Analysis

  • max time kernel
    64s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2024 02:31

General

  • Target

    View_alert_details_DY8G.html

  • Size

    4KB

  • MD5

    d041f88503ea9ecc95770655c12851dc

  • SHA1

    5fd944847b3c923554b2ee89557209bf1c24ee7f

  • SHA256

    0c9f9abc8b8d7eda88ea7e297eb8b94f6b2054032e4aa217fe2ef65af653f9de

  • SHA512

    7b6f4b9b05f7fa2fdb102aaeb28879a77d8c7ee0632e3b1a3c33bbfbb61f3c2f5a534fe61b6a7391a62ea048a594a9a7fff766543d04509a9b065ea3f25a10e4

  • SSDEEP

    48:48io98CmDsXwWxp7Vx8uYOVWcZyTpJWuAUn2DSardcAY742ZdG5Qv48RGaQItTY9:3fmExJ8eYtJ/A1RbPv8RGlItMoUcNQz

Score
7/10

Malware Config

Signatures

  • A potential corporate email address has been identified in the URL: camilla.vitelli@volvo.com
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\View_alert_details_DY8G.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6549758,0x7fef6549768,0x7fef6549778
      2⤵
        PID:2932
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1236,i,7489592984430888818,6339298191996554306,131072 /prefetch:2
        2⤵
          PID:2684
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1236,i,7489592984430888818,6339298191996554306,131072 /prefetch:8
          2⤵
            PID:2740
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1552 --field-trial-handle=1236,i,7489592984430888818,6339298191996554306,131072 /prefetch:8
            2⤵
              PID:2160
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2052 --field-trial-handle=1236,i,7489592984430888818,6339298191996554306,131072 /prefetch:1
              2⤵
                PID:2064
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2016 --field-trial-handle=1236,i,7489592984430888818,6339298191996554306,131072 /prefetch:1
                2⤵
                  PID:2880
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1484 --field-trial-handle=1236,i,7489592984430888818,6339298191996554306,131072 /prefetch:2
                  2⤵
                    PID:1272
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 --field-trial-handle=1236,i,7489592984430888818,6339298191996554306,131072 /prefetch:8
                    2⤵
                      PID:2320
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3428 --field-trial-handle=1236,i,7489592984430888818,6339298191996554306,131072 /prefetch:1
                      2⤵
                        PID:2512
                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                      1⤵
                        PID:2476

