V.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\C83D821V.txt]- [targetUID: 00000000-00002644]
"5BU5ILEA.txt" has type "ASCII text"- Location: [%APPDATA%\Microsoft\Windows\Cookies\5BU5ILEA.txt]- [targetUID: 00000000-00002644]
"_ssgManifest_1_.js" has type "ASCII text with no line terminators"- [targetUID: N/A] - source
- Binary File
- relevance
- 3/10
- ATT&CK ID
- T1105 (Show technique in the MITRE ATT&CK™ matrix)
-
Dropped files
-
Network Related
-
Communicates with HTTP webserver (GET/POST requests)
- details
- Found http requests in header "GET /"
- source
- Network Traffic
- relevance
- 1/10
- ATT&CK ID
- T1071.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Communicates with HTTPS webserver (GET/POST requests)
- details
-
Found requests in header "GET /login.php?domain=e.gcgame.info HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateDNT: 1Connection: Keep-AliveHost: email.secureserver.net"; in File: "SSL")
Found requests in header "GET /@elastic/apm-rum@5.9.1/dist/bundles/elastic-apm-rum.umd.min.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://sso.secureserver.net/login?app=email&realm=passAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: unpkg.comDNT: 1Connection: Keep-Alive"; in File: "SSL")
Found requests in header "POST /intake/v2/rum/events HTTP/1.1Accept: */*Content-Type: application/x-ndjsonReferer: https://sso.secureserver.net/login?app=email&realm=passAccept-Language: en-USOrigin: https://sso.secureserver.netAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoHost: 55c74eee6fcf46b1a0517a610f8d289a.apm.vpce.gdw55e.elastic-cloud.comContent-Length: 20820DNT: 1Connection: Keep-AliveCache-Control: no-cache"; in File: "SSL")
Found requests in header "POST /intake/v2/rum/events HTTP/1.1Accept: */*Content-Type: application/x-ndjsonReferer: https://sso.secureserver.net/login?app=email&realm=passAccept-Language: en-USOrigin: https://sso.secureserver.netAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoHost: 55c74eee6fcf46b1a0517a610f8d289a.apm.vpce.gdw55e.elastic-cloud.comContent-Length: 1292DNT: 1Connection: Keep-AliveCache-Control: no-cache"; in File: "SSL")
Found requests in header "{"metadata":{"service":{"name":"auth-ui-client-prod","version":"v981","agent":{"name":"rum-js","version":"5.9.1"},"language":{"name":"javascript"},"environment":"production"}}}{"transaction":{"id":"2e34277b93ecee1f","trace_id":"17718917460136622d4d129dd2efa41b","name":"POST https://sso.secureserver.net/149e9513-01fa-4fb0-aad4-566afd725d1b/2d206a39-8ed7-437e-a3be-862e0f06eea3/r","type":"http-request","duration":54,"context":{"page":{"referer":"","url":"https://sso.secureserver.net/login?app=email&realm=pass"}},"span_count":{"started":1},"sampled":true,"sample_rate":1,"outcome":"success"}}{"span":{"id":"5f9a3fc72361921a","transaction_id":"2e34277b93ecee1f","parent_id":"2e34277b93ecee1f","trace_id":"17718917460136622d4d129dd2efa41b","name":"POST https://sso.secureserver.net/149e9513-01fa-4fb0-aad4-566afd725d1b/2d206a39-8ed7-437e-a3be-862e0f06eea3/r","type":"external","subtype":"http","start":2,"duration":51,"context":{"http":{"method":"POST","url":"https://sso.secureserver.net/149e9513-01fa-4fb0-aad4-566afd725d1b/2d206a39-8ed7-437e-a3be-862e0f06eea3/r","status_code":200},"destination":{"service":{"name":"https://sso.secureserver.net","resource":"sso.secureserver.net:443","type":"external"},"address":"sso.secureserver.net","port":443}},"outcome":"success","sample_rate":1}}"; in File: "SSL") - source
- File/Memory
- relevance
- 1/10
- ATT&CK ID
- T1071.001 (Show technique in the MITRE ATT&CK™ matrix)
-
Found potential URL in binary/memory
