Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

URLScan

urlscan

1

http://helleniqenerg...

windows7-x64

1

http://helleniqenerg...

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2022, 07:58 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://helleniqenergy.greenbyte.cloud

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://helleniqenergy.greenbyte.cloud
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4736

Network

  • flag-us
    DNS
    helleniqenergy.greenbyte.cloud
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    helleniqenergy.greenbyte.cloud
    IN A
    Response
    helleniqenergy.greenbyte.cloud
    IN A
    54.229.33.68
    helleniqenergy.greenbyte.cloud
    IN A
    18.200.115.133
    helleniqenergy.greenbyte.cloud
    IN A
    54.72.108.185
  • flag-ie
    GET
    http://helleniqenergy.greenbyte.cloud/
    IEXPLORE.EXE
    Remote address:
    54.229.33.68:80
    Request
    GET / HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: helleniqenergy.greenbyte.cloud
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Server: awselb/2.0
    Date: Tue, 04 Oct 2022 07:59:38 GMT
    Content-Type: text/html
    Content-Length: 134
    Connection: keep-alive
    Location: https://helleniqenergy.greenbyte.cloud:443/
  • flag-us
    DNS
    api.bing.com
    iexplore.exe
    Remote address:
    8.8.8.8:53
    Request
    api.bing.com
    IN A
    Response
    api.bing.com
    IN CNAME
    api-bing-com.e-0001.e-msedge.net
    api-bing-com.e-0001.e-msedge.net
    IN CNAME
    e-0001.e-msedge.net
    e-0001.e-msedge.net
    IN A
    13.107.5.80
  • flag-us
    DNS
    s.ss2.us
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    s.ss2.us
    IN A
    Response
    s.ss2.us
    IN A
    13.227.211.5
    s.ss2.us
    IN A
    13.227.211.177
    s.ss2.us
    IN A
    13.227.211.169
    s.ss2.us
    IN A
    13.227.211.118
  • flag-nl
    GET
    http://s.ss2.us/r.crl
    IEXPLORE.EXE
    Remote address:
    13.227.211.5:80
    Request
    GET /r.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: s.ss2.us
    Response
    HTTP/1.1 200 OK
    Content-Type: application/x-pkcs7-crl
    Content-Length: 434
    Connection: keep-alive
    Server: Sucuri/Cloudproxy
    X-Sucuri-ID: 15036
    Last-Modified: Mon, 27 Jun 2022 22:00:33 GMT
    P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
    X-Sucuri-Cache: HIT
    Accept-Ranges: bytes
    Date: Tue, 04 Oct 2022 07:59:54 GMT
    Cache-Control: public, no-transform, must-revalidate
    Expires: Sat, 01 Oct 2022 22:59:33 GMT
    ETag: "1b2-5e2750c950cf4"
    X-Cache: Error from cloudfront
    Via: 1.1 d3fdd96b3ada000b1a8c2d522534c124.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: AMS54-C1
    X-Amz-Cf-Id: Xbx_ydoCH37Xnnn8VjsRH4i7gDiWrj1eylicdIRr6Qc7YIDiyPzrLQ==
  • flag-ie
    GET
    https://helleniqenergy.greenbyte.cloud/
    IEXPLORE.EXE
    Remote address:
    18.200.115.133:443
    Request
    GET / HTTP/2.0
    host: helleniqenergy.greenbyte.cloud
    accept: text/html, application/xhtml+xml, image/jxr, */*
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 302
    date: Tue, 04 Oct 2022 08:00:21 GMT
    content-type: text/html; charset=utf-8
    content-length: 145
    cache-control: private
    location: /Account/LogOn?returnUrl=%2F
    instance: EC2AMAZ-J9R63AK
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    referrer-policy: no-referrer-when-downgrade
    x-xss-protection: 0
