Analysis

  • max time kernel
    87s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2024 12:23

General

  • Target

    RelayNOTE Hi Pratik.wakchaure.html

  • Size

    3KB

  • MD5

    d2483d27b0070224fe0aa723bf5a6676

  • SHA1

    c024cf0edce2170d01904f4647760dd736a61147

  • SHA256

    37453174eeb630a217fab9a1b49ab0cef95d8e968b1cdcbdba77662f0156ba98

  • SHA512

    a30b99762b7f9db6d5ace760d046395509103e7779d2438afa60c3165c7e946e6d6bcc4158b476726207c54a02c57ad8872a9d02b4cf43e889a0400822e87b35

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\RelayNOTE Hi Pratik.wakchaure.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb1e9758,0x7fefb1e9768,0x7fefb1e9778
      2⤵
        PID:2756
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:2
        2⤵
          PID:2596
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1380 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:8
          2⤵
            PID:1728
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:8
            2⤵
              PID:2984
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2144 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:1
              2⤵
                PID:424
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:1
                2⤵
                  PID:2088
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2836 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:2
                  2⤵
                    PID:2220
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3188 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:1
                    2⤵
                      PID:1744
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2412 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:1
                      2⤵
                        PID:304
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2736 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:1
                        2⤵
                          PID:2780
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2300 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:1
                          2⤵
                            PID:1680
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4000 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:8
                            2⤵
                              PID:2328
                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                            1⤵
                              PID:1644

