Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"

Details

Is windows:	true
Is dropped:	false
PID:	4040
Target ID:	0
Parent PID:	6032
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	11:48:23
Date:	29/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff684c40000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2216,i,15938534569428322499,8518313644619757459,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Details

Is windows:	true
Is dropped:	false
PID:	6872
Target ID:	2
Parent PID:	4040
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2216,i,15938534569428322499,8518313644619757459,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	11:48:26
Date:	29/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff684c40000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cratenews.com"

Details

Is windows:	true
Is dropped:	false
PID:	7028
Target ID:	3
Parent PID:	6032
Name:	chrome.exe
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cratenews.com"
Size:	3242272
MD5:	5BBFA6CBDF4C254EB368D534F9E23C92
Time:	11:48:28
Date:	29/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff684c40000
Modulesize:	3325952
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://cratenews.com

https://mc.yandex.com/watch/96921485?page-url=goal%3A%2F%2Fcint.stealth-browse.online%2Fpage_load&page-ref=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22117%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22117%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A117.0.5938.134%0Achl%0A%22Google%20Chrome%22%3Bv%3D%22117.0.5938.134%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22117.0.5938.134%22%0Achm%0A%3F0%0Achp%0AWindows%0Achv%0A10.0.0&hittoken=1730216927_2d0dd493fdd67247a147070616d730930aaad2d8a7ff33ec149f7844a42babc1&browser-info=ar%3A1%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1491%3Acn%3A1%3Adp%3A1%3Als%3A253336150184%3Ahid%3A469926465%3Az%3A-240%3Ai%3A20241029114847%3Aet%3A1730216927%3Ac%3A1%3Arn%3A91972365%3Arqn%3A2%3Au%3A1730216922106846975%3Aw%3A1280x907%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C8437%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1730216915024%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1730216927%3At%3AStealth%20Browse&t=gdpr(14)mc(g-2)clc(2-314-223)rqnt(2)aw(1)rcm(1)cdl(na)eco(42009092)fid(860)ti(0)&force-urlencoded=1

87.250.251.119

https://impr.stealth-browse.online/impression?c=intpgdirect

3.220.57.224

https://mc.yandex.com/webvisor/96921485?wv-part=1&wv-type=7&wmode=0&wv-hit=469926465&page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&rn=709231463&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1730216930%3Aw%3A1280x907%3Av%3A1491%3Az%3A-240%3Ai%3A20241029114849%3Au%3A1730216922106846975%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Ast%3A1730216930&t=gdpr(14)ti(1)

87.250.251.119

https://mc.yandex.com/webvisor/96921485?wv-part=2&wv-type=7&wmode=0&wv-hit=469926465&page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&rn=541154750&browser-info=we%3A1%3Aet%3A1730216935%3Aw%3A1280x907%3Av%3A1491%3Az%3A-240%3Ai%3A20241029114855%3Au%3A1730216922106846975%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Ast%3A1730216935&t=gdpr(14)ti(1)

87.250.251.119

https://mc.yandex.

unknown

https://mc.yandex.com/webvisor/96921485?wv-part=8&wv-type=7&wmode=0&wv-hit=469926465&page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&rn=162123720&browser-info=we%3A1%3Aet%3A1730216972%3Aw%3A1280x907%3Av%3A1491%3Az%3A-240%3Ai%3A20241029114931%3Au%3A1730216922106846975%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Ast%3A1730216972&t=gdpr(14)ti(1)

87.250.251.119

https://cint.stealth-browse.online/private-search/fourth/styles/reboot.css

206.189.225.178

https://cint.stealth-browse.online/private-search/assets/download-video-stealth-browse.mp4