- details
-
Pattern match: "http://e.gcgame.info/"
Pattern match: "http://e.gcgame.info"
Pattern match: "http://www.w3.org/2000/svg,children:(0,d.jsx)"
Pattern match: "http://www.w3.org/2000/svg"
Pattern match: "https://fonts.googleapis.com/css,https://use.typekit.net/].some"
Pattern match: "https://sso..concat(a,/logout?realm=idp&app=).concat(i,&path=).concat(r,&to_generic=true);return"
Pattern match: "SUIDmicrosoft.com/921696428006431057341126503581931057224MUID3024935D9E316903333180D79F7D6881microsoft.com/1025109676928031135695126503581931057224_EDGE_Vmicrosoft.com/9216109676928031135695126519182031057224SRCHDAF=NOFORMmicrosoft.com/10243323789440310856"
Pattern match: "pathwaye15a70c5-02d9-4556-bc67-8bbea833cf0esecureserver.net/1024131107507231057243261420214331057223fb_sessiontrafficS_TOUCH%3D%26pathway%3De15a70c5-02d9-4556-bc67-8bbea833cf0e%26V_DATE%3D%26pc%3D0secureserver.net/1024131107507231057243261420214331057223vi"
Pattern match: "SUIDmicrosoft.com/921696428006431057341126503581931057224MUID3024935D9E316903333180D79F7D6881microsoft.com/1025109676928031135695126503581931057224SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482B"
Pattern match: "-ssn03qe7S7Lj8EItXV1hwDWQjLZdxmswxsdnI0FrmKECyy1uMPDZJxTJqbKjIatxS7hdCFxNdCa6exf3pmGuh2z916cQYoKdMK04lxn93SUd5H14Xgtri4qmx4XUUwn8hx3j6qX41Jvehvd4b5n4ibjriKOEnvUhuhsso.secureserver.net/9217292755046431057441262933416931057223akm_Imprb03qe7S7Lj8EItXV1hwDWQjL"
Pattern match: "SUIDmicrosoft.com/921696428006431057341126503581931057224SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743SRCHUSRDOB=20220131mic"
Pattern match: "pathwaye15a70c5-02d9-4556-bc67-8bbea833cf0esecureserver.net/1024131107507231057243261420214331057223fb_sessiontrafficS_TOUCH%3D%26pathway%3De15a70c5-02d9-4556-bc67-8bbea833cf0e%26V_DATE%3D%26pc%3D0secureserver.net/1024131107507231057243261420214331057223"
Pattern match: "https://email.secureserver.net/login.php?domain=e.gcgame.info"
Pattern match: "06Zwww.msn.com/1024322516556831204292126706382331057224MUIDB232A519DA3E2620B1E2E4217A266639Awww.msn.com/9216109676928031135695126721982331057224"
Pattern match: "-ssn03qe7S7Lj8EItXV1hwDWQjLZdxmswxsdnI0FrmKECyy1uMPDZJxTJqbKjIatxS7hdCFxNdCa6exf3pmGuh2z916cQYoKdMK04lxn93SUd5H14Xgtri4qmx4XUUwn8hx3j6qX41Jvehvd4b5n4ibjriKOEnvUhuhsso.secureserver.net/9217292755046431057441262933416931057223"
Pattern match: "9216109676928031135695126721982331057224MUID232A519DA3E2620B1E2E4217A266639Amsn.com/1025109676928031135695126721982331057224USRLOCmsn.com/9217322516556831204292126737582331057224"
Pattern match: "06Zwww.msn.com/1024322516556831204292126706382331057224"
Pattern match: "9216109676928031135695126721982331057224MUID232A519DA3E2620B1E2E4217A266639Amsn.com/1025109676928031135695126721982331057224"
Pattern match: "pathwaye15a70c5-02d9-4556-bc67-8bbea833cf0esecureserver.net/1024131107507231057243261420214331057223"
Pattern match: "MUIDB3024935D9E316903333180D79F7D6881ieonline.microsoft.com/9216109676928031135695126519182031057224"
Pattern match: "MUID232A519DA3E2620B1E2E4217A266639Amsn.com/1025109676928031135695126721982331057224"
Pattern match: "SUIDMmicrosoft.com/921696428006431057341126503581931057224*MUID3024935D9E316903333180D79F7D6881microsoft.com/1025109676928031135695126503581931057224*_EDGE_V1microsoft.com/9216109676928031135695126519182031057224*SRCHDAF=NOFORMmicrosoft.com/102433237894403"
Pattern match: "MUID232A519DA3E2620B1E2E4217A266639Amsn.com/1025109676928031135695126721982331057224*USRLOCmsn.com/9217322516556831204292126737582331057224*"
Pattern match: "https://nextjs.org/docs/messages/client-side-exception-occurred"
