Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
21/04/2024, 05:42 UTC
Static task
static1
Behavioral task
behavioral1
Sample
fe914e545e6619379b586976da83ff8c_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fe914e545e6619379b586976da83ff8c_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
fe914e545e6619379b586976da83ff8c_JaffaCakes118.exe
-
Size
317KB
-
MD5
fe914e545e6619379b586976da83ff8c
-
SHA1
593071e1859d8d3ead7c12618996eddfe4aa763b
-
SHA256
ee87c0206a3a229a610280d097f30597f79e93d1c74ede9a1b2b86e7afe0a164
-
SHA512
a6af73bc62daa09921de203a17277e8ffdd9155f3ff575feb09c23fe78e4056540672143979122297d8512a80604b9719da252b58c8a38addf343e1988bf3dc7
-
SSDEEP
6144:93+W3HxuuQagkTj9hBhf+q/R+eDDyVMKOKhWKO9POgVxiarcEqh9D1m:ceHx19g2jfBNWrVtOIWHPR+Eco
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4264 oOcLlDh07003.exe -
Executes dropped EXE 1 IoCs
pid Process 4264 oOcLlDh07003.exe -
resource yara_rule behavioral2/memory/3016-2-0x0000000000400000-0x00000000004B4000-memory.dmp upx behavioral2/memory/3016-4-0x0000000000400000-0x00000000004B4000-memory.dmp upx behavioral2/memory/3016-5-0x0000000000400000-0x00000000004B4000-memory.dmp upx behavioral2/memory/3016-6-0x0000000000400000-0x00000000004B4000-memory.dmp upx behavioral2/memory/4264-19-0x0000000000400000-0x00000000004B4000-memory.dmp upx behavioral2/memory/4264-20-0x0000000000400000-0x00000000004B4000-memory.dmp upx behavioral2/memory/3016-23-0x0000000000400000-0x00000000004B4000-memory.dmp upx behavioral2/memory/4264-24-0x0000000000400000-0x00000000004B4000-memory.dmp upx behavioral2/memory/3016-31-0x0000000000400000-0x00000000004B4000-memory.dmp upx behavioral2/memory/4264-32-0x0000000000400000-0x00000000004B4000-memory.dmp upx behavioral2/memory/4264-35-0x0000000000400000-0x00000000004B4000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\oOcLlDh07003 = "C:\\ProgramData\\oOcLlDh07003\\oOcLlDh07003.exe" oOcLlDh07003.exe -
Program crash 27 IoCs
pid pid_target Process procid_target 116 3016 WerFault.exe 91 2940 4264 WerFault.exe 92 4424 3016 WerFault.exe 91 3112 4264 WerFault.exe 92 4792 3016 WerFault.exe 91 4828 4264 WerFault.exe 92 1384 3016 WerFault.exe 91 3784 4264 WerFault.exe 92 2656 3016 WerFault.exe 91 2976 4264 WerFault.exe 92 1148 3016 WerFault.exe 91 4992 4264 WerFault.exe 92 3484 3016 WerFault.exe 91 1728 4264 WerFault.exe 92 4868 3016 WerFault.exe 91 3980 3016 WerFault.exe 91 4792 4264 WerFault.exe 92 2804 4264 WerFault.exe 92 404 3016 WerFault.exe 91 2656 4264 WerFault.exe 92 1708 4264 WerFault.exe 92 1860 4264 WerFault.exe 92 4220 4264 WerFault.exe 92 1144 4264 WerFault.exe 92 2436 4264 WerFault.exe 92 232 4264 WerFault.exe 92 2800 4264 WerFault.exe 92 -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 3016 fe914e545e6619379b586976da83ff8c_JaffaCakes118.exe Token: SeDebugPrivilege 4264 oOcLlDh07003.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 4264 oOcLlDh07003.exe 4264 oOcLlDh07003.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 4264 oOcLlDh07003.exe 4264 oOcLlDh07003.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4264 oOcLlDh07003.exe 4264 oOcLlDh07003.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3016 wrote to memory of 4264 3016 fe914e545e6619379b586976da83ff8c_JaffaCakes118.exe 92 PID 3016 wrote to memory of 4264 3016 fe914e545e6619379b586976da83ff8c_JaffaCakes118.exe 92 PID 3016 wrote to memory of 4264 3016 fe914e545e6619379b586976da83ff8c_JaffaCakes118.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\fe914e545e6619379b586976da83ff8c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fe914e545e6619379b586976da83ff8c_JaffaCakes118.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3016 -
C:\ProgramData\oOcLlDh07003\oOcLlDh07003.exe"C:\ProgramData\oOcLlDh07003\oOcLlDh07003.exe" "C:\Users\Admin\AppData\Local\Temp\fe914e545e6619379b586976da83ff8c_JaffaCakes118.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4264 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 7643⤵
- Program crash
PID:2940
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 7723⤵
- Program crash
PID:3112
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 7963⤵
- Program crash
PID:4828
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 8043⤵
- Program crash
PID:3784
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 9283⤵
- Program crash
PID:2976
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 10003⤵
- Program crash
PID:4992
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 10803⤵
- Program crash
PID:1728
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 12243⤵
- Program crash
PID:4792
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 14083⤵
- Program crash
PID:2804
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 16203⤵
