Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
11/01/2024, 21:05 UTC
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://at0g0vcenteft.cc
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
https://at0g0vcenteft.cc
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
https://at0g0vcenteft.cc
Resource
macos-20231201-en
General
-
Target
https://at0g0vcenteft.cc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe Token: SeShutdownPrivilege 2816 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe 2816 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2816 wrote to memory of 2864 2816 chrome.exe 28 PID 2816 wrote to memory of 2864 2816 chrome.exe 28 PID 2816 wrote to memory of 2864 2816 chrome.exe 28 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2712 2816 chrome.exe 30 PID 2816 wrote to memory of 2692 2816 chrome.exe 31 PID 2816 wrote to memory of 2692 2816 chrome.exe 31 PID 2816 wrote to memory of 2692 2816 chrome.exe 31 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32 PID 2816 wrote to memory of 2668 2816 chrome.exe 32
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://at0g0vcenteft.cc1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2816 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7279758,0x7fef7279768,0x7fef72797782⤵PID:2864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:22⤵PID:2712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:82⤵PID:2692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:82⤵PID:2668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2176 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:12⤵PID:2924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2184 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:12⤵PID:2084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1656 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:22⤵PID:1476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2996 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:82⤵PID:1712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3408 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:12⤵PID:1160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2968 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:12⤵PID:1640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3692 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:12⤵PID:2976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:82⤵PID:268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2564 --field-trial-handle=1268,i,17619553000188511647,13556735592067403428,131072 /prefetch:12⤵PID:2728
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1644
Network
-
Remote address:8.8.8.8:53Requestat0g0vcenteft.ccIN AResponseat0g0vcenteft.ccIN A172.67.216.139at0g0vcenteft.ccIN A104.21.93.236
-
Remote address:8.8.8.8:53Requestat0g0vcenteft.ccIN A
-
Remote address:172.67.216.139:443RequestGET / HTTP/2.0
host: at0g0vcenteft.cc
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 403
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yrUJHAXLjaSZqcS4Uaix3f40A6dyUMbHthA0frFfJx2jCQEuAPpmNi5GDQa6r23A0jYxeezBecUfYRRfW6G5%2BZSbqeEczHPoT81u3BAVsz2YA6BAv%2B1gOHtHTBX7GT%2B5mff4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 84401ea67c5c71ec-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:172.67.216.139:443RequestGET /cdn-cgi/styles/challenges.css HTTP/2.0
host: at0g0vcenteft.cc
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://at0g0vcenteft.cc/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/css
last-modified: Tue, 19 Dec 2023 14:09:38 GMT
etag: W/"6581a422-19c8"
server: cloudflare
cf-ray: 84401ea6fd2971ec-LHR
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Thu, 11 Jan 2024 23:05:46 GMT
cache-control: max-age=7200
