Loading ...

Play interactive tourEdit tour

Analysis Report http://quizizz.com

Overview

General Information

Sample URL:http://quizizz.com

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 5332 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 5368 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5332 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Source: https://quizizz.com/loginHTTP Parser: No <meta name="author".. found
Source: https://quizizz.com/signup?source=header_landingHTTP Parser: No <meta name="author".. found
Source: https://quizizz.com/loginHTTP Parser: No <meta name="copyright".. found
Source: https://quizizz.com/signup?source=header_landingHTTP Parser: No <meta name="copyright".. found

Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: quizizz.comConnection: Keep-Alive
Source: 2ZqM8Sd3joc[1].htm.2.drString found in binary or memory: <link rel="canonical" href="https://www.youtube.com/watch?v=2ZqM8Sd3joc"> equals www.youtube.com (Youtube)
Source: TmqRCMPpHbA[1].htm.2.drString found in binary or memory: <link rel="canonical" href="https://www.youtube.com/watch?v=TmqRCMPpHbA"> equals www.youtube.com (Youtube)
Source: e1qhToYSSHE[1].htm.2.drString found in binary or memory: <link rel="canonical" href="https://www.youtube.com/watch?v=e1qhToYSSHE"> equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: "http":"https";this.H=Gw((b?b.customBaseYoutubeUrl:a.BASE_YT_URL)||"")||Gw(this.Ub)||this.protocol+"://www.youtube.com/";d=b?b.eventLabel:a.el;c="detailpage";"adunit"==d?c=this.u?"embedded":"detailpage":"embedded"==d||this.A?c=qy(c,d,Jga):d&&(c="embedded");this.ba=c;Ap();d=null;c=b?b.playerStyle:a.ps;var e=g.$a(vy,c);!c||e&&!this.A||(d=c);this.playerStyle=d;this.R=(this.C=g.$a(vy,this.playerStyle))&&"area120-boutique"!=this.playerStyle&&"play"!=this.playerStyle&&"jamboard"!=this.playerStyle;this.sn= equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: (g.Sm(b,"www.youtube.com"),c=b.toString()):c=Lw(c);b=new Nw(c);b.set("cmo=pf","1");d&&b.set("cmo=td","a1.googlevideo.com");return b}; equals www.youtube.com (Youtube)
Source: www-widgetapi[1].js.2.drString found in binary or memory: ;function Y(a,b,c){this.m=this.f=this.g=null;this.l=wa(this);this.h=0;this.B=!1;this.u=[];this.i=null;this.U=c;this.W={};c=document;if(a="string"===typeof a?c.getElementById(a):a)if(c="iframe"==a.tagName.toLowerCase(),b.host||(b.host=c?Ab(a.src):"https://www.youtube.com"),this.g=new gd(b),c||(b=re(this,a),this.m=a,(c=a.parentNode)&&c.replaceChild(b,a),a=b),this.f=a,this.f.id||(this.f.id="widget"+wa(this.f)),ad[this.f.id]=this,window.postMessage){this.i=new M;se(this);b=T(this.g,"events");for(var d in b)b.hasOwnProperty(d)&& equals www.youtube.com (Youtube)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xad058756,0x01d63560</date><accdate>0xad058756,0x01d63560</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xad058756,0x01d63560</date><accdate>0xad058756,0x01d63560</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xad121ead,0x01d63560</date><accdate>0xad121ead,0x01d63560</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xad121ead,0x01d63560</date><accdate>0xad12b762,0x01d63560</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xad155320,0x01d63560</date><accdate>0xad155320,0x01d63560</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xad155320,0x01d63560</date><accdate>0xad155320,0x01d63560</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: 2ZqM8Sd3joc[1].htm.2.drString found in binary or memory: <noscript><div class="player-unavailable"><h1 class="message">An error occurred.</h1><div class="submessage"><a href="http://www.youtube.com/watch?v=2ZqM8Sd3joc" target="_blank">Try watching this video on www.youtube.com</a>, or enable JavaScript if it is disabled in your browser.</div></div></noscript></body></html> equals www.youtube.com (Youtube)
