Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    47s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 02:35 UTC

General

  • Target

    Pokemon Red (UE) [S][!].gb

  • Size

    1024KB

  • MD5

    3d45c1ee9abd5738df46d2bdda8b57dc

  • SHA1

    ea9bcae617fdf159b045185467ae58b2e4a48b9a

  • SHA256

    5ca7ba01642a3b27b0cc0b5349b52792795b62d3ed977e98a09390659af96b7b

  • SHA512

    b7dbe2563a96d78a9a5d5d434c7d02d4653ae0b81383c6bb4053e130b2d168fcb1b4225a56ff0fa7dd0047b37230e697f55bd0cac55a91eef4f3df1f2cbc06fc

  • SSDEEP

    24576:5lZTSp5oytcA5/17Es8ZJQ0evUgnmPMDH:DZTSboytckFyJQlvUKmPMDH

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Pokemon Red (UE) [S][!].gb"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Pokemon Red (UE) [S][!].gb
      2⤵
      • Modifies registry class
      PID:1356
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:336
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb6f4f50,0x7fefb6f4f60,0x7fefb6f4f70
      2⤵
        PID:1448
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1048 /prefetch:2
        2⤵
          PID:1556
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1292 /prefetch:8
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1996
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1856 /prefetch:8
          2⤵
            PID:1916
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
            2⤵
              PID:1068
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
              2⤵
                PID:1712
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
                2⤵
                  PID:1672
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3292 /prefetch:2
                  2⤵
                    PID:1904
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
                    2⤵
                      PID:1556
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3684 /prefetch:8
                      2⤵
                        PID:2196
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1044,5881485793518537279,7441807596859897508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3772 /prefetch:8
                        2⤵
                          PID:2204
                      • C:\Windows\explorer.exe
                        "C:\Windows\explorer.exe"
                        1⤵
                          PID:676
                        • C:\Windows\system32\AUDIODG.EXE
                          C:\Windows\system32\AUDIODG.EXE 0x4f4
                          1⤵
                          • Suspicious use of AdjustPrivilegeToken
                          PID:2124

                        Network

                        • flag-unknown
                          DNS
                          clients2.google.com
                          chrome.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          clients2.google.com
                          IN A
                          Response
                          clients2.google.com
                          IN CNAME
                          clients.l.google.com
                          clients.l.google.com
                          IN A
                          142.250.186.174
                        • flag-unknown
                          DNS
                          accounts.google.com
                          chrome.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          accounts.google.com
                          IN A
                          Response
                          accounts.google.com
                          IN A
                          142.250.186.77
                        • flag-unknown
                          POST
                          https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                          chrome.exe
                          Remote address:
                          142.250.186.77:443
                          Request
                          POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/2.0
                          host: accounts.google.com
                          content-length: 1
                          origin: https://www.google.com
                          content-type: application/x-www-form-urlencoded
                          sec-fetch-site: none
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: empty
                          user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • flag-unknown
                          GET
                          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D86%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D86%2526e%253D1
                          chrome.exe
                          Remote address:
                          142.250.186.174:443
                          Request
                          GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D86%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D86%2526e%253D1 HTTP/2.0
                          host: clients2.google.com
                          x-goog-update-interactivity: fg
                          x-goog-update-appid: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm
                          x-goog-update-updater: chromecrx-89.0.4389.114
                          sec-fetch-site: none
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: empty
                          user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • flag-unknown
                          DNS
                          edgedl.me.gvt1.com
                          chrome.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          edgedl.me.gvt1.com
                          IN A
                          Response
                          edgedl.me.gvt1.com
                          IN A
                          34.104.35.123
                        • flag-unknown
                          GET
                          http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
                          chrome.exe
                          Remote address:
                          34.104.35.123:80
                          Request
                          GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx HTTP/1.1
                          Host: edgedl.me.gvt1.com
                          Connection: keep-alive
                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                          Accept-Encoding: gzip, deflate
                          Accept-Language: en-US,en;q=0.9
                          Response
                          HTTP/1.1 200 OK
                          accept-ranges: bytes
                          content-disposition: attachment
                          content-security-policy: default-src 'none'
                          server: Google-Edge-Cache
                          x-content-type-options: nosniff
                          x-frame-options: SAMEORIGIN
                          x-xss-protection: 0
                          x-request-id: cf6922cf-215f-439c-b4b4-7b54287744c2
                          content-length: 248531
                          date: Sat, 26 Nov 2022 23:49:25 GMT
                          age: 10018
                          last-modified: Fri, 25 Feb 2022 22:08:36 GMT
                          etag: "c994e6"
                          content-type: application/x-chrome-extension
                          alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
                          cache-control: public,max-age=86400
                        • flag-unknown
                          DNS
                          dns.google
                          chrome.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          dns.google
                          IN A
                          Response
                          dns.google
                          IN A
                          8.8.8.8
                          dns.google
                          IN A
                          8.8.4.4
                        • flag-unknown
                          DNS
                          dns.google
                          chrome.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          dns.google
                          IN A
                          Response
                          dns.google
                          IN A
                          8.8.8.8
                          dns.google
                          IN A
                          8.8.4.4
                        • flag-unknown
                          GET
                          https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                          chrome.exe
                          Remote address:
                          8.8.8.8:443
                          Request
                          GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                          host: dns.google
                          accept: application/dns-message
                          accept-language: *
                          user-agent: Chrome
                          accept-encoding: identity
                        • flag-unknown
                          GET
                          https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                          chrome.exe
                          Remote address:
                          8.8.8.8:443
                          Request
                          GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                          host: dns.google
                          accept: application/dns-message
                          accept-language: *
                          user-agent: Chrome
                          accept-encoding: identity
                        • flag-unknown
                          GET
                          https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwZnb29nbGUDY29tAAABAAEAACkQAAAAAAAAVQAMAFEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                          chrome.exe
                          Remote address:
                          8.8.8.8:443
                          Request
                          GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwZnb29nbGUDY29tAAABAAEAACkQAAAAAAAAVQAMAFEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
                          host: dns.google
                          accept: application/dns-message
                          accept-language: *
                          user-agent: Chrome
                          accept-encoding: identity
                        • flag-unknown
                          GET
                          https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
                          chrome.exe
                          Remote address:
                          142.250.181.227:443
                          Request
                          GET /safebrowsing/csd/client_model_v5_variation_6.pb HTTP/2.0
                          host: ssl.gstatic.com
                          sec-fetch-site: none
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: empty
                          user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • flag-unknown
                          GET
                          https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.PlpnwD4HYro.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-D4573md5GmdJHX15d0lc3SoObhA/cb=gapi.loaded_0
                          chrome.exe
                          Remote address:
                          142.250.181.238:443
                          Request
                          GET /_/scs/abc-static/_/js/k=gapi.gapi.en.PlpnwD4HYro.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-D4573md5GmdJHX15d0lc3SoObhA/cb=gapi.loaded_0 HTTP/2.0
                          host: apis.google.com
                          user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
                          accept: */*
                          sec-fetch-site: cross-site
                          sec-fetch-mode: no-cors
                          sec-fetch-dest: script
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • 142.250.186.77:443
                          https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                          tls, http2
                          chrome.exe
                          1.7kB
                          7.5kB
                          14
                          16

                          HTTP Request

                          POST https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                        • 142.250.186.174:443
                          https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D86%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D86%2526e%253D1
                          tls, http2
                          chrome.exe
                          1.9kB
                          9.6kB
                          13
                          16

                          HTTP Request

                          GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D86%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D86%2526e%253D1
                        • 34.104.35.123:80
                          http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
                          http
                          chrome.exe
                          5.0kB
                          256.6kB
                          100
                          188

                          HTTP Request

                          GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

                          HTTP Response

                          200
                        • 8.8.8.8:443
                          https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                          tls, http2
                          chrome.exe
                          1.5kB
                          7.0kB
                          13
                          14

                          HTTP Request

                          GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                        • 8.8.8.8:443
                          https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwZnb29nbGUDY29tAAABAAEAACkQAAAAAAAAVQAMAFEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                          tls, http2
                          chrome.exe
                          1.9kB
                          7.9kB
                          17
                          20

                          HTTP Request

                          GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                          HTTP Request

                          GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwZnb29nbGUDY29tAAABAAEAACkQAAAAAAAAVQAMAFEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                        • 142.250.181.227:443
                          https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
                          tls, http2
                          chrome.exe
                          3.0kB
                          92.0kB
                          45
                          72

                          HTTP Request

                          GET https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
                        • 142.250.181.238:443
                          https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.PlpnwD4HYro.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-D4573md5GmdJHX15d0lc3SoObhA/cb=gapi.loaded_0
                          tls, http2
                          chrome.exe
                          2.3kB
                          44.3kB
                          28
                          38

                          HTTP Request

                          GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.PlpnwD4HYro.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-D4573md5GmdJHX15d0lc3SoObhA/cb=gapi.loaded_0
                        • 8.8.8.8:53
                          clients2.google.com
                          dns
                          chrome.exe
                          65 B
                          105 B
                          1
                          1

                          DNS Request

                          clients2.google.com

                          DNS Response

                          142.250.186.174

                        • 8.8.8.8:53
                          accounts.google.com
                          dns
                          chrome.exe
                          65 B
                          81 B
                          1
                          1

                          DNS Request

                          accounts.google.com

                          DNS Response

                          142.250.186.77

                        • 8.8.8.8:53
                          edgedl.me.gvt1.com
                          dns
                          chrome.exe
                          64 B
                          80 B
                          1
                          1

                          DNS Request

                          edgedl.me.gvt1.com

                          DNS Response

                          34.104.35.123

                        • 8.8.8.8:53
                          dns.google
                          dns
                          chrome.exe
                          56 B
                          88 B
                          1
                          1

                          DNS Request

                          dns.google

                          DNS Response

                          8.8.8.8
                          8.8.4.4

                        • 8.8.8.8:53
                          dns.google
                          dns
                          chrome.exe
                          56 B
                          88 B
                          1
                          1

                          DNS Request

                          dns.google

                          DNS Response

                          8.8.8.8
                          8.8.4.4

                        • 8.8.8.8:443
                          dns.google
                          https
                          chrome.exe
                          3.8kB
                          7.8kB
                          10
                          11

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • memory/2024-54-0x000007FEFC2F1000-0x000007FEFC2F3000-memory.dmp

                          Filesize

                          8KB

                        We care about your privacy.

                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.