Analysis Report https://myeducation.netc.navy.mil/webta/home.html

Overview

General Information

Sample URL:	https://myeducation.netc.navy.mil/webta/home.html
Analysis ID:	387996
Infos:
Most interesting Screenshot:
Errors URL not reachable

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 205.85.30.125:443 -> 192.168.2.7:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 205.85.30.125:443 -> 192.168.2.7:49696 version: TLS 1.2

Source: global traffic	HTTP traffic detected: GET /bridge/caCertsIssuedTofbcag4.p7c HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: repo.fpki.gov
Source: global traffic	HTTP traffic detected: GET /bridge/caCertsIssuedTofbcag4.p7c HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: repo.fpki.gov
Source: global traffic	HTTP traffic detected: GET /bridge/certificates/STRACBridgeRootCA.p7c HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: pki.strac.org

Source: unknown

DNS traffic detected: queries for: myeducation.netc.navy.mil

Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://aia.certipath.com/CertiPathBridgeCA-G3.p7c0
Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://aia.makeidentitysafe.com/sibca.p7c0
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://cacer.symauth.com/mpki/FortiorSolutionsICA2018.p7c0
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://certstatus.fti.org0Z
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://certstatus.strac.org0L
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://certstatus.strac.org0Q
Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://crl.certipath.com/CertiPathBridgeCA-G3.crl0
Source: 0192D13C45C9AB89127886822889A6160.2.dr	String found in binary or memory: http://crl.defence.gov.au/pki/crl/ADIOCA.crl0
Source: 0192D13C45C9AB89127886822889A6160.2.dr	String found in binary or memory: http://crl.defence.gov.au/pki0
Source: 92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr, 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://crl.disa.mil/crl/DODINTEROPERABILITYROOTCA2.crl0
Source: 3EB18C7B0A0719AAA1141CD8C5D8430A0.2.dr	String found in binary or memory: http://crl.disa.mil/crl/DODROOTCA3.crl0l
Source: 92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	String found in binary or memory: http://crl.disa.mil/crl/USDODCCEBINTEROPERABILITYROOTCA2.crl0
Source: 07D9B6BD3671FEA6AAF5B49151819D290.2.dr	String found in binary or memory: http://crl.disa.mil/issuedby/DODINTEROPERABILITYROOTCA2_IB.p7c0
Source: 92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	String found in binary or memory: http://crl.disa.mil/issuedby/DODROOTCA3_IB.p7c0
Source: 07D9B6BD3671FEA6AAF5B49151819D29.2.dr	String found in binary or memory: http://crl.disa.mil/issuedto/DODINTEROPERABILITYROOTCA2_IT.p7c
Source: 92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	String found in binary or memory: http://crl.disa.mil/issuedto/DODINTEROPERABILITYROOTCA2_IT.p7c0
Source: 92B4E4A7AF9423521FFED0DEDEE45E6C.2.dr	String found in binary or memory: http://crl.disa.mil/issuedto/DODROOTCA3_IT.p7c
Source: 3EB18C7B0A0719AAA1141CD8C5D8430A0.2.dr	String found in binary or memory: http://crl.disa.mil/issuedto/DODROOTCA3_IT.p7c0
Source: 0192D13C45C9AB89127886822889A616.2.dr	String found in binary or memory: http://crl.disa.mil/issuedto/USDODCCEBINTEROPERABILITYROOTCA2_IT.p7c
Source: 92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	String found in binary or memory: http://crl.disa.mil/issuedto/USDODCCEBINTEROPERABILITYROOTCA2_IT.p7c0
Source: 3EB18C7B0A0719AAA1141CD8C5D8430A.2.dr	String found in binary or memory: http://crl.disa.mil/sign/DODSWCA_54.cer
Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://crl.makeidentitysafe.com/sibca.crl0
Source: 77EC63BDA74BD0D0E0426DC8F8008506.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 0192D13C45C9AB89127886822889A6160.2.dr	String found in binary or memory: http://ocsp.defence.gov.au0j
Source: 3EB18C7B0A0719AAA1141CD8C5D8430A0.2.dr	String found in binary or memory: http://ocsp.disa.mil0
Source: 92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	String found in binary or memory: http://ocsp.disa.mil0J
Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://ocsp.disa.mil0Q
Source: 92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	String found in binary or memory: http://ocsp.disa.mil0Z
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://pki-crl.symauth.com/FortiorSolutions/FortiorSolutionsICA2018.crl0
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://pki-ocsp.symauth.com0E
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://pki.fti.org/fti_ca/certificates/FTICA.p7c0
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://pki.fti.org/fti_ca/certificates/FTICA.p7c0%
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://pki.fti.org/fti_ca/crl/FTICA.crl0s
Source: 004E57B65F99837F48C0700F1E6CC681.2.dr	String found in binary or memory: http://pki.strac.org/bridge/certificates/STRACBridgeRootCA.p7c
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://pki.strac.org/bridge/certificates/STRACBridgeRootCA.p7c0
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://pki.strac.org/bridge/crl/STRACBridgeRootCA.crl0
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://pub.carillonfedserv.com/CAcerts/CFSCA2.p7c0/
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://pub.carillonfedserv.com/CRL/CFSCA2.crl0
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://pub.carillonfedserv.com/ocsp0
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://repo.fpki.gov/bridge/caCertsIssuedByfbcag4.p7c0
Source: 05762D5FA3F6598254134AC9682E08F4.2.dr	String found in binary or memory: http://repo.fpki.gov/bridge/caCertsIssuedTofbcag4.p7c
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://repo.fpki.gov/bridge/caCertsIssuedTofbcag4.p7c07
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://repo.fpki.gov/bridge/fbcag4.crl0
Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://repo.fpki.gov/fcpca/caCertsIssuedTofcpcag2.p7c07
Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://repo.fpki.gov/fcpca/fcpcag2.crl0
Source: 4CCD903D73EB7EFE434F6D744EEFC5A3.2.dr	String found in binary or memory: http://tscp-aia.symauth.com/IssuedTo-tscpbcasha256.p7c
Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://tscp-aia.symauth.com/IssuedTo-tscpbcasha256.p7c0
Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://tscp-crl.symauth.com/tscpbcasha256.crl0
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://tscp-sia.symauth.com/IssuedBy-tscpbcasha256.p7c0
Source: ~DF6B7D3C5DEAF48CCD.TMP.1.dr	String found in binary or memory: https://myeducation.netc.navy.mil/webta/home.html
Source: {45CF7CBC-9E5B-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	String found in binary or memory: https://myeducation.netc.navy.mil/webta/home.htmlRoot
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: https://pub.carillonfedserv.com/CertificatePolicy.pdf0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443