Pattern match: "https://+(e?e+.:)+P()},T="
Pattern match: "MUID232A519DA3E2620B1E2E4217A266639Amsn.com/1025109676928031135695126721982331057224*"
Heuristic match: "e.gcgame.info"
Pattern match: "pathwaye15a70c5-02d9-4556-bc67-8bbea833cf0esecureserver.net/1024131107507231057243261420214331057223*fb_sessiontrafficS_TOUCH%3D%26pathway%3De15a70c5-02d9-4556-bc67-8bbea833cf0e%26V_DATE%3D%26pc%3D0secureserver.net/1024131107507231057243261420214331057223*"
Pattern match: "-ssn03qe7S7Lj8EItXV1hwDWQjLZdxmswxsdnI0FrmKECyy1uMPDZJxTJqbKjIatxS7hdCFxNdCa6exf3pmGuh2z916cQYoKdMK04lxn93SUd5H14Xgtri4qmx4XUUwn8hx3j6qX41Jvehvd4b5n4ibjriKOEnvUhuhsso.secureserver.net/9217292755046431057441262933416931057223*akm_Imprb03qe7S7Lj8EItXV1hwDWQj"
Pattern match: "https://github.com/JakeChampion/polyfill-service"
Pattern match: "https://github.com/es-shims/object-keys"
Heuristic match: "55c74eee6fcf46b1a0517a610f8d289a.apm.vpce.gdw55e.elastic-cloud.com"
Heuristic match: "email.secureserver.net"
Heuristic match: "unpkg.com"
Pattern match: "https://github.com/WebReflection/get-own-property-symbols"
Pattern match: "https://github.com/Financial-Times/polyfill-library/issues/164#issuecomment-486965300"
Pattern match: "https://msdn.microsoft.com/en-us/library/dd229916(v=vs.85).aspx"
Pattern match: "-ssn03qe7S7Lj8EItXV1hwDWQjLZdxmswxsdnI0FrmKECyy1uMPDZJxTJqbKjIatxS7hdCFxNdCa6exf3pmGuh2z916cQYoKdMK04lxn93SUd5H14Xgtri4qmx4XUUwn8hx3j6qX41Jvehvd4b5n4ibjriKOEnvUhuhsso.secureserver.net/9217292755046431057441262933416931057223*"
Pattern match: "SUIDMmicrosoft.com/921696428006431057341126503581931057224*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69482BD0E747&dmnchg=1microsoft.com/102433237894403108561027971357230938743*SRCHUSRDOB=2022013"
Heuristic match: "GET /login.php?domain=e.gcgame.info HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateDNT: 1Connection: Keep-AliveHost: email.se"
Pattern match: "https://sso.secureserver.net/login?app=email&realm=passcontent-length"
Pattern match: "https://assets.msn.com/config/v1/""
Pattern match: "https://+s+/OneCollector/1.0+function(t){return?+Object.keys(t).map"
Pattern match: "www.bing.com"
Pattern match: "https://assets.msn.com/bundles/v1/homePage/latest/midlevel/vendors.836027f376edefc7b09a.js"
Pattern match: "https://assets.msn.com/bundles/v1/homePage/latest/midlevel/microsoft.f0dc8bbbc7b4d116660b.js"
Pattern match: "https://assets.msn.com/bundles/v1/homePage/latest/midlevel/common.f4d6737f460385e09d02.js"
Pattern match: "https://assets.msn.com/bundles/v1/homePage/latest/midlevel/experience.057b9084c6f702aa78a9.js"
Pattern match: "06Zwww.msn.com/1024322516556831204292126706382331057224*"
Pattern match: "www.msn.com/"
Pattern match: "SUIDMmicrosoft.com/921696428006431057341126503581931057224*MUID3024935D9E316903333180D79F7D6881microsoft.com/1025109676928031135695126503581931057224*SRCHDAF=NOFORMmicrosoft.com/102433237894403108561027971357230938743*SRCHUIDV=2&GUID=426377958C8445E3B4EA69"
Pattern match: "06Zwww.msn.com/1024322516556831204292126706382331057224*MUIDB232A519DA3E2620B1E2E4217A266639Awww.msn.com/9216109676928031135695126721982331057224*"
Pattern match: "https://sso.secureserver.net/login?app=email&realm=passAccept-Language"
Pattern match: "https://unpkg.com/@elastic/apm-rum@5.9.1/dist/bundles/elastic-apm-rum.umd.min.js"
Pattern match: "https://55c74eee6fcf46b1a0517a610f8d289a.apm.vpce.gdw55e.elastic-cloud.com:443"
Pattern match: "sso.secureserver.net/149e9513-01fa-4fb0-aad4-566afd725d1b/2d206a39-8ed7-437e-a3be-862e0f06eea3/p.js"
Pattern match: "img6.wsimg.com//"
Pattern match: "https://www.secureserver.net/"