                      Network

                      • flag-us
                        DNS
                        seeklogo.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        seeklogo.com
                        IN A
                        Response
                        seeklogo.com
                        IN A
                        172.67.190.76
                        seeklogo.com
                        IN A
                        104.21.84.83
                      • flag-us
                        GET
                        https://seeklogo.com/images/M/microsoft-exchange-logo-9D5C1A540A-seeklogo.com.png
                        chrome.exe
                        Remote address:
                        172.67.190.76:443
                        Request
                        GET /images/M/microsoft-exchange-logo-9D5C1A540A-seeklogo.com.png HTTP/2.0
                        host: seeklogo.com
                        sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                        sec-ch-ua-mobile: ?0
                        user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        sec-ch-ua-platform: "Windows"
                        accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                        sec-fetch-site: cross-site
                        sec-fetch-mode: no-cors
                        sec-fetch-dest: image
                        accept-encoding: gzip, deflate, br
                        accept-language: en-US,en;q=0.9
                        Response
                        HTTP/2.0 200
                        date: Fri, 22 Nov 2024 02:31:28 GMT
                        content-type: image/png
                        content-length: 3958
                        cache-control: public, max-age=31536000
                        last-modified: Sun, 27 Nov 2022 13:02:53 GMT
                        etag: "1d902608f64b3f6"
                        x-frame-options: SAMEORIGIN
                        x-xss-protection: 1; mode=block
                        x-content-type-options: nosniff
                        x-permitted-cross-domain-policies: none
                        x-download-options: noopen
                        content-security-policy: upgrade-insecure-requests; frame-ancestors 'self'
                        permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
                        strict-transport-security: max-age=31536000; includeSubDomains
                        cf-cache-status: HIT
                        age: 2053610
                        accept-ranges: bytes
                        report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QQWAuEBXnlqsb1JyYF3X%2BMXM%2B1UDQj7lKlMz80aD2COCiLSXIweIOWeIX2Y8iEnnCoh%2BPKleIMLcqc2LFXgr6ONi892QS3SSgUMfY%2FWU6d6m275%2FpvRXUZad1cvCOQA%3D"}],"group":"cf-nel","max_age":604800}
                        nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        vary: Accept-Encoding
                        server: cloudflare
                        cf-ray: 8e6580e60ee288ad-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=59196&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=1101&delivery_rate=45767&cwnd=251&unsent_bytes=0&cid=87e374cbf5517729&ts=134&x=0"
                      • flag-us
                        DNS
                        msonlineservice03348wh44s.elixicraft.xyz
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        msonlineservice03348wh44s.elixicraft.xyz
                        IN A
                        Response
                        msonlineservice03348wh44s.elixicraft.xyz
                        IN A
                        162.159.140.160
                        msonlineservice03348wh44s.elixicraft.xyz
                        IN A
                        162.159.140.104
                        msonlineservice03348wh44s.elixicraft.xyz
                        IN A
                        172.66.0.102
                        msonlineservice03348wh44s.elixicraft.xyz
                        IN A
                        172.66.0.158
                      • flag-us
                        GET
                        https://msonlineservice03348wh44s.elixicraft.xyz:8443/impact?iiiiiiiiiiiiiii0082492=camilla.vitelli@volvo.com
                        chrome.exe
                        Remote address:
                        162.159.140.160:8443
                        Request
                        GET /impact?iiiiiiiiiiiiiii0082492=camilla.vitelli@volvo.com HTTP/2.0
                        host: msonlineservice03348wh44s.elixicraft.xyz:8443
                        sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        upgrade-insecure-requests: 1
                        user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                        sec-fetch-site: cross-site
                        sec-fetch-mode: navigate
                        sec-fetch-dest: iframe
                        accept-encoding: gzip, deflate, br
                        accept-language: en-US,en;q=0.9
                        Response
                        HTTP/2.0 200
                        date: Fri, 22 Nov 2024 02:31:34 GMT
                        content-type: text/html
                        cf-cache-status: DYNAMIC
                        report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oJh7Z21W9NYaZIYH5C4UOtdnYTGAN%2Fu2HQNxe8PqvMzbo7h5qqSvnI2hKWgymW66wq8%2Fci0WDM1ZPa0tFv4owZyzstFivixbBBFQX0V6jrSQL6SYX38uQ2aE10F1t0ZtSZGdywrCeL9Ri1hCzhfilOWqflxBw0uFNvrKBOQOjuI%3D"}],"group":"cf-nel","max_age":604800}
                        nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        server: cloudflare
                        cf-ray: 8e65810689cfed08-LHR
                        content-encoding: br
                        alt-svc: h3=":8443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=59369&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2813&recv_bytes=1197&delivery_rate=45730&cwnd=251&unsent_bytes=0&cid=f4971333c7cbf412&ts=142&x=0"
                      • flag-us
                        DNS
                        www.w3schools.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        www.w3schools.com
                        IN A
                        Response
                        www.w3schools.com
                        IN CNAME
                        cs837.wac.edgecastcdn.net
                        cs837.wac.edgecastcdn.net
                        IN A
                        192.229.133.221
                      • flag-us
                        DNS
                        cdnjs.cloudflare.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        cdnjs.cloudflare.com
                        IN A
                        Response
                        cdnjs.cloudflare.com
                        IN A
                        104.17.24.14
                        cdnjs.cloudflare.com
                        IN A
                        104.17.25.14
                      • flag-us
                        DNS
                        cdnjs.cloudflare.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        cdnjs.cloudflare.com
                        IN A
                      • flag-us
                        GET
                        https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
                        chrome.exe
                        Remote address:
                        104.17.24.14:443
                        Request
                        GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/2.0
                        host: cdnjs.cloudflare.com
                        sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                        sec-ch-ua-mobile: ?0
                        user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        sec-ch-ua-platform: "Windows"
                        accept: text/css,*/*;q=0.1
                        sec-fetch-site: cross-site
                        sec-fetch-mode: no-cors