Source: unknown	HTTPS traffic detected: 205.85.30.125:443 -> 192.168.2.7:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 205.85.30.125:443 -> 192.168.2.7:49696 version: TLS 1.2

Source: classification engine

Classification label: unknown0.win@3/30@6/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{45CF7CBA-9E5B-11EB-90E6-ECF4BB82F7E0}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user~1\AppData\Local\Temp\~DF997E2E9D72C1F602.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1976 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1976 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
205.85.30.125	myeducation.netc.navy.mil	United States	665	DNIC-ASBLK-00616-00665US	false
13.32.240.46	d1j5ckqeil9o7.cloudfront.net	United States	16509	AMAZON-02US	false
172.67.10.220	pki.strac.org	United States	13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
pki.strac.org	172.67.10.220	true
d1j5ckqeil9o7.cloudfront.net	13.32.240.46	true
myeducation.netc.navy.mil	205.85.30.125	true
tscp-aia.symauth.com	unknown	unknown
repo.fpki.gov	unknown	unknown
crl.disa.mil	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://pki.strac.org/bridge/certificates/STRACBridgeRootCA.p7c	false	Avira URL Cloud: safe	unknown
http://repo.fpki.gov/bridge/caCertsIssuedTofbcag4.p7c	false	Avira URL Cloud: safe	unknown