Pattern match: "https://img6.wsimg.com/wrhs/c43ee0795c7cc6bc70343df17d34e06c/uxcore2.min.js"
Pattern match: "https://img6.wsimg.com/hivemind/hivemind-3.0.1.js"
Pattern match: "https://sso.secureserver.net/cookie/switchback},o365Login:{href:https://sso.secureserver.net?app=o365&realm=pass,target:_blank},logout:{href:https://sso.secureserver.net/logout?plid=3153&prog_id=3153&realm=idp&app=account},createAccount:"
Pattern match: "https://sso.secureserver.net/login?app=email&realm=pass}},trace_id:3f075f87af39318d3518fd71469e6d69,parent_id:dfefc1db3b3e20fc,transaction_id:dfefc1db3b3e20fc,transaction:{type:page-load,sampled:true}}}{error:{id:7abed46cececd2394"
Pattern match: "https://img6.wsimg.com/wrhs/c43ee0795c7cc6bc70343df17d34e06c/uxcore2.min.js,type:resource,subtype:script,start:141,duration:341,context:{http:{url:https://img6.wsimg.com/wrhs/c43ee0795c7cc6bc70343df17d34e06c/uxcore2.min.js,response:{"
Pattern match: "https://sso.secureserver.netAccess-Control-Request-Method"
Pattern match: "https://sso.secureserver.netAccess-Control-Expose-Headers"
Pattern match: "https://sso.secureserver.netContent-Length"
Pattern match: "https://sso.secureserver.net/149e9513-01fa-4fb0-aad4-566afd725d1b/2d206a39-8ed7-437e-a3be-862e0f06eea3/r,type:http-request,duration:54,context:{page:{referer:,url:https://sso.secureserver.net/login?app=email&realm=pass}},span_count:{s"
Pattern match: "https://feross.org"
Pattern match: "pathwaye15a70c5-02d9-4556-bc67-8bbea833cf0esecureserver.net/1024131107507231057243261420214331057223*"
Heuristic match: "__0._ecure_eNer.net" - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1071 (Show technique in the MITRE ATT&CK™ matrix)
-
Communicates with HTTP webserver (GET/POST requests)
Session Details
No relevant data available.
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 3 processes in total.
-
rundll32.exe
"%WINDIR%\System32\ieframe.dll",OpenURL C:\sample.url
(PID: 2052)
-
iexplore.exe
http://e.gcgame.info/
(PID: 2644)
- iexplore.exe SCODEF:2644 CREDAT:275457 /prefetch:2 (PID: 3856)
-
iexplore.exe
http://e.gcgame.info/
(PID: 2644)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
55c74eee6fcf46b1a0517a610f8d289a.apm.vpce.gdw55e.elastic-cloud.com
OSINT |
44.234.208.169
TTL: 60 |
GoDaddy.com, LLC
Organization: Elasticsearch Inc Name Server: NS-1332.AWSDNS-38.ORG Creation Date: 2008-04-23T19:07:50 |
United States |
e.gcgame.info
OSINT |
173.201.193.133
TTL: 3600 |
GoDaddy.com, LLC
Name Server: NS35.DOMAINCONTROL.COM Creation Date: 2010-06-09T07:10:00 |
United States |
email.secureserver.net
OSINT |
173.201.193.133
TTL: 26 |
WILD WEST DOMAINS, LLC
Organization: Go Daddy Operating Company, LLC Name Server: A1-245.AKAM.NET Creation Date: 1998-03-30T00:00:00 |
United States |
unpkg.com
OSINT |
104.16.125.175
TTL: 300 |
Tucows Domains Inc.
Name Server: ANIRBAN.NS.CLOUDFLARE.COM Creation Date: 2016-01-06T07:21:51 |
United States |
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
173.201.193.133 |
80
TCP |
iexplore.exe PID: 3856 |
United States |
173.201.193.133 |
443
TCP |
iexplore.exe PID: 3856 |
United States |
104.16.125.175 |
443
TCP |
iexplore.exe PID: 3856 |
United States |
44.234.208.169 |
443
TCP |
iexplore.exe PID: 3856 |
United States |
Contacted Countries
HTTP Traffic
Endpoint | Request | URL | |
---|---|---|---|
173.201.193.133:80 (e.gcgame.info) | GET | e.gcgame.info/ | GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: e.gcgame.info
DNT: 1
Connection: Keep-Alive 301 Moved Permanently More Details |
Extracted Strings
Extracted Files
Displaying 50 extracted file(s). The remaining 3 file(s) are available in the full version and XML/JSON reports.
