Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2024, 21:05 UTC

General

  • Target

    https://at0g0vcenteft.cc

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://at0g0vcenteft.cc
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2816
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7279758,0x7fef7279768,0x7fef7279778
      2⤵
        PID:2864
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:2
        2⤵
          PID:2712
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:8
          2⤵
            PID:2692
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:8
            2⤵
              PID:2668
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2176 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:1
              2⤵
                PID:2924
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2184 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:1
                2⤵
                  PID:2084
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1656 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:2
                  2⤵
                    PID:1476
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2996 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:8
                    2⤵
                      PID:1712
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3408 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:1
                      2⤵
                        PID:1160
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2968 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:1
                        2⤵
                          PID:1640
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3692 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:1
                          2⤵
                            PID:2976
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:8
                            2⤵
                              PID:268
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2564 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:1
                              2⤵
                                PID:2728
                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                              1⤵
                                PID:1644

                              Network

                              • flag-us
                                DNS
                                at0g0vcenteft.cc
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                at0g0vcenteft.cc
                                IN A
                                Response
                                at0g0vcenteft.cc
                                IN A
                                172.67.216.139
                                at0g0vcenteft.cc
                                IN A
                                104.21.93.236
                              • flag-us
                                DNS
                                at0g0vcenteft.cc
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                at0g0vcenteft.cc
                                IN A
                              • flag-us
                                GET
                                https://at0g0vcenteft.cc/
                                chrome.exe
                                Remote address:
                                172.67.216.139:443
                                Request
                                GET / HTTP/2.0
                                host: at0g0vcenteft.cc
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                upgrade-insecure-requests: 1
                                user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                sec-fetch-site: none
                                sec-fetch-mode: navigate
                                sec-fetch-user: ?1
                                sec-fetch-dest: document
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 403
                                date: Thu, 11 Jan 2024 21:05:46 GMT
                                content-type: text/html; charset=UTF-8
                                cross-origin-embedder-policy: require-corp
                                cross-origin-opener-policy: same-origin
                                cross-origin-resource-policy: same-origin
                                origin-agent-cluster: ?1
                                permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                referrer-policy: same-origin
                                x-frame-options: SAMEORIGIN
                                cf-mitigated: challenge
                                cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                expires: Thu, 01 Jan 1970 00:00:01 GMT
                                report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yrUJHAXLjaSZqcS4Uaix3f40A6dyUMbHthA0frFfJx2jCQEuAPpmNi5GDQa6r23A0jYxeezBecUfYRRfW6G5%2BZSbqeEczHPoT81u3BAVsz2YA6BAv%2B1gOHtHTBX7GT%2B5mff4"}],"group":"cf-nel","max_age":604800}
                                nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                vary: Accept-Encoding
                                server: cloudflare
                                cf-ray: 84401ea67c5c71ec-LHR
                                content-encoding: br
                                alt-svc: h3=":443"; ma=86400
                              • flag-us
                                GET
                                https://at0g0vcenteft.cc/cdn-cgi/styles/challenges.css
                                chrome.exe
                                Remote address:
                                172.67.216.139:443
                                Request
                                GET /cdn-cgi/styles/challenges.css HTTP/2.0
                                host: at0g0vcenteft.cc
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                sec-ch-ua-platform: "Windows"
                                accept: text/css,*/*;q=0.1
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: style
                                referer: https://at0g0vcenteft.cc/
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                date: Thu, 11 Jan 2024 21:05:46 GMT
                                content-type: text/css
                                last-modified: Tue, 19 Dec 2023 14:09:38 GMT
                                etag: W/"6581a422-19c8"