Source: TmqRCMPpHbA[1].htm.2.drString found in binary or memory: <noscript><div class="player-unavailable"><h1 class="message">An error occurred.</h1><div class="submessage"><a href="http://www.youtube.com/watch?v=TmqRCMPpHbA" target="_blank">Try watching this video on www.youtube.com</a>, or enable JavaScript if it is disabled in your browser.</div></div></noscript></body></html> equals www.youtube.com (Youtube)
Source: e1qhToYSSHE[1].htm.2.drString found in binary or memory: <noscript><div class="player-unavailable"><h1 class="message">An error occurred.</h1><div class="submessage"><a href="http://www.youtube.com/watch?v=e1qhToYSSHE" target="_blank">Try watching this video on www.youtube.com</a>, or enable JavaScript if it is disabled in your browser.</div></div></noscript></body></html> equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: Vha=function(a,b){var c=b||WA(a);if(a.la&&!c){if(ZA(a)){c=a.la;var d=a.za;if(!c.o["0"]){var e=new Ts("0","fakesb",void 0,new Ns(0,0,0,void 0,void 0,"auto"),null,null,1);c.o["0"]=d?new hx(new Nw("http://www.youtube.com/videoplayback"),e,"fake"):new yx(new Nw("http://www.youtube.com/videoplayback"),e,new Mv(0,0),new Mv(0,0),0,NaN)}}$A(a,"html5_enable_cobalt_experimental_vp9_decoder")&&(a.Ta.B.B=!0);return Uga(aB(a),a.Ta.B,a.la,a.uc).then(a.Lu,void 0,a)}return Zq()}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.O(this.A.experiments,"enable_shadow_yttv_channels")&&(d=new g.Qm(d),document.location.origin&&document.location.origin.includes("green")?g.Sm(d,"web-green-qa.youtube.com"):g.Sm(d,"www.youtube.com"),d=d.toString());this.H=d;this.ba=Cd(this.H,"ek")||"";this.V=g.O(b.experiments,"html5_use_drm_retry");this.U=0;this.G=this.R=!1;this.B=null;this.ga=c.u;this.D=[];this.N=!1;this.o={};this.S=NaN;$F(this,"sessioninit"+c.cryptoPeriodIndex)}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.VP.prototype.B=function(a){var b=this;dla(this);var c=a.Gr,d=this.api.O();"GENERIC_WITHOUT_LINK"!==c||d.C?"TOO_MANY_REQUESTS"===c?(d=this.api.getVideoData(),this.rb(XP(this,"TOO_MANY_REQUESTS_WITH_LINK",d.ph(),void 0,void 0,void 0,!1))):"HTML5_NO_AVAILABLE_FORMATS_FALLBACK"!==c||d.C?this.rb(g.WP(a.errorMessage)):this.rb(XP(this,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK","//www.youtube.com/supported_browsers")):(a=d.hostLanguage,c="//support.google.com/youtube/?p=player_error1",a&&(c=g.yd(c, equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.Vy=function(a){a=Ny(a.H);return"www.youtube-nocookie.com"==a?"www.youtube.com":a}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.h.clone=function(){var a=new Wm;a.A=this.A;this.o&&(a.o=this.o.clone(),a.u=this.u);return a};var cn="://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav".split(" "),Dda=/\bocr\b/;var Eda=/(?:\[|%5B)([a-zA-Z0-9_]+)(?:\]|%5D)/g;g.Sa(fn,Jg);g.Sa(gn,Jg);var Fda=[1];g.Sa(hn,Jg);g.Sa(jn,Jg);g.Sa(kn,Jg);g.Sa(ln,Jg);g.Sa(mn,Jg);g.Sa(on,Jg);g.Sa(qn,Jg);var Ida=[3,6,4],Jda=[[1,2]],Kda=[1],nn=[[1,2,3]],pn=[[1,2,3]];rn.prototype.set=function(a,b){b=void 0===b?!0:b;0<=a&&52>a&&0===a%1&&this.u[a]!=b&&(this.u[a]=b,this.o=-1)}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.h.getVideoUrl=function(a,b,c,d,e){b={list:b};c&&(e?b.time_continue=c:b.t=c);c=g.Wy(this);d&&"www.youtube.com"==c?d="https://youtu.be/"+a:g.Ry(this)?(d="https://"+c+"/fire",b.v=a):(d=this.protocol+"://"+c+"/watch",b.v=a,ol&&(a=Wp())&&(b.ebc=a));return g.yd(d,b)}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: g.kz=function(a){var b=g.Wy(a);!a.ia("yt_embeds_disable_new_error_lozenge_url")&&Lga.includes(b)&&(b="www.youtube.com");return a.protocol+"://"+b}; equals www.youtube.com (Youtube)