-
Clean 1
-
-
urlblockindex_1_.bin
- Size
- 16B (16 bytes)
- Type
- data
- AV Scan Result
- 0/59
- MD5
- fa518e3dfae8ca3a0e495460fd60c791
- SHA1
- e4f30e49120657d37267c0162fd4a08934800c69
- SHA256
- 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
-
-
Informative Selection 49
-
-
3L3VPMNI.txt
- Size
- 224B (224 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 3856)
- MD5
- e620503c1120120ee1fa7326c27dc5fd
- SHA1
- 2d0b8f341faa71d0d0fcc1b9c879ebba5aff3fb2
- SHA256
- 40579c745da13177776aa00bf0b82815344e30a64386492b2c3b41c5aed4f0dd
-
5BU5ILEA.txt
- Size
- 94B (94 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 2644)
- MD5
- 3f4671ae3fd57841311eda531d2f2bf0
- SHA1
- b6091be9ad311f9f98f3deada26b454d2308ec72
- SHA256
- d042dcdf2331e7a9532468c397efd4f4088afd4b903ab37c3f66f79b7ed98f39
-
68SGPCON.txt
- Size
- 261B (261 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 2644)
- MD5
- d5a039664fa7d13bc5b4ee18167c19ad
- SHA1
- f2e6391a4b8395eb50d8c3581257fa3855f66665
- SHA256
- 6f6024844ed732e5c19d453e48edff4a9459125af4d5a36095ff74bc366797d9
-
7PMEIT4R.txt
- Size
- 464B (464 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 3856)
- MD5
- 73fd47a8e719a7a92b7fdd1b7b5c44f1
- SHA1
- d92ee3c82af5003ab08056ae38a904f4ecb2e9a0
- SHA256
- 0dd413dabade097a09f58a8a31cff39545ecb7b20432a178aa431c1a63f67ca1
-
8XNRBJZ4.txt
- Size
- 608B (608 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 3856)
- MD5
- acf55b26d5164d1f8125014f9beb5123
- SHA1
- a9e2473ffd1a543ab7b8fe262c9f86c849bb0cdd
- SHA256
- 49dd0b1c5214dc01a9581eaf303dd6e5eb06996657b77ff2f118320223d931b6
-
BXV3WCGT.txt
- Size
- 160B (160 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 3856)
- MD5
- a77f912e1baf7c3b0e540d7403035392
- SHA1
- bd22c7d60111e7b05ba1fcdeb9bf21065ec8a089
- SHA256
- 4e7cd8c1b0134a0826a034ddca2b5614164e8d6111080de96e655665f9059d3b
-
C83D821V.txt
- Size
- 110B (110 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 2644)
- MD5
- 23314e99ce84adcc20df03c5d0dcfad2
- SHA1
- c304a6c6f44d3e2dc4c23d68e2441b9287e1fc5b
- SHA256
- 63f621b1c396dc3b11943ef928587c0761af6e8200dafb907f7621afa33bf915
-
FPAIPR7J.txt
- Size
- 162B (162 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 2644)
- MD5
- 5ea7b3307d1dd17d663bb2c1865355a0
- SHA1
- e60a85ecc16deec13367ad3116290c67d1ce72fd
- SHA256
- 110558b261d191e16285d70f8b9b3879ebd6fac94620b8fc8354d7a8965b5a73
-
GH2I6D98.txt
- Size
- 390B (390 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 3856)
- MD5
- 52ba1fa869ae52493ebc050647d22eda
- SHA1
- 559a97959fb7840c4008f02da31bc5ace05a9f84
- SHA256
- cbef9cc4a2ff0cb19f17699ecd31d139b317f1b0a93dbb78e870e5ffbdcdcfbd
-
I4W4J3DU.txt
- Size
- 603B (603 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 2644)
- MD5
- c58cd530d7377b3f3665c6f082855360
- SHA1
- 97ff397df9f42acde3b3ab8c59b0c2499674aba9
- SHA256
- f98fa29ab03091fb24d04e8526d540de1b3047dc546c2635b52ba88e9b76ec48
-
PEI3EMUM.txt
- Size
- 110B (110 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 3856)
- MD5
- f882413fe928f35ec3346e30a508a228
- SHA1
- 9822d0405002ddd42c927f8a18f0639be8037fdc
- SHA256
- 581993634e04a6fc3bbb8b3686dd7481b7e4af5a011aee44f59a56c3c89bb619
-
QML2WORZ.txt
- Size
- 243B (243 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 3856)
- MD5
- 7bd9ed437082495f9e1d0d567a04e35b
- SHA1
- 9db38e6dd0c9bf91c66c06bfcdbb176838ca3f3c
- SHA256
- 8eee96862f9a7b87dc886e75574d5f81ed2dd85ff1e82be07ec910294f7c26f5
-
SHYSPQM7.txt
- Size
- 640B (640 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 3856)
- MD5
- e8e5301558fb1401bfd178309139a256
- SHA1
- 91f7ecad4b9f73a206ae909ab25f227241e389ca
- SHA256
- f2a942bb42c58c9a626c7237d88fe84601cb0322ef568969103a93638555f313