                                server: cloudflare
                                cf-ray: 84401ea6fd2971ec-LHR
                                x-frame-options: DENY
                                x-content-type-options: nosniff
                                vary: Accept-Encoding
                                expires: Thu, 11 Jan 2024 23:05:46 GMT
                                cache-control: max-age=7200
                                cache-control: public
                                content-encoding: gzip
                              • flag-us
                                GET
                                https://at0g0vcenteft.cc/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=84401ea67c5c71ec
                                chrome.exe
                                Remote address:
                                172.67.216.139:443
                                Request
                                GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=84401ea67c5c71ec HTTP/2.0
                                host: at0g0vcenteft.cc
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                sec-ch-ua-platform: "Windows"
                                accept: */*
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: script
                                referer: https://at0g0vcenteft.cc/?__cf_chl_rt_tk=ttjxHDIDAhzz9Qughl_gz6UyEK1XPwnKUuBJRq_ZhBE-1705007145-0-gaNycGzNCzs
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                date: Thu, 11 Jan 2024 21:05:46 GMT
                                content-type: application/javascript; charset=UTF-8
                                cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZXUbhshohc73PSyW1FUtrQwJrdfnvo2d4SAWG9mzXwoBUVxd5opQ5cwjei1KUKoA%2FC52lJpxq%2FZ%2Fetzz1FAXgBzgeAcXz0JZceo94ZcMEsorJoMoSYPxiR2OCcPNLhgfKAUV"}],"group":"cf-nel","max_age":604800}
                                nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                server: cloudflare
                                cf-ray: 84401ea9588571ec-LHR
                                content-encoding: br
                                alt-svc: h3=":443"; ma=86400
                              • flag-us
                                DNS
                                pki.goog
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                pki.goog
                                IN A
                                Response
                                pki.goog
                                IN A
                                216.239.32.29
                              • flag-us
                                DNS
                                pki.goog
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                pki.goog
                                IN A
                              • flag-us
                                GET
                                http://pki.goog/gsr1/gsr1.crt
                                chrome.exe
                                Remote address:
                                216.239.32.29:80
                                Request
                                GET /gsr1/gsr1.crt HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                User-Agent: Microsoft-CryptoAPI/6.1
                                Host: pki.goog
                                Response
                                HTTP/1.1 200 OK
                                Accept-Ranges: bytes
                                Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                Cross-Origin-Resource-Policy: cross-origin
                                Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                                Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                                Content-Length: 889
                                X-Content-Type-Options: nosniff
                                Server: sffe
                                X-XSS-Protection: 0
                                Date: Thu, 11 Jan 2024 20:52:10 GMT
                                Expires: Thu, 11 Jan 2024 21:42:10 GMT
                                Cache-Control: public, max-age=3000
                                Age: 807
                                Last-Modified: Wed, 20 May 2020 16:45:00 GMT
                                Content-Type: application/pkix-cert
                                Vary: Accept-Encoding
                              • flag-us
                                DNS
                                www.microsoft.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                www.microsoft.com
                                IN A
                                Response
                                www.microsoft.com
                                IN CNAME
                                www.microsoft.com-c-3.edgekey.net
                                www.microsoft.com-c-3.edgekey.net
                                IN CNAME
                                www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                IN CNAME
                                e13678.dscb.akamaiedge.net
                                e13678.dscb.akamaiedge.net
                                IN A
                                92.123.241.137
                              • flag-us
                                DNS
                                a.nel.cloudflare.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                a.nel.cloudflare.com
                                IN A
                                Response
                                a.nel.cloudflare.com
                                IN A
                                35.190.80.1
                              • flag-us
                                OPTIONS
                                https://a.nel.cloudflare.com/report/v3?s=yrUJHAXLjaSZqcS4Uaix3f40A6dyUMbHthA0frFfJx2jCQEuAPpmNi5GDQa6r23A0jYxeezBecUfYRRfW6G5%2BZSbqeEczHPoT81u3BAVsz2YA6BAv%2B1gOHtHTBX7GT%2B5mff4
                                chrome.exe
                                Remote address:
                                35.190.80.1:443
                                Request
                                OPTIONS /report/v3?s=yrUJHAXLjaSZqcS4Uaix3f40A6dyUMbHthA0frFfJx2jCQEuAPpmNi5GDQa6r23A0jYxeezBecUfYRRfW6G5%2BZSbqeEczHPoT81u3BAVsz2YA6BAv%2B1gOHtHTBX7GT%2B5mff4 HTTP/2.0