                        sec-fetch-dest: style
                        referer: https://msonlineservice03348wh44s.elixicraft.xyz:8443/
                        accept-encoding: gzip, deflate, br
                        accept-language: en-US,en;q=0.9
                        Response
                        HTTP/2.0 200
                        date: Fri, 22 Nov 2024 02:31:35 GMT
                        content-type: text/css; charset=utf-8
                        content-length: 5631
                        access-control-allow-origin: *
                        cache-control: public, max-age=30672000
                        content-encoding: br
                        etag: "5eb03e5f-7918"
                        last-modified: Mon, 04 May 2020 16:10:07 GMT
                        cf-cdnjs-via: cfworker/kv
                        cross-origin-resource-policy: cross-origin
                        timing-allow-origin: *
                        x-content-type-options: nosniff
                        vary: Accept-Encoding
                        cf-cache-status: HIT
                        age: 637229
                        expires: Wed, 12 Nov 2025 02:31:35 GMT
                        accept-ranges: bytes
                        report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V2sXOn%2BOdQ2qmyHQ7ghRItktSQDfXrcqGJfc1qfuFF2NgSOf%2FsWXKpmitCg0hJqsDDXRtYzfUVuEyQsGaBxjz29gytuqOG3BJRjB8IIRjSBbYXaQZpxNpV%2FKlQB1Xl78VkMhya77"}],"group":"cf-nel","max_age":604800}
                        nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                        strict-transport-security: max-age=15780000
                        server: cloudflare
                        cf-ray: 8e65810f2cab9514-LHR
                        alt-svc: h3=":443"; ma=86400
                      • flag-us
                        DNS
                        logincdn.msftauth.net
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        logincdn.msftauth.net
                        IN A
                        Response
                        logincdn.msftauth.net
                        IN CNAME
                        scdn38c07.wpc.9da5e.alphacdn.net
                        scdn38c07.wpc.9da5e.alphacdn.net
                        IN CNAME
                        sni1gl.wpc.alphacdn.net
                        sni1gl.wpc.alphacdn.net
                        IN A
                        152.199.21.175
                      • flag-us
                        DNS
                        kasumbo.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        kasumbo.com
                        IN A
                        Response
                        kasumbo.com
                        IN A
                        108.178.43.142
                      • flag-us
                        GET
                        https://kasumbo.com/smarty/xls_v1.6/tail-spin.svg
                        chrome.exe
                        Remote address:
                        108.178.43.142:443
                        Request
                        GET /smarty/xls_v1.6/tail-spin.svg HTTP/2.0
                        host: kasumbo.com
                        sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                        sec-ch-ua-mobile: ?0
                        user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        sec-ch-ua-platform: "Windows"
                        accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                        sec-fetch-site: cross-site
                        sec-fetch-mode: no-cors
                        sec-fetch-dest: image
                        referer: https://msonlineservice03348wh44s.elixicraft.xyz:8443/
                        accept-encoding: gzip, deflate, br
                        accept-language: en-US,en;q=0.9
                        Response
                        HTTP/2.0 404
                        cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                        pragma: no-cache
                        content-type: text/html
                        content-length: 796
                        date: Fri, 22 Nov 2024 02:31:36 GMT
                        strict-transport-security: max-age=31536000; includeSubDomains; preload
                        x-frame-options: SAMEORIGIN
                        x-content-type-options: nosniff
                        vary: User-Agent,Accept-Encoding
                        alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                      • flag-us
                        DNS
                        content-autofill.googleapis.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        content-autofill.googleapis.com
                        IN A
                        Response
                        content-autofill.googleapis.com
                        IN A
                        142.250.187.234
                        content-autofill.googleapis.com
                        IN A
                        142.250.178.10
                        content-autofill.googleapis.com
                        IN A
                        172.217.16.234
                        content-autofill.googleapis.com
                        IN A
                        172.217.169.74
                        content-autofill.googleapis.com
                        IN A
                        216.58.201.106
                        content-autofill.googleapis.com
                        IN A
                        216.58.212.202
                        content-autofill.googleapis.com
                        IN A
                        142.250.200.42
                        content-autofill.googleapis.com
                        IN A
                        142.250.180.10
                        content-autofill.googleapis.com
                        IN A
                        172.217.169.42
                        content-autofill.googleapis.com
                        IN A
                        142.250.187.202
                        content-autofill.googleapis.com
                        IN A
                        142.250.179.234
                        content-autofill.googleapis.com
                        IN A
                        142.250.200.10
                        content-autofill.googleapis.com
                        IN A
                        216.58.213.10
                        content-autofill.googleapis.com
                        IN A
                        172.217.169.10
                        content-autofill.googleapis.com
                        IN A
                        216.58.204.74
                      • flag-gb
                        GET
                        https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwkQicpPfHqAHRIFDTAIpukSBQ14RS7i?alt=proto
                        chrome.exe
                        Remote address:
                        142.250.187.234:443
                        Request
                        GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwkQicpPfHqAHRIFDTAIpukSBQ14RS7i?alt=proto HTTP/2.0
                        host: content-autofill.googleapis.com
                        x-goog-encode-response-if-executable: base64
                        x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                        x-client-data: CKfyygE=
                        sec-fetch-site: none
                        sec-fetch-mode: no-cors
                        sec-fetch-dest: empty
                        user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        accept-encoding: gzip, deflate, br
                        accept-language: en-US,en;q=0.9
                      • 172.67.190.76:443
                        https://seeklogo.com/images/M/microsoft-exchange-logo-9D5C1A540A-seeklogo.com.png
                        tls, http2
                        chrome.exe
                        1.8kB
                        8.6kB
                        15
                        17