-
U94OBLY0.txt
- Size
- 531B (531 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 2644)
- MD5
- 10654242e042d52415e6df77cae7998b
- SHA1
- 460244faca11fd346af28746b50e8166b251a437
- SHA256
- 13814e3b6d7cb790f5d5ebec7b8b5923a88d230a65ee80195fca1d99eb6df3d9
-
VDL8R4XB.txt
- Size
- 431B (431 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 2644)
- MD5
- d3caa3585343da4194914cd33d47fa1d
- SHA1
- 91cbb7c9aa9635741d3b8641e88c9de3d5a806a5
- SHA256
- 43cd254734afb7786944a71dead0197b5a2b4097326a7ec0db7f8796493a9d9e
-
WR3O3B0H.txt
- Size
- 482B (482 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 3856)
- MD5
- 994758267496561245baaafbca1fa201
- SHA1
- 34e87017b04eab0c60dcff69643ed314364e1f0e
- SHA256
- b6d0026fc1814bb2db81f7977e3020014f55e26c71c13327e31eb8fea6bb739c
-
YW23SP9V.txt
- Size
- 274B (274 bytes)
- Type
- text
- Description
- ASCII text
- Runtime Process
- iexplore.exe (PID: 3856)
- MD5
- 946837afccf348722fe016072d04ecff
- SHA1
- 95cf8be9f936c24869a01e4ea8d65151a74e3012
- SHA256
- ebd12fd57cba4730c2e2e8c940b32f212edf14276e4b2cd13299799fdc8a5a90
-
en-US.4
- Size
- 18KiB (18176 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 2644)
- MD5
- 5a34cb996293fde2cb7a4ac89587393a
- SHA1
- 3c96c993500690d1a77873cd62bc639b3a10653f
- SHA256
- c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
-
XEQ6VZJ5.htm
- Size
- 179KiB (183562 bytes)
- Type
- html
- Description
- HTML document, UTF-8 Unicode text, with very long lines, with CRLF, NEL line terminators
- Runtime Process
- iexplore.exe (PID: 2644)
- MD5
- cf26e64e7f8ce4a7aeec374e90fec06f
- SHA1
- 86ba27cafda92d0b01ffe8c655c312f30a769f4c
- SHA256
- 48b83030d8f4b7803ea7443956af2021be916e275863ee8d3b6ddbb51bdb1373
-
78KJBPOV.htm
- Size
- 269B (269 bytes)
- Type
- html
- Description
- HTML document, ASCII text
- Runtime Process
- iexplore.exe (PID: 3856)
- MD5
- 51dc0aa73b5851e2cb58bcb143631de5
- SHA1
- e2de6be975f20d24740a0018453eb3564e786fe5
- SHA256
- b42a44bd7de6581af0e867f32bfb4591240a697178fb75aa5aa57687870b9fb4
-
~DF10F0B32BBD7CF968.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 2644)
- MD5
- 3c9792c14792fc904ba697a9ca05ef49
- SHA1
- 5055a144c57cdae6f7b5ad96ad3cdc0dfe87d6f3
- SHA256
- 49223e4579fc0493a56d175776ce574651712366ad38a5f448a22e53b0fc67df
-
~DFB72FD8B2E52B8995.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 2644)
- MD5
- 12c1c97a0079e3cb4b6ff8f47ea0b8e9
- SHA1
- 46a9b878bfcac0ed910c285d23d26ee57556aa2a
- SHA256
- 194b40dd3a66b39395ad4a8dedfc9ea19e3480514d563f1b834d697172821b8a
-
~DFE578669D89F701AF.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 2644)
- MD5
- 4e721b1446a88e3aa0e39ac24170cb87
- SHA1
- 45405bc5ce85437de77de739fd8c2f6576e64d28
- SHA256
- a352501b203e276bfb11b2d23247d603839b2230aa6461cbd2af785a85c1b83f
-
utility-header_1_.js
- Size
- 407KiB (417212 bytes)
- Type
- script javascript
- Description
- UTF-8 Unicode text, with very long lines
- MD5
- 1ce2320f52e64191655dd457aaea2735
- SHA1
- 67bf8f7fdd811652b5a7780c43c07613f73bb9f7
- SHA256
- 8f66881d64510c4cc5006e21f335ca9930bccedf67dc47ef67958f792d9aa27e
-
_app-0b02b2793ea6ea46_1_.js
- Size
- 406KiB (415682 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines, with no line terminators
- MD5
- 3967a607f3c2d72ac0679ffa374e955b
- SHA1
- 09ef944a9c85be75001e0b6ecf57dc20c417c652
- SHA256
- 18c92b98769e1049fef9ae2f099e2ced4e626c9ab3d7e99d3f4e5ee4d432e5a7
-
polyfill_1_.js
- Size
- 316KiB (324052 bytes)
- Type
- script javascript
- Description
- UTF-8 Unicode text, with very long lines
- MD5
- e3ee10782ae258c0f0574c91a630fa47
- SHA1
- a8071f6dec4bc833d70918fc4fd1983c1eff2717
- SHA256
- 7c01f087b3e9f3dfa110c50e0a18e1a1552c22dbd2ef31f989ebf4d1b2914ee8