206.189.225.178

https://mc.yandex.com/watch/96921485?wmode=7&page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&page-ref=https%3A%2F%2Ftrack.auroraveil.bid%2F&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22117%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22117%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A117.0.5938.134%0Achl%0A%22Google%20Chrome%22%3Bv%3D%22117.0.5938.134%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22117.0.5938.134%22%0Achm%0A%3F0%0Achp%0AWindows%0Achv%0A10.0.0&browser-info=pv%3A1%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1491%3Acn%3A1%3Adp%3A0%3Als%3A253336150184%3Ahid%3A469926465%3Az%3A-240%3Ai%3A20241029114842%3Aet%3A1730216922%3Ac%3A1%3Arn%3A1062529364%3Arqn%3A1%3Au%3A1730216922106846975%3Aw%3A1280x907%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A4734%3Awv%3A2%3Ads%3A16%2C716%2C276%2C10%2C1658%2C0%2C%2C2055%2C30%2C%2C%2C%2C4732%3Aco%3A0%3Acpf%3A1%3Ans%3A1730216915024%3Arqnl%3A1%3Ast%3A1730216924%3At%3AStealth%20Browse&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(42009092)ti(1)

87.250.251.119

https://mc.yandex.com/watch/96921485?page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&charset=utf-8&hittoken=1730216927_2d0dd493fdd67247a147070616d730930aaad2d8a7ff33ec149f7844a42babc1&browser-info=nb%3A1%3Acl%3A4817%3Aar%3A1%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1491%3Acn%3A1%3Adp%3A1%3Als%3A253336150184%3Ahid%3A469926465%3Az%3A-240%3Ai%3A20241029114905%3Aet%3A1730216946%3Ac%3A1%3Arn%3A442749579%3Arqn%3A5%3Au%3A1730216922106846975%3Aw%3A1280x907%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Aeu%3A2%3Ans%3A1730216915024%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1730216946&t=gdpr(14)mc(g-2)clc(2-314-223)rqnt(5)aw(1)rcm(1)cdl(na)eco(42009092)dss(2)ti(0)&force-urlencoded=1

87.250.251.119

https://cint.stealth-browse.online/private-search/assets/step-2-stealth-browse.png

206.189.225.178

https://mc.yandex.com/watch/96921485/1?wmode=7&page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&page-ref=https%3A%2F%2Ftrack.auroraveil.bid%2F&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22117%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22117%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A117.0.5938.134%0Achl%0A%22Google%20Chrome%22%3Bv%3D%22117.0.5938.134%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22117.0.5938.134%22%0Achm%0A%3F0%0Achp%0AWindows%0Achv%0A10.0.0&browser-info=pv%3A1%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1491%3Acn%3A1%3Adp%3A0%3Als%3A253336150184%3Ahid%3A469926465%3Az%3A-240%3Ai%3A20241029114842%3Aet%3A1730216922%3Ac%3A1%3Arn%3A1062529364%3Arqn%3A1%3Au%3A1730216922106846975%3Aw%3A1280x907%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A4734%3Awv%3A2%3Ads%3A16%2C716%2C276%2C10%2C1658%2C0%2C%2C2055%2C30%2C%2C%2C%2C4732%3Aco%3A0%3Acpf%3A1%3Ans%3A1730216915024%3Arqnl%3A1%3Ast%3A1730216924%3At%3AStealth%20Browse&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009092%29ti%281%29

87.250.251.119

https://red.stealth-browse.online/downloadproxy/intpgdirect/90897502496/?ext_name=StealthBrowse&cid=9941&tag=9941_2024-10-29&file=true

3.220.57.224

https://mc.yandex.com/webvisor/96921485?wv-part=6&wv-type=7&wmode=0&wv-hit=469926465&page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&rn=76761994&browser-info=we%3A1%3Aet%3A1730216964%3Aw%3A1280x907%3Av%3A1491%3Az%3A-240%3Ai%3A20241029114923%3Au%3A1730216922106846975%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Ast%3A1730216964&t=gdpr(14)ti(1)

87.250.251.119

https://cint.stealth-browse.online/?subid=90897502496&cid=9941&tag=dm&dkw=cratenews.com&pid=246485&rhi=015c1518-454f-4962-a20b-f4b11c3aa7cc

https://mc.yandex.com/webvisor/96921485?wv-part=10&wv-type=7&wmode=0&wv-hit=469926465&page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&rn=303685128&browser-info=we%3A1%3Aet%3A1730216980%3Aw%3A1280x907%3Av%3A1491%3Az%3A-240%3Ai%3A20241029114940%3Au%3A1730216922106846975%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Ast%3A1730216980&t=gdpr(14)ti(1)

87.250.251.119

https://7proof.com/app/fr?type=l1&dp1=90897502496&score=9

52.116.53.155

https://s3.mds.yandex.net/internal-metrika-betas

unknown

https://cint.stealth-browse.online/lp/js/main.js?v8

206.189.225.178

https://mc.yandex.ru/metrika/tag.js

93.158.134.119

https://7proof.com/app/fr?type=l1&dp1=

unknown

https://yastatic.net/s3/metrika

unknown

https://mc.yandex.md/cc

unknown

https://yandex.com/an/sync_cookie

unknown

https://cint.stealth-browse.online/private-search/fourth/img/check.svg

206.189.225.178

https://mc.yandex.com/watch/96921485?page-url=https%3A%2F%2Fred.stealth-browse.online%2Fdownloadproxy%2Fintpgdirect%2F90897502496%2F%3Fext_name%3DStealthBrowse%26cid%3D9941%26tag%3D9941_2024-10-29%26file%3Dtrue&page-ref=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&charset=utf-8&ut=noindex&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22117%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22117%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A117.0.5938.134%0Achl%0A%22Google%20Chrome%22%3Bv%3D%22117.0.5938.134%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22117.0.5938.134%22%0Achm%0A%3F0%0Achp%0AWindows%0Achv%0A10.0.0&hittoken=1730216927_2d0dd493fdd67247a147070616d730930aaad2d8a7ff33ec149f7844a42babc1&browser-info=ite%3A0%3Aln%3A1%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1491%3Acn%3A1%3Adp%3A1%3Als%3A253336150184%3Ahid%3A469926465%3Az%3A-240%3Ai%3A20241029114847%3Aet%3A1730216927%3Ac%3A1%3Arn%3A824843447%3Arqn%3A4%3Au%3A1730216922106846975%3Aw%3A1280x907%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1730216915024%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1730216927%3At%3AStealth%20Browse&t=gdpr(14)mc(g-2)clc(2-314-223)rqnt(4)aw(1)rcm(1)cdl(na)eco(42009092)ti(0)&force-urlencoded=1

87.250.251.119

https://get.searcheasily.net/report/desktop-apps/?action=page_load

unknown

https://qanonasp.com/aS/feedclick?s=To5E_eRUmA-iJzF94VDGr0Wut6U4gTSnXEuPzWq_Ou93DVVpu2AuQMy4VhBg5laH

unknown

https://mc.yandex.com/webvisor/96921485?wv-part=1&wv-type=7&wmode=0&wv-hit=469926465&page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&rn=638864462&browser-info=we%3A1%3Aet%3A1730216930%3Aw%3A1280x907%3Av%3A1491%3Az%3A-240%3Ai%3A20241029114850%3Au%3A1730216922106846975%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Ast%3A1730216930&t=gdpr(14)ti(1)

87.250.251.119

http://tizen.org/system/tizenid

unknown

https://mc.yandex.com/webvisor/96921485?wv-part=2&wv-check=59868&wv-type=0&wmode=0&wv-hit=469926465&page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&rn=616437400&browser-info=we%3A1%3Aet%3A1730216983%3Aw%3A1280x907%3Av%3A1491%3Az%3A-240%3Ai%3A20241029114942%3Au%3A1730216922106846975%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Ast%3A1730216983&t=gdpr(14)ti(1)

87.250.251.119

https://mc.yandex.com/sync_cookie_image_check

87.250.251.119

https://mc.yandex.com/webvisor/96921485?wv-part=7&wv-type=7&wmode=0&wv-hit=469926465&page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&rn=295835681&browser-info=we%3A1%3Aet%3A1730216968%3Aw%3A1280x907%3Av%3A1491%3Az%3A-240%3Ai%3A20241029114927%3Au%3A1730216922106846975%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Ast%3A1730216968&t=gdpr(14)ti(1)

87.250.251.119

https://yastatic.net/s3/gdpr/v3/gdpr

unknown

https://ymetrica1.com/watch/3/1

unknown

https://red.stealth-browse.online/downloadproxy/intpgdirect/

unknown

https://cint.stealth-browse.online/lp/signal/

206.189.225.178

https://mc.yandex.com/clmap/96921485?page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&pointer-click=rn%3A1026324986%3Ax%3A43918%3Ay%3A43690%3At%3A9%3Ap%3AW%3FAAA%3AX%3A629%3AY%3A446&browser-info=u%3A1730216922106846975%3Av%3A1491%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Arqnl%3A1%3Ast%3A1730216923&t=gdpr(14)ti(1)

87.250.251.119

https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10537.56ybaVFNPkaubv3iS9YPwmHIlVf-75H_eHax0a3SxHiFQTEGicnlotJE_ZXmPZt8.8dA0V1_p1GGSG3xaiXl7Gwxs6AA%2C

93.158.134.119

https://mc.yandex.com/watch/96921485?page-url=goal%3A%2F%2Fcint.stealth-browse.online%2Fdownload_click&page-ref=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22117%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22117%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A117.0.5938.134%0Achl%0A%22Google%20Chrome%22%3Bv%3D%22117.0.5938.134%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22117.0.5938.134%22%0Achm%0A%3F0%0Achp%0AWindows%0Achv%0A10.0.0&hittoken=1730216927_2d0dd493fdd67247a147070616d730930aaad2d8a7ff33ec149f7844a42babc1&browser-info=ar%3A1%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1491%3Acn%3A1%3Adp%3A1%3Als%3A253336150184%3Ahid%3A469926465%3Az%3A-240%3Ai%3A20241029114847%3Aet%3A1730216927%3Ac%3A1%3Arn%3A196036389%3Arqn%3A3%3Au%3A1730216922106846975%3Aw%3A1280x907%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1730216915024%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1730216927%3At%3AStealth%20Browse&t=gdpr(14)mc(g-2)clc(2-314-223)rqnt(3)aw(1)rcm(1)cdl(na)eco(42009092)ti(0)&force-urlencoded=1

87.250.251.119

https://mc.yandex.com/webvisor/96921485?wv-part=3&wv-type=7&wmode=0&wv-hit=469926465&page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&rn=221127502&browser-info=we%3A1%3Aet%3A1730216943%3Aw%3A1280x907%3Av%3A1491%3Az%3A-240%3Ai%3A20241029114903%3Au%3A1730216922106846975%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Ast%3A1730216943&t=gdpr(14)ti(1)

87.250.251.119

https://mc.yandex.com/webvisor/96921485?wv-part=5&wv-type=7&wmode=0&wv-hit=469926465&page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&rn=878622823&browser-info=we%3A1%3Aet%3A1730216960%3Aw%3A1280x907%3Av%3A1491%3Az%3A-240%3Ai%3A20241029114919%3Au%3A1730216922106846975%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Ast%3A1730216960&t=gdpr(14)ti(1)

87.250.251.119

https://mc.yandex.com/webvisor/96921485?wv-part=4&wv-type=7&wmode=0&wv-hit=469926465&page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&rn=663316332&browser-info=we%3A1%3Aet%3A1730216952%3Aw%3A1280x907%3Av%3A1491%3Az%3A-240%3Ai%3A20241029114911%3Au%3A1730216922106846975%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Ast%3A1730216952&t=gdpr(14)ti(1)

87.250.251.119

https://cint.stealth-browse.online/private-search/fourth/styles/style.css?v11

206.189.225.178

https://mc.yandex.com/clmap/96921485?page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&pointer-click=rn%3A754880876%3Ax%3A655284465%3Ay%3A655284465%3At%3A10%3Ap%3A%3B%3AX%3A0%3AY%3A0&browser-info=u%3A1730216922106846975%3Av%3A1491%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Arqnl%3A1%3Ast%3A1730216923&t=gdpr(14)ti(1)

87.250.251.119

http://cratenews.com/

69.162.95.4

https://mc.yandex.com/metrika/metrika_match.html

87.250.251.119

https://cint.stealth-browse.online/private-search/assets/step-1.png

206.189.225.178

https://mc.yandex.com/metrika/advert.gif

87.250.251.119

https://mc.yandex.com/webvisor/96921485?wv-part=9&wv-type=7&wmode=0&wv-hit=469926465&page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&rn=753762761&browser-info=we%3A1%3Aet%3A1730216976%3Aw%3A1280x907%3Av%3A1491%3Az%3A-240%3Ai%3A20241029114935%3Au%3A1730216922106846975%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Ast%3A1730216976&t=gdpr(14)ti(1)

87.250.251.119

https://mc.yandex.com/webvisor/96921485?wv-part=1&wv-check=38243&wv-type=0&wmode=0&wv-hit=469926465&page-url=https%3A%2F%2Fcint.stealth-browse.online%2F%3Fsubid%3D90897502496%26cid%3D9941%26tag%3Ddm%26dkw%3Dcratenews.com%26pid%3D246485%26rhi%3D015c1518-454f-4962-a20b-f4b11c3aa7cc&rn=506824435&browser-info=we%3A1%3Aet%3A1730216953%3Aw%3A1280x907%3Av%3A1491%3Az%3A-240%3Ai%3A20241029114912%3Au%3A1730216922106846975%3Avf%3A1f7b5mkfsgu9w9timet0o9oco9n%3Ast%3A1730216953&t=gdpr(14)ti(1)

87.250.251.119

https://cint.stealth-browse.online/private-search/fourth/img/page.png

206.189.225.178

https://yastatic.net/s3/taxi-front/yango-gdpr-popup/

unknown

https://file.stealth-browse.cc/prvcy/StealthBrowse.Msix

143.204.215.52

There are 44 hidden URLs, click here to show them.

Domains

Name

Malicious

cint.stealth-browse.online

206.189.225.178

cratenews.com

69.162.95.4

fierce-grasshopper-9xbw58vlsi87xmgl5pzm1f8i.herokudns.com

3.220.57.224

mc.yandex.ru

93.158.134.119

api-js.mixpanel.com

35.190.25.25

fp2e7a.wpc.phicdn.net

192.229.221.95

dd1swik7siiu3.cloudfront.net

143.204.215.52

7proof.com

52.116.53.155

clean-heron-6znsw6p49v8iz1lc5xnt5fcj.herokudns.com

3.220.57.224

bg.microsoft.map.fastly.net

199.232.210.172

www.google.com

142.250.186.164

cdn.mxpnl.com

130.211.5.208

qanonasp.com

104.21.9.149

track.auroraveil.bid

172.67.170.254

mc.yandex.com

unknown

red.stealth-browse.online

unknown

file.stealth-browse.cc

unknown

impr.stealth-browse.online

unknown

There are 8 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

206.189.225.178

cint.stealth-browse.online

United States

87.250.250.119

unknown

Russian Federation

69.162.95.4

cratenews.com

United States

192.168.2.6

unknown

52.116.53.155

7proof.com

United States

172.67.170.254

track.auroraveil.bid

United States

130.211.5.208

cdn.mxpnl.com

United States

35.190.25.25

api-js.mixpanel.com

United States

107.178.240.159

unknown

United States

239.255.255.250

unknown

Reserved

93.158.134.119

mc.yandex.ru

Russian Federation

192.168.2.23

unknown

104.21.9.149

qanonasp.com

United States

3.220.57.224

fierce-grasshopper-9xbw58vlsi87xmgl5pzm1f8i.herokudns.com

United States

142.250.186.164

www.google.com

United States

143.204.215.52

dd1swik7siiu3.cloudfront.net

United States

87.250.251.119

unknown

Russian Federation

There are 7 hidden IPs, click here to show them.

DOM / HTML

URL

Malicious

https://cint.stealth-browse.online/?subid=90897502496&cid=9941&tag=dm&dkw=cratenews.com&pid=246485&rhi=015c1518-454f-4962-a20b-f4b11c3aa7cc

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
http://cratenews.com

Files

Processes

URLs

Domains

IPs

DOM / HTML

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttp://cratenews.com

Files

Processes

URLs

Domains

IPs

DOM / HTML

IOC Report
http://cratenews.com