                                host: a.nel.cloudflare.com
                                origin: https://at0g0vcenteft.cc
                                access-control-request-method: POST
                                access-control-request-headers: content-type
                                user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-us
                                OPTIONS
                                https://a.nel.cloudflare.com/report/v3?s=JTSWmlrHlFXrN7WiyDiYmpQR%2FQ6tQf58S5r0pGFUSH6DOOrtqSRhhpDEYpegDDyz0Jylhr0eDFDKGe6ClUSP9NmSAtoNdfZ2KAYjefzcReqDvCNLujVnKAo0lJKistQHCy%2BG
                                chrome.exe
                                Remote address:
                                35.190.80.1:443
                                Request
                                OPTIONS /report/v3?s=JTSWmlrHlFXrN7WiyDiYmpQR%2FQ6tQf58S5r0pGFUSH6DOOrtqSRhhpDEYpegDDyz0Jylhr0eDFDKGe6ClUSP9NmSAtoNdfZ2KAYjefzcReqDvCNLujVnKAo0lJKistQHCy%2BG HTTP/2.0
                                host: a.nel.cloudflare.com
                                origin: https://at0g0vcenteft.cc
                                access-control-request-method: POST
                                access-control-request-headers: content-type
                                user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-us
                                DNS
                                apps.identrust.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                apps.identrust.com
                                IN A
                                Response
                                apps.identrust.com
                                IN CNAME
                                identrust.edgesuite.net
                                identrust.edgesuite.net
                                IN CNAME
                                a1952.dscq.akamai.net
                                a1952.dscq.akamai.net
                                IN A
                                96.17.179.205
                                a1952.dscq.akamai.net
                                IN A
                                96.17.179.184
                              • flag-gb
                                GET
                                http://apps.identrust.com/roots/dstrootcax3.p7c
                                chrome.exe
                                Remote address:
                                96.17.179.205:80
                                Request
                                GET /roots/dstrootcax3.p7c HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                User-Agent: Microsoft-CryptoAPI/6.1
                                Host: apps.identrust.com
                                Response
                                HTTP/1.1 200 OK
                                X-XSS-Protection: 1; mode=block
                                X-Frame-Options: SAMEORIGIN
                                X-Content-Type-Options: nosniff
                                X-Robots-Tag: noindex
                                Referrer-Policy: same-origin
                                Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
                                ETag: "37d-6079b8c0929c0"
                                Accept-Ranges: bytes
                                Content-Length: 893
                                X-Content-Type-Options: nosniff
                                X-Frame-Options: sameorigin
                                Content-Type: application/pkcs7-mime
                                Cache-Control: max-age=3600
                                Expires: Thu, 11 Jan 2024 22:05:46 GMT
                                Date: Thu, 11 Jan 2024 21:05:46 GMT
                                Connection: keep-alive
                              • flag-us
                                DNS
                                challenges.cloudflare.com
                                chrome.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                challenges.cloudflare.com
                                IN A
                                Response
                                challenges.cloudflare.com
                                IN A
                                104.17.3.184
                                challenges.cloudflare.com
                                IN A
                                104.17.2.184
                              • flag-us
                                GET
                                https://challenges.cloudflare.com/turnstile/v0/b/c8377512/api.js?onload=ILIdiM9&render=explicit
                                chrome.exe
                                Remote address:
                                104.17.3.184:443
                                Request
                                GET /turnstile/v0/b/c8377512/api.js?onload=ILIdiM9&render=explicit HTTP/2.0
                                host: challenges.cloudflare.com
                                sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                                origin: https://at0g0vcenteft.cc
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                sec-ch-ua-platform: "Windows"
                                accept: */*
                                sec-fetch-site: cross-site
                                sec-fetch-mode: cors
                                sec-fetch-dest: script
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                date: Thu, 11 Jan 2024 21:05:47 GMT
                                content-type: application/javascript; charset=UTF-8
                                access-control-allow-origin: *
                                cache-control: max-age=31536000
                                vary: Accept-Encoding
                                server: cloudflare
                                cf-ray: 84401eadfb9c71a5-LHR
                                content-encoding: br
                                alt-svc: h3=":443"; ma=86400
                              • 172.67.216.139:443
                                https://at0g0vcenteft.cc/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=84401ea67c5c71ec
                                tls, http2
                                chrome.exe
                                4.1kB
                                74.1kB
                                52
                                81