                            Network

                            • flag-us
                              DNS
                              www.pellegrinoincgreenheat.net
                              chrome.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              www.pellegrinoincgreenheat.net
                              IN A
                              Response
                              www.pellegrinoincgreenheat.net
                              IN A
                              66.96.149.2
                            • flag-us
                              DNS
                              cdnjs.cloudflare.com
                              chrome.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              cdnjs.cloudflare.com
                              IN A
                              Response
                              cdnjs.cloudflare.com
                              IN A
                              104.17.25.14
                              cdnjs.cloudflare.com
                              IN A
                              104.17.24.14
                            • flag-us
                              DNS
                              cdnjs.cloudflare.com
                              chrome.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              cdnjs.cloudflare.com
                              IN A
                            • flag-us
                              GET
                              https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
                              chrome.exe
                              Remote address:
                              104.17.25.14:443
                              Request
                              GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/2.0
                              host: cdnjs.cloudflare.com
                              sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                              sec-ch-ua-platform: "Windows"
                              accept: */*
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: script
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              date: Thu, 05 Sep 2024 12:23:57 GMT
                              content-type: application/javascript; charset=utf-8
                              content-length: 14107
                              access-control-allow-origin: *
                              cache-control: public, max-age=30672000
                              content-encoding: br
                              etag: "5eb03e2d-bb78"
                              last-modified: Mon, 04 May 2020 16:09:17 GMT
                              cf-cdnjs-via: cfworker/kv
                              cross-origin-resource-policy: cross-origin
                              timing-allow-origin: *
                              x-content-type-options: nosniff
                              vary: Accept-Encoding
                              cf-cache-status: HIT
                              age: 652765
                              expires: Tue, 26 Aug 2025 12:23:57 GMT
                              accept-ranges: bytes
                              report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gNNThFp8XZoiTo9F8fvtpOuVVFz5zIubcW1dW2JtE0ntfDPB7Xj8ArxdSf61A%2F5vMcDq2A2HkAw8pMhMJuytGJRej1CSnFaqVO4WbHj4zTrgNB1ZYmMRxlVaD4AG1SYeSoQp6eD9"}],"group":"cf-nel","max_age":604800}
                              nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                              strict-transport-security: max-age=15780000
                              server: cloudflare
                              cf-ray: 8be6318b1afb93dc-LHR
                              alt-svc: h3=":443"; ma=86400
                            • flag-us
                              DNS
                              trolleybars.ru
                              chrome.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              trolleybars.ru
                              IN A
                              Response
                              trolleybars.ru
                              IN A
                              172.67.166.202
                              trolleybars.ru
                              IN A
                              104.21.50.204
                            • flag-us
                              GET
                              https://trolleybars.ru/BzNiY/
                              chrome.exe
                              Remote address:
                              172.67.166.202:443
                              Request
                              GET /BzNiY/ HTTP/2.0
                              host: trolleybars.ru
                              sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-platform: "Windows"
                              upgrade-insecure-requests: 1
                              user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                              accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                              sec-fetch-site: cross-site
                              sec-fetch-mode: navigate
                              sec-fetch-dest: document
                              referer: https://www.pellegrinoincgreenheat.net/
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 200
                              date: Thu, 05 Sep 2024 12:24:03 GMT
                              content-type: text/html; charset=UTF-8
                              access-control-allow-origin: *
                              set-cookie: PHPSESSID=7l2fru8qr8obs4jtt1sn0mp6ia; path=/
                              expires: Thu, 19 Nov 1981 08:52:00 GMT
                              cache-control: no-store, no-cache, must-revalidate
                              pragma: no-cache
                              vary: Accept-Encoding
                              cf-cache-status: DYNAMIC
                              report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ZbUiwz0G6t%2FSBQS8QhwnsMcJSQEwq%2FMXyGlwqUNY6eJ%2F1%2B4uVwvvpeJ1JPOL52vNIPnPU%2BVlc4amSdN4cZm7%2B1WSBLi%2BDyd5IK%2FacAiCfl9aVhCuIZc4wEJ7COAF4Vaug%3D%3D"}],"group":"cf-nel","max_age":604800}
                              nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              server: cloudflare
                              cf-ray: 8be631ab9eef7192-LHR
                              content-encoding: br
                              alt-svc: h3=":443"; ma=86400
                            • flag-us
                              DNS
                              challenges.cloudflare.com
                              chrome.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              challenges.cloudflare.com
                              IN A
                              Response
                              challenges.cloudflare.com
                              IN A
                              104.18.95.41
                              challenges.cloudflare.com
                              IN A
                              104.18.94.41
                            • flag-us
                              GET
                              https://challenges.cloudflare.com/turnstile/v0/api.js
                              chrome.exe
                              Remote address:
                              104.18.95.41:443
                              Request
                              GET /turnstile/v0/api.js HTTP/2.0
                              host: challenges.cloudflare.com
                              sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                              sec-ch-ua-mobile: ?0
                              user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                              sec-ch-ua-platform: "Windows"
                              accept: */*
                              sec-fetch-site: cross-site
                              sec-fetch-mode: no-cors
                              sec-fetch-dest: script
                              referer: https://trolleybars.ru/
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                              Response
                              HTTP/2.0 302
                              date: Thu, 05 Sep 2024 12:24:04 GMT
                              content-length: 0
                              access-control-allow-origin: *
                              cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
                              cross-origin-resource-policy: cross-origin
                              location: /turnstile/v0/b/a5b175b00260/api.js
                              vary: Accept-Encoding
                              server: cloudflare
                              cf-ray: 8be631b13ad16557-LHR
                              alt-svc: h3=":443"; ma=86400
                            • flag-us
                              DNS
                              apps.identrust.com
                              chrome.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              apps.identrust.com
                              IN A
                              Response
                              apps.identrust.com
                              IN CNAME
                              identrust.edgesuite.net
                              identrust.edgesuite.net
                              IN CNAME
                              a1952.dscq.akamai.net
                              a1952.dscq.akamai.net
                              IN A
                              88.221.135.104
                              a1952.dscq.akamai.net
                              IN A
                              88.221.134.137
                            • flag-gb
                              GET
                              http://apps.identrust.com/roots/dstrootcax3.p7c
                              chrome.exe
                              Remote address:
                              88.221.135.104:80
                              Request
                              GET /roots/dstrootcax3.p7c HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              User-Agent: Microsoft-CryptoAPI/6.1
                              Host: apps.identrust.com
                              Response
                              HTTP/1.1 200 OK
                              X-XSS-Protection: 1; mode=block
                              X-Frame-Options: SAMEORIGIN
                              X-Content-Type-Options: nosniff
                              X-Robots-Tag: noindex
                              Referrer-Policy: same-origin
                              Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
                              ETag: "37d-6079b8c0929c0"
                              Accept-Ranges: bytes
                              Content-Length: 893
                              X-Content-Type-Options: nosniff
                              X-Frame-Options: sameorigin
                              Content-Type: application/pkcs7-mime
                              Cache-Control: max-age=3600
                              Expires: Thu, 05 Sep 2024 13:24:03 GMT
                              Date: Thu, 05 Sep 2024 12:24:03 GMT
                              Connection: keep-alive
                            • flag-us
                              DNS
                              a.nel.cloudflare.com
                              chrome.exe
                              Remote address:
                              8.8.8.8:53
                              Request
                              a.nel.cloudflare.com
                              IN A
                              Response
                              a.nel.cloudflare.com
                              IN A
                              35.190.80.1
                            • flag-us
                              OPTIONS
                              https://a.nel.cloudflare.com/report/v4?s=EouLzlLyO6gXcjo2sb%2Be9ixYbwYU2MVQzT9QaQr5pdJWOhAF6QfvdJ8%2FruHr%2F9SJHK3TEgqk%2FEt0pLGpcoeM8oxhlu8jkjrDcOIufkeoECp%2BX%2FB%2BlM0OKWr%2Bq3XSJoxYlA%3D%3D
                              chrome.exe
                              Remote address:
                              35.190.80.1:443
                              Request
                              OPTIONS /report/v4?s=EouLzlLyO6gXcjo2sb%2Be9ixYbwYU2MVQzT9QaQr5pdJWOhAF6QfvdJ8%2FruHr%2F9SJHK3TEgqk%2FEt0pLGpcoeM8oxhlu8jkjrDcOIufkeoECp%2BX%2FB%2BlM0OKWr%2Bq3XSJoxYlA%3D%3D HTTP/2.0
                              host: a.nel.cloudflare.com
                              origin: https://trolleybars.ru
                              access-control-request-method: POST
                              access-control-request-headers: content-type
                              user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                              accept-encoding: gzip, deflate, br
                              accept-language: en-US,en;q=0.9
                            • 66.96.149.2:443
                              www.pellegrinoincgreenheat.net
                              tls
                              chrome.exe
                              7.3kB
                              41.1kB
                              33
                              42
                            • 104.17.25.14:443
                              https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
                              tls, http2
                              chrome.exe
                              1.9kB
                              18.9kB
                              18
                              23