Source: iframe_api[2].js.2.drString found in binary or memory: if (!window['YT']) {var YT = {loading: 0,loaded: 0};}if (!window['YTConfig']) {var YTConfig = {'host': 'http://www.youtube.com'};}if (!YT.loading) {YT.loading = 1;(function(){var l = [];YT.ready = function(f) {if (YT.loaded) {f();} else {l.push(f);}};window.onYTReady = function() {YT.loaded = 1;for (var i = 0; i < l.length; i++) {try {l[i]();} catch (e) {}}};YT.setConfig = function(c) {for (var k in c) {if (c.hasOwnProperty(k)) {YTConfig[k] = c[k];}}};var a = document.createElement('script');a.type = 'text/javascript';a.id = 'www-widgetapi-script';a.src = 'https://s.ytimg.com/yts/jsbin/www-widgetapi-vflSqoU_7/www-widgetapi.js';a.async = true;var c = document.currentScript;if (c) {var n = c.nonce || c.getAttribute('nonce');if (n) {a.setAttribute('nonce', n);}}var b = document.getElementsByTagName('script')[0];b.parentNode.insertBefore(a, b);})();} equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: kI=function(a,b){var c=a.provider.o,d=a.provider.videoData,e={ns:c.V,el:DB(d),eurl:c.Na,fmt:d.Ea?Ss(d.Ea):0,html5:1,list:d.playlistId,cpn:d.clientPlaybackNonce,ei:d.eventId,ps:c.playerStyle,noflv:1,st:a.provider.u(),video_id:d.videoId,metric:b};FB(d)&&(e.autoplay="1");"heartbeat"===b&&(e.tpmt=SH(a.o));g.Ra(e,c.deviceParams);hI(a,g.yd(g.O(c.experiments,"cardio_base_url_killswitch")?(c.o?c.protocol+"://www.youtube.com/":c.H)+"live_204":c.H+"live_204",e))}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: this.xh=ry(this.xh,a.ismb);l=a;g.nt(this.experiments,"html5_qoe_intercept")?l=g.nt(this.experiments,"html5_qoe_intercept"):this.sn?(l=l.vss_host||"s.youtube.com",this.ia("www_for_videostats")&&"s.youtube.com"==l&&(l=Ny(this.H)||"www.youtube.com")):l="video.google.com";this.il=l;this.Jd(a,!0);this.J=new Ux;g.A(this,this.J);this.G=this.o&&!this.ia("enable_svg_mode_on_embed_mobile");l=b?b.innertubeApiKey:sy("",a.innertube_api_key);k=b?b.innertubeApiVersion:sy("",a.innertube_api_version);f=b?b.innertubeContextClientVersion: equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: var f="6"}g.wJ(this,a.errorCode,e,Es(a.details),f)}else this.C.onError(a.errorCode,Es(a.details)),c&&"manifest.net.connect"==a.errorCode&&(a="https://www.youtube.com/generate_204?cpn="+this.W.clientPlaybackNonce+"&t="+(0,g.M)(),(new UE(a,"manifest",function(k){b.gi=!0;b.Va("pathprobe",k)},function(k){return b.C.onError(k.errorCode,Es(k.details))})).send())}}; equals www.youtube.com (Youtube)
Source: base[1].js.2.drString found in binary or memory: var z2={};var Ola="www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com".split(" ");HT.prototype.fetch=function(a,b){var c=this;if(!a.match(/\[BISCOTTI_ID\]/g))return IT(this,a,b);var d=1===this.u;d&&this.o.app.R.tick("a_bid_s");var e=Lla();if(null!==e)return d&&this.o.app.R.tick("a_bid_f"),IT(this,a,b,e);e=Mla();d&&Jf(e,function(){c.o.app.R.tick("a_bid_f")}); equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: quizizz.com
Source: quizbiz[1].js.2.drString found in binary or memory: http://dev-analytics-733896328.us-east-1.elb.amazonaws.com/events
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: http://getbootstrap.com)
Source: Quicksand-Bold[1].ttf.2.dr, Quicksand-Regular[1].ttf.2.drString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
Source: Quicksand-Bold[1].ttf.2.dr, Quicksand-Regular[1].ttf.2.drString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLCopyright
Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
Source: Quicksand-Regular[1].ttf.2.drString found in binary or memory: http://www.andrewpaglinawan.comhttp://www.andrewpaglinawan.comThis
Source: external-b2dd67b9b94d28abf3010e1a710a39e660002c0f-4.0.4.min[1].js0.2.drString found in binary or memory: http://www.apple.com/safari/