                                HTTP Request

                                GET https://at0g0vcenteft.cc/

                                HTTP Response

                                403

                                HTTP Request

                                GET https://at0g0vcenteft.cc/cdn-cgi/styles/challenges.css

                                HTTP Response

                                200

                                HTTP Request

                                GET https://at0g0vcenteft.cc/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=84401ea67c5c71ec

                                HTTP Response

                                200
                              • 172.67.216.139:443
                                at0g0vcenteft.cc
                                tls, http2
                                chrome.exe
                                1.6kB
                                5.1kB
                                11
                                8
                              • 172.67.216.139:443
                                at0g0vcenteft.cc
                                tls
                                chrome.exe
                                1.6kB
                                4.6kB
                                11
                                8
                              • 216.239.32.29:80
                                http://pki.goog/gsr1/gsr1.crt
                                http
                                chrome.exe
                                938 B
                                2.1kB
                                10
                                6

                                HTTP Request

                                GET http://pki.goog/gsr1/gsr1.crt

                                HTTP Response

                                200
                              • 35.190.80.1:443
                                https://a.nel.cloudflare.com/report/v3?s=JTSWmlrHlFXrN7WiyDiYmpQR%2FQ6tQf58S5r0pGFUSH6DOOrtqSRhhpDEYpegDDyz0Jylhr0eDFDKGe6ClUSP9NmSAtoNdfZ2KAYjefzcReqDvCNLujVnKAo0lJKistQHCy%2BG
                                tls, http2
                                chrome.exe
                                2.3kB
                                6.3kB
                                19
                                19

                                HTTP Request

                                OPTIONS https://a.nel.cloudflare.com/report/v3?s=yrUJHAXLjaSZqcS4Uaix3f40A6dyUMbHthA0frFfJx2jCQEuAPpmNi5GDQa6r23A0jYxeezBecUfYRRfW6G5%2BZSbqeEczHPoT81u3BAVsz2YA6BAv%2B1gOHtHTBX7GT%2B5mff4

                                HTTP Request

                                OPTIONS https://a.nel.cloudflare.com/report/v3?s=JTSWmlrHlFXrN7WiyDiYmpQR%2FQ6tQf58S5r0pGFUSH6DOOrtqSRhhpDEYpegDDyz0Jylhr0eDFDKGe6ClUSP9NmSAtoNdfZ2KAYjefzcReqDvCNLujVnKAo0lJKistQHCy%2BG
                              • 96.17.179.205:80
                                http://apps.identrust.com/roots/dstrootcax3.p7c
                                http
                                chrome.exe
                                421 B
                                1.5kB
                                6
                                3

                                HTTP Request

                                GET http://apps.identrust.com/roots/dstrootcax3.p7c

                                HTTP Response

                                200
                              • 104.17.3.184:443
                                https://challenges.cloudflare.com/turnstile/v0/b/c8377512/api.js?onload=ILIdiM9&render=explicit
                                tls, http2
                                chrome.exe
                                1.9kB
                                15.9kB
                                17
                                22

                                HTTP Request

                                GET https://challenges.cloudflare.com/turnstile/v0/b/c8377512/api.js?onload=ILIdiM9&render=explicit

                                HTTP Response

                                200
                              • 8.8.8.8:53
                                at0g0vcenteft.cc
                                dns
                                chrome.exe
                                124 B
                                94 B
                                2
                                1

                                DNS Request

                                at0g0vcenteft.cc

                                DNS Request

                                at0g0vcenteft.cc

                                DNS Response

                                172.67.216.139
                                104.21.93.236

                              • 224.0.0.251:5353
                                chrome.exe
                                204 B
                                3
                              • 8.8.8.8:53
                                pki.goog
                                dns
                                chrome.exe
                                108 B
                                70 B
                                2
                                1

                                DNS Request

                                pki.goog

                                DNS Request

                                pki.goog

                                DNS Response

                                216.239.32.29

                              • 8.8.8.8:53
                                www.microsoft.com
                                dns
                                chrome.exe
                                63 B
                                230 B
                                1
                                1

                                DNS Request

                                www.microsoft.com

                                DNS Response

                                92.123.241.137

                              • 8.8.8.8:53
                                a.nel.cloudflare.com
                                dns
                                chrome.exe
                                66 B
                                82 B
                                1
                                1

                                DNS Request

                                a.nel.cloudflare.com

                                DNS Response

                                35.190.80.1

                              • 172.67.216.139:443
                                at0g0vcenteft.cc
                                https
                                chrome.exe
                                80.7kB
                                75.2kB
                                116
                                100
                              • 8.8.8.8:53
                                apps.identrust.com
                                dns
                                chrome.exe
                                64 B
                                165 B
                                1
                                1

                                DNS Request

                                apps.identrust.com

                                DNS Response

                                96.17.179.205
                                96.17.179.184

                              • 8.8.8.8:53
                                challenges.cloudflare.com
                                dns
                                chrome.exe
                                71 B
                                103 B
                                1
                                1

                                DNS Request

                                challenges.cloudflare.com

                                DNS Response

                                104.17.3.184
                                104.17.2.184

                              • 35.190.80.1:443
                                a.nel.cloudflare.com
                                https
                                chrome.exe
                                3.6kB
                                5.4kB
                                12
                                10
                              • 104.17.3.184:443
                                challenges.cloudflare.com
                                https
                                chrome.exe
                                112.5kB
                                214.3kB
                                168
                                227
                              • 35.190.80.1:443
                                a.nel.cloudflare.com
                                https
                                chrome.exe
                                5.8kB
                                3.7kB
                                10
                                10