-
vendor.min_1_.js
- Size
- 266KiB (272700 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines
- MD5
- ccbc6e4823b56dd99375d9a8364fda73
- SHA1
- 58363c3b59d0630415a2e2825b9c66aa7ee20044
- SHA256
- 246ecf3e66b1ada246316f04e745d5d2010772d96175f2752e174e5d79e65d55
-
urlref_httpe.gcgame.info
- Size
- 215KiB (220393 bytes)
- Type
- html
- Description
- HTML document, UTF-8 Unicode text, with very long lines
- Context
- http://e.gcgame.info/
- MD5
- 9ba9ff62283afadcad7c53c7becd54cd
- SHA1
- 70bde85a517608c96fd526c3068732f96a1733b9
- SHA256
- a4ce2ce6587bd6e4e3eab65305c1ba45a9a56263ce27d8a25addc9a5b84354e2
-
login_1_.htm
- Size
- 215KiB (220393 bytes)
- Type
- html
- Description
- HTML document, UTF-8 Unicode text, with very long lines
- MD5
- 8ef3b342a2daf5434bb3184040aee52f
- SHA1
- d43327fd38dd49882809f07a81cc8efa27a517ad
- SHA256
- 6798549ca4587b1d1c22c023b365870b3e86f2b9a4085f1907f73b1fd091f650
-
uxcore2.min_1_.css
- Size
- 204KiB (208850 bytes)
- Type
- text
- Description
- UTF-8 Unicode text, with very long lines, with no line terminators
- MD5
- 405c380759c560c7dab75aa296ba0b86
- SHA1
- d9e5a8702d036200d01bbd8a404f7daccfcf57af
- SHA256
- ee814670845d72642b85b6fa2d13764327d25e0cb7f67b41373a3849c00dd9c8
-
p_1_.js
- Size
- 201KiB (205601 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines, with no line terminators
- MD5
- d434c1a6146b4858de3e956b2d770832
- SHA1
- 239126b57477547650a91cde1f63f052e40e217d
- SHA256
- b187c74236137673ae73379520cd598d82d43f4118bc320d0444be245f066aba
-
tcc.min_1_.js
- Size
- 146KiB (149414 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines
- MD5
- b7f8b057f8a1aacbd08cf2508fc6bd1e
- SHA1
- f228cb5224b1a1a7a1f14d75558854524158c2fe
- SHA256
- 60244eeed179207d858eabc788e4b3e9780305d102c8e2bbb437cab520198a3f
-
uxcore2.min_1_.js
- Size
- 112KiB (114973 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines
- MD5
- c43ee0795c7cc6bc70343df17d34e06c
- SHA1
- 4f0e09436d4c44c6dd7325dbc9b4e1957120c123
- SHA256
- 7268252d2211f24d26a33c7e151a71d2aafbaafc66eacdeb6b9dfa286c569df1
-
main-9bdc9a9bbec1efdd_1_.js
- Size
- 111KiB (114072 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines, with no line terminators
- MD5
- 9c6fa90ab03ad12f218529b53f507cdf
- SHA1
- 4982e7b2c042c332d8270383201f97016e65662d
- SHA256
- 8abd7d6dc81e63c100e77be1d4c09c67f250ae9a933ec11446a7a99a629df650
-
hivemind-3.0.1_1_.js
- Size
- 103KiB (105203 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines
- MD5
- 587d9347db8a1abff1f1b5c892f12d47
- SHA1
- 214f487a49892f6e36e24a77b4acbcc388da53cc
- SHA256
- 8d421823d490386b3d6180a6f34fe86738fd918bdca6ac5cea2482491e021aee
-
polyfills-c67a75d1b6f99dc8_1_.js
- Size
- 89KiB (91460 bytes)
- Type
- script javascript
- Description
- UTF-8 Unicode text, with very long lines, with LF, NEL line terminators
- MD5
- 837c0df77fd5009c9e46d446188ecfd0
- SHA1
- 81d34b3036ea28438bf8f3b111e69b3331f45e59
- SHA256
- 0225eb034d024a03bdc90ea6c79f56193662e7c3eee909696298820e517cbb83
-
utility-header_1_.css
- Size
- 84KiB (85706 bytes)
- Type
- text
- Description
- ASCII text, with very long lines
- MD5
- e4c25543036cb36c3d6e3c59404374fd
- SHA1
- 93d89debb41018af8ff52729d977b58c739fc0a8
- SHA256
- 7b0fc8732cc691cce7f92f74dd1954e1ad89d8eb7a1fcb667ca5d981be9fe2e5
-
elastic-apm-rum.umd.min_1_.js
- Size
- 57KiB (58506 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines
- MD5
- 0be4c885d07e54abb224234982b34fd7
- SHA1
- 82ba6a8b59f75a865bcc0ce7e242491156ead595
- SHA256
- 8d79c92638e9125038fb1faad3896558febee2ed0c34f87e9d01c6f161999342
-
3474-271d74164cd98341_1_.js
- Size
- 48KiB (49080 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines, with no line terminators
- MD5