cache-control: public
content-encoding: gzip
-
GEThttps://at0g0vcenteft.cc/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=84401ea67c5c71ecchrome.exeRemote address:172.67.216.139:443RequestGET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=84401ea67c5c71ec HTTP/2.0
host: at0g0vcenteft.cc
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://at0g0vcenteft.cc/?__cf_chl_rt_tk=ttjxHDIDAhzz9Qughl_gz6UyEK1XPwnKUuBJRq_ZhBE-1705007145-0-gaNycGzNCzs
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZXUbhshohc73PSyW1FUtrQwJrdfnvo2d4SAWG9mzXwoBUVxd5opQ5cwjei1KUKoA%2FC52lJpxq%2FZ%2Fetzz1FAXgBzgeAcXz0JZceo94ZcMEsorJoMoSYPxiR2OCcPNLhgfKAUV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 84401ea9588571ec-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Requestpki.googIN AResponsepki.googIN A216.239.32.29
-
Remote address:8.8.8.8:53Requestpki.googIN A
-
Remote address:216.239.32.29:80RequestGET /gsr1/gsr1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.goog
ResponseHTTP/1.1 200 OK
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 889
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 11 Jan 2024 20:52:10 GMT
Expires: Thu, 11 Jan 2024 21:42:10 GMT
Cache-Control: public, max-age=3000
Age: 807
Last-Modified: Wed, 20 May 2020 16:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
-
Remote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A92.123.241.137
-
Remote address:8.8.8.8:53Requesta.nel.cloudflare.comIN AResponsea.nel.cloudflare.comIN A35.190.80.1
-
OPTIONShttps://a.nel.cloudflare.com/report/v3?s=yrUJHAXLjaSZqcS4Uaix3f40A6dyUMbHthA0frFfJx2jCQEuAPpmNi5GDQa6r23A0jYxeezBecUfYRRfW6G5%2BZSbqeEczHPoT81u3BAVsz2YA6BAv%2B1gOHtHTBX7GT%2B5mff4chrome.exeRemote address:35.190.80.1:443RequestOPTIONS /report/v3?s=yrUJHAXLjaSZqcS4Uaix3f40A6dyUMbHthA0frFfJx2jCQEuAPpmNi5GDQa6r23A0jYxeezBecUfYRRfW6G5%2BZSbqeEczHPoT81u3BAVsz2YA6BAv%2B1gOHtHTBX7GT%2B5mff4 HTTP/2.0
host: a.nel.cloudflare.com
origin: https://at0g0vcenteft.cc
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
OPTIONShttps://a.nel.cloudflare.com/report/v3?s=JTSWmlrHlFXrN7WiyDiYmpQR%2FQ6tQf58S5r0pGFUSH6DOOrtqSRhhpDEYpegDDyz0Jylhr0eDFDKGe6ClUSP9NmSAtoNdfZ2KAYjefzcReqDvCNLujVnKAo0lJKistQHCy%2BGchrome.exeRemote address:35.190.80.1:443RequestOPTIONS /report/v3?s=JTSWmlrHlFXrN7WiyDiYmpQR%2FQ6tQf58S5r0pGFUSH6DOOrtqSRhhpDEYpegDDyz0Jylhr0eDFDKGe6ClUSP9NmSAtoNdfZ2KAYjefzcReqDvCNLujVnKAo0lJKistQHCy%2BG HTTP/2.0
host: a.nel.cloudflare.com
origin: https://at0g0vcenteft.cc
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestapps.identrust.comIN AResponseapps.identrust.comIN CNAMEidentrust.edgesuite.netidentrust.edgesuite.netIN CNAMEa1952.dscq.akamai.neta1952.dscq.akamai.netIN A96.17.179.205a1952.dscq.akamai.netIN A96.17.179.184
-
Remote address:96.17.179.205:80RequestGET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
ResponseHTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Thu, 11 Jan 2024 22:05:46 GMT
Date: Thu, 11 Jan 2024 21:05:46 GMT
Connection: keep-alive
-
Remote address:8.8.8.8:53Requestchallenges.cloudflare.comIN AResponsechallenges.cloudflare.comIN A104.17.3.184challenges.cloudflare.comIN A104.17.2.184
-
GEThttps://challenges.cloudflare.com/turnstile/v0/b/c8377512/api.js?onload=ILIdiM9&render=explicitchrome.exeRemote address:104.17.3.184:443RequestGET /turnstile/v0/b/c8377512/api.js?onload=ILIdiM9&render=explicit HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://at0g0vcenteft.cc
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 84401eadfb9c71a5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
172.67.216.139:443https://at0g0vcenteft.cc/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=84401ea67c5c71ectls, http2chrome.exe4.1kB 74.1kB 52 81