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                                Filesize

                                65KB

                                MD5

                                ac05d27423a85adc1622c714f2cb6184

                                SHA1

                                b0fe2b1abddb97837ea0195be70ab2ff14d43198

                                SHA256

                                c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                                SHA512

                                6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

                                Filesize

                                1KB

                                MD5

                                a266bb7dcc38a562631361bbf61dd11b

                                SHA1

                                3b1efd3a66ea28b16697394703a72ca340a05bd5

                                SHA256

                                df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

                                SHA512

                                0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                Filesize

                                344B

                                MD5

                                c0f1f358b3bc43770761cf67ad9bf61d

                                SHA1

                                496687a3457c8ee004c3b1e4ff64d54b77d8cc8d

                                SHA256

                                641afc2b239101e2348d8069f9efe14aa6d924b3e394bdb187ca4a8a03e2b05c

                                SHA512

                                7749f45263fa52939b4ebeefefe2fff76c37eca18c35843264b205717ee197db328aac34329386acebf635042daa1921e0f0b71f13aff6498258f491c1836e4e

                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

                                Filesize

                                242B

                                MD5

                                8d0fa3777ad3071d725b82b98dc9b48d

                                SHA1

                                1c7804aae89345027079eaa480f3f5769238505b

                                SHA256

                                7aa48d75895171115d12b01aa44e082423d29b18647a76cc4eede5b206e26a5d

                                SHA512

                                588d2c6a9e99951361d6101de57e0bb405dd00e660cf1297d93865a0391e5ee2038e464ae08346db42cd206f5e8c97c39f69f7932e3f6b93a2e1ff75e44cc77d

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

                                Filesize

                                16B

                                MD5

                                aefd77f47fb84fae5ea194496b44c67a

                                SHA1

                                dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                SHA256

                                4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                SHA512

                                b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                Filesize

                                264KB

                                MD5

                                f50f89a0a91564d0b8a211f8921aa7de

                                SHA1

                                112403a17dd69d5b9018b8cede023cb3b54eab7d

                                SHA256

                                b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                SHA512

                                bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                34e91354bba34e2b3b703ae7cba1d2d3

                                SHA1

                                4b69473138e40bbc8284b098a0ca4ed894b2e898

                                SHA256

                                6c59e83060506aea44f02ba359c2df3a3caefeb7ec316a95e85e7386017485c3

                                SHA512

                                9a1e5b910566f99cfb6cd973a9721698ee102e17335d7c20bffb4fc917027d1e2fa2fc2f37d2545923909f996d978820fc905f4a5140664aeb8cb97512737af2

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                60e23e8ed3b3ba8fe0ad3a10fd6b5bed

                                SHA1

                                94959c80f99163f3903b68c39bba6cdc62c18ebf

                                SHA256

                                0139cd3726dfa91cc3a3552776108ff1b5d76826a15769a8033d2f4163da1f01

                                SHA512

                                d1b495167ee196250ecd7ff0cc849d677d578cec210783735c47f8353b5331d0c8e6949f9826f6ef4c8330deabcdcd2a89e31a450ad21df5a5330669c4a05f4f

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                02ac18ed88956551458d457b2984a430

                                SHA1

                                797c96ad5e1c86273fcb27fff581baa2b96f33e0

                                SHA256

                                4d4d91a94bfb87c6c5e44ea3ed02b80216720c12cc849802f1b5a9279ca0b877

                                SHA512

                                4760b0388aba79fb4b4afb1832e5a6f4c1c18140977393fdb3617412b468c309b130f488bf55524628fa5896d5ce81c12cea81c219ce7bf77aac8f67e616e224

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                                Filesize

                                16B

                                MD5

                                18e723571b00fb1694a3bad6c78e4054

                                SHA1

                                afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                SHA256

                                8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                SHA512

                                43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                              • C:\Users\Admin\AppData\Local\Temp\Tar4D5A.tmp

                                Filesize

                                171KB

                                MD5

                                9c0c641c06238516f27941aa1166d427

                                SHA1

                                64cd549fb8cf014fcd9312aa7a5b023847b6c977

                                SHA256

                                4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

                                SHA512

                                936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.