Analysis
-
max time kernel
87s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
05-09-2024 12:23
Static task
static1
Behavioral task
behavioral1
Sample
RelayNOTE Hi Pratik.wakchaure.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
RelayNOTE Hi Pratik.wakchaure.html
Resource
win10v2004-20240802-en
General
-
Target
RelayNOTE Hi Pratik.wakchaure.html
-
Size
3KB
-
MD5
d2483d27b0070224fe0aa723bf5a6676
-
SHA1
c024cf0edce2170d01904f4647760dd736a61147
-
SHA256
37453174eeb630a217fab9a1b49ab0cef95d8e968b1cdcbdba77662f0156ba98
-
SHA512
a30b99762b7f9db6d5ace760d046395509103e7779d2438afa60c3165c7e946e6d6bcc4158b476726207c54a02c57ad8872a9d02b4cf43e889a0400822e87b35
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2792 chrome.exe 2792 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe Token: SeShutdownPrivilege 2792 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe 2792 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2792 wrote to memory of 2756 2792 chrome.exe 30 PID 2792 wrote to memory of 2756 2792 chrome.exe 30 PID 2792 wrote to memory of 2756 2792 chrome.exe 30 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 2596 2792 chrome.exe 32 PID 2792 wrote to memory of 1728 2792 chrome.exe 33 PID 2792 wrote to memory of 1728 2792 chrome.exe 33 PID 2792 wrote to memory of 1728 2792 chrome.exe 33 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34 PID 2792 wrote to memory of 2984 2792 chrome.exe 34
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\RelayNOTE Hi Pratik.wakchaure.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb1e9758,0x7fefb1e9768,0x7fefb1e97782⤵PID:2756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:22⤵PID:2596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1380 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:82⤵PID:1728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:82⤵PID:2984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2144 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:12⤵PID:424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:12⤵PID:2088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2836 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:22⤵PID:2220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3188 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:12⤵PID:1744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2412 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:12⤵PID:304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2736 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:12⤵PID:2780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2300 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:12⤵PID:1680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4000 --field-trial-handle=1372,i,12645685869440683175,7462780352649386411,131072 /prefetch:82⤵PID:2328
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1644
Network
-
Remote address:8.8.8.8:53Requestwww.pellegrinoincgreenheat.netIN AResponsewww.pellegrinoincgreenheat.netIN A66.96.149.2
-
Remote address:8.8.8.8:53Requestcdnjs.cloudflare.comIN AResponsecdnjs.cloudflare.comIN A104.17.25.14cdnjs.cloudflare.comIN A104.17.24.14
-
Remote address:8.8.8.8:53Requestcdnjs.cloudflare.comIN A
-
Remote address:104.17.25.14:443RequestGET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/2.0
host: cdnjs.cloudflare.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=utf-8
content-length: 14107
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e2d-bb78"
last-modified: Mon, 04 May 2020 16:09:17 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 652765
expires: Tue, 26 Aug 2025 12:23:57 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gNNThFp8XZoiTo9F8fvtpOuVVFz5zIubcW1dW2JtE0ntfDPB7Xj8ArxdSf61A%2F5vMcDq2A2HkAw8pMhMJuytGJRej1CSnFaqVO4WbHj4zTrgNB1ZYmMRxlVaD4AG1SYeSoQp6eD9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8be6318b1afb93dc-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Requesttrolleybars.ruIN AResponsetrolleybars.ruIN A172.67.166.202trolleybars.ruIN A104.21.50.204
-
Remote address:172.67.166.202:443RequestGET /BzNiY/ HTTP/2.0
host: trolleybars.ru
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://www.pellegrinoincgreenheat.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: PHPSESSID=7l2fru8qr8obs4jtt1sn0mp6ia; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ZbUiwz0G6t%2FSBQS8QhwnsMcJSQEwq%2FMXyGlwqUNY6eJ%2F1%2B4uVwvvpeJ1JPOL52vNIPnPU%2BVlc4amSdN4cZm7%2B1WSBLi%2BDyd5IK%2FacAiCfl9aVhCuIZc4wEJ7COAF4Vaug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8be631ab9eef7192-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Requestchallenges.cloudflare.comIN AResponsechallenges.cloudflare.comIN A104.18.95.41challenges.cloudflare.comIN A104.18.94.41