Source: msapplication.xml1.1.drString found in binary or memory: http://www.google.com/
Source: external-b2dd67b9b94d28abf3010e1a710a39e660002c0f-4.0.4.min[1].js0.2.drString found in binary or memory: http://www.google.com/chrome
Source: msapplication.xml2.1.drString found in binary or memory: http://www.live.com/
Source: external-b2dd67b9b94d28abf3010e1a710a39e660002c0f-4.0.4.min[1].js0.2.drString found in binary or memory: http://www.mozilla.org/products/firefox/
Source: msapplication.xml3.1.drString found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.drString found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.drString found in binary or memory: http://www.wikipedia.com/
Source: iframe_api[2].js.2.drString found in binary or memory: http://www.youtube.com
Source: msapplication.xml7.1.drString found in binary or memory: http://www.youtube.com/
Source: base[1].js.2.drString found in binary or memory: http://www.youtube.com/videoplayback
Source: 2ZqM8Sd3joc[1].htm.2.drString found in binary or memory: http://www.youtube.com/watch?v=2ZqM8Sd3joc
Source: TmqRCMPpHbA[1].htm.2.drString found in binary or memory: http://www.youtube.com/watch?v=TmqRCMPpHbA
Source: e1qhToYSSHE[1].htm.2.drString found in binary or memory: http://www.youtube.com/watch?v=e1qhToYSSHE
Source: base[1].js.2.drString found in binary or memory: http://youtube.com/drm/2012/10/10
Source: base[1].js.2.drString found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
Source: videoplayback[2].mp4.2.dr, base[1].js.2.drString found in binary or memory: http://youtube.com/streaming/otf/durations/112015
Source: base[1].js.2.drString found in binary or memory: http://youtube.com/yt/2012/10/10
Source: js[2].js.2.drString found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: base[1].js.2.drString found in binary or memory: https://admin.youtube.com
Source: js[2].js.2.drString found in binary or memory: https://adservice.google.com/ddm/regclk
Source: analytics[1].js.2.drString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: js[3].js.2.drString found in binary or memory: https://analytics.google.com/g/collect
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://analytics.quizizz.com
Source: quizbiz[1].js.2.drString found in binary or memory: https://analytics.quizizz.com/events
Source: platform[2].js.2.drString found in binary or memory: https://apis.google.com
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/scripts/v3/admin-988cddbb6f184865ffafc6bc4da7ab0c2e18ad5e-4.0.4.js
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/scripts/v3/auth-1aab05dd4e3f561ef3a306e829f120b0cf905686-4.0.4.min.js
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/scripts/v3/boot-c93872a291484c2f81d88b5148ad4845b30ce9b8-4.0.4.min.js
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/scripts/v3/dashboard-2b93b6035d94c840cd8d70983cfc02ee8ce16281-4.0.4.mi
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/scripts/v3/editor-4c182fe0d3db885662ea7247d565d3f2afc118ef-4.0.4.min.j
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/scripts/v3/external-b2dd67b9b94d28abf3010e1a710a39e660002c0f-4.0.4.min
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/scripts/v3/liveDashboard-2e4a4657dc31582ffb489d63acad9e24df11a9da-4.0.
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/scripts/v3/memes-24966d4038940317cb33599293ae20ba6318beb0-4.0.4.min.js
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/scripts/v3/parentReport-d1d80420da24bfbe795ce005e9ec7fac21d1804c-4.0.4
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/scripts/v3/print-b24ceb83abae2f64e61fbc152f59b9a8ee7e6c99-4.0.4.min.js
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/scripts/v3/reports-78df5eb8aa8abc228ea505c0e34c9cd13b35e93d-4.0.4.min.