                              HTTP Request

                              GET https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js

                              HTTP Response

                              200
                            • 66.96.149.2:443
                              www.pellegrinoincgreenheat.net
                              tls
                              chrome.exe
                              971 B
                              531 B
                              8
                              8
                            • 172.67.166.202:443
                              https://trolleybars.ru/BzNiY/
                              tls, http2
                              chrome.exe
                              1.8kB
                              5.0kB
                              14
                              13

                              HTTP Request

                              GET https://trolleybars.ru/BzNiY/

                              HTTP Response

                              200
                            • 172.67.166.202:443
                              trolleybars.ru
                              tls, http2
                              chrome.exe
                              949 B
                              3.7kB
                              8
                              8
                            • 104.18.95.41:443
                              https://challenges.cloudflare.com/turnstile/v0/api.js
                              tls, http2
                              chrome.exe
                              1.8kB
                              5.7kB
                              15
                              14

                              HTTP Request

                              GET https://challenges.cloudflare.com/turnstile/v0/api.js

                              HTTP Response

                              302
                            • 88.221.135.104:80
                              http://apps.identrust.com/roots/dstrootcax3.p7c
                              http
                              chrome.exe
                              421 B
                              1.6kB
                              6
                              5

                              HTTP Request

                              GET http://apps.identrust.com/roots/dstrootcax3.p7c

                              HTTP Response

                              200
                            • 35.190.80.1:443
                              https://a.nel.cloudflare.com/report/v4?s=EouLzlLyO6gXcjo2sb%2Be9ixYbwYU2MVQzT9QaQr5pdJWOhAF6QfvdJ8%2FruHr%2F9SJHK3TEgqk%2FEt0pLGpcoeM8oxhlu8jkjrDcOIufkeoECp%2BX%2FB%2BlM0OKWr%2Bq3XSJoxYlA%3D%3D
                              tls, http2
                              chrome.exe
                              1.7kB
                              4.5kB
                              13
                              13

                              HTTP Request

                              OPTIONS https://a.nel.cloudflare.com/report/v4?s=EouLzlLyO6gXcjo2sb%2Be9ixYbwYU2MVQzT9QaQr5pdJWOhAF6QfvdJ8%2FruHr%2F9SJHK3TEgqk%2FEt0pLGpcoeM8oxhlu8jkjrDcOIufkeoECp%2BX%2FB%2BlM0OKWr%2Bq3XSJoxYlA%3D%3D
                            • 8.8.8.8:53
                              www.pellegrinoincgreenheat.net
                              dns
                              chrome.exe
                              76 B
                              92 B
                              1
                              1

                              DNS Request

                              www.pellegrinoincgreenheat.net

                              DNS Response

                              66.96.149.2

                            • 8.8.8.8:53
                              cdnjs.cloudflare.com
                              dns
                              chrome.exe
                              132 B
                              98 B
                              2
                              1