                        HTTP Request

                        GET https://seeklogo.com/images/M/microsoft-exchange-logo-9D5C1A540A-seeklogo.com.png

                        HTTP Response

                        200
                      • 162.159.140.160:8443
                        https://msonlineservice03348wh44s.elixicraft.xyz:8443/impact?iiiiiiiiiiiiiii0082492=camilla.vitelli@volvo.com
                        tls, http2
                        chrome.exe
                        16.7kB
                        545.1kB
                        290
                        419

                        HTTP Request

                        GET https://msonlineservice03348wh44s.elixicraft.xyz:8443/impact?iiiiiiiiiiiiiii0082492=camilla.vitelli@volvo.com

                        HTTP Response

                        200
                      • 192.229.133.221:443
                        www.w3schools.com
                        tls
                        chrome.exe
                        1.3kB
                        4.5kB
                        9
                        8
                      • 192.229.133.221:443
                        www.w3schools.com
                        tls
                        chrome.exe
                        1.3kB
                        4.5kB
                        9
                        8
                      • 104.17.24.14:443
                        https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
                        tls, http2
                        chrome.exe
                        1.9kB
                        10.1kB
                        16
                        19

                        HTTP Request

                        GET https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

                        HTTP Response

                        200
                      • 152.199.21.175:443
                        logincdn.msftauth.net
                        tls
                        chrome.exe
                        1.3kB
                        6.8kB
                        10
                        10
                      • 108.178.43.142:443
                        https://kasumbo.com/smarty/xls_v1.6/tail-spin.svg
                        tls, http2
                        chrome.exe
                        1.8kB
                        5.5kB
                        13
                        14

                        HTTP Request

                        GET https://kasumbo.com/smarty/xls_v1.6/tail-spin.svg

                        HTTP Response

                        404
                      • 142.250.187.234:443
                        https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwkQicpPfHqAHRIFDTAIpukSBQ14RS7i?alt=proto
                        tls, http2
                        chrome.exe
                        1.9kB
                        6.8kB
                        16
                        16

                        HTTP Request

                        GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwkQicpPfHqAHRIFDTAIpukSBQ14RS7i?alt=proto
                      • 8.8.8.8:53
                        seeklogo.com
                        dns
                        chrome.exe
                        58 B
                        90 B
                        1
                        1

                        DNS Request

                        seeklogo.com

                        DNS Response

                        172.67.190.76
                        104.21.84.83

                      • 224.0.0.251:5353
                        chrome.exe
                        204 B
                        3
                      • 8.8.8.8:53
                        msonlineservice03348wh44s.elixicraft.xyz
                        dns
                        chrome.exe
                        86 B
                        150 B
                        1
                        1

                        DNS Request

                        msonlineservice03348wh44s.elixicraft.xyz

                        DNS Response

                        162.159.140.160
                        162.159.140.104
                        172.66.0.102
                        172.66.0.158