ID:	387996
Product:	CloudBasic
Start time:	19:26:33
Start date:	15.04.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\004E57B65F99837F48C0700F1E6CC681	data	8B067EC4C0E0C2353D990EDD05108442	6D4372624F0B9A836D24F8BA403DEDA10EAE98CE	8644951D5D9822792F8CF3FB51804223704C6CCAE6FACFB819FE4760E382D908
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0192D13C45C9AB89127886822889A616	data	24315E9EB2D7FC93B5CD2D5163E81ABF	121CE7D9F39AE809B3B9CAB096163FF76ED27F29	AD0FCCB2C4EBFFDDA9F335AF231FD6EE8D676E3376F1C2DA98527C90D188DC7B
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05762D5FA3F6598254134AC9682E08F4	data	3A687F8A3C44C5A365A1D07B5A6794EE	96BE03CB5230A86370E69EEB515C323C3A148EED	E72270E736AD9D9D4F8BBB1DD7B8A7142733DBCE1CD4D6008C8038BB7CF7893E
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07D9B6BD3671FEA6AAF5B49151819D29	data	361FFBA8D70AA0F452164A539EF08BB4	B405699FDDD703865ECD9EBE9018354028DC92DD	77F1D59DC3266A222E162C1FDA2B25162E453A0C2D7EB181544CCD9A9D9C86BD
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3EB18C7B0A0719AAA1141CD8C5D8430A	data	6D3B82B83C29FFFDD4EBA47BE280290E	AC5FAF8CFBB8C238B89AEEFA1F8867782A086D58	8DBBDD5E0DB08DEED15C48B14367E7DF1BC5068707355626AF0F8CFB470BF9EF
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4CCD903D73EB7EFE434F6D744EEFC5A3	data	B8B7C7DFAA295310349F77C9C9EF6D6A	999D1D214C90BA26D92DE17A02E4208284D789BE	2B6C767E9DBACBF57D683630072B5DDB7D5E5A28522F21F5C797E4E5234BD35C
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, 58596 bytes, 1 file	61A03D15CF62612F50B74867090DBE79	15228F34067B4B107E917BEBAF17CC7C3C1280A8	F9E23DC21553DAA34C6EB778CD262831E466CE794F4BEA48150E8D70D3E6AF6D
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\92B4E4A7AF9423521FFED0DEDEE45E6C	data	F424D34156A7546A06265F49032CC83A	AE531100FD3F7A464FB95EA341B333DA124F6ABD	160A85CE2C392C2AA9D45450E0A4BB598FA9815CCD97648A6C4F680DD58B4F3F
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\004E57B65F99837F48C0700F1E6CC681	data	D9ABFF3A50DFBFDE7431311664DE1576	58D3ABC0C82BC6E781D5D160B32ECE3F3E9DA53C	D32B990C7B6AF2D4BE049671B7F618EDE3DAF3DB953E5015029A53E64BFFF16A
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0192D13C45C9AB89127886822889A616	data	DEC6D62C7E60DF6767BEDC47D777674C	24998C91C77CBA55D8EDA4F443012D3B600FC9FE	EAF81967F526103D18677A35AF3F11EA8D8D2D8F6A25EC2925E4AA7260AC858F
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05762D5FA3F6598254134AC9682E08F4	data	9913ACE52DF62C82ECE4B9D8B134AB7B	B76B587507C7DD543F194E474D08C73A9D1FD677	1548FCFCAFF975A51139404CB5C2E05522898BE50EA03B8EFE9D529963E2857E
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07D9B6BD3671FEA6AAF5B49151819D29	data	71DE166D0D2B2B0A152DD9342C8CC7D8	CCD78852E407F479D1693E186782DBDB4B076B9C	FD258ED542F6C913374DC03541FC6BCA4E3134B665C7BFA0152F7EB889C2E568
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3EB18C7B0A0719AAA1141CD8C5D8430A	data	EA380E830ECB258B1AA51239DE7FB84C	878DD2B785CB2BED11BE2EF28CB974727C4C3315	949D576A27661BEECEE31B7D14D26EF567476ECFC0C11D9AA268302527EF8E57
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4CCD903D73EB7EFE434F6D744EEFC5A3	data	89AC8348DDA153E48E3BE5834EE5D8A3	47D1C923EFF18DB1CFD2704B8FB03778F3CE41EA	F83E004411AE34F094BAE03CBED95C80C783DC1EA5E8FF768C8578DFDFA55D6D
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	8566DB40C5F235CAD7799C6938C38EA2	45B1AE338BCD9D3A248443A328B9A23CFC1E7134	154B29CA1B2D0F71A6592DE715834DE44B486B2C1106474D7246D6B1F80B66E5