- 22521b4d9ddcfc3c85b11dd768615026
- SHA1
- e4bcaf5834962ac6dda9478fd5d0fb86466ca354
- SHA256
- 1ce64e3b0325f019bd599cbf98ca2ab6d57fd3eecdadb6a82855c9c56db73c79
-
7925-157a1c4da84f914f_1_.js
- Size
- 24KiB (24612 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines, with no line terminators
- MD5
- b9636d5b18a7a4b1eb8d2730e149b43d
- SHA1
- ccbe5d63e6855a9fc9b27903a40a9a43736c58d8
- SHA256
- a94ba6999a63ffb930f1e32b3d9752a31e391978039904dce045098740c85c48
-
48c0c289363e4edd_1_.css
- Size
- 23KiB (23892 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- MD5
- 13d682f88e6f0cbb22738cbe2244ffdd
- SHA1
- efe7f10efec7cf66da9a5700d9bfaa179aa0a178
- SHA256
- 8e62bf80bc4f580b55a41378ab5891482b91db87bbef548c802afa35a9da8a86
-
8052-bca0c8e8aa0481a4_1_.js
- Size
- 14KiB (14251 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines, with no line terminators
- MD5
- fff1b5ff66f3f9a5137103fefc93b9ac
- SHA1
- 43e7f187f4df0197d4c8d4167e40c1d5a514daa8
- SHA256
- 28497a17634bef3840058105af01cf2ba7503a1b44681084614ca6fcc26c13bc
-
7057-c336b06af46421f9_1_.js
- Size
- 10KiB (10320 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines, with no line terminators
- MD5
- 65de9dc3f3797d05a1cc2e083eb9bc72
- SHA1
- ea9560ccd2e8b7d4d974b781ab1ac89166452123
- SHA256
- 5cf46d84b6a3508807ff7a202a496e8578fc5b215eda01f163a4ec073126ab88
-
_buildManifest_1_.js
- Size
- 7.9KiB (8072 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with no line terminators
- MD5
- 571f123907bf92178c53936766c8af8b
- SHA1
- fd2f26ba0468b29bfcc6201e64328049f5c8e951
- SHA256
- 2c70028ba19d9910eea55d45474ca9ca1cc7899df3f9c5f87377e35cb34fe7b8
-
webpack-db88dc23ef1dfe77_1_.js
- Size
- 7.8KiB (8008 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines, with no line terminators
- MD5
- 8d6570b991dc30fbda27b5d5763baf3e
- SHA1
- 249f671b2a0c62f8f1e1bfdd0b16615c2421000d
- SHA256
- 27cae333e3695b090a525d4758e502b9639b0027e247f70c67746c657daf45e9
-
RecoveryStore._D3778E9D-513A-11EE-BE22-00505691EAA0_.dat
- Size
- 5.5KiB (5632 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- MD5
- 93fd90387c0a3a85406b727e2f88aca0
- SHA1
- 1c673216c92b1b1515edfdaa64d62b8a2573c4e8
- SHA256
- 2b7cd072825149e10af8861a3db9998c6126260fa768c8687a2d89f14f9dc230
-
_D3778E9F-513A-11EE-BE22-00505691EAA0_.dat
- Size
- 4.5KiB (4608 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- MD5
- d1d87724ed6d9026303a018daaaba90e
- SHA1
- 86f0fd250ce4fb031891f1902af3af5449f796ef
- SHA256
- 68a4247a6e319279d71d9c0c56a08569a0382523e3b5b7a9f869adac4c84abd8
-
_DCEC75C4-513A-11EE-BE22-00505691EAA0_.dat
- Size
- 4.5KiB (4608 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- MD5
- 6d47622c2d8fef7ca2608ada9f363b60
- SHA1
- b54cbb592d2a8534abc36cda3d37ec1b424fb5b7
- SHA256
- 8f80c672dc0fb7a965e0db35dbbc1c66d8f0fbe53283e8b2192499c70b077649
-
heartbeat_1_.js
- Size
- 2.5KiB (2551 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines
- MD5
- 0a3c9ed73591ea11f77b51a04edf210f
- SHA1
- 53f41aed7764febb950c17e10f5baf353188a276
- SHA256
- 42ddb39ec7f11ab27183d00581583a9fb6a4fe2ee5b9dcbbc157cc56587eee45
-
Notifications
-
Runtime
- Not all Falcon MalQuery lookups completed in time
- Not all IP/URL string resources were checked online
- Not all file accesses are visible for iexplore.exe (PID: 2644)
- Not all file accesses are visible for iexplore.exe (PID: 3856)
- Some low-level data is hidden, as this is only a slim report
- This URL analysis has missing honeyclient data
- Not all sources for indicator ID "mutant-0" are available in the report
- Not all sources for indicator ID "api-92" are available in the report
- Enforcing malicious verdict, as a reliable source indicates high confidence