HTTP Request
GET https://at0g0vcenteft.cc/HTTP Response
403HTTP Request
GET https://at0g0vcenteft.cc/cdn-cgi/styles/challenges.cssHTTP Response
200HTTP Request
GET https://at0g0vcenteft.cc/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=84401ea67c5c71ecHTTP Response
200 -
1.6kB 5.1kB 11 8
-
1.6kB 4.6kB 11 8
-
938 B 2.1kB 10 6
HTTP Request
GET http://pki.goog/gsr1/gsr1.crtHTTP Response
200 -
35.190.80.1:443https://a.nel.cloudflare.com/report/v3?s=JTSWmlrHlFXrN7WiyDiYmpQR%2FQ6tQf58S5r0pGFUSH6DOOrtqSRhhpDEYpegDDyz0Jylhr0eDFDKGe6ClUSP9NmSAtoNdfZ2KAYjefzcReqDvCNLujVnKAo0lJKistQHCy%2BGtls, http2chrome.exe2.3kB 6.3kB 19 19
HTTP Request
OPTIONS https://a.nel.cloudflare.com/report/v3?s=yrUJHAXLjaSZqcS4Uaix3f40A6dyUMbHthA0frFfJx2jCQEuAPpmNi5GDQa6r23A0jYxeezBecUfYRRfW6G5%2BZSbqeEczHPoT81u3BAVsz2YA6BAv%2B1gOHtHTBX7GT%2B5mff4HTTP Request
OPTIONS https://a.nel.cloudflare.com/report/v3?s=JTSWmlrHlFXrN7WiyDiYmpQR%2FQ6tQf58S5r0pGFUSH6DOOrtqSRhhpDEYpegDDyz0Jylhr0eDFDKGe6ClUSP9NmSAtoNdfZ2KAYjefzcReqDvCNLujVnKAo0lJKistQHCy%2BG -
421 B 1.5kB 6 3
HTTP Request
GET http://apps.identrust.com/roots/dstrootcax3.p7cHTTP Response
200 -
104.17.3.184:443https://challenges.cloudflare.com/turnstile/v0/b/c8377512/api.js?onload=ILIdiM9&render=explicittls, http2chrome.exe1.9kB 15.9kB 17 22
HTTP Request
GET https://challenges.cloudflare.com/turnstile/v0/b/c8377512/api.js?onload=ILIdiM9&render=explicitHTTP Response
200
-
124 B 94 B 2 1
DNS Request
at0g0vcenteft.cc
DNS Request
at0g0vcenteft.cc
DNS Response
172.67.216.139104.21.93.236
-
204 B 3
-
108 B 70 B 2 1
DNS Request
pki.goog
DNS Request
pki.goog
DNS Response
216.239.32.29
-
63 B 230 B 1 1
DNS Request
www.microsoft.com
DNS Response
92.123.241.137
-
66 B 82 B 1 1
DNS Request
a.nel.cloudflare.com
DNS Response
35.190.80.1
-
80.7kB 75.2kB 116 100
-
64 B 165 B 1 1
DNS Request
apps.identrust.com
DNS Response
96.17.179.20596.17.179.184
-
71 B 103 B 1 1
DNS Request
challenges.cloudflare.com
DNS Response
104.17.3.184104.17.2.184
-
3.6kB 5.4kB 12 10
-
112.5kB 214.3kB 168 227
-
5.8kB 3.7kB 10 10
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c0f1f358b3bc43770761cf67ad9bf61d
SHA1496687a3457c8ee004c3b1e4ff64d54b77d8cc8d
SHA256641afc2b239101e2348d8069f9efe14aa6d924b3e394bdb187ca4a8a03e2b05c
SHA5127749f45263fa52939b4ebeefefe2fff76c37eca18c35843264b205717ee197db328aac34329386acebf635042daa1921e0f0b71f13aff6498258f491c1836e4e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD58d0fa3777ad3071d725b82b98dc9b48d
SHA11c7804aae89345027079eaa480f3f5769238505b
SHA2567aa48d75895171115d12b01aa44e082423d29b18647a76cc4eede5b206e26a5d
SHA512588d2c6a9e99951361d6101de57e0bb405dd00e660cf1297d93865a0391e5ee2038e464ae08346db42cd206f5e8c97c39f69f7932e3f6b93a2e1ff75e44cc77d
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
5KB
MD534e91354bba34e2b3b703ae7cba1d2d3
SHA14b69473138e40bbc8284b098a0ca4ed894b2e898
SHA2566c59e83060506aea44f02ba359c2df3a3caefeb7ec316a95e85e7386017485c3
SHA5129a1e5b910566f99cfb6cd973a9721698ee102e17335d7c20bffb4fc917027d1e2fa2fc2f37d2545923909f996d978820fc905f4a5140664aeb8cb97512737af2
-
Filesize
5KB
MD560e23e8ed3b3ba8fe0ad3a10fd6b5bed
SHA194959c80f99163f3903b68c39bba6cdc62c18ebf
SHA2560139cd3726dfa91cc3a3552776108ff1b5d76826a15769a8033d2f4163da1f01
SHA512d1b495167ee196250ecd7ff0cc849d677d578cec210783735c47f8353b5331d0c8e6949f9826f6ef4c8330deabcdcd2a89e31a450ad21df5a5330669c4a05f4f
-
Filesize
5KB
MD502ac18ed88956551458d457b2984a430
SHA1797c96ad5e1c86273fcb27fff581baa2b96f33e0
SHA2564d4d91a94bfb87c6c5e44ea3ed02b80216720c12cc849802f1b5a9279ca0b877
SHA5124760b0388aba79fb4b4afb1832e5a6f4c1c18140977393fdb3617412b468c309b130f488bf55524628fa5896d5ce81c12cea81c219ce7bf77aac8f67e616e224
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06