- Program crash
PID:2656
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 16283⤵
- Program crash
PID:1708
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 16563⤵
- Program crash
PID:1860
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 16323⤵
- Program crash
PID:4220
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 16923⤵
- Program crash
PID:1144
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 18043⤵
- Program crash
PID:2436
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 18243⤵
- Program crash
PID:232
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 7883⤵
- Program crash
PID:2800
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 6202⤵
- Program crash
PID:116
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 7882⤵
- Program crash
PID:4424
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 7962⤵
- Program crash
PID:4792
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 8402⤵
- Program crash
PID:1384
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 8482⤵
- Program crash
PID:2656
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 10082⤵
- Program crash
PID:1148
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 10482⤵
- Program crash
PID:3484
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 12002⤵
- Program crash
PID:4868
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 6402⤵
- Program crash
PID:3980
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 1402⤵
- Program crash
PID:404
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3016 -ip 30161⤵PID:3800
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4264 -ip 42641⤵PID:2672
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3016 -ip 30161⤵PID:4420
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4264 -ip 42641⤵PID:4512
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3016 -ip 30161⤵PID:5068
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4264 -ip 42641⤵PID:2816
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 3016 -ip 30161⤵PID:1660
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4264 -ip 42641⤵PID:2808
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 3016 -ip 30161⤵PID:3632
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4264 -ip 42641⤵PID:4768
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3016 -ip 30161⤵PID:1552
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4264 -ip 42641⤵PID:60
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3016 -ip 30161⤵PID:2800
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4264 -ip 42641⤵PID:1448
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 3016 -ip 30161⤵PID:1868
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3016 -ip 30161⤵PID:1620
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4264 -ip 42641⤵PID:928
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4264 -ip 42641⤵PID:4744
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 3016 -ip 30161⤵PID:1228
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4264 -ip 42641⤵PID:4068
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4264 -ip 42641⤵PID:1712
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4264 -ip 42641⤵PID:1136
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4264 -ip 42641⤵PID:4992
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4264 -ip 42641⤵PID:1892
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 4264 -ip 42641⤵PID:3248
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 4264 -ip 42641⤵PID:728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3740 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:81⤵PID:4432
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4264 -ip 42641⤵PID:2000
Network
-
Remote address:8.8.8.8:53Request81.171.91.138.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request81.171.91.138.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request18.24.18.2.in-addr.arpaIN PTRResponse18.24.18.2.in-addr.arpaIN PTRa2-18-24-18deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request209.205.72.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request209.205.72.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request14.160.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request56.126.166.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request56.126.166.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestchromewebstore.googleapis.comIN AResponsechromewebstore.googleapis.comIN A142.250.187.234chromewebstore.googleapis.comIN A142.250.178.10chromewebstore.googleapis.comIN A172.217.16.234chromewebstore.googleapis.comIN A142.250.200.10chromewebstore.googleapis.comIN A142.250.200.42chromewebstore.googleapis.comIN A216.58.201.106chromewebstore.googleapis.comIN A216.58.204.74chromewebstore.googleapis.comIN A216.58.213.10chromewebstore.googleapis.comIN A216.58.212.234chromewebstore.googleapis.comIN A172.217.169.74chromewebstore.googleapis.comIN A142.250.179.234chromewebstore.googleapis.comIN A142.250.180.10chromewebstore.googleapis.comIN A142.250.187.202