    permissions-policy: microphone=(), camera=(), payment=()
    content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data: ; frame-src *; style-src * 'unsafe-inline'
    x-content-type-options: nosniff
  • flag-ie
    GET
    https://helleniqenergy.greenbyte.cloud/Account/LogOn?returnUrl=%2F
    IEXPLORE.EXE
    Remote address:
    18.200.115.133:443
    Request
    GET /Account/LogOn?returnUrl=%2F HTTP/2.0
    host: helleniqenergy.greenbyte.cloud
    accept: text/html, application/xhtml+xml, image/jxr, */*
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 302
    date: Tue, 04 Oct 2022 08:00:21 GMT
    content-length: 0
    location: https://login.powerfactors.app/authorize?client_id=ZD0RNWWGOjP1r9VHLxUDdTE37b7NrKsg&response_type=code%20id_token%20token&scope=openid%20profile%20email&state=OpenIdConnect.AuthenticationProperties%3DRlCODYBIEy4QmS8FlH_cXyTFaaz2U0h7HMGiS6nLVUw-byCyMlE6mxA5930yafxk-1qeB2bM2lYQKTS5fBOFZWpQxu-MjFdfNT9RQ1jgmX1EALcekJtjg2q8hewfvivk1Xbuk0ufjaQIw0xodLhQ4g&response_mode=form_post&nonce=638004672214926093.NDYxZWY1MjMtZThlNy00YWQ2LTk2MTgtNjFhYzhkNjM4NGI2NTg0MmY2NDctNDE0OS00MTE0LWJmMmEtOTk3NmY2ZjMwYTdj&organization=org_eVE0gbZO271Aj3Ng&redirect_uri=https%3A%2F%2Fhelleniqenergy.greenbyte.cloud%2Fcallback&x-client-SKU=ID_NET461&x-client-ver=5.3.0.0
    cache-control: private
    x-minimumrequireduiversion: 11
    set-cookie: Product=Breeze; path=/
    set-cookie: OpenIdConnect.nonce.rQSXKy1lkyCXwlKTAN6AlG%2FVG%2FhQkwN1UUw7%2FLyDy%2FE%3D=OVpWR24xV2pMM1lTTUtBWEMzMmJiWjBLYWFLb2t5ZF9jNGxJZFdPMHNuZGlmaHA4MkpzNDJ6R0VKdjlDYVFPZjRXY2NzMXVFSU1hNDdSaTJsTEJraU5hMlpqZWZwcGdCSE01SHA4dmVzOTF6YXN3czljZTJJYXRPX2xIZWd5WDhfUHpZNDRXdzhBVTJrVzhMQW9FaFpuQWE4UTRmUWF6LVlYU1lyYXZGRGI2UUpvXzVoU0ZZZjN4ek13NUs0eE9hQ1hPOHEzVXFxNUh1VmNfcXZVbzB3VktqM2t0T2F1SWdTa3VRTVB0cTVaaw%3D%3D; expires=Tue, 04-Oct-2022 08:15:21 GMT; path=/; secure; HttpOnly; SameSite=None
    instance: EC2AMAZ-J9R63AK
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    referrer-policy: no-referrer-when-downgrade
    x-xss-protection: 0
    permissions-policy: microphone=(), camera=(), payment=()
    content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data: ; frame-src *; style-src * 'unsafe-inline'
    x-content-type-options: nosniff
  • flag-us
    DNS
    crl.rootca1.amazontrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    crl.rootca1.amazontrust.com
    IN A
  • flag-us
    DNS
    crl.rootca1.amazontrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    crl.rootca1.amazontrust.com
    IN A
  • flag-us
    DNS
    crl.rootca1.amazontrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    crl.rootca1.amazontrust.com
    IN A
  • flag-us
    DNS
    crl.rootca1.amazontrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    crl.rootca1.amazontrust.com
    IN A
  • flag-us
    DNS
    crl.rootca1.amazontrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    crl.rootca1.amazontrust.com
    IN A
  • flag-us
    DNS
    login.powerfactors.app
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    login.powerfactors.app
    IN A
    Response
    login.powerfactors.app
    IN CNAME
    powerfactors-production-cd-1n4i2dwfgh5fyv3u.edge.tenants.eu.auth0.com
    powerfactors-production-cd-1n4i2dwfgh5fyv3u.edge.tenants.eu.auth0.com
    IN A
    104.16.96.94
    powerfactors-production-cd-1n4i2dwfgh5fyv3u.edge.tenants.eu.auth0.com
    IN A
    104.18.244.88
  • flag-us
    GET