                      • 8.8.8.8:53
                        www.w3schools.com
                        dns
                        chrome.exe
                        63 B
                        118 B
                        1
                        1

                        DNS Request

                        www.w3schools.com

                        DNS Response

                        192.229.133.221

                      • 8.8.8.8:53
                        cdnjs.cloudflare.com
                        dns
                        chrome.exe
                        132 B
                        98 B
                        2
                        1

                        DNS Request

                        cdnjs.cloudflare.com

                        DNS Request

                        cdnjs.cloudflare.com

                        DNS Response

                        104.17.24.14
                        104.17.25.14

                      • 8.8.8.8:53
                        logincdn.msftauth.net
                        dns
                        chrome.exe
                        67 B
                        151 B
                        1
                        1

                        DNS Request

                        logincdn.msftauth.net

                        DNS Response

                        152.199.21.175

                      • 8.8.8.8:53
                        kasumbo.com
                        dns
                        chrome.exe
                        57 B
                        73 B
                        1
                        1

                        DNS Request

                        kasumbo.com

                        DNS Response

                        108.178.43.142

                      • 8.8.8.8:53
                        content-autofill.googleapis.com
                        dns
                        chrome.exe
                        77 B
                        317 B
                        1
                        1

                        DNS Request

                        content-autofill.googleapis.com

                        DNS Response

                        142.250.187.234
                        142.250.178.10
                        172.217.16.234
                        172.217.169.74
                        216.58.201.106
                        216.58.212.202
                        142.250.200.42
                        142.250.180.10
                        172.217.169.42
                        142.250.187.202
                        142.250.179.234
                        142.250.200.10
                        216.58.213.10
                        172.217.169.10
                        216.58.204.74

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

                        Filesize

                        16B

                        MD5

                        aefd77f47fb84fae5ea194496b44c67a

                        SHA1

                        dcfbb6a5b8d05662c4858664f81693bb7f803b82

                        SHA256

                        4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                        SHA512

                        b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                        Filesize

                        264KB

                        MD5

                        f50f89a0a91564d0b8a211f8921aa7de

                        SHA1

                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                        SHA256

                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                        SHA512

                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        5KB

                        MD5

                        d99b1a314287296b9b1a6b13363bf703

                        SHA1

                        48f4a469f61f7b9394b330ace3e87d241d173c60

                        SHA256

                        26acd4363fce3be95e971ee1765c14d69fe254981b3bf9b59c7535a2e664fbcf

                        SHA512

                        0213ee507c9bd516bdb8df3c8feb4b9c3b97f6c5059ed75476eba3ebd7e49af71fc82108ed0f7bd6b164288e3d7507a103d353947d0036ce9e447ffb41f11dff

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        5KB

                        MD5

                        f60760b0b1eec48c601fa459aa64a280

                        SHA1

                        d0a2e73ab9f522108a8723e555f02de0b985ebb7

                        SHA256

                        3b0c6b70e6bcd69cdb469fd2a07d911794f0c6125b8c05dcddad86395e73adc2

                        SHA512

                        a0eea5a6817f05a1e9cdbda8872dfbab67b4361878e998e0ab608c25405d0837ad229d825a45f1f5a08adc6e2b5307b7fde0da3ae18ee05bdb150c974bcbae1f

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                        Filesize

                        16B

                        MD5

                        18e723571b00fb1694a3bad6c78e4054

                        SHA1

                        afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                        SHA256

                        8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                        SHA512

                        43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                      • C:\Users\Admin\AppData\Local\Temp\Cab8B41.tmp

                        Filesize

                        70KB

                        MD5

                        49aebf8cbd62d92ac215b2923fb1b9f5

                        SHA1

                        1723be06719828dda65ad804298d0431f6aff976

                        SHA256

                        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                        SHA512

                        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                      • C:\Users\Admin\AppData\Local\Temp\Tar8B73.tmp

                        Filesize

                        181KB

                        MD5

                        4ea6026cf93ec6338144661bf1202cd1

                        SHA1

                        a1dec9044f750ad887935a01430bf49322fbdcb7

                        SHA256

                        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                        SHA512

                        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                      We care about your privacy.

                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.