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\92B4E4A7AF9423521FFED0DEDEE45E6C	data	0EEDDA9D3C5F56E26DC48404109F2C2C	4CCAAAE232FAC8189D6ABEDB5B8CD27C7E4DB3F5	02966996A8F2ACE506EB31D1ECCBF0ED6AA17672CC29549B30955C30768F5A3D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{45CF7CBA-9E5B-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	2631DAF4AC5B2A4BDFBFC633F8F1CAC1	9B7E4CBB3F3907F4257B5E6A312D799CE9F7B29E	371ED28A4A32CA91A2A268EB0149ACE8C41F2A654AA106841DEA72B74EBD4A4E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{45CF7CBC-9E5B-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	D30FE6F44C0340A66DCF56DDFFE29B97	7768F345401619AF55EC57F3B03CEC4E3656630C	EA2617C7E8F8695D30128D606A67DF69EFB535AD36005E8CC9DDFE6EAE87FB03
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4C520720-9E5B-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	260D19692FF9D29C3EBB07448AA83A16	5186DAF1ACF2D86125E69469C582EB0AC22D770A	A4AA8858A9A67B293781672729E8CD441BB7216619309A4A28D27A7DC4138111
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\newErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	DFEABDE84792228093A5A270352395B6	E41258C9576721025926326F76063C2305586F76	77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\shieldcheck[1]	MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	7AC3FA54ED226CA44CEB994249E5C306	5FB7BE5D722DA876F62F0ADEF5C9A7D86D05688C	AA2C5D165A9D1C383EB954B2BAFD118B6FE5200AA7EE3D83501D6F08149B825F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	C4F558C4C8B56858F15C09037CD6625A	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\invalidcert[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	B8889E2796DD23C19DAA9BD263AE3C26	3B0E097ADED1C821665DA56D72909A7DB5B922E4	8772217BBD9517BE03DD209D1323FC2D46108D39C97DF590F2C05BF53A173C7C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	9234071287E637F85D721463C488704C	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\invalidcert[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	B57B31E5FF628B5C319C902C1388164D	33E30D7CC1BC64D8C966B65F8701A3473CBF9A40	5F6258FE7C308635635E500903D767572372A0AEA4947C1A4BD61B4687F14036
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	D65EC06F21C379C87040B83CC1ABAC6B	208D0A0BB775661758394BE7E4AFB18357E46C8B	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\shieldcritical[1]	MS Windows icon resource - 12 icons, 48x48, 16 colors, 32x32, 16 colors	A6696B2897CA69CFE271504ADCC37E72	ABD3EA2B0D0A345E148A8F3503C1C30D221EE98B	F0F08719B27A039C0E9D402AD84AFC2CD8E6E9072A7D90FA0F8E33F47B9F7CEA
C:\Users\user\AppData\Local\Temp\~DF11EFF2197EADE752.TMP	data	657F374CE750980EC1B1C36F51ED1F20	3B95BC94D12E9D3BB80EBE7EB7234601AE0B43E0	EB1B65A26C54F8FEEEDBCB78BC46F3D9E3819D7C7EDEF8E2F4E0ABA2F9073E87
C:\Users\user\AppData\Local\Temp\~DF6B7D3C5DEAF48CCD.TMP	data	579C1DF5AC23B418D5A6DFDD460F9A95	9C4021CE122E322123BB9C762CB22D292072EC4A	F553D5DA75D320F1F5445C9CBCD33443C44CBA4D366ADF181BE94F65465E1653
C:\Users\user\AppData\Local\Temp\~DF997E2E9D72C1F602.TMP	data	94C5DD0BF29C315F4EF74BFF44D61348	1BCB79E873BAFC4EEC7DEFD84D8DC59CEC9CA180	71BEB13892B8A5D95D9852FC0FEE46B7682C85CBC8134A2D3ADDC41E6B8E0B5A

Analysis Report https://myeducation.netc.navy.mil/webta/home.html

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs