Analysis
-
max time kernel
64s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
22-11-2024 02:31
Static task
static1
Behavioral task
behavioral1
Sample
View_alert_details_DY8G.html
Resource
win7-20241023-en
General
-
Target
View_alert_details_DY8G.html
-
Size
4KB
-
MD5
d041f88503ea9ecc95770655c12851dc
-
SHA1
5fd944847b3c923554b2ee89557209bf1c24ee7f
-
SHA256
0c9f9abc8b8d7eda88ea7e297eb8b94f6b2054032e4aa217fe2ef65af653f9de
-
SHA512
7b6f4b9b05f7fa2fdb102aaeb28879a77d8c7ee0632e3b1a3c33bbfbb61f3c2f5a534fe61b6a7391a62ea048a594a9a7fff766543d04509a9b065ea3f25a10e4
-
SSDEEP
48:48io98CmDsXwWxp7Vx8uYOVWcZyTpJWuAUn2DSardcAY742ZdG5Qv48RGaQItTY9:3fmExJ8eYtJ/A1RbPv8RGlItMoUcNQz
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: camilla.vitelli@volvo.com
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2824 chrome.exe 2824 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe Token: SeShutdownPrivilege 2824 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe 2824 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2824 wrote to memory of 2932 2824 chrome.exe 30 PID 2824 wrote to memory of 2932 2824 chrome.exe 30 PID 2824 wrote to memory of 2932 2824 chrome.exe 30 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2684 2824 chrome.exe 32 PID 2824 wrote to memory of 2740 2824 chrome.exe 33 PID 2824 wrote to memory of 2740 2824 chrome.exe 33 PID 2824 wrote to memory of 2740 2824 chrome.exe 33 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34 PID 2824 wrote to memory of 2160 2824 chrome.exe 34
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\View_alert_details_DY8G.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2824 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6549758,0x7fef6549768,0x7fef65497782⤵PID:2932
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1236,i,7489592984430888818,6339298191996554306,131072 /prefetch:22⤵PID:2684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1236,i,7489592984430888818,6339298191996554306,131072 /prefetch:82⤵PID:2740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1552 --field-trial-handle=1236,i,7489592984430888818,6339298191996554306,131072 /prefetch:82⤵PID:2160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2052 --field-trial-handle=1236,i,7489592984430888818,6339298191996554306,131072 /prefetch:12⤵PID:2064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2016 --field-trial-handle=1236,i,7489592984430888818,6339298191996554306,131072 /prefetch:12⤵PID:2880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1484 --field-trial-handle=1236,i,7489592984430888818,6339298191996554306,131072 /prefetch:22⤵PID:1272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 --field-trial-handle=1236,i,7489592984430888818,6339298191996554306,131072 /prefetch:82⤵PID:2320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3428 --field-trial-handle=1236,i,7489592984430888818,6339298191996554306,131072 /prefetch:12⤵PID:2512
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2476
Network
-
Remote address:8.8.8.8:53Requestseeklogo.comIN AResponseseeklogo.comIN A172.67.190.76seeklogo.comIN A104.21.84.83
-
Remote address:172.67.190.76:443RequestGET /images/M/microsoft-exchange-logo-9D5C1A540A-seeklogo.com.png HTTP/2.0
host: seeklogo.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: image/png
content-length: 3958
cache-control: public, max-age=31536000
last-modified: Sun, 27 Nov 2022 13:02:53 GMT
etag: "1d902608f64b3f6"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-download-options: noopen
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self'
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 2053610
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QQWAuEBXnlqsb1JyYF3X%2BMXM%2B1UDQj7lKlMz80aD2COCiLSXIweIOWeIX2Y8iEnnCoh%2BPKleIMLcqc2LFXgr6ONi892QS3SSgUMfY%2FWU6d6m275%2FpvRXUZad1cvCOQA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e6580e60ee288ad-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=59196&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=1101&delivery_rate=45767&cwnd=251&unsent_bytes=0&cid=87e374cbf5517729&ts=134&x=0"
-
Remote address:8.8.8.8:53Requestmsonlineservice03348wh44s.elixicraft.xyzIN AResponsemsonlineservice03348wh44s.elixicraft.xyzIN A162.159.140.160msonlineservice03348wh44s.elixicraft.xyzIN A162.159.140.104msonlineservice03348wh44s.elixicraft.xyzIN A172.66.0.102msonlineservice03348wh44s.elixicraft.xyzIN A172.66.0.158
-
GEThttps://msonlineservice03348wh44s.elixicraft.xyz:8443/impact?iiiiiiiiiiiiiii0082492=camilla.vitelli@volvo.comchrome.exeRemote address:162.159.140.160:8443RequestGET /impact?iiiiiiiiiiiiiii0082492=camilla.vitelli@volvo.com HTTP/2.0
host: msonlineservice03348wh44s.elixicraft.xyz:8443
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oJh7Z21W9NYaZIYH5C4UOtdnYTGAN%2Fu2HQNxe8PqvMzbo7h5qqSvnI2hKWgymW66wq8%2Fci0WDM1ZPa0tFv4owZyzstFivixbBBFQX0V6jrSQL6SYX38uQ2aE10F1t0ZtSZGdywrCeL9Ri1hCzhfilOWqflxBw0uFNvrKBOQOjuI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8e65810689cfed08-LHR
content-encoding: br
alt-svc: h3=":8443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=59369&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2813&recv_bytes=1197&delivery_rate=45730&cwnd=251&unsent_bytes=0&cid=f4971333c7cbf412&ts=142&x=0"
-
Remote address:8.8.8.8:53Requestwww.w3schools.comIN AResponsewww.w3schools.comIN CNAMEcs837.wac.edgecastcdn.netcs837.wac.edgecastcdn.netIN A192.229.133.221
-
Remote address:8.8.8.8:53Requestcdnjs.cloudflare.comIN AResponsecdnjs.cloudflare.comIN A104.17.24.14cdnjs.cloudflare.comIN A104.17.25.14
-
Remote address:8.8.8.8:53Requestcdnjs.cloudflare.comIN A
-
Remote address:104.17.24.14:443RequestGET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/2.0
host: cdnjs.cloudflare.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://msonlineservice03348wh44s.elixicraft.xyz:8443/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 637229
expires: Wed, 12 Nov 2025 02:31:35 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V2sXOn%2BOdQ2qmyHQ7ghRItktSQDfXrcqGJfc1qfuFF2NgSOf%2FsWXKpmitCg0hJqsDDXRtYzfUVuEyQsGaBxjz29gytuqOG3BJRjB8IIRjSBbYXaQZpxNpV%2FKlQB1Xl78VkMhya77"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8e65810f2cab9514-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Requestlogincdn.msftauth.netIN AResponselogincdn.msftauth.netIN CNAMEscdn38c07.wpc.9da5e.alphacdn.netscdn38c07.wpc.9da5e.alphacdn.netIN CNAMEsni1gl.wpc.alphacdn.netsni1gl.wpc.alphacdn.netIN A152.199.21.175
-
Remote address:8.8.8.8:53Requestkasumbo.comIN AResponsekasumbo.comIN A108.178.43.142
-
Remote address:108.178.43.142:443RequestGET /smarty/xls_v1.6/tail-spin.svg HTTP/2.0
host: kasumbo.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://msonlineservice03348wh44s.elixicraft.xyz:8443/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 404
pragma: no-cache
content-type: text/html
content-length: 796
date: Fri, 22 Nov 2024 02:31:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
vary: User-Agent,Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
-
Remote address:8.8.8.8:53Requestcontent-autofill.googleapis.comIN AResponsecontent-autofill.googleapis.comIN A142.250.187.234content-autofill.googleapis.comIN A142.250.178.10content-autofill.googleapis.comIN A172.217.16.234content-autofill.googleapis.comIN A172.217.169.74content-autofill.googleapis.comIN A216.58.201.106content-autofill.googleapis.comIN A216.58.212.202content-autofill.googleapis.comIN A142.250.200.42content-autofill.googleapis.comIN A142.250.180.10content-autofill.googleapis.comIN A172.217.169.42content-autofill.googleapis.comIN A142.250.187.202content-autofill.googleapis.comIN A142.250.179.234content-autofill.googleapis.comIN A142.250.200.10content-autofill.googleapis.comIN A216.58.213.10content-autofill.googleapis.comIN A172.217.169.10content-autofill.googleapis.comIN A216.58.204.74
-
GEThttps://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwkQicpPfHqAHRIFDTAIpukSBQ14RS7i?alt=protochrome.exeRemote address:142.250.187.234:443RequestGET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwkQicpPfHqAHRIFDTAIpukSBQ14RS7i?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CKfyygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
172.67.190.76:443https://seeklogo.com/images/M/microsoft-exchange-logo-9D5C1A540A-seeklogo.com.pngtls, http2chrome.exe1.8kB 8.6kB 15 17
HTTP Request
GET https://seeklogo.com/images/M/microsoft-exchange-logo-9D5C1A540A-seeklogo.com.pngHTTP Response
200 -
162.159.140.160:8443https://msonlineservice03348wh44s.elixicraft.xyz:8443/impact?iiiiiiiiiiiiiii0082492=camilla.vitelli@volvo.comtls, http2chrome.exe16.7kB 545.1kB 290 419
HTTP Request
GET https://msonlineservice03348wh44s.elixicraft.xyz:8443/impact?iiiiiiiiiiiiiii0082492=camilla.vitelli@volvo.comHTTP Response
200 -
1.3kB 4.5kB 9 8
-
1.3kB 4.5kB 9 8
-
104.17.24.14:443https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.csstls, http2chrome.exe1.9kB 10.1kB 16 19
HTTP Request
GET https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.cssHTTP Response
200 -
1.3kB 6.8kB 10 10
-
1.8kB 5.5kB 13 14
HTTP Request
GET https://kasumbo.com/smarty/xls_v1.6/tail-spin.svgHTTP Response
404 -
142.250.187.234:443https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwkQicpPfHqAHRIFDTAIpukSBQ14RS7i?alt=prototls, http2chrome.exe1.9kB 6.8kB 16 16
HTTP Request
GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwkQicpPfHqAHRIFDTAIpukSBQ14RS7i?alt=proto
-
58 B 90 B 1 1
DNS Request
seeklogo.com
DNS Response
172.67.190.76104.21.84.83
-
204 B 3
-
86 B 150 B 1 1
DNS Request
msonlineservice03348wh44s.elixicraft.xyz
DNS Response
162.159.140.160162.159.140.104172.66.0.102172.66.0.158
-
63 B 118 B 1 1
DNS Request
www.w3schools.com
DNS Response
192.229.133.221
-
132 B 98 B 2 1
DNS Request
cdnjs.cloudflare.com
DNS Request
cdnjs.cloudflare.com
DNS Response
104.17.24.14104.17.25.14
-
67 B 151 B 1 1
DNS Request
logincdn.msftauth.net
DNS Response
152.199.21.175
-
57 B 73 B 1 1
DNS Request
kasumbo.com
DNS Response
108.178.43.142
-
77 B 317 B 1 1
DNS Request
content-autofill.googleapis.com
DNS Response
142.250.187.234142.250.178.10172.217.16.234172.217.169.74216.58.201.106216.58.212.202142.250.200.42142.250.180.10172.217.169.42142.250.187.202142.250.179.234142.250.200.10216.58.213.10172.217.169.10216.58.204.74
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
5KB
MD5d99b1a314287296b9b1a6b13363bf703
SHA148f4a469f61f7b9394b330ace3e87d241d173c60
SHA25626acd4363fce3be95e971ee1765c14d69fe254981b3bf9b59c7535a2e664fbcf
SHA5120213ee507c9bd516bdb8df3c8feb4b9c3b97f6c5059ed75476eba3ebd7e49af71fc82108ed0f7bd6b164288e3d7507a103d353947d0036ce9e447ffb41f11dff
-
Filesize
5KB
MD5f60760b0b1eec48c601fa459aa64a280
SHA1d0a2e73ab9f522108a8723e555f02de0b985ebb7
SHA2563b0c6b70e6bcd69cdb469fd2a07d911794f0c6125b8c05dcddad86395e73adc2
SHA512a0eea5a6817f05a1e9cdbda8872dfbab67b4361878e998e0ab608c25405d0837ad229d825a45f1f5a08adc6e2b5307b7fde0da3ae18ee05bdb150c974bcbae1f
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b