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/scripts/v3/resources-e97af5b194c4dfdf9b26d81e4de054b7707b6481-4.0.4.mi
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/scripts/v3/vendorV4-9304f5eba156acf4cd62aa81c0416c6c992e5387-4.0.4.min
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/styles/v3/admin-9be62345788e15a3cf73bef6fbd69053cba3025a-4.0.4.min.css
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/styles/v3/auth-7fdc1049e3b8015cf9539662c61ad9b2b0e598c5-4.0.4.min.css
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/styles/v3/dashboard-c0c73dfbb3744971eca3568024e5d70b65d73d03-4.0.4.min
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/styles/v3/editor-a317bd62ea239c21b2d9d89281df19307c6cc3b0-4.0.4.min.cs
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/styles/v3/liveDashboard-0e4b635579a65f46cb84043064e01c4685294a47-4.0.4
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/styles/v3/main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min.css
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/styles/v3/memes-54d7b785abb9202bfd2b6efbce93a843a2ff25f5-4.0.4.min.css
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/styles/v3/parentReport-51dda751c435ad86a1ce1bdecd042236d24a57f2-4.0.4.
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/styles/v3/print-38c7685de71234c50820934ae4da222976353e6a-4.0.4.min.css
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/styles/v3/reports-a401ccc95a54817a4d0915723ecb7a93a2b9f488-4.0.4.min.c
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/styles/v3/resources-88499b4f0d7e0efb0f6c4db59b8c7a51a99cf2cc-4.0.4.min
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/templates/v3/admin-926b64fbfe3326bad6d3758ba0e5a3740c7ef324-4.0.4.temp
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/templates/v3/auth-2c5ed57dd1edabf2cb4820bf066da838b6485603-4.0.4.templ
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/templates/v3/dashboard-65aff549715530ac2e44329a73b68b464c446dbb-4.0.4.
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/templates/v3/editor-94cc3c220c7adf3b240691c12844cb575eeff891-4.0.4.tem
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/templates/v3/liveDashboard-d4dd5e153d30e397aadf555bd2b9d49cd387b6bf-4.
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/templates/v3/memes-46cefeda966479649339cea25c46634ec0dfda26-4.0.4.temp
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/templates/v3/parentReport-bea7d793e9a267e5c875506da2e3875ac7c1c8a9-4.0
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/templates/v3/print-fa7cc7f2adee32ca2dbfb891aba6a249f09bb730-4.0.4.temp
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/templates/v3/reports-056ad95207408e9d8dcb0c3a83198f4b07e8973d-4.0.4.te
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/assets/templates/v3/resources-dbf210a60654f7bf1a421df31104fe5f05d6ee22-4.0.4.
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-light-300.eot
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-light-300.eot?#iefix
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-light-300.svg#fontawesome
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-light-300.ttf
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-light-300.woff
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-light-300.woff2
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-regular-400.eot
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-regular-400.eot?#iefix
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-regular-400.svg#fontawesome
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-regular-400.ttf
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-regular-400.woff
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-regular-400.woff2
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-solid-900.eot
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-solid-900.eot?#iefix
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-solid-900.svg#fontawesome
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-solid-900.ttf
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-solid-900.woff
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://cf.quizizz.com/fonts/fa5.12.0/fa-solid-900.woff2
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/game/img/share/quizizz_share1.png
Source: resources-dbf210a60654f7bf1a421df31104fe5f05d6ee22-4.0.4.template[1].js.2.drString found in binary or memory: https://cf.quizizz.com/img/Careers/Desktop/Compressed/life-3.png
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/img/favicon/favicon-16x16.png
Source: D4RYBKOY.htm.2.dr, imagestore.dat.2.dr, ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://cf.quizizz.com/img/favicon/favicon-32x32.png
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://cf.quizizz.com/img/favicon/favicon.ico
Source: resources-dbf210a60654f7bf1a421df31104fe5f05d6ee22-4.0.4.template[1].js.2.drString found in binary or memory: https://cf.quizizz.com/img/homepage/gc-person.png
Source: external-b2dd67b9b94d28abf3010e1a710a39e660002c0f-4.0.4.min[1].js0.2.drString found in binary or memory: https://cf.quizizz.com/img/logos/logo_bg_wot.png