-
Remote address:104.18.95.41:443RequestGET /turnstile/v0/api.js HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://trolleybars.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 302
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/a5b175b00260/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 8be631b13ad16557-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Requestapps.identrust.comIN AResponseapps.identrust.comIN CNAMEidentrust.edgesuite.netidentrust.edgesuite.netIN CNAMEa1952.dscq.akamai.neta1952.dscq.akamai.netIN A88.221.135.104a1952.dscq.akamai.netIN A88.221.134.137
-
Remote address:88.221.135.104:80RequestGET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
ResponseHTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Thu, 05 Sep 2024 13:24:03 GMT
Date: Thu, 05 Sep 2024 12:24:03 GMT
Connection: keep-alive
-
Remote address:8.8.8.8:53Requesta.nel.cloudflare.comIN AResponsea.nel.cloudflare.comIN A35.190.80.1
-
OPTIONShttps://a.nel.cloudflare.com/report/v4?s=EouLzlLyO6gXcjo2sb%2Be9ixYbwYU2MVQzT9QaQr5pdJWOhAF6QfvdJ8%2FruHr%2F9SJHK3TEgqk%2FEt0pLGpcoeM8oxhlu8jkjrDcOIufkeoECp%2BX%2FB%2BlM0OKWr%2Bq3XSJoxYlA%3D%3Dchrome.exeRemote address:35.190.80.1:443RequestOPTIONS /report/v4?s=EouLzlLyO6gXcjo2sb%2Be9ixYbwYU2MVQzT9QaQr5pdJWOhAF6QfvdJ8%2FruHr%2F9SJHK3TEgqk%2FEt0pLGpcoeM8oxhlu8jkjrDcOIufkeoECp%2BX%2FB%2BlM0OKWr%2Bq3XSJoxYlA%3D%3D HTTP/2.0
host: a.nel.cloudflare.com
origin: https://trolleybars.ru
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
7.3kB 41.1kB 33 42
-
104.17.25.14:443https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.jstls, http2chrome.exe1.9kB 18.9kB 18 23
HTTP Request
GET https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.jsHTTP Response
200 -
971 B 531 B 8 8
-
1.8kB 5.0kB 14 13
HTTP Request
GET https://trolleybars.ru/BzNiY/HTTP Response
200 -
949 B 3.7kB 8 8
-
1.8kB 5.7kB 15 14
HTTP Request
GET https://challenges.cloudflare.com/turnstile/v0/api.jsHTTP Response
302 -
421 B 1.6kB 6 5
HTTP Request
GET http://apps.identrust.com/roots/dstrootcax3.p7cHTTP Response
200 -
35.190.80.1:443https://a.nel.cloudflare.com/report/v4?s=EouLzlLyO6gXcjo2sb%2Be9ixYbwYU2MVQzT9QaQr5pdJWOhAF6QfvdJ8%2FruHr%2F9SJHK3TEgqk%2FEt0pLGpcoeM8oxhlu8jkjrDcOIufkeoECp%2BX%2FB%2BlM0OKWr%2Bq3XSJoxYlA%3D%3Dtls, http2chrome.exe1.7kB 4.5kB 13 13
HTTP Request
OPTIONS https://a.nel.cloudflare.com/report/v4?s=EouLzlLyO6gXcjo2sb%2Be9ixYbwYU2MVQzT9QaQr5pdJWOhAF6QfvdJ8%2FruHr%2F9SJHK3TEgqk%2FEt0pLGpcoeM8oxhlu8jkjrDcOIufkeoECp%2BX%2FB%2BlM0OKWr%2Bq3XSJoxYlA%3D%3D
-
76 B 92 B 1 1
DNS Request
www.pellegrinoincgreenheat.net
DNS Response
66.96.149.2
-
132 B 98 B 2 1
DNS Request
cdnjs.cloudflare.com
DNS Request
cdnjs.cloudflare.com
DNS Response
104.17.25.14104.17.24.14
-
60 B 92 B 1 1
DNS Request
trolleybars.ru
DNS Response
172.67.166.202104.21.50.204
-
71 B 103 B 1 1
DNS Request
challenges.cloudflare.com
DNS Response
104.18.95.41104.18.94.41
-
64 B 165 B 1 1
DNS Request
apps.identrust.com
DNS Response
88.221.135.10488.221.134.137
-
46.8kB 236.3kB 105 229
-
3.5kB 6.6kB 8 10
-
66 B 82 B 1 1
DNS Request
a.nel.cloudflare.com
DNS Response
35.190.80.1
-
3.7kB 4.0kB 7 8
-
204 B 3
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD549864de3d2822af65369a3a87d4b5abf
SHA1dba1e614691916ab41ca6702d5363395416565a8
SHA2565b3686fe7d210690331dce772e03bfec21541ffff1aee61846b0ff716793bb9d
SHA51230f38e94615964fec6837e6830da6c0e3c85ec4af4a086825f6152a3341f7535ca7bdda6e14c1139dfdc649185d3ed3b7880f4f565c12cbbffbfb0c4b867b688
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8ae2ff91-3121-448e-92f9-d8ebda720142.tmp
Filesize4KB
MD57e3cfa87d0cbfef5f5b060489f3b8ea2
SHA1e3117efb7b21bacb42a76b80f663ec1d57909f05
SHA25629af6209bc8cd4ea56e4d354a2f6a3485a4940f2eee5c1330e1e1556f1cfd50b
SHA512b68808e2232f7ab7d7045b54a89757174a22a4e6ab7b9d5ef4aadd98e1aa504f16412e34b97baee9b0d1d94eaaadf3c1a5b620277c9f5b36d187c505e38a71ac
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
4KB
MD57d52a43d620a43822b00ec98cafdcfa9
SHA178e1003bf2bd5eee9c4ac1557b11bfce1af34f59
SHA256fe5d1619f8e49cd09596830202f26885132eb014936858cb06bf538046f3ac98
SHA512e14f52dd8e0dd2770901b8e2fe909ea33d579b8407f74664790a32d7f3920b28a5fc9f69c1fd9dbb071315855171e406aeca1f075a9a7dab533c77f42ca5ee76
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b