                              DNS Request

                              cdnjs.cloudflare.com

                              DNS Request

                              cdnjs.cloudflare.com

                              DNS Response

                              104.17.25.14
                              104.17.24.14

                            • 8.8.8.8:53
                              trolleybars.ru
                              dns
                              chrome.exe
                              60 B
                              92 B
                              1
                              1

                              DNS Request

                              trolleybars.ru

                              DNS Response

                              172.67.166.202
                              104.21.50.204

                            • 8.8.8.8:53
                              challenges.cloudflare.com
                              dns
                              chrome.exe
                              71 B
                              103 B
                              1
                              1

                              DNS Request

                              challenges.cloudflare.com

                              DNS Response

                              104.18.95.41
                              104.18.94.41

                            • 8.8.8.8:53
                              apps.identrust.com
                              dns
                              chrome.exe
                              64 B
                              165 B
                              1
                              1

                              DNS Request

                              apps.identrust.com

                              DNS Response

                              88.221.135.104
                              88.221.134.137

                            • 104.18.95.41:443
                              challenges.cloudflare.com
                              https
                              chrome.exe
                              46.8kB
                              236.3kB
                              105
                              229
                            • 172.67.166.202:443
                              trolleybars.ru
                              https
                              chrome.exe
                              3.5kB
                              6.6kB
                              8
                              10
                            • 8.8.8.8:53
                              a.nel.cloudflare.com
                              dns
                              chrome.exe
                              66 B
                              82 B
                              1
                              1

                              DNS Request

                              a.nel.cloudflare.com

                              DNS Response

                              35.190.80.1

                            • 35.190.80.1:443
                              a.nel.cloudflare.com
                              https
                              chrome.exe
                              3.7kB
                              4.0kB
                              7
                              8
                            • 224.0.0.251:5353
                              chrome.exe
                              204 B
                              3

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                              Filesize

                              342B

                              MD5

                              49864de3d2822af65369a3a87d4b5abf

                              SHA1

                              dba1e614691916ab41ca6702d5363395416565a8

                              SHA256

                              5b3686fe7d210690331dce772e03bfec21541ffff1aee61846b0ff716793bb9d

                              SHA512

                              30f38e94615964fec6837e6830da6c0e3c85ec4af4a086825f6152a3341f7535ca7bdda6e14c1139dfdc649185d3ed3b7880f4f565c12cbbffbfb0c4b867b688

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8ae2ff91-3121-448e-92f9-d8ebda720142.tmp

                              Filesize

                              4KB

                              MD5

                              7e3cfa87d0cbfef5f5b060489f3b8ea2

                              SHA1

                              e3117efb7b21bacb42a76b80f663ec1d57909f05

                              SHA256

                              29af6209bc8cd4ea56e4d354a2f6a3485a4940f2eee5c1330e1e1556f1cfd50b

                              SHA512

                              b68808e2232f7ab7d7045b54a89757174a22a4e6ab7b9d5ef4aadd98e1aa504f16412e34b97baee9b0d1d94eaaadf3c1a5b620277c9f5b36d187c505e38a71ac

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                              Filesize

                              264KB

                              MD5

                              f50f89a0a91564d0b8a211f8921aa7de

                              SHA1

                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                              SHA256

                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                              SHA512

                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              4KB

                              MD5

                              7d52a43d620a43822b00ec98cafdcfa9

                              SHA1

                              78e1003bf2bd5eee9c4ac1557b11bfce1af34f59

                              SHA256

                              fe5d1619f8e49cd09596830202f26885132eb014936858cb06bf538046f3ac98

                              SHA512

                              e14f52dd8e0dd2770901b8e2fe909ea33d579b8407f74664790a32d7f3920b28a5fc9f69c1fd9dbb071315855171e406aeca1f075a9a7dab533c77f42ca5ee76

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                              Filesize

                              16B

                              MD5

                              18e723571b00fb1694a3bad6c78e4054

                              SHA1

                              afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                              SHA256

                              8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                              SHA512

                              43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                            • C:\Users\Admin\AppData\Local\Temp\Cab5CA3.tmp

                              Filesize

                              70KB

                              MD5

                              49aebf8cbd62d92ac215b2923fb1b9f5

                              SHA1

                              1723be06719828dda65ad804298d0431f6aff976

                              SHA256

                              b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                              SHA512

                              bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                            • C:\Users\Admin\AppData\Local\Temp\Tar5CC5.tmp

                              Filesize

                              181KB

                              MD5

                              4ea6026cf93ec6338144661bf1202cd1

                              SHA1

                              a1dec9044f750ad887935a01430bf49322fbdcb7

                              SHA256

                              8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                              SHA512

                              6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                            We care about your privacy.

                            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.