Source: resources-dbf210a60654f7bf1a421df31104fe5f05d6ee22-4.0.4.template[1].js.2.drString found in binary or memory: https://cf.quizizz.com/img/logos/new/logo-pot-sm.png
Source: resources-dbf210a60654f7bf1a421df31104fe5f05d6ee22-4.0.4.template[1].js.2.drString found in binary or memory: https://cf.quizizz.com/img/quizizz_logos/white-brandmark-600x164.png
Source: resources-dbf210a60654f7bf1a421df31104fe5f05d6ee22-4.0.4.template[1].js.2.drString found in binary or memory: https://cf.quizizz.com/img/tutors/monster-2.png
Source: resources-dbf210a60654f7bf1a421df31104fe5f05d6ee22-4.0.4.template[1].js.2.drString found in binary or memory: https://cf.quizizz.com/img/tutors/monster-3.png
Source: resources-dbf210a60654f7bf1a421df31104fe5f05d6ee22-4.0.4.template[1].js.2.drString found in binary or memory: https://cf.quizizz.com/img/tutors/quote.png
Source: wrap[1].js.2.drString found in binary or memory: https://confiant-integrations.freetls.fastly.net/cdt/
Source: www-widgetapi[1].js.2.drString found in binary or memory: https://developers.google.com/youtube/iframe_api_reference#Events
Source: base[1].js.2.drString found in binary or memory: https://docs.google.com/get_video_info
Source: fa-brands-400[1].eot.2.dr, main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://fontawesome.com
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://fontawesome.com/license
Source: fa-brands-400[1].eot.2.dr, fa-light-300[1].eot.2.dr, fa-regular-400[1].eot.2.dr, fa-solid-900[1].eot.2.drString found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
Source: css2[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN_r8-Vg.woff)
Source: css2[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirk-Vg.woff)
Source: css2[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem6YaGs126MiZpBA-UFUJ0d.woff)
Source: css2[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-U1UQ.woff)
Source: Quicksand-Regular[1].ttf.2.drString found in binary or memory: https://github.com/andrew-paglinawan/QuicksandFamily)
Source: bundle.min[1].js.2.drString found in binary or memory: https://github.com/getsentry/sentry-javascript
Source: js[2].js.2.drString found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: main-6508e920d8ec805c582ced461ada19a05c5e40c0-4.0.4.min[1].css.2.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://join.quizizz.com
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://notif.quizizz.com
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://notif.quizizz.com/notif/main
Source: js[2].js.2.drString found in binary or memory: https://pagead2.googlesyndication.com
Source: js[2].js.2.drString found in binary or memory: https://pagead2.googlesyndication.com/
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://quizizz.com/
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://quizizz.com/PQuizizz
Source: {C8C7C3F1-A153-11EA-AAE6-9CC1A2A860C6}.dat.1.drString found in binary or memory: https://quizizz.com/Root
Source: {C8C7C3F1-A153-11EA-AAE6-9CC1A2A860C6}.dat.1.drString found in binary or memory: https://quizizz.com/ad
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://quizizz.com/admin
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://quizizz.com/admin/English-and-Language-Arts/1
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://quizizz.com/admincom/admin
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://quizizz.com/adminss
Source: {C8C7C3F1-A153-11EA-AAE6-9CC1A2A860C6}.dat.1.drString found in binary or memory: https://quizizz.com/bu
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://quizizz.com/business
Source: {C8C7C3F1-A153-11EA-AAE6-9CC1A2A860C6}.dat.1.drString found in binary or memory: https://quizizz.com/businessNQuizizz:
Source: {C8C7C3F1-A153-11EA-AAE6-9CC1A2A860C6}.dat.1.drString found in binary or memory: https://quizizz.com/businessRoot
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://quizizz.com/inss
Source: {C8C7C3F1-A153-11EA-AAE6-9CC1A2A860C6}.dat.1.drString found in binary or memory: https://quizizz.com/jo
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://quizizz.com/join
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://quizizz.com/joinss
Source: {C8C7C3F1-A153-11EA-AAE6-9CC1A2A860C6}.dat.1.drString found in binary or memory: https://quizizz.com/lo
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://quizizz.com/login
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://quizizz.com/login?source=header_landing
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://quizizz.com/login?source=header_landingg
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://quizizz.com/quizbiz.js
Source: {C8C7C3F1-A153-11EA-AAE6-9CC1A2A860C6}.dat.1.drString found in binary or memory: https://quizizz.com/si
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://quizizz.com/signup?source=header_landing
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://quizizz.com/z.com/
Source: iframe_api[2].js.2.drString found in binary or memory: https://s.ytimg.com/yts/jsbin/www-widgetapi-vflSqoU_7/www-widgetapi.js
Source: D4RYBKOY.htm.2.drString found in binary or memory: https://socket.quizizz.com