-
Remote address:8.8.8.8:53Requestchromewebstore.googleapis.comIN UnknownResponse
-
Remote address:8.8.8.8:53Requestpki.googIN AResponsepki.googIN A216.239.32.29
-
Remote address:8.8.8.8:53Requestpki.googIN UnknownResponse
-
Remote address:216.239.32.29:80RequestGET /gsr1/gsr1.crt HTTP/1.1
Host: pki.goog
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 797
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 21 Apr 2024 05:30:02 GMT
Expires: Sun, 21 Apr 2024 06:20:02 GMT
Cache-Control: public, max-age=3000
Age: 791
Last-Modified: Wed, 20 May 2020 16:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
-
Remote address:216.239.32.29:80RequestGET /repo/certs/gtsr1.der HTTP/1.1
Host: pki.goog
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1371
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 21 Apr 2024 05:38:34 GMT
Expires: Sun, 21 Apr 2024 06:28:34 GMT
Cache-Control: public, max-age=3000
Age: 279
Last-Modified: Sun, 25 Jun 2023 02:58:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
-
Remote address:216.239.32.29:80RequestGET /repo/certs/gts1c3.der HTTP/1.1
Host: pki.goog
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 200 OK
Content-Encoding: gzip
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1304
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 21 Apr 2024 04:55:54 GMT
Expires: Sun, 21 Apr 2024 05:45:54 GMT
Cache-Control: public, max-age=3000
Age: 2839
Last-Modified: Mon, 17 Aug 2020 09:45:00 GMT
Content-Type: application/pkix-cert
Vary: Accept-Encoding
-
Remote address:8.8.8.8:53Request234.187.250.142.in-addr.arpaIN PTRResponse234.187.250.142.in-addr.arpaIN PTRlhr25s34-in-f101e100net
-
Remote address:8.8.8.8:53Request29.32.239.216.in-addr.arpaIN PTRResponse29.32.239.216.in-addr.arpaIN PTRany-in-201d1e100net
-
Remote address:8.8.8.8:53Request29.32.239.216.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request25.24.18.2.in-addr.arpaIN PTRResponse25.24.18.2.in-addr.arpaIN PTRa2-18-24-25deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request25.24.18.2.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request43.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request211.143.182.52.in-addr.arpaIN PTRResponse
-
260 B 200 B 5 5
-
260 B 200 B 5 5
-
260 B 200 B 5 5
-
260 B 200 B 5 5
-
46 B 40 B 1 1
-
909 B 5.2kB 8 8
-
1.3kB 6.1kB 10 9
HTTP Request
GET http://pki.goog/gsr1/gsr1.crtHTTP Response
200HTTP Request
GET http://pki.goog/repo/certs/gtsr1.derHTTP Response
200HTTP Request
GET http://pki.goog/repo/certs/gts1c3.derHTTP Response
200
-
144 B 146 B 2 1
DNS Request
81.171.91.138.in-addr.arpa
DNS Request
81.171.91.138.in-addr.arpa
-
69 B 131 B 1 1
DNS Request
18.24.18.2.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
209.205.72.20.in-addr.arpa
DNS Request
209.205.72.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
14.160.190.20.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
58.55.71.13.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
26.165.165.52.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
56.126.166.20.in-addr.arpa
DNS Request
56.126.166.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
75 B 283 B 1 1
DNS Request
chromewebstore.googleapis.com
DNS Response
142.250.187.234142.250.178.10172.217.16.234142.250.200.10142.250.200.42216.58.201.106216.58.204.74216.58.213.10216.58.212.234172.217.169.74142.250.179.234142.250.180.10142.250.187.202
-
75 B 132 B 1 1
DNS Request
chromewebstore.googleapis.com
-
54 B 70 B 1 1
DNS Request
pki.goog
DNS Response
216.239.32.29
-
54 B 128 B 1 1
DNS Request
pki.goog
-
74 B 113 B 1 1
DNS Request
234.187.250.142.in-addr.arpa
-
144 B 107 B 2 1
DNS Request
29.32.239.216.in-addr.arpa
DNS Request
29.32.239.216.in-addr.arpa
-
138 B 131 B 2 1
DNS Request
25.24.18.2.in-addr.arpa
DNS Request
25.24.18.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
43.229.111.52.in-addr.arpa
-
222 B 128 B 3 1
DNS Request
172.210.232.199.in-addr.arpa
DNS Request
172.210.232.199.in-addr.arpa
DNS Request
172.210.232.199.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
211.143.182.52.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
317KB
MD5ee7a40cd1e4e0aa949c6d633e08b9f7c
SHA1f207188eaaf42442f62b5dd451fb461288918935
SHA2569950dcab6b2cc7083296a467a171416917e6dbcc9b85ef892cd07c1866e6990e
SHA51220cf86e3b0dfb06d85f1cd9e661bdc0ef0967e45398498a52515abad2101eddd4794df306173ae774f33e75b24c23d28afa88c71e000e99bf5e6020f93e6fd5a