    https://login.powerfactors.app/authorize?client_id=ZD0RNWWGOjP1r9VHLxUDdTE37b7NrKsg&response_type=code%20id_token%20token&scope=openid%20profile%20email&state=OpenIdConnect.AuthenticationProperties%3DRlCODYBIEy4QmS8FlH_cXyTFaaz2U0h7HMGiS6nLVUw-byCyMlE6mxA5930yafxk-1qeB2bM2lYQKTS5fBOFZWpQxu-MjFdfNT9RQ1jgmX1EALcekJtjg2q8hewfvivk1Xbuk0ufjaQIw0xodLhQ4g&response_mode=form_post&nonce=638004672214926093.NDYxZWY1MjMtZThlNy00YWQ2LTk2MTgtNjFhYzhkNjM4NGI2NTg0MmY2NDctNDE0OS00MTE0LWJmMmEtOTk3NmY2ZjMwYTdj&organization=org_eVE0gbZO271Aj3Ng&redirect_uri=https%3A%2F%2Fhelleniqenergy.greenbyte.cloud%2Fcallback&x-client-SKU=ID_NET461&x-client-ver=5.3.0.0
    IEXPLORE.EXE
    Remote address:
    104.18.244.88:443
    Request
    GET /authorize?client_id=ZD0RNWWGOjP1r9VHLxUDdTE37b7NrKsg&response_type=code%20id_token%20token&scope=openid%20profile%20email&state=OpenIdConnect.AuthenticationProperties%3DRlCODYBIEy4QmS8FlH_cXyTFaaz2U0h7HMGiS6nLVUw-byCyMlE6mxA5930yafxk-1qeB2bM2lYQKTS5fBOFZWpQxu-MjFdfNT9RQ1jgmX1EALcekJtjg2q8hewfvivk1Xbuk0ufjaQIw0xodLhQ4g&response_mode=form_post&nonce=638004672214926093.NDYxZWY1MjMtZThlNy00YWQ2LTk2MTgtNjFhYzhkNjM4NGI2NTg0MmY2NDctNDE0OS00MTE0LWJmMmEtOTk3NmY2ZjMwYTdj&organization=org_eVE0gbZO271Aj3Ng&redirect_uri=https%3A%2F%2Fhelleniqenergy.greenbyte.cloud%2Fcallback&x-client-SKU=ID_NET461&x-client-ver=5.3.0.0 HTTP/2.0
    host: login.powerfactors.app
    accept: text/html, application/xhtml+xml, image/jxr, */*
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 302
    date: Tue, 04 Oct 2022 08:00:37 GMT
    content-type: text/html; charset=utf-8
    content-length: 620
    location: /u/login/identifier?state=hqFo2SBKc1RXZlFCM1FsNGt2UEJWZ0c3TW5LZTV3dHF3MjlxQqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZaNzVkM1FfU2VQSEl1bkw1TlNlMXdIcVE3YkJZUGFHo2NpZNkgWkQwUk5XV0dPalAxcjlWSEx4VURkVEUzN2I3TnJLc2elb3JnaWS0b3JnX2VWRTBnYlpPMjcxQWozTmenb3JnbmFtZb1oZWxsZW5pYy1wZXRyb2xldW0tcmVuZXdhYmxlcw
    cf-ray: 754c62860c6cd0d9-AMS
    cache-control: no-store, max-age=0, no-transform
    set-cookie: did=s%3Av0%3Aa1693c80-43ba-11ed-b9cd-43983f600813.aSoqAD5wKKV%2Brrg8xFH4keCIB4JpyzoJmJVRd6aRnTU; Max-Age=31557600; Path=/; Expires=Wed, 04 Oct 2023 14:00:36 GMT; HttpOnly; Secure; SameSite=None
    strict-transport-security: max-age=31536000
    vary: Accept, Accept-Encoding
    cf-cache-status: DYNAMIC
    ot-baggage-auth0-request-id: 754c62860c6cd0d9
    ot-tracer-sampled: true
    ot-tracer-spanid: 646c8509622565b5
    ot-tracer-traceid: 3deeb70a22b1e52a
    p3p: CP="Auth0 does not have a P3P policy but our privacy policy is available here: https://auth0.com/privacy"
    pragma: no-cache
    traceparent: 00-646c8509622565b5-00000000000000003deeb70a22b1e52a-01
    tracestate: auth0-request-id=754c62860c6cd0d9,auth0=true
    x-auth0-requestid: c15ad288f858025dd76f
    x-content-type-options: nosniff
    x-ratelimit-limit: 300
    x-ratelimit-remaining: 299
    x-ratelimit-reset: 1664870437
    set-cookie: auth0=s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQMEBpck1ItKVSsIdtbU6ojcQtrL2B-pc0ub7jhkyyfncam61We-YOt0b5Z0uardjo3PJVFgW2av7mMA4OyCr0A6mY29va2llg6dleHBpcmVz1__uLh8AYz_cpK5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.JPAhsc4%2BK9QeOEjiXhTfrnOCZ%2FyPTNYMrgFYDg7AW7I; Path=/; Expires=Fri, 07 Oct 2022 08:00:36 GMT; HttpOnly; Secure; SameSite=None
    set-cookie: did_compat=s%3Av0%3Aa1693c80-43ba-11ed-b9cd-43983f600813.aSoqAD5wKKV%2Brrg8xFH4keCIB4JpyzoJmJVRd6aRnTU; Max-Age=31557600; Path=/; Expires=Wed, 04 Oct 2023 14:00:36 GMT; HttpOnly; Secure
    set-cookie: auth0_compat=s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQMEBpck1ItKVSsIdtbU6ojcQtrL2B-pc0ub7jhkyyfncam61We-YOt0b5Z0uardjo3PJVFgW2av7mMA4OyCr0A6mY29va2llg6dleHBpcmVz1__uLh8AYz_cpK5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.JPAhsc4%2BK9QeOEjiXhTfrnOCZ%2FyPTNYMrgFYDg7AW7I; Path=/; Expires=Fri, 07 Oct 2022 08:00:36 GMT; HttpOnly; Secure
    set-cookie: __cf_bm=.tta9lJlXs82_1OO23TpDgYQzfJw52BFUDT9RGDQNLk-1664870437-0-AX9bXvnrhIEgQbY+VFNS5Vovkgm/I1KmQiTwxkC7o+BE84mN97JohUFIUlpG/5g4bh0FRMOtHQqUZ5Ni78F/Ltc=; path=/; expires=Tue, 04-Oct-22 08:30:37 GMT; domain=.login.powerfactors.app; HttpOnly; Secure; SameSite=None
    server: cloudflare
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • flag-us
    GET
    https://login.powerfactors.app/u/login/identifier?state=hqFo2SBKc1RXZlFCM1FsNGt2UEJWZ0c3TW5LZTV3dHF3MjlxQqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZaNzVkM1FfU2VQSEl1bkw1TlNlMXdIcVE3YkJZUGFHo2NpZNkgWkQwUk5XV0dPalAxcjlWSEx4VURkVEUzN2I3TnJLc2elb3JnaWS0b3JnX2VWRTBnYlpPMjcxQWozTmenb3JnbmFtZb1oZWxsZW5pYy1wZXRyb2xldW0tcmVuZXdhYmxlcw
    IEXPLORE.EXE
    Remote address:
    104.18.244.88:443
    Request
    GET /u/login/identifier?state=hqFo2SBKc1RXZlFCM1FsNGt2UEJWZ0c3TW5LZTV3dHF3MjlxQqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZaNzVkM1FfU2VQSEl1bkw1TlNlMXdIcVE3YkJZUGFHo2NpZNkgWkQwUk5XV0dPalAxcjlWSEx4VURkVEUzN2I3TnJLc2elb3JnaWS0b3JnX2VWRTBnYlpPMjcxQWozTmenb3JnbmFtZb1oZWxsZW5pYy1wZXRyb2xldW0tcmVuZXdhYmxlcw HTTP/2.0
    host: login.powerfactors.app
    accept: text/html, application/xhtml+xml, image/jxr, */*
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    cookie: did=s%3Av0%3Aa1693c80-43ba-11ed-b9cd-43983f600813.aSoqAD5wKKV%2Brrg8xFH4keCIB4JpyzoJmJVRd6aRnTU; auth0=s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQMEBpck1ItKVSsIdtbU6ojcQtrL2B-pc0ub7jhkyyfncam61We-YOt0b5Z0uardjo3PJVFgW2av7mMA4OyCr0A6mY29va2llg6dleHBpcmVz1__uLh8AYz_cpK5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.JPAhsc4%2BK9QeOEjiXhTfrnOCZ%2FyPTNYMrgFYDg7AW7I; did_compat=s%3Av0%3Aa1693c80-43ba-11ed-b9cd-43983f600813.aSoqAD5wKKV%2Brrg8xFH4keCIB4JpyzoJmJVRd6aRnTU; auth0_compat=s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQMEBpck1ItKVSsIdtbU6ojcQtrL2B-pc0ub7jhkyyfncam61We-YOt0b5Z0uardjo3PJVFgW2av7mMA4OyCr0A6mY29va2llg6dleHBpcmVz1__uLh8AYz_cpK5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.JPAhsc4%2BK9QeOEjiXhTfrnOCZ%2FyPTNYMrgFYDg7AW7I; __cf_bm=.tta9lJlXs82_1OO23TpDgYQzfJw52BFUDT9RGDQNLk-1664870437-0-AX9bXvnrhIEgQbY+VFNS5Vovkgm/I1KmQiTwxkC7o+BE84mN97JohUFIUlpG/5g4bh0FRMOtHQqUZ5Ni78F/Ltc=
    Response
    HTTP/2.0 200
    date: Tue, 04 Oct 2022 08:00:37 GMT
    content-type: text/html; charset=utf-8
    cf-ray: 754c62879f75d0d9-AMS
    cache-control: no-store, max-age=0, no-transform
    content-language: en
    etag: W/"3f6a-nXBACbAHhjcLkTuMXHhtaAkWogU"
    expires: Tue, 04 Oct 2022 08:00:37 GMT
    strict-transport-security: max-age=31536000
    vary: Accept-Encoding
    cf-cache-status: DYNAMIC
    content-security-policy: frame-ancestors 'none'
    ot-baggage-auth0-request-id: 754c62879f75d0d9
    ot-tracer-sampled: true
    ot-tracer-spanid: 14f1e91162e2c856
    ot-tracer-traceid: 3f7265e15c78e46a
    p3p: CP="Auth0 does not have a P3P policy but our privacy policy is available here: https://auth0.com/privacy"
    pragma: no-cache
    referrer-policy: same-origin
    traceparent: 00-14f1e91162e2c856-00000000000000003f7265e15c78e46a-01
    tracestate: auth0-request-id=754c62879f75d0d9,auth0=true
    x-auth0-requestid: 504ce2c00663b253c32e
    x-content-type-options: nosniff
    x-frame-options: deny
    x-ratelimit-limit: 20
    x-ratelimit-remaining: 19
    x-ratelimit-reset: 1664870444
    x-robots-tag: noindex, nofollow
    x-xss-protection: 1; mode=block
    server: cloudflare
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • flag-us
    GET
    https://login.powerfactors.app/favicon.ico
    IEXPLORE.EXE
    Remote address:
    104.18.244.88:443
    Request
    GET /favicon.ico HTTP/2.0
    host: login.powerfactors.app
    accept: */*
    accept-encoding: gzip, deflate
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    cookie: did_compat=s%3Av0%3Aa1693c80-43ba-11ed-b9cd-43983f600813.aSoqAD5wKKV%2Brrg8xFH4keCIB4JpyzoJmJVRd6aRnTU; auth0_compat=s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQMEBpck1ItKVSsIdtbU6ojcQtrL2B-pc0ub7jhkyyfncam61We-YOt0b5Z0uardjo3PJVFgW2av7mMA4OyCr0A6mY29va2llg6dleHBpcmVz1__uLh8AYz_cpK5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.JPAhsc4%2BK9QeOEjiXhTfrnOCZ%2FyPTNYMrgFYDg7AW7I; did=s%3Av0%3Aa1693c80-43ba-11ed-b9cd-43983f600813.aSoqAD5wKKV%2Brrg8xFH4keCIB4JpyzoJmJVRd6aRnTU; auth0=s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQMEBpck1ItKVSsIdtbU6ojcQtrL2B-pc0ub7jhkyyfncam61We-YOt0b5Z0uardjo3PJVFgW2av7mMA4OyCr0A6mY29va2llg6dleHBpcmVz1__uLh8AYz_cpK5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.JPAhsc4%2BK9QeOEjiXhTfrnOCZ%2FyPTNYMrgFYDg7AW7I; __cf_bm=.tta9lJlXs82_1OO23TpDgYQzfJw52BFUDT9RGDQNLk-1664870437-0-AX9bXvnrhIEgQbY+VFNS5Vovkgm/I1KmQiTwxkC7o+BE84mN97JohUFIUlpG/5g4bh0FRMOtHQqUZ5Ni78F/Ltc=
    Response
    HTTP/2.0 404
    date: Tue, 04 Oct 2022 08:01:05 GMT
    content-type: text/plain; charset=utf-8
    content-length: 9
    cf-ray: 754c6335fc67d0d9-AMS
    cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-transform
    etag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"
    strict-transport-security: max-age=31536000
    vary: Accept-Encoding
    cf-cache-status: MISS
    ot-baggage-auth0-request-id: 754c6335fc67d0d9
    ot-tracer-sampled: true
    ot-tracer-spanid: 77a4784350ee1f71
    ot-tracer-traceid: 35120c336093a227
    traceparent: 00-77a4784350ee1f71-000000000000000035120c336093a227-01
    tracestate: auth0-request-id=754c6335fc67d0d9,auth0=true
    x-auth0-requestid: cdbe703ee2241747a300
    x-content-type-options: nosniff
    server: cloudflare
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • flag-us
    DNS
    cdn.auth0.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    cdn.auth0.com
    IN A
    Response
    cdn.auth0.com
    IN CNAME
    dp0wn1kjwhg75.cloudfront.net
    dp0wn1kjwhg75.cloudfront.net
    IN A
    52.222.143.56
  • flag-nl
    GET
    https://cdn.auth0.com/ulp/react-components/1.60.9/css/main.cdn.min.css
    IEXPLORE.EXE
    Remote address:
    52.222.143.56:443
    Request
    GET /ulp/react-components/1.60.9/css/main.cdn.min.css HTTP/2.0
    host: cdn.auth0.com
    accept: text/css, */*
    referer: https://login.powerfactors.app/u/login/identifier?state=hqFo2SBKc1RXZlFCM1FsNGt2UEJWZ0c3TW5LZTV3dHF3MjlxQqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZaNzVkM1FfU2VQSEl1bkw1TlNlMXdIcVE3YkJZUGFHo2NpZNkgWkQwUk5XV0dPalAxcjlWSEx4VURkVEUzN2I3TnJLc2elb3JnaWS0b3JnX2VWRTBnYlpPMjcxQWozTmenb3JnbmFtZb1oZWxsZW5pYy1wZXRyb2xldW0tcmVuZXdhYmxlcw
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    content-type: text/css
    date: Mon, 03 Oct 2022 17:14:15 GMT
    x-amz-replication-status: FAILED
    last-modified: Wed, 21 Sep 2022 17:14:13 GMT
    etag: W/"e13766a1ef51ddb006a5ac69891da978"
    cache-control: max-age=2628000,public
    x-amz-version-id: VaFUXr4qdNWDz2WduVb.CrAjvWO5_efI
    server: AmazonS3
    content-encoding: gzip
    vary: Accept-Encoding
    x-cache: Hit from cloudfront
    via: 1.1 4f516e51d4c38a41272c9098bf829774.cloudfront.net (CloudFront)
    x-amz-cf-pop: AMS50-C1
    x-amz-cf-id: 85-Uh7SHrG93yeh9vIlDqCqHV8S7Vpbtl2o_TT58gjH-GFEZY6csMw==
    age: 53207
  • flag-nl
    GET
    https://cdn.auth0.com/avatars/h.png
    IEXPLORE.EXE
    Remote address:
    52.222.143.56:443
    Request
    GET /avatars/h.png HTTP/2.0
    host: cdn.auth0.com
    accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
    referer: https://login.powerfactors.app/u/login/identifier?state=hqFo2SBKc1RXZlFCM1FsNGt2UEJWZ0c3TW5LZTV3dHF3MjlxQqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZaNzVkM1FfU2VQSEl1bkw1TlNlMXdIcVE3YkJZUGFHo2NpZNkgWkQwUk5XV0dPalAxcjlWSEx4VURkVEUzN2I3TnJLc2elb3JnaWS0b3JnX2VWRTBnYlpPMjcxQWozTmenb3JnbmFtZb1oZWxsZW5pYy1wZXRyb2xldW0tcmVuZXdhYmxlcw
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    content-type: image/png
    content-length: 422
    last-modified: Mon, 10 Aug 2015 12:46:10 GMT
    x-amz-version-id: null
    accept-ranges: bytes
    server: AmazonS3
    date: Tue, 04 Oct 2022 06:20:22 GMT
    cache-control: public, max-age=31536000
    etag: "ca5ffdcbb2980768a7de1c811e3e4697"
    vary: Accept-Encoding
    x-cache: Hit from cloudfront
    via: 1.1 4f516e51d4c38a41272c9098bf829774.cloudfront.net (CloudFront)
    x-amz-cf-pop: AMS50-C1
    x-amz-cf-id: lQS1vBQiu7ig6NCYQTbrsm2JWcigul_s6tKgqopg-QO7qx9U0xJCKA==
    age: 6040
  • flag-us
    DNS
    greenbyte-logo-library.s3.eu-west-1.amazonaws.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    greenbyte-logo-library.s3.eu-west-1.amazonaws.com
    IN A
    Response
    greenbyte-logo-library.s3.eu-west-1.amazonaws.com
    IN CNAME
    s3-r-w.eu-west-1.amazonaws.com
    s3-r-w.eu-west-1.amazonaws.com
    IN A
    52.218.112.136
  • flag-ie
    GET
    https://greenbyte-logo-library.s3.eu-west-1.amazonaws.com/GB-PF-subsidiary-logos-02_S.png
    IEXPLORE.EXE
    Remote address:
    52.218.112.136:443
    Request
    GET /GB-PF-subsidiary-logos-02_S.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
    Referer: https://login.powerfactors.app/u/login/identifier?state=hqFo2SBKc1RXZlFCM1FsNGt2UEJWZ0c3TW5LZTV3dHF3MjlxQqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZaNzVkM1FfU2VQSEl1bkw1TlNlMXdIcVE3YkJZUGFHo2NpZNkgWkQwUk5XV0dPalAxcjlWSEx4VURkVEUzN2I3TnJLc2elb3JnaWS0b3JnX2VWRTBnYlpPMjcxQWozTmenb3JnbmFtZb1oZWxsZW5pYy1wZXRyb2xldW0tcmVuZXdhYmxlcw
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: greenbyte-logo-library.s3.eu-west-1.amazonaws.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    x-amz-id-2: kSDCV4zArIBP9voKWLMgpemKai4VEMawj+i3GpfKL+/e+fw4WpBSIQnNeHNSVCjvGugeJDnD9SU=
    x-amz-request-id: P05D05QE3G0NB7C0
    Date: Tue, 04 Oct 2022 08:01:06 GMT
    Last-Modified: Tue, 19 Apr 2022 20:28:45 GMT
    ETag: "8fd03b8da43f9a680118faac2ad83677"
    Accept-Ranges: bytes
    Content-Type: image/png
    Server: AmazonS3
    Content-Length: 26303
  • 8.238.20.126:80
    322 B
     7
  • 8.238.20.126:80
    322 B
     7
  • 54.229.33.68:80
    http://helleniqenergy.greenbyte.cloud/
    http
    IEXPLORE.EXE
    553 B
     522 B
     6
    4

    HTTP Request

    GET http://helleniqenergy.greenbyte.cloud/

    HTTP Response

    301
  • 54.229.33.68:80
    helleniqenergy.greenbyte.cloud
    IEXPLORE.EXE
    190 B
     92 B
     4
    2
  • 54.229.33.68:443
    helleniqenergy.greenbyte.cloud
    tls, http2
    IEXPLORE.EXE
    1.1kB
     6.2kB
     15
    11
  • 13.227.211.5:80
    http://s.ss2.us/r.crl
    http
    IEXPLORE.EXE
    390 B
     1.3kB
     6
    5

    HTTP Request

    GET http://s.ss2.us/r.crl

    HTTP Response

    200
  • 54.229.33.68:443
    helleniqenergy.greenbyte.cloud
    IEXPLORE.EXE
    156 B
     3
  • 18.200.115.133:443
    https://helleniqenergy.greenbyte.cloud/Account/LogOn?returnUrl=%2F
    tls, http2
    IEXPLORE.EXE
    1.6kB
     8.5kB
     21
    15

    HTTP Request

    GET https://helleniqenergy.greenbyte.cloud/

    HTTP Response

    302

    HTTP Request

    GET https://helleniqenergy.greenbyte.cloud/Account/LogOn?returnUrl=%2F

    HTTP Response

    302
  • 8.238.23.254:80
    46 B
     40 B
     1
    1
  • 104.16.96.94:443
    login.powerfactors.app
    tls, http2
    IEXPLORE.EXE
    835 B
     3.2kB
     10
    9
  • 104.16.96.94:443
    login.powerfactors.app
    IEXPLORE.EXE
    156 B
     3
  • 8.253.208.120:80
    322 B
     7
  • 104.18.244.88:443
    https://login.powerfactors.app/favicon.ico
    tls, http2
    IEXPLORE.EXE
    4.4kB
     24.7kB
     37
    36

    HTTP Request

    GET https://login.powerfactors.app/authorize?client_id=ZD0RNWWGOjP1r9VHLxUDdTE37b7NrKsg&response_type=code%20id_token%20token&scope=openid%20profile%20email&state=OpenIdConnect.AuthenticationProperties%3DRlCODYBIEy4QmS8FlH_cXyTFaaz2U0h7HMGiS6nLVUw-byCyMlE6mxA5930yafxk-1qeB2bM2lYQKTS5fBOFZWpQxu-MjFdfNT9RQ1jgmX1EALcekJtjg2q8hewfvivk1Xbuk0ufjaQIw0xodLhQ4g&response_mode=form_post&nonce=638004672214926093.NDYxZWY1MjMtZThlNy00YWQ2LTk2MTgtNjFhYzhkNjM4NGI2NTg0MmY2NDctNDE0OS00MTE0LWJmMmEtOTk3NmY2ZjMwYTdj&organization=org_eVE0gbZO271Aj3Ng&redirect_uri=https%3A%2F%2Fhelleniqenergy.greenbyte.cloud%2Fcallback&x-client-SKU=ID_NET461&x-client-ver=5.3.0.0

    HTTP Response

    302

    HTTP Request

    GET https://login.powerfactors.app/u/login/identifier?state=hqFo2SBKc1RXZlFCM1FsNGt2UEJWZ0c3TW5LZTV3dHF3MjlxQqFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIFZaNzVkM1FfU2VQSEl1bkw1TlNlMXdIcVE3YkJZUGFHo2NpZNkgWkQwUk5XV0dPalAxcjlWSEx4VURkVEUzN2I3TnJLc2elb3JnaWS0b3JnX2VWRTBnYlpPMjcxQWozTmenb3JnbmFtZb1oZWxsZW5pYy1wZXRyb2xldW0tcmVuZXdhYmxlcw

    HTTP Response

    200

    HTTP Request

    GET https://login.powerfactors.app/favicon.ico

    HTTP Response

    404
  • 204.79.197.200:443
    ieonline.microsoft.com
    iexplore.exe
    156 B
     3
  • 52.222.143.56:443
    cdn.auth0.com
    tls, http2
    IEXPLORE.EXE
    1.0kB
     6.7kB
     14
    13
  • 52.222.143.56:443
    https://cdn.auth0.com/avatars/h.png
    tls, http2
    IEXPLORE.EXE
    3.5kB
     63.7kB
     57
    56

    HTTP Request

    GET https://cdn.auth0.com/ulp/react-components/1.60.9/css/main.cdn.min.css

    HTTP Request

    GET https://cdn.auth0.com/avatars/h.png

    HTTP Response

    200

    HTTP Response

    200
  • 52.218.112.136:443
    https://greenbyte-logo-library.s3.eu-west-1.amazonaws.com/GB-PF-subsidiary-logos-02_S.png
    tls, http
    IEXPLORE.EXE
    2.9kB
     34.3kB
     41
    38

    HTTP Request

    GET https://greenbyte-logo-library.s3.eu-west-1.amazonaws.com/GB-PF-subsidiary-logos-02_S.png

    HTTP Response

    200
  • 52.218.112.136:443
    greenbyte-logo-library.s3.eu-west-1.amazonaws.com
    tls
    IEXPLORE.EXE
    1.2kB
     6.6kB
     18
    15
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls, http2
    iexplore.exe
    1.1kB
     589 B
     9
    8
  • 8.8.8.8:53
    helleniqenergy.greenbyte.cloud
    dns
    IEXPLORE.EXE
    76 B
     124 B
     1
    1

    DNS Request

    helleniqenergy.greenbyte.cloud

    DNS Response

    54.229.33.68
    18.200.115.133
    54.72.108.185

  • 8.8.8.8:53
    api.bing.com
    dns
    iexplore.exe
    58 B
     134 B
     1
    1

    DNS Request

    api.bing.com

    DNS Response

    13.107.5.80

  • 8.8.8.8:53
    s.ss2.us
    dns
    IEXPLORE.EXE
    54 B
     118 B
     1
    1

    DNS Request

    s.ss2.us

    DNS Response

    13.227.211.5
    13.227.211.177
    13.227.211.169
    13.227.211.118

  • 8.8.8.8:53
    crl.rootca1.amazontrust.com
    dns
    IEXPLORE.EXE
    365 B
     5

    DNS Request

    crl.rootca1.amazontrust.com

    DNS Request

    crl.rootca1.amazontrust.com

    DNS Request

    crl.rootca1.amazontrust.com

    DNS Request

    crl.rootca1.amazontrust.com

    DNS Request

    crl.rootca1.amazontrust.com

  • 8.8.8.8:53
    login.powerfactors.app
    dns
    IEXPLORE.EXE
    68 B
     183 B
     1
    1

    DNS Request

    login.powerfactors.app

    DNS Response

    104.16.96.94
    104.18.244.88

  • 8.8.8.8:53
    cdn.auth0.com
    dns
    IEXPLORE.EXE
    59 B
     117 B
     1
    1

    DNS Request

    cdn.auth0.com

    DNS Response

    52.222.143.56

  • 8.8.8.8:53
    greenbyte-logo-library.s3.eu-west-1.amazonaws.com
    dns
    IEXPLORE.EXE
    95 B
     132 B
     1
    1

    DNS Request

    greenbyte-logo-library.s3.eu-west-1.amazonaws.com

    DNS Response

    52.218.112.136

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F
    Filesize

    7KB

    MD5

    706d6538fd37693ad6e2784b2ea35218

    SHA1

    cabb2d92135c4f7c1e7a55053b0257495fab966c

    SHA256

    3be2af083ffd1e6bf9762687183226aa01ec65b391afdfae8ecdafc247f5c77e

    SHA512

    9c293e3c391918eba162a791c5e77d8c101bc30954de9fc19c1b3604ece3f293e7e26539626a20e15983b847ca2adb571b48ff2742b6617ebed9cf20faf496fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
    Filesize

    226B

    MD5

    58dfe0f6b411795541bf0810a4327f61

    SHA1

    8c0a219e3f8b1605a0f033ef5036ef98c1391a55

    SHA256

    72339daeb8778931fd23a988d24240bd843b57a976da7f18587a03b3b0d86381

    SHA512

    922d7f9f39e98e2e9b8f7b2bce411e984ff2aa00c64f539ea77eae61803799c8edb632231867365e764785c8b0cedd8f8d6737772c548206d258458f1d755c51

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.