Source: js[3].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: js[3].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: analytics[1].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: analytics[1].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&
Source: base[1].js.2.drString found in binary or memory: https://support.google.com/youtube/?p=missing_quality
Source: base[1].js.2.drString found in binary or memory: https://support.google.com/youtube/?p=noaudio
Source: base[1].js.2.drString found in binary or memory: https://support.google.com/youtube/?p=report_playback
Source: base[1].js.2.drString found in binary or memory: https://support.google.com/youtube/answer/6276924
Source: remote[1].js.2.drString found in binary or memory: https://support.google.com/youtube/answer/7640706
Source: base[1].js.2.drString found in binary or memory: https://viacon.corp.google.com
Source: quizizz-WwdtJzD0[1].js.2.drString found in binary or memory: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Source: quizizz-WwdtJzD0[1].js.2.dr, js[2].js.2.drString found in binary or memory: https://www.google-analytics.com/analytics.js
Source: js[3].js.2.drString found in binary or memory: https://www.google-analytics.com/g/collect
Source: analytics[1].js.2.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.drString found in binary or memory: https://www.google.%/ads/ga-audiences
Source: js[2].js.2.drString found in binary or memory: https://www.google.com
Source: js[2].js.2.drString found in binary or memory: https://www.google.com/pagead/conversion_async.js
Source: js[2].js.2.drString found in binary or memory: https://www.google.com/travel/flights/click/conversion/
Source: base[1].js.2.drString found in binary or memory: https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2i
Source: js[2].js.2.drString found in binary or memory: https://www.googletraveladservices.com/travel/clk/pagead/conversion/
Source: js[2].js.2.drString found in binary or memory: https://www.googletraveladservices.com/travel/vacations/clk/pagead/conversion/
Source: remote[1].js.2.drString found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://www.youtube-nocookie.com/embed/2ZqM8Sd3joc?autoplay=1&controls=0&iv_load_policy=3&loop=1&mod
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://www.youtube-nocookie.com/embed/TmqRCMPpHbA?autoplay=0&controls=1&iv_load_policy=3&loop=0&mod
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://www.youtube-nocookie.com/embed/e1qhToYSSH
Source: ~DF474002835EDE5EFE.TMP.1.drString found in binary or memory: https://www.youtube-nocookie.com/embed/e1qhToYSSHE?autoplay=0&controls=1&iv_load_policy=3&loop=0&mod
Source: www-widgetapi[1].js.2.drString found in binary or memory: https://www.youtube.com
Source: base[1].js.2.drString found in binary or memory: https://www.youtube.com/generate_204?cpn=
Source: 2ZqM8Sd3joc[1].htm.2.drString found in binary or memory: https://www.youtube.com/watch?v=2ZqM8Sd3joc
Source: TmqRCMPpHbA[1].htm.2.drString found in binary or memory: https://www.youtube.com/watch?v=TmqRCMPpHbA
Source: e1qhToYSSHE[1].htm.2.drString found in binary or memory: https://www.youtube.com/watch?v=e1qhToYSSHE
Source: base[1].js.2.drString found in binary or memory: https://youtu.be/
Source: base[1].js.2.drString found in binary or memory: https://youtube.com/api/drm/fps?ek=uninitialized
Source: base[1].js.2.drString found in binary or memory: https://youtubei.googleapis.com/youtubei/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987

Source: classification engineClassification label: clean0.win@3/134@15/12
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C8C7C3EF-A153-11EA-AAE6-9CC1A2A860C6}.datJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DFEDC8C7003A2CEC27.TMPJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5332 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5332 CREDAT:17410 /prefetch:2Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Windows\SysWOW64\Macromed\Flash\ss.cfgJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dllJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsGraphical User Interface1Winlogon Helper DLLProcess Injection1Masquerading1Credential DumpingFile and Directory Discovery1Remote File Copy1Data from Local SystemData CompressedStandard Cryptographic Protocol2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesProcess Injection1Network SniffingApplication Window DiscoveryRemote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Non-Application Layer Protocol2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
External Remote ServicesWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureQuery RegistryWindows Remote ManagementData from Network Shared DriveAutomated ExfiltrationStandard Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Drive-by CompromiseScheduled TaskSystem FirmwareDLL Search Order HijackingObfuscated Files or InformationCredentials in FilesSystem Network Configuration DiscoveryLogon ScriptsInput CaptureData EncryptedRemote File Copy1SIM Card SwapPremium SMS Toll Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet